GUIDANCE FOR USAGE OF DIGITAL CERTIFICATES
|Publication Date:||11 July 2018|
This document sets forth guidance for life-cycle management of public/private (i.e., asymmetric) keys that are used to secure interactions among systems. The devices included within the scope of this guidance.
The scope of this guidance is not intended to include:
- Any off-board, ground-based systems, including those with which aircraft systems and operator-controlled PEDs may communicate. Ground-based systems do not have the unique constraints and challenges associated with global, mobile aircraft systems; therefore, they are expected to reference guidance in ATA Spec 42 as applicable to typical IT environments.
- Passenger-owned devices, which are beyond the control of the aircraft operator.
- Operator-controlled PEDs that are treated like passenger-owned devices.
This document is meant to be a companion to Air Transport Association (ATA) Spec 42, which is the work product of the ATA Digital Security Working Group (DSWG). ATA Spec 42 specifies a digital identity management framework and standard digital certificate profiles recommended for use across the air transport industry, as well as standard policies governing the issuance and use of these certificates and the levels of assurance that may be conveyed in a digital identity. This document specifically addresses ATA Spec 42 in the context of actual aircraft deployment by providing guidance to aircraft manufacturers, equipment suppliers, and operators on topics including:
Purpose and Objectives
Newer generations of aircraft in production and use today are equipped with security applications that rely on digital certificates. It is expected that future aircraft will use certificates for increasing numbers of applications. The purpose of this document is to provide guidance for key life-cycle management, which refers to the phases through which digital certificates and associated cryptographic keys progress, from creation through usage to retirement.
The guidance is based on open international standards that are adapted to the aviation environment, recognizing that a typical commercial airplane has a long lifespan, its operational environment is highly complex and regulated, and multiple stakeholders operate ground-based systems that communicate with airplanes. Using a standardized and consistent key management approach, as proposed in this document, helps to reduce cost of design, implementation, and operation even across a heterogeneous fleet.
The document is intended to benefit the following users:
• Airlines and other Aircraft Operators - Digital certificates are expected to be used in the deployment of airline applications used on aircraft. A key objective of this document is to assist operators in their efforts to implement procedures that support the use and maintenance of digital certificates. This is necessary to accommodate the directions that the airframe manufacturers are taking in new aircraft and also to comply with any future regulatory requirements that address certificate-based message authentication of airto- ground communications. Standardized guidance helps operators to develop uniform procedures for installation, use, and life-cycle maintenance of digital certificates in aircraft systems.
• Airframe Manufacturers and Avionics Equipment Suppliers - The guidance in this document is intended to help airframe manufacturers and avionics equipment suppliers consider the impact of digital certificate implementation decisions on airlines and aircraft operators. The application of consistent practices across multiple aircraft systems that employ digital certificates helps to minimize recurring design effort and drives more uniform key management processes, even across a heterogeneous fleet. As a result, this is expected to reduce costs for operators.
• ARINC Standards Developers - By referencing this digital certificate guidance, developers of other ARINC Standards (e.g., external-entity-toai
When reading this document, the reader is cautioned that:
• It may be necessary for airlines and aircraft operators to adapt the roles and activities described in this guidance in accordance with the Certificate Policy selected to govern the digital certificate life cycle.
• It may be necessary for airframe manufacturers and avionics equipment suppliers to tailor the guidance to accommodate avionics system technical and operational constraints (e.g., limited processing/memory resources, limited connectivity).
• In the case where the supplier or equipment manufacturer maintains management and/or oversight of a system installed on the aircraft, it may be necessary to substitute "supplier" for "airline."