Leonardo SWIM Technical Infrastructure · Company Internal SWIM Air/Ground (Purple Profile) AOC ATM...
Transcript of Leonardo SWIM Technical Infrastructure · Company Internal SWIM Air/Ground (Purple Profile) AOC ATM...
Company Internal
Dario Di Crescenzo
December 11 2019
Leonardo SWIM Technical Infrastructure
2© 2016 Leonardo - Società per azioni
Company Internal
Outlook
• Leonardo journey in SWIM
• Leonardo SWIM-TI Infrastructure (multi-color)
• Security
• SESAR2020 Trials
• Interoperability
3© 2016 Leonardo - Società per azioni
Company Internal
LEONARDO JOURNEY IN SWIM
4© 2016 Leonardo - Società per azioni
Company Internal
Leonardo: SWIMming in our history
• SWIM-SUIT FP6 Project - 2006-2009 – 12M€ EC funded project, 17 Partners
• Leonardo (former Selex ES) leading the consortium
• Swim-Box (pre-SESAR) as main concrete project outcome
• Project recognized as main baseline for SESAR SWIM
• SESAR WP14 (SWIM Technical Infrastructure) – 2009 - 2016
• Overall WP Technical Leadership
• Technical Leadership on Specification (and Design) – SWIM Profiles Technical
Specifications
• SESAR SWIM Demonstrations - 2011 - 2016
• Major contribution to ALL SESAR SWIM Demonstrations
• Mini-Global II (FAA – 2016)
• SWIM Global Demo (Technical Coordination – SESAR – 2016)
5© 2016 Leonardo - Società per azioni
Company Internal
Our Awards (on SWIM)
• SWIM Master Class 2013• 3rd Prize Winner on Best ATM Service category
• 3rd Prize Winner on Best SWIM Enabled Application category
• SWIM Master Class 2014• 1st prize Winner on Best SWIM Technical Infrastructure category
• SESAR Projects Awards 2016• Project 14.01.04 (led by Leonardo): SESAR Best In Class Award
Third prize forServices category
Third prize forApplications category
SWIM Master Class Ceremony SESAR Projects Awards Ceremony First prize forSWIM Technical
Infrastructure category
6© 2016 Leonardo - Società per azioni
Company Internal
…And still SWIMming
• SESAR2020 «Wave1» (2017 – 2019)
• SWIM-TI Purple Profile for Air/Ground Advisory Information Sharing (Leadership)
• EUROCONTROL Standards
• EUROCONTROL Specification for SWIM Service Description
• EUROCONTROL Specification for SWIM Information Definition
• EUROCONTROL Specification for SWIM Technical Infrastructure (TI) Yellow Profile
• EUROCAE WG-104
• ED-254 ARRIVAL SEQUENCE SERVICE PERFORMANCE STANDARD
• Participation in SWIM CoI (Community of Interest) for the maintenance/evolution of
EUROCONTROL SWIM Standards
• SESAR2020 «Wave2» (2020– 2022)
• SWIM-TI Purple Profile for Air/Ground Safety Critical Information Sharing
7© 2016 Leonardo - Società per azioni
Company Internal
LEONARDO SWIM-TI INFRASTRUCTURE (MULTI-COLOR)
8© 2016 Leonardo - Società per azioni
Company Internal
Conceptual layers
9© 2016 Leonardo - Società per azioni
Company Internal
Capabilities (w.r.t. Yellow Profile)
• Conformant to EUROCONTROL Specification for SWIM Technical Infrastructure (TI) Yellow
Profile (from the outset – Leonardo was in charge of SESAR1 project defining Yellow Profile
requirements..). This means, as an example:
• Support to all network bindings (IPv4, IPv6 including Security)
• Support to AMQP Binding (for Req/Rep, Pub/Sub and Fire and Forget)
• Support to WS-N SOAP (but being de-comissioned)
• Capability to support HTTP and WS-Light, WS-SOAP
Full support of transport and message level security controls including:
Authentication, Authorization, Integrity, Authenticity and Confidentiality.
Static & dynamic authentication and authorization policies.
X.509 certificates revocation status check (local CRL, HTTP CDP, OCSP).
10© 2016 Leonardo - Società per azioni
Company Internal
SWIM Air/Ground (Purple Profile)
AOC ATM
Airport Airside
Operations
Aerodrome ATC En-route /
Approach ATC
Military systems
Meteo
Network Information
Management
Aeronautical Information
Management
Advanced Airspace
Management
Ground/Ground SWIM
SWIMSystems
Advisory Information exchange
Demand & Capacity data
ATFCM scenario data
Meteo data
Aeronautical data
Flight data
Surveillance data
Air-Ground SWIM: ground Purple
Profile distributed infrastructure
Air/GroundDatalink
(PJ14)
Air-Ground SWIMPurple Profile
enabled aircraftScope of SESAR2020PJ.17-01
11© 2016 Leonardo - Società per azioni
Company Internal
Capabilities (w.r.t. Purple Profile)
Full support of PP technical use cases (uplink and downlink):
Publish/Subscribe, Request/Response, Request/Multi-Response
Subscription management including static and dynamic subscription policies.
Subject-based and context-based message routing including static and dynamic routing
policies.
Subject-based and context-based message filtering.
Full support of all the technical and deployment options described in the “Purple Profile”
Technical Specification.
Full support of transport and message level security controls including:
Authentication, Authorization, Integrity, Authenticity Confidentiality.
Static & dynamic authentication and authorization policies.
X.509 certificates revocation status check (local CRL, HTTP CDP, OCSP).
Tested over Aeromacs and SATCOM communication networks, over both IPv4 and IPv6
Interoperabilty with SWIM Nodes of other providers (e.g. Airbus, Indra)
LDO may also provide PP enabled client libraries (APIs) simplifying applications integration with
aircraft or ground SWIM Nodes.
12© 2016 Leonardo - Società per azioni
Company Internal
SECURITY
13© 2016 Leonardo - Società per azioni
Company Internal
Security controls concerning information in transmission
Technical architecture and end to end security
Cryptographic algorithms and key sizes shall comply with NIST
800-131A recommendations.
Taking into account the technical architecture (SWIM-TI layer
intermediary nodes) it is needed to complement point to point
(transport level) security mechanisms with end to end (message
level) security mechanisms.
Some end to end security needs are considered mandatory (e.g.
message integrity and authenticity) and others (e.g. confidentiality)
optional because depending on the specific SWIM service.
Service Endpoint Over Purple Profile
<Service Binding>
(aircraft side)
Service Endpoint Over Purple Profile
<Service Binding>
(ground side)
Technical
System
belonging to
Aircraft CC
Technical
System
belonging to
Ground CC Ground Purple Profile
Messaging
Aircraft Purple Profile
Messaging
Aircraft Server
Implementation specific
Service Endpoint
Service Endpoint Over Purple Profile
<Service Binding>
(ground side)
Technical
System
belonging to
Ground CC
consume
co
ns
um
e
co
ns
um
e
consume
Me
ss
ag
e E
xc
ha
ng
e
Ov
er
Pu
rple
Pro
file
<In
tern
al B
ind
ing
>
End-to-End Security
End-to-End Security
Point-toPoint Security
Point-toPoint Security
Point-toPoint Security
14© 2016 Leonardo - Società per azioni
Company Internal
Security controls concerning information in transmission
PKIs Most of (e.g. HMAC and symmetric encryption are also supported) the transport and message level
security mechanisms are based on asymmetric cryptography.
X.509v3 certificates and private keys are managed via PKI. As part of the technical validation activities
protocols such as HTTP CDP and OCSP have been validated.
Purple profile infrastructureService Endpoint Over Purple Profile
<Service Binding>
(aircraft side)
Technical
System
belonging to
Aircraft CC
Technical
System
belonging to
Ground CC
Uses the <Service Endpoint> to
consume and/or provide SWIM services
Uses the <Service Endpoint> to
consume and/or provide SWIM services
Ce
rtif
ica
tio
n
Au
tho
rity
Ground A/G SWIM Access
Point / «Purple» SWIM NodeAircraft A/G SWIM Access Point /
Aircraft «Purple» SWIM Node
X.509 Certificates Store
CRLs store
Key store
Truststore
SWIM Access Point on the
ground Technical System side
Service Endpoint Over Purple Profile
<Service Binding>
(ground side)
Re
lie
s o
n T
I la
ye
r to
co
ns
um
e a
nd
/or
pro
vid
e S
WIM
se
rvic
es
X.509 Certificates Store
CRLs store
Key store
X.509 certificate request, issue,
renewal and installation process
X.509 certificate request, issue,
renewal and installation process
LDAP CDP
<Internal Binding>
OCSP
<Internal Binding>
HTTP CDP
<Internal Binding>
LDAP CDP
<Internal Binding>
Client
HTTP CDP
<Internal Binding>
Client
LDAP CDP
<Internal Binding>
Client
HTTP CDP
<Internal Binding>
Client
OCSP
<Internal Binding>
Client
LDAP CDP
<Internal Binding>
Client
HTTP CDP
<Internal Binding>
Client
OCSP
<Internal Binding>
Client
X.509 Certificates Store
CRLs store
Key store
Truststore
X.509 Certificates Store
CRLs store
Key store
Truststore
CDP optionsCDP options
CDP options
Purple profile infrastructureService Endpoint Over Purple Profile
<Service Binding>
(aircraft side)
Technical
System
belonging to
Aircraft CC
Technical
System
belonging to
Ground CC
Uses the <Service Endpoint> to
consume and/or provide SWIM services
Uses the <Service Endpoint> to
consume and/or provide SWIM services
Su
bo
rdin
ate
Ce
rtif
ica
tio
n
Au
tho
rity
Ground A/G SWIM Access
Point / «Purple» SWIM NodeAircraft A/G SWIM Access Point /
Aircraft «Purple» SWIM Node
SWIM Access Point on the
ground Technical System side
Service Endpoint Over Purple Profile
<Service Binding>
(ground side)
Re
lie
s o
n T
I la
ye
r to
co
ns
um
e a
nd
/or
pro
vid
e S
WIM
se
rvic
es
Se
cu
rity
Do
ma
in #
1
Se
cu
rity
Do
ma
in #
2
Se
cu
rity
Do
ma
in #
3
Su
bo
rdin
ate
Ce
rtif
ica
tio
n
Au
tho
rity
Su
bo
rdin
ate
Ce
rtif
ica
tio
n
Au
tho
rity
Root
Certification
Authority
X.509 Certificates Store
CRLs store
Key store
Truststore
X.509 Certificates Store
CRLs store
Key store
Truststore
X.509 Certificates Store
CRLs store
Key store
Truststore
X.509 Certificates Store
CRLs store
Key store
X.509 Certificates Store
CRLs store
Key store
X.509 Certificates Store
CRLs store
Key store
Reference technical architecture One possible deployment option (additional ones could be based on Bridge CA, etc.)
15© 2016 Leonardo - Società per azioni
Company Internal
SESAR2020 TRIALS
16© 2016 Leonardo - Società per azioni
Company Internal
How to validate maturity?
Leonardo has been involved in several TRL4 and TRL6 validation activities
TRL6 EXE1.0001: uplink and downlink air-ground advisory information sharing validation
based on operational-oriented scenarios (ED-151) involving Purple Profile SWIM Node
prototypes (both ground and aircraft) and Purple Profile enabled SWIM services (both uplink
and downlink) developed by the EXE members and interconnected in a WAN.
TRL6 EXE1.0002: non-functional characteristics (security and reliability) of air-ground
advisory information sharing validation based on technical scenarios involving LDO Purple
Profile SWIM Node prototypes (both ground and aircraft), emulated Purple Profile enabled
applications (both uplink and downlink) and A/G network infrastructure (PJ.14-02) prototypes
(HON Aircraft Router integrating LDO AeroMACS and INDRA SATCOM links).
TRL6 EXE4: technical interoperability of air-ground advisory information sharing validation
based on technical scenarios involving LDO and INDRA Purple Profile SWIM Node
prototypes (both ground and aircraft) and emulated Purple Profile enabled applications (both
uplink and downlink).
Leonardo SWIM PP Ground Infrastructure and Purple Profile enabled D-NOTAM SWIM service
also provided to Airbus for integration in their (SWIM Enabled) Taxi Routing prototype (in PJ03)
17© 2016 Leonardo - Società per azioni
Company Internal
How to validate maturity? (TRL6 EXE1.0001)
WAN VPN
Leonardo Lab equipped with SWIM Ground SWIM Node and SWIM Certification Authority (@Rome)
Frequentis ePIB (Electronic Preflight Information Bulletin) Service (@Wien)
Leonardo Cockpit +EFB Simulator equipped with SWIM Aircraft Access Point (@Turin)
Leonardo GmbH MET Provider (and Consumer) (@Neuss)
Leonardo SWIM Viewer (@Naples)
Purple-profile enabled NARSIM, The NLR ATM Research Simulator(@Marknesse)
18© 2016 Leonardo - Società per azioni
Company Internal
How to validate maturity? (TRL6 EXE1.0002)
Reliability and security technical scenarios demonstrating:
Per-SWIM service QoSs like delivery guarantees, message priority based ordering guarantees, etc.
Point-to-point and end-to-end security (authentication, authorization, integrity, authenticity)
Proper composition of Purple Profile level and Network level Class of services.
IPv6 based.
Multilink transparent to Purple Profile SWIM Nodes.
Use of network level class of services (all the IPv6 packets exchanged by two peers are marked with
the CoS selected at TCP/IP connection establishment phase).
19© 2016 Leonardo - Società per azioni
Company Internal
How to validate maturity? (TRL6 EXE4, 1/2)
The technical scenarios involve following prototypes:
Application layer:
LDO Emulated aircraft and ground SWIM enabled applications.
INDRA Emulated ground SWIM enabled applications.
INDRA data provider tool integrated with ICARO.
SWIM-TI layer:
LDO Aircraft and Ground SWIM Nodes.
INDRA Ground SWIM Node.
Network layer:
PJ14.02.04 FCI prototype (HON Aircraft Router integrating LDO AeroMACS and INDRA
SATCOM links).
Certification authority/PKI:
LDO CA
The technical interoperability scenarios have been executed over following deployment:
INDRA Purple Profile enabled ground applications connected to INDRA Ground SWIM Node.
LDO Air SWIM Node connected to INDRA Ground SWIM Node.
LDO Purple Profile enabled aircraft applications connected to LDO Air SWIM Node.
20© 2016 Leonardo - Società per azioni
Company Internal
How to validate maturity? (TRL6 EXE4, 2/2)
Service name Service description Uplink / Downlink PayloadGround Echo This service is provided by the ground and consumed by the air. The
responder just replies with the text message sent by the requestor. Nomessage level security, no compression.
Uplink Text for both request andresponse
Air Echo This service is provided by the air and consumed by the ground. Theresponder just replies with the text message sent by the requestor. Nomessage level security, no compression.
Downlink Text for both request andresponse
Subscription Management (airsubscribes to ground)
Purple Profile Subscription management federation between Air and GroundSWIM Node subscription handlers. Message level security (digital signature)is required. This is disabled on the LDO prototypes side. The topic used fortesting is "topic://ground.dnotam".
Uplink (Air subscribing to groundtopic)
XML for both request andresponse
Subscription Management(ground subscribes to air)
Purple Profile Subscription management federation between Air and GroundSWIM Node subscription handlers. Message level security (digital signature)is required. This is disabled on the LDO prototypes side. The topic used fortesting is "topic://air.meteoprobe".
Downlink (Ground subscribing toair topic)
XML for both request andresponse
D-NOTAM This is a Publish/Subscribe service provided by the ground (publisher) andconsumed by the air (subscriber).In accordance with active subscriptions publication messages are routed toair and ground subscribers. No message level security, no compression. Thisservice concerns publication messages related to the topic "ground.dnotam"handled by the subscription management (see above).
Uplink AIXM 5.1 (XML). No XMLvalidation. If enabled thereference XSD has to be sharedat design time.
METEOPROBE This is a Publish/Subscribe service provided by the air (publisher) andconsumed by the ground (subscriber).In accordance with active subscriptions publication messages are routed toair and ground subscribers. No message level security, no compression. Thisservice concerns publication messages related to the topic "air.meteoprobe"handled by the subscription management (see above).
Downlink XML. No XML validation. Ifenabled the reference XSD hasto be shared at design time.
EXE4 Purple Profile enabled SWIM services
21© 2016 Leonardo - Società per azioni
Company Internal
LAST, BUT NOT LEAST
22© 2016 Leonardo - Società per azioni
Company Internal
SESAR PJ17-01 (Open Day)
• Leonardo is organizing PJ17-01 (SWIM Purple Profile Air/Ground SWIM advisory Information
Sharing) Open Day
• It will be held in Leonardo premise (Rome, via Tiburtina) in January/February 2020
• Exact date still to be fixed
YOU ARE ALL INVITED
(please contact PJ17-01 solution leader [email protected] to ensure your
participation, seats are limited..)
THANK YOU FOR YOUR ATTENTION
Company Internal