Bite-sized keys lock aeronautical network

Certicom Trustpoint

An alternative to the most popular encryption technology is making it possible for the Federal Aviation Administration to secure air-to-ground data communications despite bandwidth constraints.

Such an application is possible for the Aeronautical Telecommunications Network (ATN) because Certicom Corp.'s digital certificate and encryption technology, which provide the underpinnings of public-key infrastructure (PKI), are based on elliptic curve cryptography (ECC).

ECC generates encryption keys that require much less bandwidth than other methodologies, observers say (see box). Although that may not be an issue in many traditional networks, it makes all the difference in ATN, which has limited bandwidth.

Because ATN will be able to transmit approximately 150 bits/sec per aircraft, it could be easily overloaded handling the amounts of extra data that encryption and digital certificates add to a message, said Simon Blake-Wilson, director of business development at Certicom.

ECC, however, will reduce the size of the certificate and its encryption keys, allowing ATN to achieve a high level of security without taking up all of the bandwidth, Blake-Wilson said. "The application would not be feasible without ECC."

FAA officials did not return calls to comment on the agreement.

The international aviation community started developing ATN and its wireless data applications in 1995.

The network and applications, such as the controller pilot data link communications system, will allow ground controllers to send data messages to the pilots on matters that do not need to be acknowledged or acted upon the moment the message is received. This will enable pilots to respond to immediate needs that can be communicated verbally.

Security is critical for a wireless network, particularly when dealing with flight data and instructions that must not be intercepted or changed. But FAA officials had to deal with bandwidth limitations. They could not tolerate a security application that slowed communications.

Applications enabled for PKI, which use digital certificates and public and private encryption keys to authenticate users and ensure the integrity of the messages, would pose a problem for wireless networks if they were not based on ECC.

The popularity of ECC has been increasing in government during the past few years, particularly since the National Institute of Standards and Technology approved it as a standard in 2000, said Charles Kolodgy, a research manager in IDC's Internet security practice.

Its popularity has been helped by the increasing number of agencies seeking to set up and secure wireless applications, he said.

"It's on overhead that encryption gets you," Kolodgy said. "In a wireless environment, where you don't have huge bandwidth, [ECC] is the best solution."

Certicom's Trustpoint Certificate Authority (CA) and PKI portal registration authorities will issue and validate the certificates to be used by air traffic controllers, pilots and airlines over ATN.

The FAA will run the Trustpoint CA, which will issue and manage the certificates. Every ground control system, airline and airplane will register for a certificate through the Trustpoint portals, which can be run by the FAA or by the airlines.

Other countries' air transportation agencies also will have CAs, and their messages will go through the verification process.

***

It all adds up

Cryptography is a matter of mathematics. Information is encrypted using a mathematical algorithm. Elliptic curve cryptography (ECC) takes a kind of mathematical shortcut to generate encryption and decryption keys that are significantly smaller than those generated by other methodologies, such as the commonly used RSA algorithm, but just as secure.

The algorithm makes all the difference with bandwidth-constrained wireless networks, such as data link technology used between systems in an aircraft and on the ground.

Key size

RSA: Public - 1,088; Private - 2,048

ECC: Public - 161; Private - 160

Digital signature size: (on a 100-bit message)

RSA 1,024

ECC 321

Source: Certicom Corp.