International Civil Aviation Organization working paper

Download 36.93 Kb.

Date	16.01.2018
Size	36.93 Kb.
	#36897

Replace section 5.4.1.2 with the following
Replace Note 3 in section 6.3.7 with the following

International Civil Aviation Organization

WORKING PAPER

ACP-WGM16/WP-15

17 May 2010

AERONAUTICAL COMMUNICATIONS PANEL (ACP)

16th MEETING OF WORKING GROUP M (Maintenance)
Paris, France 17-19 May 2010

Agenda Item 3a:

ATN/OSI Document 9880 Update Status – Security Updates

Amendment Proposal

for

One Key Pair for Key Agreement and Signing

Prepared by: FAA

Presented by: Vic Patel

SUMMARY

This working paper includes draft updates to ICAO Doc 9880 to allow the use of one key pair for key agreement and signing.

ACTION

The working group is invited to review Amendment Proposal and consider approving the change to Doc 9880.

INTRODUCTION
1. One of recommendations of the Honeywell Validation Report is use one key pair for key agreement and signing in Doc 9880.
discussion
1. This AP proposes allowing the use a single key pair for both key agreement and signing.
2. In developing the ARINC 823, ACARS Message Security (AMS), airline participants, including the USAF, recommended that AMS provisions specify a single key pair, to be used for both key agreement and signing.
3. Section 13.5.1 of the Handbook of Applied Cryptography states, “The principle of key separation is that key for different purposes should be cryptographically separated.”
4. Section 5.6.4.2 of NIST SP 800-56A states, “A static key pair may be used in more than one key establishment scheme. However, one static public/private key pair shall not be used for different purposes (for example, a digital signature key pair is not to be used for key establishment or vice versa).”
5. Section 5.2 of NIST SP 800-57 Part 1 states, “In general, a single key should be used for only one purpose (e.g., encryption, authentication, key wrapping, random number generation, or digital signatures).
6. Section 5.4.1.2 of Doc 9880 specifies that each ATN application or ATN router shall be bound to a static key pair associated to the ATN elliptic curve domain parameters. This requirement is in the context of the ATN Key Agreement Scheme.
7. Section 5.5.1.2 of Doc 9880 specifies that each signing ATN application, ATN router, or CA shall be bound to a signing key pair associated to the ATN elliptic curve domain parameters.
8. Note 3 in section 6.3.7 of Doc 9880 states that the Key Usage parameter refers to the type of compressed certificate path that is desired and is an ASN.1 type KeyUsage. Key Usage will have an abstract value of either digitalSignature or keyAgreement.

Amendment Proposal #xxx

Title:	One Key Pair for Key Agreement and Signing
AP working paper number and date	M16/WPxx 17 May 2010
Document(s) Affected:	ICAO Dc 9880 Part IV-B
Document Version:	Draft June 2009
Sections of Documents Affected:	5.4.1.2, 5.5.1.2, 6.3.7
	Vic Patel
Coordinator's Address:	ATO-P, AJP-1740 William J. Hughes Technical Center Atlantic City Airport, NJ, 08405 USA
Coordinator's Phone:	+1 609 485 5046
Coordinator's Fax:	+1 609 485 5630
Coordinator's E-mail Address:	vidyut.patel@faa.gov
Category:
Problem description:	Doc 9880 specifies the use of distinct key pairs for key agreement and signing. In developing the ARINC 823, ACARS Message Security (AMS), airline participants, including the USAF, recommended that AMS provisions specify a single key pair, to be used for both key agreement and signing.
Background:	One of recommendations of the Honeywell Validation Report is to use a single key pair for key agreement and signing.
Backwards compatibility:
Amendment Proposal:	See below.
WG-M Status:	SUBMITTED 5/17/2010

Replace section 5.4.1.2 with the following:

5.4.1.2 Each ATN application or ATN router performing key agreement shall be bound to a static key pair associated to the ATN elliptic curve domain parameters.

Replace section 5.4.1.2 with the following:

5.5.1.2 Each signing ATN application, ATN router, or CA shall be bound to a key pair associated to the ATN elliptic curve domain parameters.

Replace Note 3 in section 6.3.7 with the following:

Note 3. The Key Usage parameter refers to the type of compressed certificate path that is desired and is an ASN.1 type KeyUsage. Key Usage will have an abstract value of either digitalSignature, keyAgreement, or both digitalSignature and keyAgreement.

ACTION BY the meeting
1. The ACP WG-M is invited to:

Review the revisions to Doc 9880 identified by the AP in this Working Paper and provide comments and feedback regarding the proposed changes as described.

Due to guidance in the Handbook of Applied Cryptography and the requirement in NIST SP 800-56A, the FAA recommends that the requirements for key agreement and signing not be combined but that use of a common key be permitted as a matter of Certificate Policy.
The FAA recommends acceptance of these changes and requests endorsement by the Working Group to update Doc 9880 as described in the AP.

Directory: safety -> acp -> ACPWGF -> ACP-WG-M-16
ACPWGF -> Working paper
ACPWGF -> Amcp wgm/WP19 19 August 2002 Aeronautical Mobile Communication Panel (amcp) Working Group-m meeting Fifth Meeting Saint Petersburg, Russia, 19 to 23 August 2002 Agenda Item 4: satcom
ACPWGF -> Acp wgf/16 wp 27 Rev. 1 International Civil Aviation Organization
ACPWGF -> Working paper
ACPWGF -> Working paper
ACPWGF -> Airborne collision avoidance systems working group-a
ACPWGF -> Working paper
ACP-WG-M-16 -> International Civil Aviation Organization working paper
ACP-WG-M-16 -> International Civil Aviation Organization working paper

Download 36.93 Kb.

Share with your friends: