This specification addresses the following characteristics of connections between mobile devices and onboard WLAN network infrastructures.
• Connections based on IEEE 802.11 wireless LAN standards.
• Onboard Remote Authentication Dial-In User Service (RADIUS) Authentication, Authorization, And Accounting (AAA) services will be required for authenticating client devices to onboard WLAN networks.
• Authentication protocol will be based on Extensible Authentication Protocol- Transport Layer Security (EAP-TLS).
• Mutual authentication will be enabled to ensure two-way trust relationships are established between clients and an onboard access point.
• Encryption algorithms to be based on Advanced Encryption Standard (AES)-Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), Galois Counter Mode Protocol (GCMP), or 192-bit AES-256 in GCM mode with SHA-384 as Keyed-Hashing for Message Authentication (HMAC).
• The scope of this document is to define the properties of a secure connection between the access point and wireless client(s).
This specification does not address the following characteristics of connections between mobile devices and onboard WLAN network infrastructures.
• Certificate management is outside the scope of this document but can be referenced in ARINC Report 842: Guidance for Usage of Digital Certificates.
• Client device profile management is outside of the scope.
• Client authentication policies will not require live ground communication to allow a client to successfully authenticate to the WLAN network.
• Network subnet isolation and routing is outside the scope of this document.
• Client security outside of a secure wireless communication channel is outside the scope of this document.
• Wireless communication standards not included in IEEE 802.11 are outside the scope of this document.
- Edition:
- 21
- Published:
- 06/18/2021
- Number of Pages:
- 27
- File Size:
- 1 file , 810 KB
Reviews
There are no reviews yet.