The Cybersecurity Architectures group is responsible for the design and prototypical implementation of secure systems, networks and applications in the field of communications and navigation. The domain focus is on civil aviation, urban air traffic in the form of Unmanned Aeronautical Vehicles (UAV), shipping, rail and critical infrastructures in general. The group's work is mostly at layers 2-4 of the network model.
It works to identify and mitigate potential security risks and vulnerabilities in a communications or navigation system. The group is also responsible for creating security policies and procedures and ensuring that they are in place. This is mostly done in standardization processes where the security solutions developed are directly incorporated into the technical standard. The goal of the Cybersecurity Architectures group is thus to ensure the confidentiality, integrity, authenticity and availability of information and the communications or navigation system itself.
One example of current work is the development and standardization of a cybersecurity architecture for the future digital aeronautical communications system LDACS (L-band Digital Aeronautical Communications System) for communications between controllers on the ground and pilots in the aircraft. Since the technical developments for LDACS at layers 1 and 2 have largely been completed, the challenge here is to integrate tailored cybersecurity solutions into the existing system without reducing its efficiency and effectiveness. As an example, group key procedures, a dedicated Public Key Infrastructure (PKI), efficient certificate revocation mechanisms and lightweight cryptographic procedures were adapted and applied. Likewise, user and control data, responsible for ensuring smooth operations of LDACS, were secured. Currently, DLR is leading the standardization of LDACS at the International Civil Aviation Organization (ICAO) and within the Internet Engineering Task Force (IETF).
A future extension of LDACS is the air-to-air communication procedure, which enables direct digital communication between aircraft in an Aeronautical Ad-hoc Network (AANET). Using an aeronautical mesh network, information can thus be exchanged over long distances even without ground infrastructure. The Cybersecurity Architectures group is developing customized security solutions for this complex system in order to provide secure keys to protect the exchanged information via a dedicated authentication and key establishment process.
The group is also active in the field of UAVs. In the future, the novel DroneCAST (Drone Communications and Surveillance Technology) communications and surveillance system will enable robust, efficient and direct data exchange between all airspace participants - whether manned or unmanned. As humans are increasingly disappearing as controllers of the information exchanged, guaranteeing information integrity and authenticity is particularly important here. So a sound link-layer cybersecurity solution is especially important here, and is being developed by the Cybersecurity Architecture group.
The Cybersecurity Architectures group is active in various committees, including the Future Communications Infrastructure Task Force (FCI-TF) of Eurocontrol, the Communications Panel, the Navigation Systems Panel and the Security Subgroup of ICAO, the Cybersecurity Committee of the German Aerospace Industries Association (BDLI), and in the Internet Engineering Task Force (IETF).
Der Monitor im Forschungsflugzeug zeigt eine kryptografisch abgesicherte Datenübertragung vom Präzisionslandesystem GBAS (Ground-Based Augmentation System). GBAS stellt Korrekturdaten zur Satellitennavigation zur Verfügung und ermöglicht neue, leisere und spritsparende Anflugverfahren, die zudem eine engere Staffelung der Flugzeuge erlauben.
