Home' RTCA Documents for Review : DO-230H FRAC Contents 245
©2017 RTCA, Inc.
Denial of Service (DoS): A DoS attack is an attempt to make a machine or network resource
unavailable to its intended users. One common method of attack involves saturating the target
machine with external communications requests, such that it cannot respond to legitimate traffic,
or responds so slowly as to be rendered essentially unavailable, usually leading to a server overload.
Depending on their severity, an airport may have to seek expert outside assistance to cure the attack(s).
Manufacturers of network security products employ such specialists. When legal recourse is required,
contacting a Federal agency such as the FBI may be necessary.
Public Key Infrastructures (PKIs)
Public-key cryptography uses a pair of mathematically related cryptographic keys. If one key is used to
encrypt information, then only the related key can decrypt that information.
The main defense in a PKI scenario is mutual authentication. In this case as well as the application
validating the user (not much use if the application is rogue) - the users’ devices validate the application -
hence distinguishing rogue applications from genuine applications.
The integrity of public keys is generally assured in some manner, but need not be secret. Public keys can
be verified by a Certificate Authority, whose public key is distributed through a secure channel (for
example, with a web browser or OS installation). Public keys can also be verified by a web of trust that
distributes public keys through a secure channel (for example by face-to-face meetings). Key management
is a critical, non-trivial task.
For U.S. airports, PKI should not be necessary unless the airport must be federated with other airports or
with agencies of the U.S. government. PKI is already used by the TSA for credential authentication [Refer:
Section 2 Credentials for additional information), either directly by TSA or by trusted third parties, but in
these cases key management is not an airport responsibility.
If an airport does consider adopting PKI, the following issues relating to its use for access control should
be addressed before a commitment is made and PKI is installed:
Stakeholder Requirements: Identify the stakeholders whom PKI is to support and any necessary
links to trusted agents required for PKI verification.
PKI Processing: PKI has to be verified either at the reader or at the controller. PKI processing
delays of 3 to 4 seconds may arise, depending on network architecture and traffic (bandwidth
availability). Probable processing delays under actual operating conditions should be determined
by testing to avoid problems of employee queuing at peak access times and shift changes (in
addition to delays from user errors).
PKI Compatibility: Be sure that the manufacturer(s) of the readers and controllers can handle PKI,
and assess the cost of replacing such units.
Badging Workload: TSA requires that access control badges expire every 2 years. Badge holders
who are employed on shorter term contracts will increase the badging workload. Maintaining PKI
may involve daily reprinting of badges because of damaged, lost, or stolen badges. IT staff
resources are limited at many airports, and these issues increase where the turnover rate of the IT
staff is high.
Links Archive Navigation Previous Page Next Page