2017_084_AF5

SWIM Common PKI and policies & procedures for establishing a Trust framework

Timeline

2014
2015
2016
2017
2018
2019
2020
Nov. '18OngoingDec. '21

Implementing Partners

Leader: EUROCONTROL
Contributor: DSNA
Contributor: LPS
Contributor: NAV Portugal
Contributor: ENAV
Contributor: DFS
Contributor: Austrocontrol
Contributor: Ryanair
Contributor: Skeyes
Contributor: NATS
Contributor: Copenhagen Airport
Contributor: LVNL
Contributor: LFV
Contributor: ANS Finland
Contributor: Spanish Air Force
Contributor: Pansa
Contributor: Paris Airport
Contributor: Manchester Airport
Contributor: Romatsa
Contributor: Slovenia Control
Contributor: Bulatsa
Contributor: Smatsa
Contributor: Air France
Contributor: Oro Navigacija
Contributor: Lufthansa
Contributor: Naviair
Contributor: French MoD
Contributor: HCAA
Contributor: Hungarocontrol

Description

The main objective of the Implementing Project (IP) is to develop and deploy a common framework for both integrating local PKI deployments in an interoperable manner as well as providing interoperable digital certificates to the users of SWIM. The resulting PKI and its associated trust framework, which will be part of the cyber security infrastructure of aviation systems, are required to sign, emit and maintain digital certificates and revocation lists as required in the family 5.1.4. The digital certificates will allow user authentication and encryption/decryption when and where needed in order to ensure that information can be securely transferred. All aviation stakeholders (ANSPs, Airspace users, military, Airport, etc …) will benefit from the project.

The scope of the Implementing Project includes the definition and development of a dedicated common PKI and its associated trust framework for Europe, its integration and validation with some stakeholders. It will ensure the interoperability of digital certificates within Europe and with other regions.

The implementing project also aims at developing the systems needed to operate a PKI and its associated trust framework in order to produce and manage digital certificates, e.g. Certification Authorities, validation services such as OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation List), user interfaces, systems supporting the Registration Authority and Policy Management Authority roles. These systems will be developed through procurement (Call for Tender (CFT) in line with the applicable legal provisions) based upon specifications developed within the project. The system developments will be based on existing and mature COTS hardware and software.

Partners contribution:

Oro Navigacija will contribute to the validation of the Deliverables:

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    PANSA will contribute to the validation of the Deliverables:

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.
    BELGOCONTROL will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.
    LPS.SR will contribute will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.
    LUFTHANSA will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework

  • D1.3-Final Trust Framework

  • D2.1-Common PKI specifications

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    SMATSA will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    Hungarocontrol will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB.

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.
    ROMATSA will contribute to the production and completion of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.3-Final Trust Framework.

  • D1.2-Interoperability criteria with USFB.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    LFV will contribute to the production and completion of the Deliverables:

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description
    CPH will contribute to the production and completion of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB.

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)
    ADP will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.
    Air France will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB.

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.
    EUROCONTROL will contribute to the production and completion of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB.

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    LVNL will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB.

  • D1.3-Final Trust Framework.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.
    Austrocontrol will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB.

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D6.2-Guidance for SWIM Service Consumers
    NAVIAIR will contribute without CEF Funding to this project and will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB;

  • D1.1-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    DFS will contribute to the validation of the Deliverables:

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)
    SloveniaControl will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    MAN will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.3-Final Trust Framework.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description
    French MOD will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.
    Spanish Air Force will contribute to the validation of the Deliverables:

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D6.2-Guidance for SWIM Service Consumers
    FABCE will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB;

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    HCAA will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description
    DSNA will contribute to the production and completion of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB

  • D1.3-Final Trust Framework.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D5.1-Draft CFT (Call For Tenders)

  • D5.2-Final CFT (Call For Tenders)

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    NAV-PT will contribute to the production and completion of the Deliverables:

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers
    ANS FINLAND will contribute to the production and completion of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB

  • D1.3-Final Trust Framework.

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description
    BULATSA will contribute to the validation of the Deliverables:

  • D1.1-Initial Trust Framework;

  • D1.2-Interoperability criteria with USFB.

  • D2.1-Common PKI specifications.

  • D3.1-Initial SWIM interfaces to Common PKI.

  • D3.2-Final SWIM interfaces to Common PKI.
    ENAV will contribute to the validation of the Deliverables:

  • D4.1-Initial Interface with SWIM governance description

  • D4.2-Final Interface with SWIM governance description

  • D6.1-Guidance for SWIM Providers

  • D6.2-Guidance for SWIM Service Consumers

Specific objectives:
This Implementing Project specifically aims to develop and deploy means in order to:

  • Secure the exchange of aviation related information;

  • Provide identification and authentication of providers and consumers of aviation related information;

  • Support the encryption when needed of aviation related information.

Expected Results:

  • The technical and administrative elements are defined to launch a Call for Tender to develop and deploy a solution complying with the requirements as defined by the project. Only the preparation of the Call for Tender is part of the scope of this project.

  • The elements necessary to govern and manage the solution are defined (e.g. Terms of Reference and procedures to operate the Policy Management Authority, the Membership Agreement, Procedures to operate the Registration Authority).

  • The elements needed to demonstrate and validate the ability to cross-certify the solution with a solution of another region (e.g. Federal Aviation Authority - FAA) are defined in order to ensure the interoperability of the solution.

Performance Benefits:
The expected benefits are:

  • Improving the security of the exchange of information which should reduce the likelihood to get some disruption of services mainly due to corruption of information.

  • Facilitating and accelerating the provision and use of SWIM services by providing a solution that increases the security of the services.

  • Facilitating and accelerating the use of certificates to secure the exchange of information other than SWIM services.

  • The buy-in of a solution by many aviation stakeholders that will facilitate its future deployment and the performance/credibility/integrity of the solution as the rules to operate the solution and to use certificates appropriately will be known and accepted by a significant number of users.

PREVIOUS PROJECT DESCRIPTION FOR INFORMATION PURPOSES ONLY

 The project aims at developing and deploying a common framework for both integrating local PKI deployments in an interoperable manner as well as providing interoperable digital certificates to the users of SWIM. The resulting PKI and its associated trust framework, which will be part of the cyber security infrastructure of aviation systems, are required to sign, emit and maintain digital certificates and revocation lists as required in the family 5.1.4.
The digital certificates will allow user authentication and encryption/decryption when and where needed in order to ensure that information can be securely transferred. All aviation Stakeholders (ANSPs, Airspace users, MIL, Airport, etc …) will benefit from the project.
 The scope of the project includes the definition and development of a dedicated
common PKI and its associated trust framework for Europe, its integration and validation with some Stakeholders. It will ensure the interoperability of digital certificates within Europe and with other regions.
 The project also aims at developing the systems needed to operate a PKI and its
associated trust framework in order to produce and manage digital certificates, e.g.
Certification Authorities, validation services such as OCSP (Online Certificate Status
Protocol) or CRL (Certificate Revocation List), user interfaces, systems supporting the
Registration Authority and Policy Management Authority roles. These systems will be
developed through procurement, which will make use of the EUROCONTROL procurement process through a Call For Tenders (CFT) based upon specifications developed within the project. The system developments will be based on existing and mature COTS Hardware and Software.

Performance benefits

The project moves security towards higher standards, therefore making all network systems more resilient to security threats.
EUROCONTROL risk management staff look to leverage a wide range of information and expertise when assessing cyber security threats and developing a cyber security investment strategy. Such approach enable EUROCONTROL with a holistic view of cyber security to determine the level of security or due diligence appropriate for our organisation and then having IT staff to develop the most cost-effective implementation strategy. In this way, EUROCONTROL seek to minimize costs while achieving a desired level of security. This strategy will include a combination of proactive and reactive measures.

As a first approximation, it is assessed that in 8 years (between 2023 and 2030) the proactive measures taken by this project (SWIM Common PKI) could avoid up to 100 Millions € of costs due to potential damages caused by security threats and the cost to recover from them.

General context:
SESAR 14.1.4 has identified the need for a SWIM Common PKI.
Technical Specifications covering functional, non-functional and interface requirements identified for SWIM-Technical Infrastructure and applicable to the SWIM-TI PKI and architectural elements part of information security technical views as described in SWIM-TI Technical Architecture Document are captured in the deliverable SESAR 14.1.4 -D42.
The need for a SWIM Common PKI was included in the PCP as part of the Family 5.1.4.

The SESAR Deployment Management has launched an initiative to prepare a proposition to develop and deploy this SWIM Common PKI. EUROCONTROL has taken the responsibility to lead and coordinate the preparation of a proposition so-called “SWIM Common PKI and policies & procedures for establishing a trust framework”.

Specific objectives:
The specific objectives of this project are to develop and deploy means to:

  • Secure the exchange of aviation related information,

  • Provide identification and authentication of providers and consumers of aviation related information,

  • Support the encryption when needed of aviation related information.

Expected Results:
The expected results of this project are:

  • The technical and administrative elements to launch a Call For Tenders to develop and deploy a solution complying with the requirements as defined by the project. It is recommended to include the selection of a winning offer.

  • The elements necessary to govern and manage the solution (e.g. Terms Of Reference and procedures to operate the Policy Management Authority, the Membership Agreement, Procedures to operate the Registration Authority).

  • The elements needed to demonstrate and validate the ability to cross-certify the solution with a solution of another region (e.g. FAA) in order to ensure the interoperability of the solution.

Performance benefits

The expected benefits are:

  • Improving the security of the exchange if information that should reduce the likelihood to get some disruption of services mainly due to corruption of information.

  • Facilitating and accelerating the provision and use of SWIM services by providing a solution that increases the security of the services.

  • Facilitating and accelerating the use of certificates to secure the exchange of information other than SWIM services.

  • The buy-in of a solution by many aviation stakeholders that will facilitate its future deployment and the performance/credibility/integrity of the solution as the rules to operate the solution and to use certificates appropriately will be known and accepted by a significant number of users."

Additional Information

  • Project Type: Network Manager
  • CEF Call Year: 2017
  • Civil/Military: Civil
  • Multistakeholder: Yes
  • Main AF: AF5 - Initial System Wide Information Management
  • Sub AF: S-AF 5.1 - Common infrastructure components
  • Progress Percentage: 24%