5.1 This standard provides guidance for using cryptographic credentials to secure localized A2X-Direct communications as defined in 5.3. It is not intended to specify or infer the security requirements for any one A2X application or underlying communications link, though significant attention is directed to DAA types of safety-related applications to delineate the convergence of security controls, communications performance and their impact on safety risk. Most importantly, this guide is intended to assist organizations developing applications built on a wide variety of different communication technologies and is designed to help understand the inter-relationships between a given credential-based security approach and the performance of those underlying communications technologies.

5.2 This guide provides technical and functional security recommendations, that is, it does not delve into policy-related issues such as (1) what are the appropriate contingency or failover provisions and procedures during pre-flight or in-flight failures of the security mechanism; (2) whether to allow or disallow aircraft missions following a loss of trust management infrastructure availability before such flights; or (3) whether there are provisions for “no communication” or “non-secured communications” for certain types of operators, aircraft types, airspace classifications, or other considerations. Each of these policy questions is vital to develop before deploying any A2X security standard; analogous policies already exist in today’s airspace for two-way communications, in general (for example, transponder squawking 7600 when there is loss of two-way communications, use of ATC tower light guns to communicate with pilots lacking two-way communication near an air terminal, no mandate for two-way communications in uncontrolled airspace, etc.). In practice, policy decisions need to be based on risk and developed in accordance with the overarching policies of a given, regulated region.

5.3 A2X applications are assumed to exist in one or more of the following categories as depicted in Fig. 1.

5.6 This guide is also non-specific to the type of aircraft or other devices securely broadcasting to each other. A2X applications may potentially accommodate communication between uncrewed aircraft (UAs), advanced air mobility (AAM) platforms, general aviation (GA), and commercial and transport categories of aircraft if so intended. It is the role of aviation regulators and standards development organizations (SDO) to define policies and requirements for communications interoperability, for example based on the needs of diverse entities to cooperate and exchange information in shared airspace.

5.7 This guide makes certain assumptions about the capabilities and services of a supporting trust infrastructure; however it does not specify all functional or security services offered by such infrastructures. Trust management infrastructures are expected to differ based on the types of security credentials they manage and the regional or global policies that may govern them. Such policies may not exist or may not be in a sufficient state of maturity, thus they are also outside of the scope of this guide.

5.8 Due to loss of message attribution and the well-known impracticalities of symmetric or other shared key management paradigms in large populations, this guide focuses principally on asymmetric-based cryptographic credentials to perform signing operations on A2X messages. Symmetric-based mechanisms such as the TESLA protocol defined in IETF RFC 4082, can potentially augment a credential-based approach via its use of small symmetric signatures over messages that undergo less frequent asymmetric signing.

5.9 Finally, this guide is designed to be extended over time to incorporate other modes of communication that allow for localized setup of unicast or group security associations, various networked or multi-hop modes, and local and remote network services when they are available.

1.1 This standard is a framework-oriented guide for securing localized, broadcast-type Aircraft-to-Everything (A2X) communications without the use of real-time connected services or establishment of a session-based security association between communicating entities in the airspace. It is intended to be updated as new security risks, communications security approaches, or communication types are investigated for use or standardized in aviation.

1.2 A2X communication may be used by a variety of A2X applications, each with a unique set of constraints as well as functional and security objectives. This guide is intended to facilitate standards organizations’ appropriate development of credential-based security controls to meet those objectives. Recognizing the security overhead imposed by cryptographic credentials and digital signatures, it is vital to understand the security and performance impacts on secure communications, especially in constrained Radio Frequency (RF) environments.

1.3 This guide provides, as background, security concepts related to broadcast-type point-to-point, real-time, ad hoc communications, then leverages the background in formulating recommendations on how to identify and use candidate security approaches. It is a set of guiding principles on how to develop and standardize secure A2X communications; it is not a specific solution for a specific set of application requirements.

1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.

1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.