The Duncan Download Blog: Business Aviation Advice & Observations

HSD Security Part 2: The Good, The Bad, & The Not-So Ugly of VPNs

Posted by Duncan Download Blog on Fri, May 21, 2010 @ 01:11 PM

Companies in the last 40 years have decentralized many operations, creating armies of satellite employees. Today there are engineers who do their best work in their bath robes from home. To accommodate this, company networks have been extended to remote locations using what is called VPN (Virtual Private Network) software. This is a program that recreates the network operations of being hardwired into your company network while you are away.

The Good

Nothing is truly secure on the internet, but there is something as secure enough. VPN software often has encryption features for traffic communicated between the company network and users that are offsite. The VPN's security features greatly increase the privacy of data sent across the web. Without getting too technical, a VPN uses a series of security protocols to scramble data between a user's computer and some other network.  It also provides security measures that make it difficult to intercept the encrypted data along the way. 

The Bad

PC-based VPNs require everyone using the service to have the software installed on their computers or phones. This may not be possible or desirable for many clients. When VPN software is installed on a customer's laptop it can have some detrimental effects on the satcom system connection and the device itself. Computer-based VPNs will cut the speed of accelerated SwiftBroadband connections (800+ Kbps typical) back to un-accelerated rates (300-400 Kbps). It is also worth noting that VPN software uses computer resources as well.

The Not-So Ugly

You can mitigate this by using a router that incorporates its own VPN accelerator. One example is the CNX-200 router manufactured by EMS. This unit can be tied to Satcom Direct's Aero-X data acceleration service or can be integrated directly into your home network. This will provide an accelerated encrypted data tunnel directly to your home network or Satcom Direct's ground based router. It is also worth noting that since the encryption and decryption takes place in the CNX-200, the VPN does not place additional stress on computer resources. This is currently the preferred method for SwiftBroadband customers.

As an organization, it is important to assess the level of data security that your clients require, and not be afraid to push to raise the bar to that standard. The end result will be a High Speed Data (HSD) system that matches utility with security.

Additional information on cabin network security is available in part 1 of this series, "Six steps to tighten Wi-Fi security during ground operations."

Tags: Network Security, In-Flight Internet, Aircraft Communications

HSD Security Part 1: Six steps to tighten Wi-Fi security during ground operations

Posted by Duncan Download Blog on Tue, May 18, 2010 @ 01:17 PM

When you discuss communications security, eyes tend to glaze over. Most aviation professionals are used to things they can see, feel or in some way measure. When a router setting won't permit you to connect to the web anymore, no amount of visual inspection will help. It's just a black box until your IT guys make sense of it for you. That being said, I promise to keep this conversation to the point and as straight forward as possible.

HSD (High Speed Data) systems have become an integral part of flight departments with several solutions available, both ground- and satellite-based. However, when you look at onboard security of HSD systems, there are many weak points where a hacker can attack; the first being, the router.

Wi-Fi routers are popular onboard jets because they offer convenience for customers receiving e-mail updates with their blackberries. This is essentially a sophisticated radio and like any radio its signal can be easily intercepted. Of course, from the router the data goes to the satellite or ground-based network and then on to the Internet, where there are numerous points traffic can be intercepted. Information traffic security is the second biggest challenge for any work-away-from-home network.

Knowing where you're most vulnerable with security will empower you to increase your level of protection. While the following recommendations are by no means comprehensive, they do represent the start of a conversation that will hopefully increase the security of your onboard network.

The steps to tighten Wi-Fi security without any inconveniece

1. Turn the router SSID broadcast off.

Most wireless routers automatically transmit their network name (SSID) into open air at regular intervals (every few seconds). This allows passengers to easily find and access your system. However, this feature also makes it easier for hackers to intrude as well. If you are lucky enough to have the same passengers using the same computers and phones all the time you can turn this broadcast off and set the SSID to something other than the aircraft tail number.

2. Assign an encryption type and wireless passkey to your router.

I generally use WPA encryption with a pass-key as a baseline for airborne router security.

3. Install a Wi-Fi disable switch.

One of the simplest ways to protect your client's satcom bill, computers and blackberries is by disabling the Wi-Fi on the ground. The last thing you want is a teenager at the FBO updating their Facebook on your SwiftBroadband. Have your satcom installation provider place a switch in your cockpit if one is not there already.

4. Add Wi-Fi instructions to your pilot's checklists.

You are probably safe to enable the Wi-Fi as you taxi away from an FBO. These systems have a very limited range and someone would need serious RF know-how to sniff your network at 1000 yards with an airborne router.

5. Have your passengers get plugged in.

If your clients must use the satcom system prior to taxi, provide them with an Ethernet cable and ask them to plug in. The benefit of this is two-fold: 1) This will allow your customers to surf the web with the Wi-Fi disabled and 2) it will improve the performance of their connection slightly.

Wired Ethernet connections outperform Wi-Fi generally, though on a typical SwiftBroadband network the difference will be negligible.

6. Other security protocols.

There are a myriad of other security measures that will reduce the likelihood of a cyber attack, such as MAC address filtering. Which security protocols will work best for you will often depend on the demands of your clients.

Wi-Fi signals are easily intercepted, and for that reason they are particularly vulnerable to manipulation. With that being said, your best defense against an experienced hacker is to not be an easy mark. Developing your own WIFI security measures alone can often deter the would be hacker.

Stay tuned for part 2 of HSD Security, "The Good, The Bad and the Not-So Ugly of VPNs."

Adrian Chene, Avionics Tech Rep

Tags: Avionics Installation, Wi-Fi, Network Security, In-Flight Internet, Aircraft Communications

"Why?" - A Question About WAAS LPV ...

Posted by Diane Heiserman on Tue, May 18, 2010 @ 08:35 AM

WAAS is a complicated subject. We've written a book, a whitepaper, magazine articles and press releases on the subject, and the questions are still rolling in.

Of the hundreds of WAAS inquires I've seen, this one stood out. Someone asked, "Why?"

The question was, "You mentioned that some installations may require two WAAS receivers to be certified to fly LPV approaches. Why? I don't see that as a requirement in any of the FAA advisory material. What is it about WAAS and LPV that requires two Flight Management Systems and two GPS receivers?"

The answer, of course, is complicated. The following explanation was provided by Avionics expert and AEA Vice Chairman, Gary Harpster

Prior to WAAS receivers, the Flight Management Systems were certified under TSO C129. TSO C129 allowed an operator to use a single FMS for a GPS approach as long as it was an overlay approach. This also required alternate navigational imputs, such as VOR, DME, ADF, etc.

The new WAAS receivers and Flight Management Systems are certified under TSO C145 and C146, allowing a very precise GPS approach without any additional inputs. These systems also have a unique feature: they are constantly doing an analysis of the GPS integrity. Part of this analysis is a cross check of the secondary system, which adds a high degree of reliability. 

One of the challenges of Air Traffic Control is to put multiple aircraft into a confined corridor and keep them properly separated. The new WAAS receivers are designed to accomplish this- the secondary system is a necessary backup in case of the failure of the primary system.  

Some manufacturers have designed WAAS monitors to act as a secondary FMS without a Cockpit Display Unit. This configuration provides the required redundancy without the expense of an entire second system. 

Do you have a question about WAAS? Ask it here

Tags: Avionics Installation, WAAS, Aircraft Communications, Flight Management System (FMS)

Making Sense of In-Flight Internet Options

Posted by Diane Heiserman on Fri, May 14, 2010 @ 10:26 AM

Selecting an aircraft high-speed data (HSD) system for in-flight connectivity is not unlike choosing a cell phone or internet access provider. Options abound, and naturally, so does confusion.

Most of the confusion seems to be with terminology, particularly the difference between "HSD" and "Wi-Fi". HSD is the data pipe to the aircraft, like the cable connection for your home internet. Wi-Fi connects to that data pipe, providing the equivalent of a wireless network inside the aircraft.

There are several HSD solutions available, with several equipment and service providers vying for attention.

A ground-based solution provides the fastest connection speed, similar to what you would experience in a home or office environment. But it doesn't activate until an aircraft is above 10,000 feet and is only available within the continental US.

Satellite-based solutions offer slower connection speeds, but they don't come with any altitude limitations and are accessible worldwide. However, these systems require a fuselage-mounted antenna, which some aircraft just can't accommodate. 

Charts of connectivity options and global coverage from Arinc and Iridium are available at Mary Kirby's Runway Girl blog with Flightglobal.

Upgrade paths can also help narrow the decision, as the majority of an aircraft's existing equipment can be left intact, helping to reduce costs and downtime.

There are a lot of variables to consider. While the industry waits for FAA guidelines and documentation, keep in mind this is a fairly new technology to business aviation. Questions? Duncan Aviation's Avionics Installations Sales Reps can help.

More details on the topic, including observations from our industry experts, will be available in the next edition of the Duncan Debrief due out this summer. Stay tuned!

Tags: Avionics Installation, Wi-Fi, In-Flight Internet, Aircraft Communications

Inflight Internet Brings Life to the Office in the Sky

Posted by Duncan Download Blog on Thu, May 06, 2010 @ 09:47 AM

Twenty years ago, when Al Gore (ha!) invented the internet, the quest to place the capability onboard the corporate jet had begun. A similar capability had been available in military and government aircraft, however, it was severely limited. AFIS (Airborne Flight Information System) and SAT-AFIS, were also very early forms of airborne electronic communication...but internet access?

Manufacturers of airborne communication equipment subsequently created software and hardware patches to utilize the dial-up properties of their air-ground communications systems, to allow dial-up internet access. The dial-up speeds, even after slight improvements, were still painfully slow even by the standards in those days. The speed and bandwidth improvements made in the Inmarsat systems and Swift-64 could not keep up with the content and bandwidth requirements of internet use.

FINALLY, there are solutions which place broadband access at your fingertips in the air. With the advent of the newest generation of Inmarsat I4 satellites, SwiftBroadband has brought 432Kbps speed and bandwidth to bizav aircraft. The Inmarsat solution is available through many different hardware manufacturers. The most likely aircraft for the Inmarsat solution are the larger bizav aircraft capable of intercontinental travel due to the size of the intermediate and high-gain antennas required for the system. There are some antennas available now which make the Inmarsat solution more palatable for the mid-size bizav aircraft.

Aircell Broadband is another option for placing internet access onboard corporate aircraft. The Aircell solution is a ground-based solution which offers incredible speeds, but is only available over the continental United States above 10,000 feet. The architecture of the Aircell system makes it attractive to nearly every bizav aircraft in nearly every class.

The other solution for bizav operators is the KU-band satellite-based solution. The KU-band solution was originally developed by Boeing for military and government use and is just now becoming available for corporate aircraft. The KU solution is targeted toward the heavier corporate jets, which can bear the size and weight of the equipment. The KU-band solution is a satellite-based solution that is nearly global in its coverage area.

I've spoken with several bizav operators currently using the available systems. Their response has been very positive. The uses for in-flight broadband services are varied and even varied among operators depending on the primary mission of their corporate jet fleet. The positive feedback is almost universal, with operators enjoying how the systems are much simpler to use and log onto than previous. The speed and capability of airborne broadband have given operators access to various tools like never before. Those operators whose primary missions are within the continental United States utilize the available systems for priorities such as web-based office productivity, entertainment and cockpit services. Priorities change a bit when speaking with operators who routinely fly overseas.

Matt Nelson, Duncan Aviation Satellite Operations Manager

Tags: In-Flight Internet, Aircraft Communications


Subscribe by Email