Blockchain-Based Key Technologies Of Information Security Assurance For Air Traffic Management

The air traffic management(ATM)is a comprehensive information-based intelligent system consisting of ground computer network,airborne network and space satellite network,which adopts an integrated network structure of "air-space-ground" to provide continuous business services for related departments and units of civil aviation transportation.The ATM is an important information infrastructure for civil aviation transportation,which faces increasingly serious information security threats.Therefore,the Aviation Cyber Security Strategy released by the International Civil Aviation Organization in October 2019 requires that member states should actively carry out research and application of basic theories,core methods and key technologies for ATM information security assurance.This thesis focuses on the core objective of ATM information security assurance,according to the actual operational needs of ATM in terms of trustworthiness,security and availability,considers the composition structure of ATM wide area distribution,uses the decentralization and distributed accountancy features of blockchain and its advantages in data security,privacy protection,trustworthy storage and traceability,builds ATM trusted model,researches key methods such as identity authentication,data sharing and access control,and forms a new theory-method system for ATM information security assurance.The research work of this thesis is summarized as follows.First,a blockchain-based ATM information security assurance model is built.The current ATM has many departments,resulting in limited business collaboration,insufficient data sharing,and prominent problem of "data silos".The fundamental reason why data sharing among ATM departments is difficult to realize is that the trust problem and data rights protection problem have not been properly solved.In this thesis,the distributed network structure and information security assurance requirements of ATM are considered,and the ATM service is the core,and the three basic principles of trustworthiness,security and availability are used to build a blockchain-based ATM trusted model-ATMChain.The ATM security architecture based on ATMChain is designed to realize the 4A(Authentication,Accounting,Audit,Authorization)security function of ATM,forming a trusted ecology of ATM cyberspace,and solving the problem of lack of trust in the current "centralized" information system architecture of ATM.Second,a blockchain-based identity authentication method is proposed.With diverse ATM system equipment and a large ATM user community,trusted authentication is critical.In this thesis,ATM trusted identity authentication method,T-ATMChain,is designed to meet the need of multi-party trusted authentication in ATM environment.T-ATMChain is a concrete implementation of the authentication method of 4A security function in ATMChain.TATMChain reconstructs the trust relationship between different ATM authentication domains without changing the internal architecture of the current ATM authentication system,and achieves intra-and cross-domain trusted authentication with clear hierarchy and high scalability.At the same time,T-ATMChain optimizes the authentication method,improves the authentication efficiency,and solves the problems of single point of failure and difficult certificate path construction of the "central" ATM authentication system.Third,a blockchain-based data sharing method is proposed.The ATM data are distributed in different management and trust domains,and sharing ATM data from multiple sources is a key factor to determine the operational efficiency of ATM system.In this thesis,a decentralized data sharing method for ATM data,S-ATMChain,is designed to address the need for secure multi-party sharing of ATM data,which is a concrete implementation of the accounting and audit method of the 4A security function in ATMChain.In response to the realistic background of scattered ATM data storage and difficult sharing,S-ATMChain designs a cloud-chain fusion sharing framework,sharing mechanism,and sharing protocol for ATM data from the dimensions of ATM data validation,ATM data sharing control,and ATM data traceability,realizing credible validation,secure sharing,and availability verification in the three phases of ATM data sharing(before,during,and after sharing),and opening up a complete security link for the whole life cycle of ATM data.Fourth,a blockchain-based access control method is proposed.The current access control model in ATM needs to establish a centralized third-party authorization decision entity,which is subject to the risk of opaque policy determination and attribute privacy information leakage.This thesis proposes a "decentralized" access control method,A-ATMChain,to meet the demand for trusted,secure and controllable access control of ATM data,which is a concrete implementation of the authorization method of the 4A security function in ATMChain.AATMChain optimizes the attribute-based access control method for ATM distributed environment,multi-source data and multiple users,and solves the problems of maintaining the ownership of ATM data,defining access rights,and preventing leakage of third-party data at the current stage by integrating the advantages of blockchain.