Boeing IT architect pushes Secure Mobile Architecture

In addition to its WLAN tracking efforts, Boeing’s IT and PhantomWorks R&D groups are working on a new way to secure the company’s sprawling 802.11 network with something it calls Secure Mobile Architecture.

The point of SMA is to stick a lightweight encrypted identity into every packet generated by a device. Another aim is to disconnect user network identities from IP addresses, to allow for greater mobility, WLAN roaming and seamless transitions between IPv4 and IPv6 networks.

This concept is being evangelized inside Boeing – where SMA is being tested – and in the standards community by Richard Paine, a technologist with the PhantomWorks group, who is also the chair of the 802.11k working group, which is developing a standard for gathering information about WLAN clients.

“We can actually trace back at any point in the network who a packet is from and who it is going to,” Paine says of the SMA technology. “When you’re doing this, it can be routed anywhere in the world. It’s an end-to-end security association between two endpoints.”

Boeing’s SMA technology uses public-key infrastructure (PKI) certificates along with Host Identity Protocol (HIP) – an experimental IETF RFC that acts like the IPsec, but has skinnier packets that take up less bandwidth, according to Paine. The HIP authentication involves a four-way client/controller handshake, in which PKI keys are exchanged and a “cookie puzzle” – an encrypted problem – is presented to the client software, which must be solved using data in the security keys.

“It’s totally secure in the setup,” Paine says. “By the time you finish this four-way handshake, you’ve validated the cookie puzzle, you’ve generated key material and solved this IPsec security association. From that point in, all the packets that go back and forth are IPsec … it can be wired and wireless.”

The directory aspect of SMA ties this HIP authentication and packet-marking technique to a Secure Lightweight Directory Access Protocol directory on the back end. The overall architecture will, in theory, allow Boeing to secure its network based on employee or machine identities, instead of IP addresses.

“There is no spoofing of IP or [media access control] addresses because the addresses are actually stored, and can be changed, in the background,” he says. This will also allow for better WLAN roaming. Moving between IPv4 and IPv6 networks will also be simplified, Paine says.

“The application doesn’t’ care because the security association is in the name space, not the address,” he says. “This has some very wide applicability; an ISP as large as MSN or AOL could implement this and reduce a lot of the security angst that’s evident on the Internet.”

According to Paine, the FAA requires that every step in the process of building an airplane is identified with the individual and the equipment used.

“A mechanic that does something on the airplane has to use his own identity stamp to certify that he or she did a particular job on the airplane,” Paine says. “All the tools used to build airplanes have to go through a certification process by the FAA. It’s really something.”

This is done so that in case there is a problem with the aircraft, or in the worst case scenario, a crash, the FAA inspectors can go back to where something might have been done wrong.

“Automating that and making it secure and mobile — that’s the problem,” Paine says. “Trying to figure out how to move the airplane along and keep it in the flow rate that we need to deliver an airplane on time is one of our big-time challenges.”

Workers assembling a plane enter their identity and passwords to the Boeing factory network, which provides the accountability as to who worked on what project at a certain time. This is an improvement over the past when paper records were used, but it can still be cumbersome, Paine says, since the mechanics are still mostly logging into wired PC on the LAN each time they do a job.

“One of the issues we run into in the factory is that wireless is not readily accepted by the hourly workers, because they get disconnected and then they have to use a VPN to get back in to the network; they just won’t do it, it’s a pain in the neck.”

Paine is hoping SMA will eventually allow workers to roam seamlessly over any WLAN segment on the factory floor without loosing login state. “SMA could alleviate that by allowing them to have a whole shift without having to re-enter their password all the time.”

Back to main story