Authentication and Authorization Challenges for Controller-Pilot Information Exchange Using Mobile Devices

While most General Aviation (GA) pilots use some form of mobile application to file their flight plans and receive other pre-departure services, obtaining a departure clearance still requires voice communications, which can be time consuming and susceptible to errors. The MITRE Corporation's Center for Advanced Aviation System Development (MITRE CAASD) has been researching and prototyping ways to deliver departure clearances to pilots via their mobile devices without speaking a single word. Our more recent research involves studying the flight safety and information security aspects of providing voiceless Instrument Flight Rules (IFR) clearances, negotiation of IFR departure release at non-towered airports, and cancellation of IFR at non-towered airports using commercial mobile devices and technology. For brevity, we use the term “mobile IFR services” to describe these services intended for pilot use while aircraft are on the ground and not moving. Traditionally, information is exchanged between the Federal Aviation Administration (FAA) and certified avionics installed on an aircraft. The mobile IFR services environment will differ from this in several ways: •Information will be exchanged using readily available commercial hardware (e.g., mobile phones, tablets), services (e.g., wireless and mobile telecommunication networks), and applications (e.g., integrated into existing flight planning applications). •Data exchange will be performed by users acting on behalf of an aircraft (e.g., pilot, co-pilot, and dispatcher) and not by the aircraft avionics. •A single aircraft may be used by a multitude of pilots; for example, this is true of pilots who fly for a fleet of on-demand charter or fractional ownership aircraft, fly at a flight training school, or rent aircraft. There are many challenges to realizing mobile IFR services—particularly because the devices used to exchange information are not permanently bound to a single aircraft. Additional steps must be taken to ensure that users are who they say they are (authentication) and have the authority to act on behalf of a particular aircraft (authorization). Authentication and authorization are tightly coupled and must be considered together to ensure that information is exchanged only between the correct parties for a legitimate purpose. Understanding the burden required of service providers, users, and regulatory bodies, MITRE is researching practicable approaches for authentication and authorization within this new environment. This paper discusses various options currently being explored.