Individual network devices and facility networks are both targets for malicious attacks. A goal of WAI includes automatic authenticated attachment of devices to networks. Another goal is privacy of any personal messaging or confidential facility communication or setup. Aviation networking is highly scrutinized to ensure that higher priority networks are not degraded by public networks.
The addition of cabin announcements may increase the level of interaction between the IFE and onboard wireless and wired interfaces coupled with a higher dependency on real-time communications that may utilize the Internet to connect to end-systems on the ground.
The FAA has special conditions levied upon each applicant seeking approval of wireless passenger networks connecting passenger owned devices, or where the airplane has radio network capable of connecting to the Internet or other ground networks on the ground may not degrade the safe operation of the airplane.
Malicious threats originating from passenger owned devices or from the Internet must not pass outside of the ARINC 664 Passenger Information and Entertainment Services Ethernet Domain (PIESD) and interact with either the Aircraft Information Service Domain (AISD) or the Aircraft Control Domain (ACD).
Ethernet interfaces are scrutinized to prevent or manage any cross-domain connections.
Special scrutiny and firewalls are provided where non-Ethernet interfaces (such as ARINC 429) are used, or where information must be broadcast to the IFE from another domain.
IFE suppliers have been connecting IFE and presenting real-time information to passengers for over 25 years. The current trends to utilize broadband satcom systems that natively offer Internet IP connectivity coupled with using Passenger owned devices creates a more complex environment that requires a higher degree of vigilance ensuring that connected applications operate as expected.
Using IPSec or other secure networking based on a suitable certificate offers an acceptable means to authenticate the source of information and to preclude non-authorized traffic from proliferating.
Use of application-layer error checking permits the application to independently confirm to an acceptable level of risk that the information was from an authorized source and that the data was not corrupted.
VPN and application-layer error checking are effective for any Ethernet domain, and are pertinent as part of a defense-in-depth approach to securing connected cabin announcements from misbehavior.