Overview:
Our client from the aerospace industry approached us with a project involving an aircraft authentication system. They emphasized the need for robust authentication and access control due to the aircraft systems and the increasing concerns about cybersecurity threats such as viruses and malware. Technicians responsible for maintaining aircraft systems on the ground had to go through a secure method of accessing the network of the aircraft to configure and troubleshoot various devices.
Objective:
To implement a secure authentication system for accessing the aircraft network, ensuring that only authorized personnel can connect to the network.
Technical Solution: We proposed to implement the 802.1x protocol with authentication support via a RADIUS server integrated into the CPU of the switch.
The switch features a powerful ARM 64-bit processor with sufficient capacity to handle authentication processes without significant resource consumption, so we installed a free RADIUS server on the switch’s CPU to enable seamless integration with the existing switch infrastructure.
Technicians attempting to access the network had to possess valid certificates on their laptops. Only those with the correct certificates are granted access to the aircraft’s network. All certificates were securely managed to prevent unauthorized tampering. Physically inserting certificates was done using a secure method, ensuring that certificates can only be updated but not removed, even if the switch is accessed physically.
By implementing this authentication system, we provide our aerospace client with a secure and reliable solution for controlling access to their aircraft network, ensuring the integrity and safety of critical systems both in-flight and on the ground.
The solution was designed to work across all switches manufactured by Large Networks, providing an optional authentication system for their customers, so clients who are looking for an all-in-one solution with both server and switch functionalities can easily integrate the authentication server into their network infrastructure.