Applications
Products
Services
Company
Defence Open Architecture IDS Configuration Management Certificate Management Zero-Trust Avionics Networks
Aerospace SATCOM System Management Avionics Intrusion Detection Cabin Networking Secure Voice Avionics Data Recording Electronic Flight Bag Data Zero-Trust Avionics Networks
T-⁠RX Tester Avionics Radio Tester Accessories Channel Partners Support Store
Routers and Switches AP-251 Edge Router and WAP AP-561 Micro-WAP AP-155 Air-Gapped Router AP-160 16-Port Switch AP-250 Router and WAP IK-350 ARINC-600 Adapter
DataPHYs AP-555 ARINC-429 AP-553 MIL-1553 AP-558 CAN Bus AP-557 ARINC-717 AP-551 Wideband Audio AP-560 Analog Scope
Antennas IK-200 WiFi IK-201 5G/LTE
Lab Equipment LK-402 ARINC-600 Rack ARINC-600 Trays SystemX Development Kits
SystemX Operating System Avionics IDS Device and User Managers Network and Logs IDS Advanced Routing Application Hosting Remote Managment
Cybersecurity Security Operations Center Cybersecurity Evaluations
Design Customized Products
Company About Us Careers Contact

Zero-Trust Avionics Networks

At CCX Technologies we are always seeking new technologies that can be used to make avionics networks more secure. After the positive reception we received from our ground-breaking Securing Avionics with a Zero Trust Model white-paper which explores implementing a zero-trust architecture on an avionics network we decided to turn theory into reality.

We have created unique software and hardware tools that can be used to sign and verify avionics data and manage certificates used to sign data. Both are key components required to implement a zero-trust architecture on existing and future avionics networks.

Signing Data

Zero-Trust on Safety Critical Networks

Unlike other networks that can fail to a state that blocks access in the event of a security system failure, a safety critical system must fail into a safe but potentially insecure state when any aspect of a security system fails. So unlike other networks it is not safe to encrypt local avionics data, since any failure of the encryption or decryption process could result in data loss. The authenticity of the data source can still be verified in a fail-safe manner though, using data signatures without encryption.

A set of data samples can be signed and the signature transmitted inline with the data. This makes it possible for devices that receive the data to verify and trust the source of the data.

Data can be signed using multiple keys so that different keys can be used to identify different trusted sources, like the vendor that wrote the software that generated the data, the vendor that provided the hardware, the airline managing the equipment, etc. This makes it possible to create a trust score and react in the event that one but not all of the signatures are invalid.

Supported Platforms

Avionics data bus data can be collected and signatures verified with the CCX Technologies DataPHY Data Recorders. Some of our Secure Router platforms also support ARINC-429 and AFDX data collection.

Certificates can be managed from any SystemX Secure Router or Server. The SystemX Avionics IDS can be used to raise alerts, and implement security policies based on signature validity.

CCX Technologies can also provide software libraries and FPGA firmware that can be used to sign and verify avionics data for any existing or newly developed avionics equipment.