Vehicle-to-Vehicle (V2) Identity, Security, and Trust Architecture Proof of Concept
The V2V Identity, Security, and Trust Architecture (VISTA) proof of concept is an implementation of a cybersecurity framework designed to address the specific needs of aircraft-to-anything (A2X) communications to support new National Airspace System entrants, including small drones (sUAS) and advanced aerial mobility (AAM) vehicles.
The VISTA framework defines a process of preflight authorization request and adjudication, transceiver loadset generation and distribution, broadcast message structure, trust establishment, and key rotation. VISTA enables the use of identity-based signing algorithms to produce a digital signature of a message payload. This digital signature is uniquely tied to the identity (i.e., link-global unique address) of a broadcaster, as validated and authorized prior to flight by a trusted authority. The identity portion of the broadcast message is included in a token, generated by the authority, and contains certain bounded permissions. The token itself is signed by the authority with a traditional (i.e., EdDSA) digital signature.
VISTA is a proof of concept for a V2V Security, Identity, and Trust Architecture (VISTA) example security framework implemented in Python. This proof of concept is not an implied endorsement that the VISTA framework is either sufficient or unique as a V2V security solution, but instead exists as a research and development baseline for community experimentation. Furthermore, this proof of concept implementation, while substantially functional, is not of production quality. Features and best practices must be assumed to remain incomplete, and their absence is not an endorsement of their necessitity or otherwise.
Major components include an authority responsible for authorizing link participants and managing cryptographic keys together with an associated REST API server, a transceiver that produces periodic squitters and validates received link messages, and a client CLI tool allowing user interaction with the authority server and management of transceivers. The crypto package implements utility functions and wrappers around the cryptographic libraries, while the models package includes data models for the REST API, domain (V2V link), and SQL backend.