This specification addresses the following characteristics of connections between mobile devices and onboard WLAN network infrastructures.

• Connections based on IEEE 802.11 wireless LAN standards.

• Onboard Remote Authentication Dial-In User Service (RADIUS) Authentication, Authorization, And Accounting (AAA) services will be required for authenticating client devices to onboard WLAN networks.

• Authentication protocol will be based on Extensible Authentication Protocol- Transport Layer Security (EAP-TLS).

• Mutual authentication will be enabled to ensure two-way trust relationships are established between clients and an onboard access point.

• Encryption algorithms to be based on Advanced Encryption Standard (AES)-Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), Galois Counter Mode Protocol (GCMP), or 192-bit AES-256 in GCM mode with SHA-384 as Keyed-Hashing for Message Authentication (HMAC).

• The scope of this document is to define the properties of a secure connection between the access point and wireless client(s).

This specification does not address the following characteristics of connections between mobile devices and onboard WLAN network infrastructures.

• Certificate management is outside the scope of this document but can be referenced in ARINC Report 842: Guidance for Usage of Digital Certificates.

• Client device profile management is outside of the scope.

• Client authentication policies will not require live ground communication to allow a client to successfully authenticate to the WLAN network.

• Network subnet isolation and routing is outside the scope of this document.

• Client security outside of a secure wireless communication channel is outside the scope of this document.

• Wireless communication standards not included in IEEE 802.11 are outside the scope of this document.