Presentation on theme: "Network Centric Operations Research Secure Mobile Networking"— Presentation transcript:
1Network Centric Operations Research Secure Mobile Networking SWIM Net Centric Demos TIM 8William Ivancic, NASA Glenn Research Center9 November 2011
2Goal of Today’s Participation? Gain a better understanding of the current state of SWIM and the future plans, directions and needs.Determine what expertise and technologies the Networks and Architectures Branch of NASA Glenn Research Center might be applicable to future demonstrations and prototyping.Provide some insight into what NASA GRC has done and is currently doing in regarding Aeronautics and Space-based Network Centric Operations.Provide some insight into NASA GRC’s capabilities and facilities particularly regarding:The Airport Surface Wireless Communications, Navigation and Surveillance (CNS) Test Bed at Cleveland HopkinsAircraft Access to SWIM (AAtS)
3Secure Mobile Networking in an Operational Setting US Coast Guard Cutter Neah Bay – Cleveland, Ohio
4Use and Deployments1st Demonstrated August 23 & November 6, 2002 on Lake ErieUsed in operational setting July – Sept 2003New York and Boston HarborNY City had no land lineBoston land line was poor – switched to satelliteUsed Oct – Nov 2003 at shipyard during maintenance802.11b at 11 Mbps
5Encrypted Network Data Transfers DockEncryptionMobileLAN10.x.x.xEASTWESTPROXYUSCGINTRANET10.x.x.xINTERNETFIREWALLFA - DetroitEncryptionEASTWESTHADockFACleveland802.11b linkPublic AddressUSCG Officer’s Club
6IPv6 Network IPv6 Mobile Networking Z Demonstration Nov 2004 to MonitoringPointsGlobalstarIPv4 Mobile LANIPv6MobileRouterIPv6 MobileNetworkingDemonstrationNov 2004 toCIO of DODZT-Mobile4-to-6 Tunnel6-to-4 (DOOR)6-to-4 (DOOR)IPv6 Mobile LANRemoteControlledWebcamCorrespondingPublic NodeIPv4PublicInternetIPv6Network6-to-4TunnelCNSIPv6IntranetZ6-to-4TunnelGRC Open Network (DMZ)IPv6 WebServerGlenn ResearchCenterNASA NRENIPv6IntranetIPv6 WebServerEurocontrolIPv6IntranetIPv6 WebServerIPv6HomeAgent6-to-4(DOG)
7Aeronautics-BasedNetwork Centric Operations Research
8Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) Communications Sub-ProjectProject Engineer: Jim GrinerDeputy Sub Project Manager for GRC: Bob KerczewskiGoal: Partner with industry to develop and test a prototype commercial UAS command and control communication system consistent with RTCA SC-203 defined vision and architectural concepts. Provide data and recommendations regarding future policy and guidanceMilestones:FY11 Provide Spectrum Inputs to WP5B of WRCFY12 C2 frequency band propagation in a relevant environment completeFY13 Development of C2 system prototype equipment completeFY14 Validation of security mitigations in relevant environment completeFY15 Performance testing of C2 System in relevant environment completeFY16 C2 system performance testing in mixed traffic environment (Flight Test 4)FY16 Large scale simulations of candidate C2 technologies and their impact on air traffic capacity completeSecurity, Security, SecuritySecurity is the key to everythingBut its hardITAR make is very difficult to address internationallyNeed one system for both the National and Global Airspace Systems
9NASA-FAMS Air-to-Ground Communications Systems Partnership AIST: Data & Information ProductionApplication/MissionHyperspectral & AIRS data reductionOn-board cloud detectionScience ThemeWater & Energy CycleDiscipline: (Please choose one of the following)Data Collection & H&lingTransmission & DisseminationData & Information ProductionSearch, Access, Analysis & DisplaySystem ManagementTRL: Please enter the initial TRL according to your proposal. The TRL is defined as follows:TRL 1 Basic principles observed & reportedTransition from scientific research to applied research. Essential characteristics & behaviors of systems & architectures. Descriptive tools are mathematical formulations or algorithms.TRL 2 Technology concept &/or application formulatedApplied research. Theory & scientific principles are focused on specific application area to define the concept. Characteristics of the application are described. Analytical tools are developed for simulation or analysis of the application.TRL 3 Analytical & experimental critical function &/or characteristic proof-of-conceptProof of concept validation. Active Research & Development (R&D) is initiated with analytical & laboratory studies. Demonstration of technical feasibility using breadboard or brassboard implementations that are exercised with representative data.TRL 4 Component/subsystem validation in laboratory environmentSt&alone prototyping implementation & test. Integration of technology elements. Experiments with full-scale problems or data sets.TRL 5 System/subsystem/component validation in relevant environmentThorough testing of prototyping in representative environment. Basic technology elements integrated with reasonably realistic supporting elements. Prototyping implementations conform to target environment & interfaces.TRL 6 System/subsystem model or prototyping demonstration in a relevant end-to-end environment (ground or space)Prototyping implementations on full-scale realistic problems. Partially integrated with existing systems. Limited documentation available. Engineering feasibility fully demonstrated in actual system application.TRL 7 System prototyping demonstration in an operational environment (ground or space)System prototyping demonstration in operational environment. System is at or near scale of the operational system, with most functions available for demonstration & test. Well integrated with collateral & ancillary systems. Limited documentation available.TRL 8 Actual system completed & "mission qualified" through test & demonstration in an operational environment (ground or space)End of system development. Fully integrated with operational hardware & software systems. Most user documentation, training documentation, & maintenance documentation completed. All functionality tested in simulated & operational scenarios. Verification & Validation (V&V) completed.TRL 9 Actual system "mission proven" through successful mission operations (ground or space)Fully integrated with operational hardware/software systems. Actual system has been thoroughly demonstrated & tested in its operational environment. All documentation completed. Successful operational experience. Sustaining engineering support in place.99NASA-FAMS Air-to-Ground Communications Systems PartnershipObjectivesDevelop a communications capability satisfying the operational needs of the Federal Air Marshal Service involving aircraft platformsCapability: Fully realized, deployable and useable end-to-end solutionAircraft Platforms: Communications within an aircraft and between other air and ground contactsFAMS Air-to-GroundCommunication System EmulatorApproachDevelop AGCS technology Roadmap identifying services, technology maturity, and gapsWork with specific commercial systems/vendors to ensure FAMS comm requirements are integratedDevelop comm prototypes, perform lab evaluations to assess and validate performanceDevelop a public/private partnership plan for implementing the FAMS air/ground communication systemKey Milestones4/1/08 Deliver AGCS technology Roadmap11/1/08 Complete Flight tests of Inmarsat Satcom system3/1/ Complete installation of emulated air/ground communication system on FAMS trainer aircraft6/1/09 Complete FAMS Public/Private Partnership Plan3/1/ Complete FAMS Communication Device EMI testing at FAA Technical Center3/1/ Deliver 26 Air-to-Ground Comm System Emulators12/31/11 Complete FAMS Device-to-Device prototype and perform EMI testing at FAA Tech CenterPartnersDHS Science & Technology, DHS Federal Air Marshal Service (FAMS)
10ICAO Endorsed Future Communications Study Technology Recommendations (what has become AeroMACS) Future Communications Study, ICAO Aeronautical Communications Panel, Recommendation #1: Develop a new system based on the IEEE e standard operating in the C-band and supporting the airport surface environment.EuropeCommon ShortlistUnited StatesOceanic / RemoteContinentalCustom SatelliteP34/TIA-902LDLB-AMCAMACSInmarsat SBBIEEE eAirportToday’s Focus
11Aeronautical Mobile Airport Communications System (AeroMACS) ObjectivesParticipate in the development of a Wireless Airport Communications System for use in the National Airspace SystemSupport technology profile development and standardization in national and international forumsDevelop, test and validate wireless communications technology utilizing NASA GRC Communications Navigation and Surveillance (CNS) test bedApproachUtilize GRC CNS test bed to validate wireless system performance for fixed and mobility nodesConduct technology interference analysis utilizing propagation toolsTest system performance with operational applications in GRC CNS test bedUtilize collected test data to support technology standardization activitiesRTCA Special Committee (SC-223)AeroMACS profile developmentMinimum Operational Performance StandardsAction Plan 30 Future Communications InfrastructureJoint Eurocontrol - FAA/NASA recommendations to NextGen Program, SESAR, ICAO on WIMAXPotential Mobile ApplicationsATC Communications with any aircraft anywhereAirport operationsInvestigate network capabilities for AeroMACS to support AOC applications and Aircraft Access to SWIM (AAtS)Potential Fixed ApplicationsSensor data collection/dissemination for situational awarenessNetwork enabled Weather Data
13AeroMACS Development – GRC First (and still only) in the World AeroMACS Operational Prototype TestbedFirst Networked Wireless Airport Surface Communications System interconnecting ASDE-X (Surface Multilateration) ground stationsFirst Networked Wireless Inter-Airport Communications System interconnecting three NE Ohio airportsFirst WiMAX-based multi-node network operating in new MHZ spectrum allocationFirst AeroMACS mobile network demonstrationsFirst radar site integration demonstration using AeroMACS (current activity)AeroMACS-aircraft connectivity demonstration (planned)AeroMACS Electronic Flight Bag upload (planned)AeroMACS FMS upload demonstration (planned)AeroMACS-SWIM integration test and demonstration (planned)AeroMACS Wx sensor integration (planned)13
14How Do You Select and Implement the Routing Path? High Speed SatCom NetworkGlobally AvailableAffected by WeatherHigher BandwidthHigh LatencyHigh CostLow Speed SatCom NetworkGlobally AvailableLow BandwidthHigh LatencyVery High CostRedundantEntertainmentMobile NetworkCommand andControlOperationsLow Rate VHFReliableLow LatencyHigh Speed TerrestrialNot Available when MobileHigh BandwidthLow latencyLower CostHigh Speed LOS NetworkGlobally AvailableHigh BandwidthLow LatencyLower SecurityModerate CostInternetDestination Network(for Entertainment)Destination Network(for Operations)Destination Network(for Command & Control)How do you decide which path the data should take?How do you cause the network(s) to route the data via this path?
15Aviation Specific Issues Safety of Life / Safety of FlightTime-Critical command and control for Air Traffic ControlFast convergence time is essential!New radio link technologies are “uncertified” for Air Traffic Control / Air Operations Communications (ATC/AOC)Regulatory requirements force network designThree independent network domains(required for regulatory, QoS, & security)Passenger & In-Flight-EntertainmentAirline OperationsAir Traffic ControlService providers may be authorized to carry one, two, or all services.ATC will be a “closed network”Multiple security and authentication architecturesInternet Engineering Task Force (IETF)RFC5522: “Network Mobility Route Optimization Requirements forOperational Use in Aeronautics and Space Exploration Mobile Networks”
16Network Partitioning by Service Architecture Example NSPs/Airlines/Framers/Suppliers/etcQoS & Security Service Levels for:Network ControlVoice over IPHigh PrioritySpecial ProjectsGeneral PurposeSecurity PerimeterSecurity MgtPIESNetworks are logically partitioned.Many logical networks share a common physical infrastructure.QoS can be managed by both network & flowNet-Mgt& RoutingVOIPNetwork Infra.AOCATCPIESData CenterSource: Terry L Davis, Boeing
17Air Traffic Management LAN Operations LAN (Avionics) Multiplexing at the RouterSATCOM AERO-1Communication and DisplaySATCOM AERO-HHMobile Network 1Air Traffic Management LANVHF Voice/DATAMobile RouterHF Voice/DATAMobile Network 2Operations LAN (Avionics)NEM0-1 NEMO-2 NEMO-3INMARSAT Swift 64High-Rate SatelliteSensor Controller (Optional Display)WiFi MaxMobile Network 3Policy-baseLink AccessGateLinkPassenger ServicesCellularFuture Links
18Policy-Based Link Access, Critical Link Active P-DATAMobile RouterHigh speed linkP-DATAAOCHome Agentint1ATCLow latency linkAOCP-DATAint2ATCReliable linkint3ATCATCRouting PolicyRouting Policy
19Policy-Based Link Access, Passengers Link Active P-DATAHigh speed linkMobile RouterP-DATAP-DATAP-DATAAOCATCAOCHome Agentint1P-DATAATCLow latency linkP-DATAint2AOCReliable linkint3ATCRouting PolicyRouting Policy
21GRC Network & Architectures Branch 1st to demonstrate and deploy secure mobile networking in an operational government network, the US Coast Guard(Used SeaTel / Globalstar 8 muxed phone antenna system)1st and only group to deploy Mobile-IP Mobile networking on a space-based asset, the Cisco router in Low Earth Orbit (CLEO)1st to deploy Internet Protocol security (IPsec) and Internet Protocol version 6 (Ipv6) on a space-base asset.1st to deploy delay/disruption network technology bundling protocol in space.1st and only group to demonstrate space-based large file transfers over multiple ground stations using Delay Tolerant Networking (DTN) bundling. Experiments exercised proactive and reactive bundle fragmentation and International interoperability using standard Internet protocols.Our Facilities are Global and Beyond!
22Secure Autonomous Integrated Controller for Distributed Sensor Webs Stored data transferred to ground (Large file transfer over multiple ground stations)74Network Control Center Configures Spacecraft via VMOCVMOC negotiates for ground station services2VMOC negotiates for Space Assets5Space Sensor acquires data (e.g. image)6Stored data transferred to ground3Network Control Center Configures Ground AssetsVMOCNOCNOCNOCSensor1Seismic Sensor alerts VMOC
23Open Internet Network Configuration UK-DMC/CLEO US Army Space & Missile Defense Battle LabColorado SpringsExperimentsWorkstationSatelliteScheduler& ControllerNational Institute for Information and Communication Technology (NICT)Koganei, JapanMulti-User Ground Station (MUGS)Colorado Springs, COSegovia NOCSSTLGuildford EnglandOpen InternetVMOC-1(GRC)Universal Space NetworksGround NetworkAlaska, Hawaii and AustraliaHomeAgent(GRC)DatabaseVMOC
24Cisco Router in Low Earth Orbit (GRC/SSTL/CLEO IPv6/IPv4 Tunnels) 8.1Mbps from satellite9600bps to satelliteframe relay DLCI 17 – unencrypted ‘clear’ linkIPv6 in 6-over-4 tunnel in Mobile IPv4 tunnel to Home AgentMobile IPv4native IPv46-over-4 tunnel for non-mobile IP trafficnative IPv6 between routers2621routerPIXfirewallSecure VPN tunnelPIXfirewallsecured IPv6 in 6-over-4 tunnel over IPv4 IPsecInternetCisco MAR3251 onUK-DMCIPv6 in 6-over-4 tunnel in Mobile IP as above, if IPsec link is preferred and used insteadIPv4IPv4IPv4 IPsec encryption between routersSSTL ground station LAN,carrying IPv4 and IPv6 over EthernetNASAGlennHomeAgentIPv6frame relay DLCI 18 – encrypted linkIPv4 IPsecMobile IPv4 tunnelPrivate 192.x addressingPrivate 192.x addressingPublic addressing
25International Multi-organizational Network Centric Operations “Proposed” Security Research Intrusion DetectionPenetration TestingGround RulesWhat Information will be shared regarding security implementations?What degree of probing will be allowed?What information will be shared regarding probing techniques?What information will be shared regarding vulnerabilities found?Leave Markers?How and to whom will this information be reported?