Presentation is loading. Please wait.

Presentation is loading. Please wait.

ESA UNCLASSIFIED – For Official Use File Transfer BOF Noordwijkerhout, The Netherlands 02-Apr-14 Colin R. Haddow, ESA/ESOC Terrestrial File Transfer -

Published byClyde Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "ESA UNCLASSIFIED – For Official Use File Transfer BOF Noordwijkerhout, The Netherlands 02-Apr-14 Colin R. Haddow, ESA/ESOC Terrestrial File Transfer -"— Presentation transcript:

1

2 ESA UNCLASSIFIED – For Official Use File Transfer BOF Noordwijkerhout, The Netherlands 02-Apr-14 Colin R. Haddow, ESA/ESOC Terrestrial File Transfer - Concept

3 File Transfer BOF| 02-Apr-14| ESA | Slide 2 ESA UNCLASSIFIED – For Official Use It’s not rocket science

4 File Transfer BOF| 02-Apr-14| ESA | Slide 3 ESA UNCLASSIFIED – For Official Use Purpose File exchanged between agencies may be used in, but are not limited to;  Mission design, i.e. in investigating the feasibility of a mission with respect to the support available from another agency.  Mission operations, i.e. to transfer files required for the successful operation of a mission between two or more agencies.  Post Mission activities such as archiving data related to the mission.

5 File Transfer BOF| 02-Apr-14| ESA | Slide 4 ESA UNCLASSIFIED – For Official Use Terrestrial File Transfer Conceptual Model Internet Agency A Firewall File Transfer Host DMZ Internal Network Agency B Firewall File Transfer Host DMZ Internal Network File Transfer

6 File Transfer BOF| 02-Apr-14| ESA | Slide 5 ESA UNCLASSIFIED – For Official Use Design Goals The design goals behind this concept are;  Keep the design as simple as possible whilst meeting the perceived needs  Use “off the shelf” technologies, this concept is dealing with point-to-point terrestrial file transfer, something that occurs an enormous number of times per day over the internet

7 File Transfer BOF| 02-Apr-14| ESA | Slide 6 ESA UNCLASSIFIED – For Official Use Protocols The protocol to be used needs to be  able to provide security for the file transfer, e.g. it should not send user ID and/or passwords in plain text (thus ruling out standard FTP).  should conform to a recognized standard  readily available on a wide range of operating systems  capable of supporting both IPv4 and IPv6 network addresses.  designed for secure data communications over an insecure network.

8 File Transfer BOF| 02-Apr-14| ESA | Slide 7 ESA UNCLASSIFIED – For Official Use Transport Protocols Two widely adopted transport protocols are potential candidates:  Secure Shell (SSH)  SSH is a cryptographic network protocol providing remote command-line login, remote command execution and other secure network services between two networked computers.  Transport Layer Security (TLS)  Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet. Both allow the use of certificates for login, thus making scripting of file transfer straightforward. Both are available for a wide range of operating systems

9 File Transfer BOF| 02-Apr-14| ESA | Slide 8 ESA UNCLASSIFIED – For Official Use Transfer Protocols Selection of transfer protocols will largely be determined by the transport protocol. Some possibilities are outlined below.  SCP and SFTP (both runs over SSH)  SCP – Secure Copy, copies files between hosts on a network and uses the same authentication and provides the same security as SSHSFTP – Secure File Transfer Program, is an interactive file transfer program, similar to FTP. It may also use many features of SSH, such as public key authentication and compression  WebDAV (runs over TLS)  Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers. It provides a framework for users to create, change and move documents on a server; typically a web server or web share.

10 File Transfer BOF| 02-Apr-14| ESA | Slide 9 ESA UNCLASSIFIED – For Official Use File Types  A considerable number of the files that are likely candidates to be transferred via the TFT are likely to conform to CCSDS standards.  it is feasible that a SANA repository could be set up which would contain details of what a particular file type was, possible including the definition of the appropriate metadata for that file type.  It should however be recognized that it is also likely that a number of the files to be transferred may not conform to a CCSDS (or other recognized international standard).  The transfer of these files by means of the TFT must therefore not be precluded and it is therefore essential that the method of associating metadata with files, and the specification of the metadata, is such that this is readily expandable such that it can readily be used to transfer files that are not defined in the SANA registry.

11 File Transfer BOF| 02-Apr-14| ESA | Slide 10 ESA UNCLASSIFIED – For Official Use File Packaging  There are a number of different technologies readily available on a variety of platforms that could be used for wrapping the files,  ZIP  TAR  PAX  JAR  With exception of JAR none of the above provide a direct mechanism for associating metadata with the wrapped files.  Need to ensure that what is chosen can support large data volumes  Some versions of ZIP and TAR limited to approx 4Gbytes

12 File Transfer BOF| 02-Apr-14| ESA | Slide 11 ESA UNCLASSIFIED – For Official Use Metadata  As previously noted only JAR allows direct association of metadata with wrapped files.  Can overcome this by providing a manifest files containing the required metadata  Ways to encode required metadata include  XML – would require schema definition  XFDU –existing CCSDS standard

13 File Transfer BOF| 02-Apr-14| ESA | Slide 12 ESA UNCLASSIFIED – For Official Use File considerations  File and Directory naming  Permitted characters  File names  Manifest file name  Directory names  Processing  Metadata must contain any additional data required for further processing  Ensuring all files have been received  File counter in metadata ?  Further transfers  Injection into/from CFDP  Injection into/from agency specific file transfer systems

14 File Transfer BOF| 02-Apr-14| ESA | Slide 13 ESA UNCLASSIFIED – For Official Use Basic Operations  Required Operations  list– obtains information about a file or directory  get– retrieve a copy of the file (probably want to support wildcards, i.e. mget)  reget– reget acts like get, except that it can be used to continue a failed file transfer from the apparent point of failure.  put – store a local file on the remote machine (probably want to support wildcards, i.e. mput)  delete – delete a file on the remote machine  cd – change directory on the remote machine  mkdir – make a directory on the remote machine (Is this really needed if we define a directory structure ?)

15 File Transfer BOF| 02-Apr-14| ESA | Slide 14 ESA UNCLASSIFIED – For Official Use Hosts and Accounts  Hosts  Ideally the hosts for both the sender and receiver of the files would be transparently redundant, i.e. if the prime machine fails the backup machine should transparently replace it. Host names could be stored in a SANA registry.  If an approach based on TLS/WebdAV were to be adopted then, as this is an extension of http it would be possible to store the appropriate end points in a SANA registry.  Accounts  To keep things simple it is suggested that one user account per mission be foreseen. Login to this account could be by conventional user account/password. It would be however be preferable (and would certainly make automation easier) if login authentication was carried out by means of public-private key pairs. .

16 File Transfer BOF| 02-Apr-14| ESA | Slide 15 ESA UNCLASSIFIED – For Official Use Transfer of Files  Transfer of files  There are a number of possibilities with respect to where the transfer of files is instigated, particularly if it is assumed that the transfer of files is bi-directional, i.e. files go from one agency to a second, but files are also returned from the second agency to the first.  Simplest approach would be to assume that files are always pushed. Can we assume this ?  Is any form of notification of files being available required ?

17 File Transfer BOF| 02-Apr-14| ESA | Slide 16 ESA UNCLASSIFIED – For Official Use Directory Structure  Previously suggested that there is one account per mission. This being the case it is proposed that there are, within this account, only 2 directories;  in-tray – This directory would be used as the target directory for files pushed to the node. It is assumed that once a file has been found in the in-tray it will be moved to another location for further processing.  out-tray – This directory would be used either as a staging area for files that are to be pushed to the other agency or, if it is not permitted to push the files, would be where the files would be pulled from by the receiving agency. It is assumed that once a file has successfully been transferred from the out-tray it will be deleted from the out-tray or alternatively moved to an archive, in any event it will not remain in the out-tray directory

18 File Transfer BOF| 02-Apr-14| ESA | Slide 17 ESA UNCLASSIFIED – For Official Use Security  Not completely clear what is required but I would assume that at least the ability to optionally provide a hash value for each of the encapsulated files is  The mechanism for permitting a SHA-2 hash value for all “wrapped” files is to enclose the hash value in the meta data in the manifest file. With respect to providing the hash value for the manifest and wrapper files this can be done by appending the appropriate hash value to the full filename.  Is signing enclosed files needed ?  Is encrypting enclosed files needed ?  Is signing manifest file needed ?  Is encrypting manifest file needed ?  Is signing wrapper file needed ?  Is encrypting wrapper files needed ?

19 File Transfer BOF| 02-Apr-14| ESA | Slide 18 ESA UNCLASSIFIED – For Official Use Service Agreement  For the terrestrial file transfer between agencies it should be foreseen that some form of service agreement will be required. This would need to address the following points.  Points of contact  Hosts  Login Credentials  Notification Mechanism (if required)  Data Volume  Retention Time  Availability  Transfer Rate  Miscellaneous If multiple transport/transfer/wrapping mechanisms are in standard then this would indicate what is supported  Anything else ?

20 File Transfer BOF| 02-Apr-14| ESA | Slide 19 ESA UNCLASSIFIED – For Official Use Book Structure  With respect to defining the most aspects this should be straightforward.  Defining the required metadata for known file types is a bit trickier  Don’t want to have to issue the complete book again just because a new file type has been added or the metadata for an existing type has changed.  Put each metadata definition in a separate annex so only that annex has to be reissued if it changes ?  Put metadata definitions in SANA ?  Other alternatives ?

21 File Transfer BOF| 02-Apr-14| ESA | Slide 20 ESA UNCLASSIFIED – For Official Use Questions Thank you for your attention. Questions ?

Download ppt "ESA UNCLASSIFIED – For Official Use File Transfer BOF Noordwijkerhout, The Netherlands 02-Apr-14 Colin R. Haddow, ESA/ESOC Terrestrial File Transfer -"

Similar presentations

Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???

Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
19/05/2011 CSTS File transfer service discussions CSTS-File Transfer service discussions (2) CNES position.

19/05/2011 CSTS File transfer service discussions CSTS-File Transfer service discussions (2) CNES position.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.

FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
File Transfer Protocol (FTP)

File Transfer Protocol (FTP)
Introduction 1 Lecture 7 Application Layer (FTP, e-mail) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Introduction 1-1 Chapter 2 FTP & Email Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 6 Basic TCP/IP Services.

Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 6 Basic TCP/IP Services.

Similar presentations

Ads by Google