Network Centric Operations Research Secure Mobile Networking SWIM Net Centric Demos TIM 8 William Ivancic, NASA Glenn Research Center 9 November 2011

Goal of Today’s Participation? Gain a better understanding of the current state of SWIM and the future plans, directions and needs. Determine what expertise and technologies the Networks and Architectures Branch of NASA Glenn Research Center might be applicable to future demonstrations and prototyping. Provide some insight into what NASA GRC has done and is currently doing in regarding Aeronautics and Space-based Network Centric Operations. Provide some insight into NASA GRC’s capabilities and facilities particularly regarding: The Airport Surface Wireless Communications, Navigation and Surveillance (CNS) Test Bed at Cleveland Hopkins Aircraft Access to SWIM (AAtS)

Secure Mobile Networking in an Operational Setting US Coast Guard Cutter Neah Bay – Cleveland, Ohio

Use and Deployments 1st Demonstrated August 23 & November 6, 2002 on Lake Erie Used in operational setting July – Sept 2003 New York and Boston Harbor NY City had no land line Boston land line was poor – switched to satellite Used Oct – Nov 2003 at shipyard during maintenance 802.11b at 11 Mbps

Encrypted Network Data Transfers Dock Encryption Mobile LAN 10.x.x.x EAST WEST PROXY USCG INTRANET 10.x.x.x INTERNET FIREWALL FA - Detroit Encryption EAST WEST HA Dock FA Cleveland 802.11b link Public Address USCG Officer’s Club

IPv6 Network IPv6 Mobile Networking Z Demonstration Nov 2004 to Monitoring Points Globalstar IPv4 Mobile LAN IPv6 Mobile Router IPv6 Mobile Networking Demonstration Nov 2004 to CIO of DOD Z T-Mobile 4-to-6 Tunnel 6-to-4 (DOOR) 6-to-4 (DOOR) IPv6 Mobile LAN Remote Controlled Webcam Corresponding Public Node IPv4 Public Internet IPv6 Network 6-to-4 Tunnel CNS IPv6 Intranet Z 6-to-4 Tunnel GRC Open Network (DMZ) IPv6 Web Server Glenn Research Center NASA NREN IPv6 Intranet IPv6 Web Server Eurocontrol IPv6 Intranet IPv6 Web Server IPv6 Home Agent 6-to-4 (DOG)

Aeronautics-Based Network Centric Operations Research

Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) Communications Sub-Project Project Engineer: Jim Griner Deputy Sub Project Manager for GRC: Bob Kerczewski Goal: Partner with industry to develop and test a prototype commercial UAS command and control communication system consistent with RTCA SC-203 defined vision and architectural concepts. Provide data and recommendations regarding future policy and guidance Milestones: FY11 Provide Spectrum Inputs to WP5B of WRC FY12 C2 frequency band propagation in a relevant environment complete FY13 Development of C2 system prototype equipment complete FY14 Validation of security mitigations in relevant environment complete FY15 Performance testing of C2 System in relevant environment complete FY16 C2 system performance testing in mixed traffic environment (Flight Test 4) FY16 Large scale simulations of candidate C2 technologies and their impact on air traffic capacity complete Security, Security, Security Security is the key to everything But its hard ITAR make is very difficult to address internationally Need one system for both the National and Global Airspace Systems

NASA-FAMS Air-to-Ground Communications Systems Partnership AIST: Data & Information Production Application/Mission Hyperspectral & AIRS data reduction On-board cloud detection Science Theme Water & Energy Cycle Discipline: (Please choose one of the following) Data Collection & H&ling Transmission & Dissemination Data & Information Production Search, Access, Analysis & Display System Management TRL: Please enter the initial TRL according to your proposal. The TRL is defined as follows: TRL 1 Basic principles observed & reported Transition from scientific research to applied research. Essential characteristics & behaviors of systems & architectures. Descriptive tools are mathematical formulations or algorithms. TRL 2 Technology concept &/or application formulated Applied research. Theory & scientific principles are focused on specific application area to define the concept. Characteristics of the application are described. Analytical tools are developed for simulation or analysis of the application. TRL 3 Analytical & experimental critical function &/or characteristic proof-of-concept Proof of concept validation. Active Research & Development (R&D) is initiated with analytical & laboratory studies. Demonstration of technical feasibility using breadboard or brassboard implementations that are exercised with representative data. TRL 4 Component/subsystem validation in laboratory environment St&alone prototyping implementation & test. Integration of technology elements. Experiments with full-scale problems or data sets. TRL 5 System/subsystem/component validation in relevant environment Thorough testing of prototyping in representative environment. Basic technology elements integrated with reasonably realistic supporting elements. Prototyping implementations conform to target environment & interfaces. TRL 6 System/subsystem model or prototyping demonstration in a relevant end-to-end environment (ground or space) Prototyping implementations on full-scale realistic problems. Partially integrated with existing systems. Limited documentation available. Engineering feasibility fully demonstrated in actual system application. TRL 7 System prototyping demonstration in an operational environment (ground or space) System prototyping demonstration in operational environment. System is at or near scale of the operational system, with most functions available for demonstration & test. Well integrated with collateral & ancillary systems. Limited documentation available. TRL 8 Actual system completed & "mission qualified" through test & demonstration in an operational environment (ground or space) End of system development. Fully integrated with operational hardware & software systems. Most user documentation, training documentation, & maintenance documentation completed. All functionality tested in simulated & operational scenarios. Verification & Validation (V&V) completed. TRL 9 Actual system "mission proven" through successful mission operations (ground or space) Fully integrated with operational hardware/software systems. Actual system has been thoroughly demonstrated & tested in its operational environment. All documentation completed. Successful operational experience. Sustaining engineering support in place. 99 NASA-FAMS Air-to-Ground Communications Systems Partnership Objectives Develop a communications capability satisfying the operational needs of the Federal Air Marshal Service involving aircraft platforms Capability: Fully realized, deployable and useable end-to-end solution Aircraft Platforms: Communications within an aircraft and between other air and ground contacts FAMS Air-to-Ground Communication System Emulator Approach Develop AGCS technology Roadmap identifying services, technology maturity, and gaps Work with specific commercial systems/vendors to ensure FAMS comm requirements are integrated Develop comm prototypes, perform lab evaluations to assess and validate performance Develop a public/private partnership plan for implementing the FAMS air/ground communication system Key Milestones 4/1/08 Deliver AGCS technology Roadmap 11/1/08 Complete Flight tests of Inmarsat Satcom system 3/1/09 Complete installation of emulated air/ground communication system on FAMS trainer aircraft 6/1/09 Complete FAMS Public/Private Partnership Plan 3/1/10 Complete FAMS Communication Device EMI testing at FAA Technical Center 3/1/10 Deliver 26 Air-to-Ground Comm System Emulators 12/31/11 Complete FAMS Device-to-Device prototype and perform EMI testing at FAA Tech Center Partners DHS Science & Technology, DHS Federal Air Marshal Service (FAMS)

ICAO Endorsed Future Communications Study Technology Recommendations (what has become AeroMACS) Future Communications Study, ICAO Aeronautical Communications Panel, Recommendation #1: Develop a new system based on the IEEE 802.16e standard operating in the C-band and supporting the airport surface environment. Europe Common Shortlist United States Oceanic / Remote Continental Custom Satellite P34/TIA-902 LDL B-AMC AMACS Inmarsat SBB IEEE 802.16e Airport Today’s Focus

Aeronautical Mobile Airport Communications System (AeroMACS) Objectives Participate in the development of a Wireless Airport Communications System for use in the National Airspace System Support technology profile development and standardization in national and international forums Develop, test and validate wireless communications technology utilizing NASA GRC Communications Navigation and Surveillance (CNS) test bed Approach Utilize GRC CNS test bed to validate wireless system performance for fixed and mobility nodes Conduct technology interference analysis utilizing propagation tools Test system performance with operational applications in GRC CNS test bed Utilize collected test data to support technology standardization activities RTCA Special Committee (SC-223) AeroMACS profile development Minimum Operational Performance Standards Action Plan 30 Future Communications Infrastructure Joint Eurocontrol - FAA/NASA recommendations to NextGen Program, SESAR, ICAO on WIMAX Potential Mobile Applications ATC Communications with any aircraft anywhere Airport operations Investigate network capabilities for AeroMACS to support AOC applications and Aircraft Access to SWIM (AAtS) Potential Fixed Applications Sensor data collection/dissemination for situational awareness Network enabled Weather Data

NASA-Cleveland Test Bed AeroMACS Network Layout GRC B500 SS Base Stations Subscriber Stations NASA Glenn Research Center GRC B4 BS & Backhaul AZ = 55° ° Private Hangar SS AZ = 200° GRC B110 Core Server & Backhaul AZ = 295° AZ = 45° ARFF BS & Backhaul Backhaul Consolidated Maintenance Facility SS Terminal C SS Snow Barn SS Core Server AZ = 185° Approach Lighting SS Glycol Tanks SS Cleveland-Hopkins International Airport

AeroMACS Development – GRC First (and still only) in the World AeroMACS Operational Prototype Testbed First Networked Wireless Airport Surface Communications System interconnecting ASDE-X (Surface Multilateration) ground stations First Networked Wireless Inter-Airport Communications System interconnecting three NE Ohio airports First WiMAX-based multi-node network operating in new 5091-5150 MHZ spectrum allocation First AeroMACS mobile network demonstrations First radar site integration demonstration using AeroMACS (current activity) AeroMACS-aircraft connectivity demonstration (planned) AeroMACS Electronic Flight Bag upload (planned) AeroMACS FMS upload demonstration (planned) AeroMACS-SWIM integration test and demonstration (planned) AeroMACS Wx sensor integration (planned) 13

How Do You Select and Implement the Routing Path? High Speed SatCom Network Globally Available Affected by Weather Higher Bandwidth High Latency High Cost Low Speed SatCom Network Globally Available Low Bandwidth High Latency Very High Cost Redundant Entertainment Mobile Network Command and Control Operations Low Rate VHF Reliable Low Latency High Speed Terrestrial Not Available when Mobile High Bandwidth Low latency Lower Cost High Speed LOS Network Globally Available High Bandwidth Low Latency Lower Security Moderate Cost Internet Destination Network (for Entertainment) Destination Network (for Operations) Destination Network (for Command & Control) How do you decide which path the data should take? How do you cause the network(s) to route the data via this path?

Aviation Specific Issues Safety of Life / Safety of Flight Time-Critical command and control for Air Traffic Control Fast convergence time is essential! New radio link technologies are “uncertified” for Air Traffic Control / Air Operations Communications (ATC/AOC) Regulatory requirements force network design Three independent network domains (required for regulatory, QoS, & security) Passenger & In-Flight-Entertainment Airline Operations Air Traffic Control Service providers may be authorized to carry one, two, or all services. ATC will be a “closed network” Multiple security and authentication architectures Internet Engineering Task Force (IETF) RFC5522: “Network Mobility Route Optimization Requirements for Operational Use in Aeronautics and Space Exploration Mobile Networks”

Network Partitioning by Service Architecture Example NSPs/Airlines/Framers/Suppliers/etc QoS & Security Service Levels for: Network Control Voice over IP High Priority Special Projects General Purpose Security Perimeter Security Mgt PIES Networks are logically partitioned. Many logical networks share a common physical infrastructure. QoS can be managed by both network & flow Net-Mgt & Routing VOIP Network Infra. AOC ATC PIES Data Center Source: Terry L Davis, Boeing

Air Traffic Management LAN Operations LAN (Avionics) Multiplexing at the Router SATCOM AERO-1 Communication and Display SATCOM AERO-HH Mobile Network 1 Air Traffic Management LAN VHF Voice/DATA Mobile Router HF Voice/DATA Mobile Network 2 Operations LAN (Avionics) NEM0-1 NEMO-2 NEMO-3 INMARSAT Swift 64 High-Rate Satellite Sensor Controller (Optional Display) WiFi Max Mobile Network 3 Policy-base Link Access GateLink Passenger Services Cellular Future Links

Policy-Based Link Access, Critical Link Active P-DATA Mobile Router High speed link P-DATA AOC Home Agent int1 ATC Low latency link AOC P-DATA int2 ATC Reliable link int3 ATC ATC Routing Policy Routing Policy

Policy-Based Link Access, Passengers Link Active P-DATA High speed link Mobile Router P-DATA P-DATA P-DATA AOC ATC AOC Home Agent int1 P-DATA ATC Low latency link P-DATA int2 AOC Reliable link int3 ATC Routing Policy Routing Policy

Space-Based Network Centric Operations Research

GRC Network & Architectures Branch 1st to demonstrate and deploy secure mobile networking in an operational government network, the US Coast Guard (Used SeaTel / Globalstar 8 muxed phone antenna system) 1st and only group to deploy Mobile-IP Mobile networking on a space-based asset, the Cisco router in Low Earth Orbit (CLEO) 1st to deploy Internet Protocol security (IPsec) and Internet Protocol version 6 (Ipv6) on a space-base asset. 1st to deploy delay/disruption network technology bundling protocol in space. 1st and only group to demonstrate space-based large file transfers over multiple ground stations using Delay Tolerant Networking (DTN) bundling. Experiments exercised proactive and reactive bundle fragmentation and International interoperability using standard Internet protocols. Our Facilities are Global and Beyond!

Secure Autonomous Integrated Controller for Distributed Sensor Webs Stored data transferred to ground (Large file transfer over multiple ground stations) 7 4 Network Control Center Configures Spacecraft via VMOC VMOC negotiates for ground station services 2 VMOC negotiates for Space Assets 5 Space Sensor acquires data (e.g. image) 6 Stored data transferred to ground 3 Network Control Center Configures Ground Assets VMOC NOC NOC NOC Sensor 1 Seismic Sensor alerts VMOC

Open Internet Network Configuration UK-DMC/CLEO US Army Space & Missile Defense Battle Lab Colorado Springs Experiments Workstation Satellite Scheduler & Controller National Institute for Information and Communication Technology (NICT) Koganei, Japan Multi-User Ground Station (MUGS) Colorado Springs, CO Segovia NOC SSTL Guildford England Open Internet VMOC-1 (GRC) Universal Space Networks Ground Network Alaska, Hawaii and Australia Home Agent (GRC) Database VMOC

Cisco Router in Low Earth Orbit (GRC/SSTL/CLEO IPv6/IPv4 Tunnels) 8.1Mbps from satellite 9600bps to satellite frame relay DLCI 17 – unencrypted ‘clear’ link IPv6 in 6-over-4 tunnel in Mobile IPv4 tunnel to Home Agent Mobile IPv4 native IPv4 6-over-4 tunnel for non-mobile IP traffic native IPv6 between routers 2621 router PIX firewall Secure VPN tunnel PIX firewall secured IPv6 in 6-over-4 tunnel over IPv4 IPsec Internet Cisco MAR 3251 on UK-DMC IPv6 in 6-over-4 tunnel in Mobile IP as above, if IPsec link is preferred and used instead IPv4 IPv4 IPv4 IPsec encryption between routers SSTL ground station LAN, carrying IPv4 and IPv6 over Ethernet NASA Glenn Home Agent IPv6 frame relay DLCI 18 – encrypted link IPv4 IPsec Mobile IPv4 tunnel Private 192.x addressing Private 192.x addressing Public addressing

International Multi-organizational Network Centric Operations “Proposed” Security Research Intrusion Detection Penetration Testing Ground Rules What Information will be shared regarding security implementations? What degree of probing will be allowed? What information will be shared regarding probing techniques? What information will be shared regarding vulnerabilities found? Leave Markers? How and to whom will this information be reported?