Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 1 Future Technologies and Critical Issues.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Distributed Data Processing

ISS Institutional DTN Overview for CCSDS

MUGS, IPv6 and Secure Distributed Sensor Webs Will Ivancic NASA Glenn Research Center

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 Hi-rate Efficient Data Delivery, Secure Mobile Networking and Network Centric Operations Will Ivancic/PI Phil.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Delay Tolerant Networking Gareth Ferneyhough UNR CSE Department

Internet Protocol Security (IPSec)

Virtual Private Network

March 2004 At A Glance ITOS is a highly configurable low-cost control and monitoring system. Benefits Extreme low cost Database driven - ITOS software.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Course 201 – Administration, Content Inspection and SSL VPN

Data Communications and Networks

IEEE Aerospace Conference 2011 – Big Sky Montana Applying Web-Based Tools for Research, Engineering and Operations Will Ivancic

2004 International Telemetering Conference20 October CCSDS FILE DELIVERY PROTOCOL INTER-IMPLEMENTATION TESTING FINAL REPORT TESTING OF A DTN PROTOCOL.

Figure 1-2: Simple peer-to-peer network

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.

→ Potential ESA- Roscosmos Cooperation in Education Activities.

1 Virtual Mission Operations of Remote Sensors with Rapid Access to/from Space SpaceOps 2010 April 26-30, 2010 AIAA Will Ivancic

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

Glenn Research Center Networks & Architectures Branch Communications Technology 3 rd Annual Workshop on Flight Software – Nov 4 -6, Implementation.

Open Source DTN for ISS Payloads Concept Proposal, 05-Jun Open-source DTN communication software for ISS Payloads Kevin K. Gifford BioServe Space.

Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

IEEE Globecom 2010 – December , 2010 Implementation of DTN for Large File Transfers from Low Earth Orbiting Satellite Will Ivancic NASA Glenn Research.

Glenn Research Center Networks & Architectures Branch Communications Technology IETF73 - IRTF DTNRG Meeting November Space-based DTN Low Earth Orbit.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Introduction Slide 1 A Communications Model Source: generates.

Space-Based Network Centric Operations Research. Secure Autonomous Integrated Controller for Distributed Sensor Webs Objective Develop architectures and.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

June 2004 SIW-4 - IP in Space Implementation Guide 1 Handbook for Using IP Protocols for Space Missions James Rash - NASA/GSFC Keith Hogie, Ed Criscuolo,

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

Introduction to Information Systems Lecture 06 Telecommunications and Networks Business Value of Networks Jaeki Song.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

DTN Network Management Scenarios and General Requirements Will Ivancic

2006 ICNS Conference and Workshop May Virtual Mission Operations Center for Virtual Towers 2006 Integrated CNS Conference and Workshop Will Ivancic.

1 Mobile-IP Priority Home Agents for Aerospace and Military Applications Terry Bell, Will Ivancic, Dave Stewart, Dan Shell and Phil Paulsen.

First, by sending smaller individual pieces from source to destination, many different conversations can be interleaved on the network. The process.

Page 1 Unclassified _NB_Next Steps.ppt Phillip E. Paulsen Space Communications Office NASA Glenn Research Center (GRC) Cleveland, Ohio 6 November.

Will Ivancic NASA Glenn Research Center Secure, Autonomous,

National Aeronautics and Space Administration Glenn Research Center Networks and Architectures Branch Network Centric.

Internet Architecture and Governance

March 2004 At A Glance autoProducts is an automated flight dynamics product generation system. It provides a mission flight operations team with the capability.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.

The CCSDS Cislunar Communications Architecture Keith Scott The MITRE Corporation CCSDS Meeting January 2007.

August 2003 At A Glance The IRC is a platform independent, extensible, and adaptive framework that provides robust, interactive, and distributed control.

NASA MSFC Mission Operations Laboratory MSFC NASA MSFC Mission Operations Laboratory Ku - Band, DTN, and enhanced payload utilization.

BITTT—Beijing Institute of Tracking and Telecommunications Technology

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

IP Addressing & Routing - Down Downlink addressing –Normal addressing to any ground destination with normal ground routing –Packets addressed to another.

Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division IEEE Aerospace Conference March Architecture.

March 2004 At A Glance The AutoFDS provides a web- based interface to acquire, generate, and distribute products, using the GMSEC Reference Architecture.

February 14, 2013 POIWG Technical Overview CR / HM-3430 Ku Forward Capability.

VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,

Windows Vista Configuration MCTS : Advanced Networking.

Low Earth Orbit Results

ISS Institutional DTN Overview for CCSDS

Module 8: Securing Network Traffic by Using IPSec and Certificates

Chapter 3: Windows7 Part 4.

Distributed Space/Ground Network Centric Operations Research Testbed

Module 8: Securing Network Traffic by Using IPSec and Certificates

Satellite Communication 101 (or maybe 1.01)

Presentation transcript:

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Future Technologies and Critical Issues Regarding NCO Deployment (It’s about Security and Trust) The Devil is in the Details! Will Ivancic

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Outline Terminology Network Design relative to NCO High level organizational security Policy and network Architecture design –Rules of engagement –The affect such policy has on network design and NCO Mobility and tactical systems –Require local security policy control –Require an easily deployable Internet Protocol security key and policy distribution Future technologies –Current state-of-the-art of these technologies –Reality versus hype

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec mobile routing Home Agent (NASA Glenn) Segovia NOC ‘shadow’ backup VMOC-2 (NASA Glenn) UK-DMC/CLEO router high-rate passes over SSTL ground station (Guildford, England) primary VMOC-1 Air Force Battle Labs (CERES) Internet mobile router appears to reside on Home Agent’s network at NASA Glenn secure Virtual Private Network tunnels (VPNs) between VMOC partners ‘battlefield operations’ (tent and Humvee, Vandenberg AFB) low-rate UK-DMC passes over secondary ground stations receiving telemetry (Alaska, Colorado Springs) 8.1Mbps downlink 9600bps uplink 38400bpsdownlink other satellite telemetry to VMOC UK-DMCsatellite CLEO onboard mobile access router CLEO/VMOC Network USN Alaska

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Participating Organizations

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec The Cisco router in low Earth orbit (CLEO) Put a COTS Cisco router in space Determine if the router could withstand the effects of launch and radiation in a low Earth orbit and still operate in the way that its terrestrial counterparts did. Ensure that the router was routing properly Implement mobile network and demonstrate its usefulness for space-based applications. –Since the UK–DMC is an operational system, a major constraint placed on the network design was that any network changes could not impact the current operational network

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Virtual Mission Operations Center (VMOC) Enable system operators and data users to be remote Verify individual users and their authorizations Establish a secure user session with the platform Perform user and command prioritization and contention control Apply mission rules and perform command appropriateness tests Relay data directly to the remote user without human intervention Provide a knowledge data base and be designed to allow interaction with other, similar systems Provide an encrypted gateway for “unsophisticated” user access (remote users of science data)

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Virtual Mission Operations Center

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Summary - Timeline of Events NASA’s first opportunity to touch CLEO was May 11th, 2004 At best, satellite passes were: – 1 per day, 3 days per week, 8 minutes per pass –Cisco router testing next week (from actual ): Tues 11/05/2004: 10h05UTC pass (6:05 EDT) Wed 12/05/2004: 10h43UTC pass (6:43 EDT) Fri 14/05/2004: 10h20UTC pass (6:20 EDT) Successful VMOC metrics testing was performed June It is highly doubtful this would have been possible without the use of IP!

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec CLEO/VMOC Lessons Learned The ability to have all the tools available in a full IOS on the onboard router proved invaluable –Argument for slimmed-down IOS May be more robust or easier to qualify rigorously for the space environment. –Argument for full IOS Removing functionality may result in less stable code rather than more stable code, as any change in software can affect the robustness of software and second. –Full IOS has been tested daily by hundreds of thousands of users It is quite probable the functionality taken out will end up being the functionality one needs for some later, unforeseen configuration need. Mobile networking greatly simplifies network configurations at the ground stations and adds an extremely insignificant amount of overhead (three small packets per session for binding setup). –Triangular routing is preferred if the rate on the terrestrial links cannot meet or exceed the rate of the downlink. –Triangular routing along with new file transfer applications enables full utilization of the downlink.

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec CLEO/VMOC Lessons Learned The interface between asset owners will have to be identified and some special software written when sharing infrastructure –Use of commercial standards (IP, Simple Object Access Protocol, XML) make implementing these software interfaces much quicker and easier than if noncommercial standard protocols were used. The engineering model of the onboard and ground assets is a necessity According to Universal Space Networks and Integral System Integration, there are products available for ground station TT&C that have become de facto industry standards. Using them will greatly simplify ground station integration and reduce costs. –An example provided by USN and ISI: IN–SNEC’s CORTEX satellite telemetry products for ground stations

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec NCO Experiences Successful NCO has more to do with building trust relationships at the “people level” than it has to do with technology. Putting NCO in an operational system is the true test. –This forces ALL security issues to be address! Internetwork Centric Operations, NCO across various networks owned and operated by various entities if far different the NCO within your own network. –Everybody has to expose themselves to some degree. That degree has to be negotiated up front. I need to understand how your system works and you need to understand how my system works. Strengths and vulnerabilities are exposed to some degree. –Internetworking NCO is like a marriage 50/50 is doomed to failure. 100% commitment is required by all parties. –You MUST understand and accept the needs of the other parties. –Patience and Persistence, Patience and Persistence, and more Patience and Persistence!

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec VMOC NOC 6 Stored data transferred to ground Sensor 1 Seismic Sensor alerts VMOC 5 Space Sensor acquires data (e.g. image) Network Control Center Configures Spacecraft via VMOC VMOC negotiates for ground station services 2 2 VMOC negotiates for Space Assets 3 3 Network Control Center Configures Ground Assets Stored data transferred to ground (Large file transfer over multiple ground stations) 7 Secure Autonomous Integrated Controller for Distributed Sensor Webs

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Home Agent (GRC) US Army Space & Missile Defense Battle Lab Colorado Springs Segovia NOC Multi-User Ground Station (MUGS) Colorado Springs, CO SSTL Guildford England VMOC-1 (GRC) Open Internet VMOCDatabase Experiments Workstation Satellite Scheduler & Controller Hiroshima Institute of Technology Hiroshima, Japan Universal Space Networks Ground Network Alaska, Hawaii and Australia UK-DMC/CLEO Network Configuration

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Open Internet Which should lead to some interesting security and scheduling work! US Army Space & Missile Defense (US Govt -.mil) Surrey Satellite Technology Limited (UK Industry) Virtual Mission Operations Center (US Govt. -.gov) Mobile-IP NEMO Home Agent (US Govt. -.gov) Hiroshima Institute of Technology (Japan Academia -.edu) Universal Space Network - Alaska (US Industry -.com) Universal Space Network - Hawaii (US Industry -.com) Universal Space Network - Australia (US Industry -.com)

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec Conclusions The ability to integrate infrastructure owned and controlled by various parties provides the following benefits: –Reduce the risk, cost, size, and development time for Earth science space-based and ground-based information systems. –Increased science through collaboration The network required to perform secure, autonomous, intelligent control of integrating distributed sensor webs provides and excellent opportunity to perform international multi-organizational network centric operations “ proposed ” security research.

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec International Multi-organizational Network Centric Operations “Proposed” Security Research Intrusion Detection Penetration Testing Ground Rules –What Information will be shared regarding security implementations? –What degree of probing will be allowed? –What information will be shared regarding probing techniques? –What information will be shared regarding vulnerabilities found? Leave Markers? –How and to whom will this information be reported?

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec International Interoperability NASA claims of International Interoperability –For the most part it is at the data-link layer and modulation and coding (CCSDS) –Federal Express layer. –The space-link extension (SLE) Not required for IP-based systems (at least the data-link extension portion of the SLE protocol) Wraps data-link in IP; therefore all security issues associated with tying IP networks together must be addressed Mission Planning and Scheduling service must be implemented. –A “framework” for such exists as part of the mission services portion of SLE Full interoperability means –Forward and return data is actually transmitted though systems owned and operated by various entities. (Note, this has an enormous security aspect to it.) Ground stations Network-layer space relays (satellite, rovers, or whatever infrastructure may be utilized as part of the communication network). –Requires autonomous routing mechanisms –Store and forward such as Delay/Disruption Tolerant Networking (DTN) Requires securing data at rest