Presentation is loading. Please wait.

Presentation is loading. Please wait.

Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 1 Future Technologies and Critical Issues.

Published byMorgan Horatio Newton Modified over 9 years ago

Similar presentations

Presentation on theme: "Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 1 Future Technologies and Critical Issues."— Presentation transcript:

1 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 1 Future Technologies and Critical Issues Regarding NCO Deployment (It’s about Security...... and Trust) The Devil is in the Details! Will Ivancic william.d.ivancic@nasa.gov 216-433-3494

2 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 2 Outline Terminology Network Design relative to NCO High level organizational security Policy and network Architecture design –Rules of engagement –The affect such policy has on network design and NCO Mobility and tactical systems –Require local security policy control –Require an easily deployable Internet Protocol security key and policy distribution Future technologies –Current state-of-the-art of these technologies –Reality versus hype

3 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 3 mobile routing Home Agent (NASA Glenn) Segovia NOC ‘shadow’ backup VMOC-2 (NASA Glenn) UK-DMC/CLEO router high-rate passes over SSTL ground station (Guildford, England) primary VMOC-1 Air Force Battle Labs (CERES) Internet mobile router appears to reside on Home Agent’s network at NASA Glenn secure Virtual Private Network tunnels (VPNs) between VMOC partners ‘battlefield operations’ (tent and Humvee, Vandenberg AFB) low-rate UK-DMC passes over secondary ground stations receiving telemetry (Alaska, Colorado Springs) 8.1Mbps downlink 9600bps uplink 38400bpsdownlink other satellite telemetry to VMOC UK-DMCsatellite CLEO onboard mobile access router CLEO/VMOC Network USN Alaska

4 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 4 Participating Organizations

5 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 5 The Cisco router in low Earth orbit (CLEO) Put a COTS Cisco router in space Determine if the router could withstand the effects of launch and radiation in a low Earth orbit and still operate in the way that its terrestrial counterparts did. Ensure that the router was routing properly Implement mobile network and demonstrate its usefulness for space-based applications. –Since the UK–DMC is an operational system, a major constraint placed on the network design was that any network changes could not impact the current operational network

6 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 6 Virtual Mission Operations Center (VMOC) Enable system operators and data users to be remote Verify individual users and their authorizations Establish a secure user session with the platform Perform user and command prioritization and contention control Apply mission rules and perform command appropriateness tests Relay data directly to the remote user without human intervention Provide a knowledge data base and be designed to allow interaction with other, similar systems Provide an encrypted gateway for “unsophisticated” user access (remote users of science data)

7 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 7 Virtual Mission Operations Center

8 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 8 Summary - Timeline of Events NASA’s first opportunity to touch CLEO was May 11th, 2004 At best, satellite passes were: – 1 per day, 3 days per week, 8 minutes per pass –Cisco router testing next week (from actual email): Tues 11/05/2004: 10h05UTC pass (6:05 EDT) Wed 12/05/2004: 10h43UTC pass (6:43 EDT) Fri 14/05/2004: 10h20UTC pass (6:20 EDT) Successful VMOC metrics testing was performed June 7-11. It is highly doubtful this would have been possible without the use of IP!

9 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 9 CLEO/VMOC Lessons Learned The ability to have all the tools available in a full IOS on the onboard router proved invaluable –Argument for slimmed-down IOS May be more robust or easier to qualify rigorously for the space environment. –Argument for full IOS Removing functionality may result in less stable code rather than more stable code, as any change in software can affect the robustness of software and second. –Full IOS has been tested daily by hundreds of thousands of users It is quite probable the functionality taken out will end up being the functionality one needs for some later, unforeseen configuration need. Mobile networking greatly simplifies network configurations at the ground stations and adds an extremely insignificant amount of overhead (three small packets per session for binding setup). –Triangular routing is preferred if the rate on the terrestrial links cannot meet or exceed the rate of the downlink. –Triangular routing along with new file transfer applications enables full utilization of the downlink.

10 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 10 CLEO/VMOC Lessons Learned The interface between asset owners will have to be identified and some special software written when sharing infrastructure –Use of commercial standards (IP, Simple Object Access Protocol, XML) make implementing these software interfaces much quicker and easier than if noncommercial standard protocols were used. The engineering model of the onboard and ground assets is a necessity According to Universal Space Networks and Integral System Integration, there are products available for ground station TT&C that have become de facto industry standards. Using them will greatly simplify ground station integration and reduce costs. –An example provided by USN and ISI: IN–SNEC’s CORTEX satellite telemetry products for ground stations

11 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 11 NCO Experiences Successful NCO has more to do with building trust relationships at the “people level” than it has to do with technology. Putting NCO in an operational system is the true test. –This forces ALL security issues to be address! Internetwork Centric Operations, NCO across various networks owned and operated by various entities if far different the NCO within your own network. –Everybody has to expose themselves to some degree. That degree has to be negotiated up front. I need to understand how your system works and you need to understand how my system works. Strengths and vulnerabilities are exposed to some degree. –Internetworking NCO is like a marriage 50/50 is doomed to failure. 100% commitment is required by all parties. –You MUST understand and accept the needs of the other parties. –Patience and Persistence, Patience and Persistence, and more Patience and Persistence!

12 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 12 VMOC NOC 6 Stored data transferred to ground Sensor 1 Seismic Sensor alerts VMOC 5 Space Sensor acquires data (e.g. image) 4 4 4 4 Network Control Center Configures Spacecraft via VMOC VMOC negotiates for ground station services 2 2 VMOC negotiates for Space Assets 3 3 Network Control Center Configures Ground Assets Stored data transferred to ground (Large file transfer over multiple ground stations) 7 Secure Autonomous Integrated Controller for Distributed Sensor Webs

13 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 13 Home Agent (GRC) US Army Space & Missile Defense Battle Lab Colorado Springs Segovia NOC Multi-User Ground Station (MUGS) Colorado Springs, CO SSTL Guildford England VMOC-1 (GRC) Open Internet VMOCDatabase Experiments Workstation Satellite Scheduler & Controller Hiroshima Institute of Technology Hiroshima, Japan Universal Space Networks Ground Network Alaska, Hawaii and Australia UK-DMC/CLEO Network Configuration

14 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 14 Open Internet Which should lead to some interesting security and scheduling work! US Army Space & Missile Defense (US Govt -.mil) Surrey Satellite Technology Limited (UK Industry) Virtual Mission Operations Center (US Govt. -.gov) Mobile-IP NEMO Home Agent (US Govt. -.gov) Hiroshima Institute of Technology (Japan Academia -.edu) Universal Space Network - Alaska (US Industry -.com) Universal Space Network - Hawaii (US Industry -.com) Universal Space Network - Australia (US Industry -.com)

15 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 15 Conclusions The ability to integrate infrastructure owned and controlled by various parties provides the following benefits: –Reduce the risk, cost, size, and development time for Earth science space-based and ground-based information systems. –Increased science through collaboration The network required to perform secure, autonomous, intelligent control of integrating distributed sensor webs provides and excellent opportunity to perform international multi-organizational network centric operations “ proposed ” security research.

16 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 16 International Multi-organizational Network Centric Operations “Proposed” Security Research Intrusion Detection Penetration Testing Ground Rules –What Information will be shared regarding security implementations? –What degree of probing will be allowed? –What information will be shared regarding probing techniques? –What information will be shared regarding vulnerabilities found? Leave Markers? –How and to whom will this information be reported?

17 Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 17 International Interoperability NASA claims of International Interoperability –For the most part it is at the data-link layer and modulation and coding (CCSDS) –Federal Express layer. –The space-link extension (SLE) Not required for IP-based systems (at least the data-link extension portion of the SLE protocol) Wraps data-link in IP; therefore all security issues associated with tying IP networks together must be addressed Mission Planning and Scheduling service must be implemented. –A “framework” for such exists as part of the mission services portion of SLE Full interoperability means –Forward and return data is actually transmitted though systems owned and operated by various entities. (Note, this has an enormous security aspect to it.) Ground stations Network-layer space relays (satellite, rovers, or whatever infrastructure may be utilized as part of the communication network). –Requires autonomous routing mechanisms –Store and forward such as Delay/Disruption Tolerant Networking (DTN) Requires securing data at rest

Download ppt "Glenn Research Center Networks & Architectures Branch Communications Technology DNCO Conference: 03 Dec 2008 1 Future Technologies and Critical Issues."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Distributed Data Processing

Distributed Data Processing
ISS Institutional DTN Overview for CCSDS

ISS Institutional DTN Overview for CCSDS
MUGS, IPv6 and Secure Distributed Sensor Webs Will Ivancic NASA Glenn Research Center

MUGS, IPv6 and Secure Distributed Sensor Webs Will Ivancic NASA Glenn Research Center
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
1 Hi-rate Efficient Data Delivery, Secure Mobile Networking and Network Centric Operations Will Ivancic/PI 216-433-3949 Phil.

1 Hi-rate Efficient Data Delivery, Secure Mobile Networking and Network Centric Operations Will Ivancic/PI Phil.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Delay Tolerant Networking Gareth Ferneyhough UNR CSE Department 4-19-2010.

Delay Tolerant Networking Gareth Ferneyhough UNR CSE Department
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Virtual Private Network

Virtual Private Network
March 2004 At A Glance ITOS is a highly configurable low-cost control and monitoring system. Benefits Extreme low cost Database driven - ITOS software.

March 2004 At A Glance ITOS is a highly configurable low-cost control and monitoring system. Benefits Extreme low cost Database driven - ITOS software.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Data Communications and Networks

Data Communications and Networks
IEEE Aerospace Conference 2011 – Big Sky Montana Applying Web-Based Tools for Research, Engineering and Operations Will Ivancic

IEEE Aerospace Conference 2011 – Big Sky Montana Applying Web-Based Tools for Research, Engineering and Operations Will Ivancic
2004 International Telemetering Conference20 October 20041 CCSDS FILE DELIVERY PROTOCOL INTER-IMPLEMENTATION TESTING FINAL REPORT TESTING OF A DTN PROTOCOL.

2004 International Telemetering Conference20 October CCSDS FILE DELIVERY PROTOCOL INTER-IMPLEMENTATION TESTING FINAL REPORT TESTING OF A DTN PROTOCOL.
Figure 1-2: Simple peer-to-peer network

Figure 1-2: Simple peer-to-peer network
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

Similar presentations

Ads by Google