170 likes | 266 Views
Future Technologies and Critical Issues Regarding NCO Deployment (It’s about Security ...... and Trust) The Devil is in the Details!. Will Ivancic william.d.ivancic@nasa.gov 216-433-3494. Outline. Terminology Network Design relative to NCO
E N D
Future Technologies and Critical Issues Regarding NCO Deployment (It’s about Security ...... and Trust)The Devil is in the Details! Will Ivancic william.d.ivancic@nasa.gov 216-433-3494
Outline • Terminology • Network Design relative to NCO • High level organizational security Policy and network Architecture design • Rules of engagement • The affect such policy has on network design and NCO • Mobility and tactical systems • Require local security policy control • Require an easily deployable Internet Protocol security key and policy distribution • Future technologies • Current state-of-the-art of these technologies • Reality versus hype
CLEO/VMOC Network UK-DMC satellite CLEO onboard mobile access router low-rate UK-DMC passes over secondary ground stations receiving telemetry (Alaska, Colorado Springs) 8.1Mbps downlink 9600bps uplink other satellite telemetry to VMOC 38400bps downlink ‘battlefield operations’ (tent and Humvee, Vandenberg AFB) UK-DMC/CLEO router high-rate passes over SSTL ground station (Guildford, England) Segovia NOC USN Alaska Internet secure Virtual Private Network tunnels (VPNs) between VMOC partners mobile router appears to reside on Home Agent’s network at NASA Glenn primary VMOC-1 Air Force Battle Labs (CERES) ‘shadow’ backup VMOC-2 (NASA Glenn) mobile routing Home Agent (NASA Glenn)
The Cisco router in low Earth orbit (CLEO) • Put a COTS Cisco router in space • Determine if the router could withstand the effects of launch and radiation in a low Earth orbit and still operate in the way that its terrestrial counterparts did. • Ensure that the router was routing properly • Implement mobile network and demonstrate its usefulness for space-based applications. • Since the UK–DMC is an operational system, a major constraint placed on the network design was that any network changes could not impact the current operational network
Virtual Mission Operations Center (VMOC) • Enable system operators and data users to be remote • Verify individual users and their authorizations • Establish a secure user session with the platform • Perform user and command prioritization and contention control • Apply mission rules and perform command appropriateness tests • Relay data directly to the remote user without human intervention • Provide a knowledge data base and be designed to allow interaction with other, similar systems • Provide an encrypted gateway for “unsophisticated” user access (remote users of science data)
Summary - Timeline of Events • NASA’s first opportunity to touch CLEO was May 11th, 2004 • At best, satellite passes were: • 1 per day, 3 days per week, 8 minutes per pass • Cisco router testing next week (from actual email): Tues 11/05/2004: 10h05UTC pass (6:05 EDT) Wed 12/05/2004: 10h43UTC pass (6:43 EDT) Fri 14/05/2004: 10h20UTC pass (6:20 EDT) • Successful VMOC metrics testing was performed June 7-11. It is highly doubtful this would have been possible without the use of IP!
CLEO/VMOC Lessons Learned • The ability to have all the tools available in a full IOS on the onboard router proved invaluable • Argument for slimmed-down IOS • May be more robust or easier to qualify rigorously for the space environment. • Argument for full IOS • Removing functionality may result in less stable code rather than more stable code, as any change in software can affect the robustness of software and second. • Full IOS has been tested daily by hundreds of thousands of users • It is quite probable the functionality taken out will end up being the functionality one needs for some later, unforeseen configuration need. • Mobile networking greatly simplifies network configurations at the ground stations and adds an extremely insignificant amount of overhead (three small packets per session for binding setup). • Triangular routing is preferred if the rate on the terrestrial links cannot meet or exceed the rate of the downlink. • Triangular routing along with new file transfer applications enables full utilization of the downlink.
CLEO/VMOC Lessons Learned • The interface between asset owners will have to be identified and some special software written when sharing infrastructure • Use of commercial standards (IP, Simple Object Access Protocol , XML) make implementing these software interfaces much quicker and easier than if noncommercial standard protocols were used. • The engineering model of the onboard and ground assets is a necessity • According to Universal Space Networks and Integral System Integration, there are products available for ground station TT&C that have become de facto industry standards. Using them will greatly simplify ground station integration and reduce costs. • An example provided by USN and ISI: IN–SNEC’s CORTEX satellite telemetry products for ground stations
NCO Experiences • Successful NCO has more to do with building trust relationships at the “people level” than it has to do with technology. • Putting NCO in an operational system is the true test. • This forces ALL security issues to be address! • Internetwork Centric Operations, NCO across various networks owned and operated by various entities if far different the NCO within your own network. • Everybody has to expose themselves to some degree. That degree has to be negotiated up front. • I need to understand how your system works and you need to understand how my system works. • Strengths and vulnerabilities are exposed to some degree. • Internetworking NCO is like a marriage • 50/50 is doomed to failure. 100% commitment is required by all parties. • You MUST understand and accept the needs of the other parties. • Patience and Persistence, Patience and Persistence, and more Patience and Persistence!
Secure Autonomous Integrated Controller for Distributed Sensor Webs VMOC negotiates for Space Assets Network Control Center Configures Spacecraft via VMOC VMOC negotiates for ground station services Stored data transferred to ground (Large file transfer over multiple ground stations) Space Sensor acquires data (e.g. image) 7 6 3 5 2 2 4 Stored data transferred to ground 4 Network Control Center Configures Ground Assets 3 VMOC negotiates for ground station services 4 1 Seismic Sensor alerts VMOC Network Control Center Configures Ground Assets Sensor 4 VMOC NOC NOC NOC
Network Configuration UK-DMC/CLEO US Army Space & Missile Defense Battle Lab Colorado Springs Experiments Workstation Satellite Scheduler & Controller Hiroshima Institute of Technology Hiroshima, Japan Multi-User Ground Station (MUGS) Colorado Springs, CO SSTL Guildford England Segovia NOC Open Internet VMOC-1 (GRC) Universal Space Networks Ground Network Alaska, Hawaii and Australia Home Agent (GRC) Database VMOC
Which should lead to some interesting security and scheduling work! Open Internet US Army Space & Missile Defense (US Govt - .mil) Hiroshima Institute of Technology (Japan Academia - .edu) Surrey Satellite Technology Limited (UK Industry) Universal Space Network - Alaska (US Industry - .com) Virtual Mission Operations Center (US Govt. - .gov) Universal Space Network - Hawaii (US Industry - .com) Mobile-IP NEMO Home Agent (US Govt. - .gov) Universal Space Network - Australia (US Industry - .com)
Conclusions • The ability to integrate infrastructure owned and controlled by various parties provides the following benefits: • Reduce the risk, cost, size, and development time for Earth science space-based and ground-based information systems. • Increased science through collaboration • The network required to perform secure, autonomous, intelligent control of integrating distributed sensor webs provides and excellent opportunity to perform international multi-organizational network centric operations “proposed” security research.
International Multi-organizational Network Centric Operations “Proposed” Security Research • Intrusion Detection • Penetration Testing • Ground Rules • What Information will be shared regarding security implementations? • What degree of probing will be allowed? • What information will be shared regarding probing techniques? • What information will be shared regarding vulnerabilities found? • Leave Markers? • How and to whom will this information be reported?
International Interoperability • NASA claims of International Interoperability • For the most part it is at the data-link layer and modulation and coding (CCSDS) • Federal Express layer. • The space-link extension (SLE) • Not required for IP-based systems (at least the data-link extension portion of the SLE protocol) • Wraps data-link in IP; therefore all security issues associated with tying IP networks together must be addressed • Mission Planning and Scheduling service must be implemented. • A “framework” for such exists as part of the mission services portion of SLE • Full interoperability means • Forward and return data is actually transmitted though systems owned and operated by various entities. (Note, this has an enormous security aspect to it.) • Ground stations • Network-layer space relays (satellite, rovers, or whatever infrastructure may be utilized as part of the communication network). • Requires autonomous routing mechanisms • Store and forward such as Delay/Disruption Tolerant Networking (DTN) • Requires securing data at rest