Upload
alejandra-greatorex
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Presented to:By:Date:
Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking
William Ivancic, NASA Glenn Research Center9 November 2011
SWIM Net Centric Demos TIM 8
2Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Goal of Today’s Participation?• Gain a better understanding of the current state of SWIM
and the future plans, directions and needs.• Determine what expertise and technologies the Networks
and Architectures Branch of NASA Glenn Research Center might be applicable to future demonstrations and prototyping.
• Provide some insight into what NASA GRC has done and is currently doing in regarding Aeronautics and Space-based Network Centric Operations.
• Provide some insight into NASA GRC’s capabilities and facilities particularly regarding:– The Airport Surface Wireless Communications,
Navigation and Surveillance (CNS) Test Bed at Cleveland Hopkins
– Aircraft Access to SWIM (AAtS)
3Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Secure Mobile Networking in anOperational Setting
US Coast Guard Cutter Neah Bay – Cleveland, Ohio
4Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Use and Deployments
• 1st Demonstrated August 23 & November 6, 2002 on Lake Erie
• Used in operational setting July – Sept 2003– New York and Boston Harbor
• NY City had no land line• Boston land line was poor – switched to satellite
• Used Oct – Nov 2003 at shipyard during maintenance– 802.11b at 11 Mbps
Federal AviationAdministration
MobileLAN10.x.x.x
INTERNET USCGINTRANET
10.x.x.x
FA - Detroit
FA Cleveland
HA
Encryption
PR
OX
Y
En
cryp
tio
n
802.11b link
FIR
EW
AL
LPublic Address
USCG Officer’s Club
EAST
WEST
Dock
EAST
WEST
Dock
Encrypted NetworkData Transfers
Federal AviationAdministration
IPv4 Mobile LAN IPv6Mobile Router
CorrespondingPublic Node
IPv6HomeAgent
MonitoringPoints
Glenn Research Center
GRC Open Network (DMZ)
Globalstar
T-Mobile
IPv6 Mobile LAN
IPv4PublicInternet
CNSIPv6Intranet
EurocontrolIPv6Intranet
NASA NRENIPv6Intranet
Z
Z
IPv6 Web Server
IPv6 Web Server
IPv6 Web Server
6-to-4 (DOOR)
6-to-4 (DOOR)
4-to-6 Tunnel
6-to-4 (DOG)
6-to-4
Tunnel
6-t
o-4
Tu
nnel
RemoteControlledWebcam
IPv6 MobileNetworkingDemonstrationNov 2004 to CIO of DOD
IPv6Network
7Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Aeronautics-Based
Network Centric Operations Research
Federal AviationAdministration
Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS)
Communications Sub-ProjectProject Engineer: Jim GrinerDeputy Sub Project Manager for GRC: Bob Kerczewski
Milestones:FY11 Provide Spectrum Inputs to WP5B of WRCFY12 C2 frequency band propagation in a relevant environment completeFY13 Development of C2 system prototype equipment completeFY14 Validation of security mitigations in relevant environment completeFY15 Performance testing of C2 System in relevant environment completeFY16 C2 system performance testing in mixed traffic environment (Flight Test 4) FY16 Large scale simulations of candidate C2 technologies and their impact on air traffic capacity complete
Goal: Partner with industry to develop and test a prototype commercial UAS command and control communication system consistent with RTCA SC-203 defined vision and architectural concepts. Provide data and recommendations regarding future policy and guidance
Security, Security, Security• Security is the key to
everything• But its hard
• ITAR make is very difficult to address internationally
• Need one system for both the National and Global Airspace Systems
Federal AviationAdministration
NASA-FAMS Air-to-Ground Communications Systems Partnership
Key Milestones4/1/08 Deliver AGCS technology Roadmap11/1/08 Complete Flight tests of Inmarsat Satcom system3/1/09 Complete installation of emulated air/ground communication system on FAMS trainer aircraft6/1/09 Complete FAMS Public/Private Partnership Plan 3/1/10 Complete FAMS Communication Device EMI testing at FAA Technical Center3/1/10 Deliver 26 Air-to-Ground Comm System Emulators12/31/11 Complete FAMS Device-to-Device prototype and
perform EMI testing at FAA Tech CenterPartnersDHS Science & Technology, DHS Federal Air Marshal Service (FAMS)
Approach
• Develop AGCS technology Roadmap identifying services, technology maturity, and gaps
• Work with specific commercial systems/vendors to ensure FAMS comm requirements are integrated
• Develop comm prototypes, perform lab evaluations to assess and validate performance
• Develop a public/private partnership plan for implementing the FAMS air/ground communication system
Objectives
Develop a communications capability satisfying the operational needs of the Federal Air Marshal Service involving aircraft platforms
Capability: Fully realized, deployable and useable end-to-end solution
• Aircraft Platforms: Communications within an aircraft and between other air and ground contacts
FAMS Air-to-Ground Communication System Emulator
10Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
ICAO Endorsed Future Communications Study Technology Recommendations(what has become AeroMACS)
Future Communications Study, ICAO Aeronautical Communications Panel, Recommendation #1: Develop a new system based on the IEEE 802.16e standard
operating in the C-band and supporting the airport surface environment.
EuropeCommon Shortlist
United States
Oceanic / Remote
Continental Continental
Custom SatelliteP34/TIA-902
LDL
B-AMC
AMACS
Inmarsat SBB
Custom Satellite
IEEE 802.16e
P34/TIA-902LDL
B-AMC
AMACS
Inmarsat SBB
Custom Satellite
IEEE 802.16e
Oceanic / Remote
Airport Airport
Today’s Focus
Federal AviationAdministration
Aeronautical Mobile Airport Communications System (AeroMACS)
Objectives
• Participate in the development of a Wireless Airport Communications System for use in the National Airspace System
• Support technology profile development and standardization in national and international forums
• Develop, test and validate wireless communications technology utilizing NASA GRC Communications Navigation and Surveillance (CNS) test bed
Approach
• Utilize GRC CNS test bed to validate wireless system performance for fixed and mobility nodes
• Conduct technology interference analysis utilizing propagation tools
• Test system performance with operational applications in GRC CNS test bed
• Utilize collected test data to support technology standardization activities
• RTCA Special Committee (SC-223)• AeroMACS profile development• Minimum Operational Performance Standards
• Action Plan 30 Future Communications Infrastructure• Joint Eurocontrol - FAA/NASA recommendations to
NextGen Program, SESAR, ICAO on WIMAX
Potential Mobile Applications• ATC Communications with any aircraft
anywhere • Airport operations• Investigate network capabilities for AeroMACS
to support AOC applications and Aircraft Access to SWIM (AAtS)
Potential Fixed Applications• Sensor data collection/dissemination for
situational awareness• Network enabled Weather Data
12Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
NASA-Cleveland Test Bed AeroMACS Network Layout
AZ = 55° °
AZ = 200°
AZ = 295° AZ = 45°
AZ = 185°
Cleveland-Hopkins International Airport
NASA GlennResearch Center
SubscriberStations
Base Stations
CoreServer
Federal AviationAdministration
AeroMACS Development – GRC
• First (and still only) in the World AeroMACS Operational Prototype Testbed
• First Networked Wireless Airport Surface Communications System interconnecting ASDE-X (Surface Multilateration) ground stations
• First Networked Wireless Inter-Airport Communications System interconnecting three NE Ohio airports
• First WiMAX-based multi-node network operating in new 5091-5150 MHZ spectrum allocation
• First AeroMACS mobile network demonstrations • First radar site integration demonstration using
AeroMACS (current activity)• AeroMACS-aircraft connectivity demonstration
(planned)• AeroMACS Electronic Flight Bag upload
(planned)• AeroMACS FMS upload demonstration (planned)• AeroMACS-SWIM integration test and
demonstration (planned) • AeroMACS Wx sensor integration (planned)
Federal AviationAdministration
How Do You Select and Implement the Routing Path?
High Speed SatCom Network• Globally Available • Affected by Weather• Higher Bandwidth• High Latency• High Cost
Low Speed SatCom Network• Globally Available• Low Bandwidth• High Latency• Very High Cost• Redundant
High Speed LOS Network• Globally Available • High Bandwidth• Low Latency• Lower Security• Moderate Cost
High Speed Terrestrial• Not Available when Mobile • High Bandwidth• Low latency• Lower Cost
OperationsCommand and
Control
Mobile Network
How do you decide which path the data should take?How do you cause the network(s) to route the data via this path?
Destination Network(for Operations)
Destination Network(for Command & Control)
Internet
Entertainment
Destination Network(for Entertainment)
Low Rate VHF• Reliable• Low Latency
Federal AviationAdministration
Aviation Specific Issues• Safety of Life / Safety of Flight
– Time-Critical command and control for Air Traffic Control • Fast convergence time is essential!
• New radio link technologies are “uncertified” for Air Traffic Control / Air Operations Communications (ATC/AOC)
• Regulatory requirements force network design • Three independent network domains
– (required for regulatory, QoS, & security)– Passenger & In-Flight-Entertainment– Airline Operations– Air Traffic Control
• Service providers may be authorized to carry one, two, or all services.
• ATC will be a “closed network”• Multiple security and authentication architectures
Internet Engineering Task Force (IETF) RFC5522: “Network Mobility Route Optimization
Requirements forOperational Use in Aeronautics and Space Exploration Mobile
Networks”
16Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Network Partitioning by ServiceArchitecture Example
QoS & Security Service Levels for:• Network Control• Voice over IP• High Priority• Special Projects• General Purpose
NSPs/Airlines/Framers/Suppliers/etc
PIES
Security Perimeter
VOIP
AOC
Networks are logically partitioned.
Many logical networks share a common physical infrastructure.
QoS can be managed by both network & flow
ATC
Net-Mgt& Routing
Data Center
Security Mgt
PIES
Source: Terry L Davis, Boeing
Network Infra.
Federal AviationAdministration
SATCOM AERO-HH
VHF Voice/DATA
HF Voice/DATA
GateLink
INMARSAT Swift 64
High-Rate Satellite
WiFi Max
Cellular
Future Links
Mobile Router
Operations LAN (Avionics)
Communication and Display
Passenger Services
Air Traffic Management
LAN
Sensor Controller (Optional Display)
NEM0-1 NEMO-2 NEMO-3
Mobile Network 1
Mobile Network 2
Mobile Network 3
Multiplexing at the Router
SATCOM AERO-1
Policy-baseLink Access
18Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Policy-Based Link Access, Critical Link Active
High speed link
int2
int3
Routing Policy
Routing Policy
int1Low latency link
Reliable linkATC
ATCATC
ATCAOC
AOC
P-DATA
P-DATA
P-DATAHome Agent
Mobile Router
19Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Policy-Based Link Access, Passengers Link Active
High speed link
int2
int3
Routing Policy
Routing Policy
Home Agentint1
Low latency link
Reliable link
ATC
ATC
ATC
AOC
AOCAOC
P-DATA
P-DATA
P-DATA
P-DATA
P-DATAP-DATAMobile Router
20Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Space-Based
Network Centric Operations Research
Federal AviationAdministration
GRC Network & Architectures Branch • 1st to demonstrate and deploy secure mobile networking in
an operational government network, the US Coast Guard – (Used SeaTel / Globalstar 8 muxed phone antenna system)
• 1st and only group to deploy Mobile-IP Mobile networking on a space-based asset, the Cisco router in Low Earth Orbit (CLEO)
• 1st to deploy Internet Protocol security (IPsec) and Internet Protocol version 6 (Ipv6) on a space-base asset.
• 1st to deploy delay/disruption network technology bundling protocol in space.
• 1st and only group to demonstrate space-based large file transfers over multiple ground stations using Delay Tolerant Networking (DTN) bundling. Experiments exercised proactive and reactive bundle fragmentation and International interoperability using standard Internet protocols.
Our Facilities are Global and Beyond!
22Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
VMOC
NOCNOCNOC
6
Stored data transferred to ground
Sensor
1Seismic Sensor alerts VMOC
5
Space Sensor acquires data (e.g. image)
44
4
4
Network Control Center Configures Spacecraft via VMOC
VMOC negotiates for ground station services
VMOC negotiates for ground station services
2 2
VMOC negotiates for Space Assets
3
3
Network Control Center Configures Ground Assets
Network Control Center Configures Ground Assets
Stored data transferred to ground (Large file transfer over multiple ground stations)
7
Secure Autonomous Integrated Controller for Distributed Sensor Webs
Federal AviationAdministration
HomeAgent(GRC)
US Army Space & Missile Defense Battle LabColorado Springs
Segovia NOC
Multi-User Ground Station (MUGS)Colorado Springs, CO
SSTLGuildford England
VMOC-1(GRC)
Open Internet
VMOCDatabase
ExperimentsWorkstationSatellite
Scheduler& Controller
National Institute for Information and Communication Technology (NICT)Koganei, Japan
Universal Space NetworksGround Network Alaska, Hawaii and Australia
UK-DMC/CLEO
Network Configuration
24Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
Cisco MAR3251 on UK-DMC
Internet
native IPv6 between routers
native IPv4
frame relay DLCI 17 – unencrypted ‘clear’ link
frame relay DLCI 18 – encrypted link
8.1Mbps from satellite
9600bps to satellite
SSTL ground station LAN,carrying IPv4 and IPv6 over Ethernet
2621router
PIXfirewall
IPv4 IPsec encryption between routers
IPv4
secured IPv6 in 6-over-4 tunnel over IPv4 IPsec
IPv6 in 6-over-4 tunnel in Mobile IPv4 tunnel to Home Agent
6-over-4 tunnel for non-mobile IP traffic
Secure VPN tunnel
NASAGlenn HomeAgent
IPv6 in 6-over-4 tunnel in Mobile IP as above, if IPsec link is preferred and used instead
Mobile IPv4
IPv4
IPv6
IPv4 IPsec
Mobile IPv4 tunnel Private 192.x addressing Public addressingPrivate 192.x addressing
Cisco Router in Low Earth Orbit(GRC/SSTL/CLEO IPv6/IPv4 Tunnels)
PIXfirewall
25Federal AviationAdministration
Network Centric Operations Research Secure Mobile Networking9 November 2011
International Multi-organizational Network Centric Operations “Proposed” Security Research
• Intrusion Detection• Penetration Testing• Ground Rules
– What Information will be shared regarding security implementations?
– What degree of probing will be allowed?– What information will be shared regarding probing
techniques?– What information will be shared regarding vulnerabilities
found?
• Leave Markers?– How and to whom will this information be reported?