Will Ivancic

1

Secure, Autonomous, Intelligent Controller for
Integrating Distributed Sensor Webs

• Will Ivancic
• NASA Glenn Research Center
• william.d.ivancic_at_nasa.gov
• http//roland.grc.nasa.gov/ivancic/papers_present
  ations/papers.html

2
Objectives

• Develop architectures and protocols to enable
  time- critical interaction between space and
  ground systems
• Secure, interoperation between sensor webs owned
  and controlled by various entities
• Development of the network mobility technology
  including ad hoc network technology and reachback
  mechanisms to allow for rapid deployment of, and
  communication with remote mobile sensor webs.

3
Approach

• Establish ground station infrastructure
• Develop demonstrate protocols for Large File
  Transfer over Multiple Terminals
• Develop Secure Integrated Sensor Web With Virtual
  Mission Operations Center (VMOC) Mission Rule Set
  
• Develop, Integrate Testing Advanced Nemo
  Mobile Sensor Web Sensor

4
Benefits of Integrating Sensors

• The ability to access sensor webs in
  particular, space-based sensors in a
  time-critical manner will enable new observation
  measurements and information products.
• The ability to integrate sensor webs owned and
  controlled by various parties will reduce the
  risk, cost, size, and development time for Earth
  science space-based and ground-based information
  systems.
• The ability to combine data from various sensor
  webs will result in new discoveries.

5
Collaborators and Partners

• Universal Space Networks (USN)
• General Dynamics,
• Surrey Satellite Technology Limited (SSTL)
• Cisco Systems
• United States Geological Survey (USGS)
• Air Force Space Battlelab
• Army Space Missile Defense Battle Lab
• University of Oklahoma
• National Institute of Information and
  Communication Technology, Japan (NICT)
• Japan Manned Space Systems, Inc. (JAMSS)
• Hiroshima Institute of Technology (HIT)

6
Scenarios / Triggers

• Seismic Monitoring / Buoys
• Tsunami
• Earth Quakes
• USGS Water Gauges
• Flooding
• Weather Prediction
• UAV/Satellite Integration
• NASA Dryden UAV with Synthetic Aperture Radar

7
Examples of Sensor Webs
European-Mediterranean Seismological Centre
United States Steam Flow Gages
Sensor Buoys
8
Network Configuration
UK-DMC/CLEO
US Army Space Missile Defense Battle
Lab Colorado Springs
Experiments Workstation
Satellite Scheduler Controller
Hiroshima Institute of Technology Hiroshima, Japan
Multi-User Ground Station (MUGS) Colorado
Springs, CO
SSTL Guildford England
Segovia NOC
Open Internet
VMOC-1 (GRC)
Universal Space Networks Ground Network Alaska,
Hawaii and Australia
Home Agent (GRC)
VMOC
Database
9
ltlt- Time ltlt-
Large File Transfer Over Multiple Ground
Stations - The Problem -
Experiments Workstation
Satellite Scheduler Controller
Battlefield Operations (Vandenberg AFB)
2nd Ground Station
Segovia NOC
Desire is to buffer locally while in sight of the
satellite then redistribute to the VMOC
SSTL
Open Internet
Rate Mismatch Problem
VMOC-1
Home Agent (GRC)
VMOC-2 (GRC)
VMOC
Database
10
-gtgt Time -gtgt
Large File Transfer Over Multiple Ground
Stations - DTN is a Potential Solution -
Ground Station 2
Ground Station 1
Ground Station 3
Open Internet
VMOC
Satellite Scheduler Controller
Database
VMOC
Home Agent
11
Combining Mobile-IP and DTN for File Upload
-gtgt Time -gtgt
Ground Station 2
Ground Station 1
Ground Station 3
Open Internet
VMOC
Satellite Scheduler Controller
DTN Bundle Agent Source
Database
VMOC
Home Agent
12
Virtual Mission Operations Center (VMOC)

• Enable system operators and data users to be
  remote
• Verify individual users and their authorizations
• Establish a secure user session with the platform
• Perform user and command prioritization and
  contention control
• Apply mission rules and perform command
  appropriateness tests
• Relay data directly to the remote user without
  human intervention
• Provide a knowledge data base and be designed to
  allow interaction with other, similar systems
• Provide an encrypted gateway for
  unsophisticated user access (remote users of
  science data)

Note, Users can be machines!
13
Virtual Mission Operations Center
14
Delay/Disruption Tolerant Network (DTN) protocol

• A standardized store and forward protocol and
  routing protocol
• Designed for extreme environments
• Large transmission link delays
• Extended periods of network partitioning
• Routing capable of operating efficiently in the
  following environments
• Frequently-disconnected
• Pre-scheduled
• Opportunistic link availability
• High per-link error rates making end-to-end
  reliability difficult
• Heterogeneous underlying network technologies
  (including non-IP-based internets)
• The architecture operates as an overlay network
• Institutes a new naming architecture based on
  Uniform Resource Identifier (URI)

15
Large file transfer from DMC orbiter to multiple
ground stations

• Collaboration with Surrey Space Technology Ltd.
  (SSTL).
• Developed new, small DTN implementation in RTEMS,
  the real-time operating system of the orbiters
  solid state data recorder (SSDR).
• SSTL's code and RTEMS development environment
  working.
• Tested our build of SSTL's code on the PowerPC
  SSDR.
• Using SSTLs file transfer protocol, Saratoga,
  as a DTN convergence sublayer convergence layer
  adapter wraps images into DTN bundles and writes
  them to files for transfer via Saratoga.
• Implemented a DTN bundle checksum extension
  header that holds MD5 sums (or other checksums)
  to validate the payload.
• Does not involve implementing the DTN security
  spec. This spec is impractical because it
  requires RSA as a mandatory algorithm for
  signatures, and no simple checksum component is
  specified.
• Looking at extending Saratoga address space to
  allow for IPv6 Implementation
• Possibility of standardizing SSTLs Saratoga
  within the IETF.

16
UK-DMC Implementation
Only Bundling and Forwarding Implemented
Full DTN Protocol Implemented
17
DTN Bundle Agent Discovery

• Goal
• Develop for two environments opportunistic (low
  delay), scheduled (very long delays)
• Approach FY07
• Contractor and NASA CS jointly working problem
• Possibility of using OpNet or other simulation
  tools to determine scheduling
• Investigate Discovery Techniques
• Determine what information is useful to transfer
• Bandwidth
• Modulation and coding
• Contact Time
• Ephemeris data
• Storage capacity

Bundle Agent discovery has many similarities to
Sensor Web discovery
18
Interoperability It is all about security and
policy!
Hiroshima Institute of Technology (Japan
Academia - .edu)
US Army Space Missile Defense (US Govt - .mil)
Surrey Satellite Technology Limited (UK Industry)
Universal Space Network - Alaska (US Industry -
.com)
Virtual Mission Operations Center (US Govt. -
.gov)
Universal Space Network - Hawaii (US Industry -
.com)
Mobile-IP NEMO Home Agent (US Govt. - .gov)
Universal Space Network - Australia (US Industry
- .com)
19
International Multi-organizational Network
Centric Operations Proposed Security Research

• Intrusion Detection
• Penetration Testing
• Ground Rules
• What Information will be shared regarding
  security implementations?
• What degree of probing will be allowed?
• What information will be shared regarding probing
  techniques?
• What information will be shared regarding
  vulnerabilities found?
• Leave Markers?
• How and to whom will this information be
  reported?

20
International Interoperability

• NASA claims of International Interoperability
• For the most part it is at the data-link layer
  and modulation and coding (CCSDS)
• Federal Express layer.
• The space-link extension (SLE)
• Not required for IP-based systems (at least the
  data-link extension portion of the SLE protocol)
• Wraps data-link in IP therefore all security
  issues associated with tying IP networks together
  must be addressed
• Mission Planning and Scheduling service must be
  implemented.
• A framework for such exists as part of the
  mission services portion of SLE
• Full interoperability means
• Forward and return data is actually transmitted
  though systems owned and operated by various
  entities. (Note, this has an enormous security
  aspect to it.)
• Ground stations
• Network-layer space relays (satellite, rovers, or
  whatever infrastructure may be utilized as part
  of the communication network).
• Requires autonomous routing mechanisms
• Store and forward such as Delay/Disruption
  Tolerant Networking (DTN)
• Requires securing data at rest

21
IPv6 Technology for Mobile Sensor Webs

• Auto configuration of addresses
• Scoped Addressing (link, unique local and global)
• Large address space
• Enables Globally unique addressing
• Enables cryptographic addressing
• Enables location management
• Route Optimization for mobile-IP
• Extensible header in IPv6 header format rather
  than options
• Enhanced multicast capability
• Scoped multicast
• Routing protocols run on link-local multicast
• Increased use of anycast addressing

22
Research Areas for IPv6-Based Mobile Sensor Webs

• Autonomous identification of services such as
  domain name servers, network time servers,
  location managers and security servers
• Identification of reachback paths to the big
  Internet
• Route optimization of mobile networks
• Security mechanism for mobile and ad hoc networks
  (other than radio link encryption) and,
• Scalability of mobile sensor networks.

23
Self-Forming Communication Path
Mining / Cave/Canyon Exploration
Reach back to Internet Communication Path
24
System Operation True Interoperability
VMOC
NOC
NOC
NOC
25
Conclusions

• Development of the secure sensor web network is
  will underway.
• Securely integrating senor webs is a
  system-of-systems, network centric operations
  problem.
• The ability to integrate infrastructure and
  sensor webs owned and controlled by various
  parties provides the following benefits
• Reduce the risk, cost, size, and development time
  for Earth science space-based and ground-based
  information systems.
• Increased science through collaborative sensor
  webs
• New discoveries by combine data from various
  sensor webs (data mining)
• The network required to perform secure,
  autonomous, intelligent control of integrating
  distributed sensor webs provides and excellent
  opportunity to perform international
  multi-organizational network centric operations
  proposed security research.