Will Ivancic

NASA Glenn Research Center

william.d.ivancic@nasa.gov

http://roland.grc.nasa.gov/~ivancic/papers_presentations/papers.html

Secure, Autonomous, Intelligent Controller for Integrating Distributed

Sensor Webs

Objectives

• Develop architectures and protocols to enable time- critical interaction between space and ground systems;

• Secure, interoperation between sensor webs owned and controlled by various entities;

• Development of the network mobility technology including ad hoc network technology and reachback mechanisms to allow for rapid deployment of, and communication with remote mobile sensor webs.

Approach

• Establish ground station infrastructure• Develop & demonstrate protocols for Large

File Transfer over Multiple Terminals • Develop Secure Integrated Sensor Web With

Virtual Mission Operations Center (VMOC) Mission Rule Set

• Develop, Integrate & Testing Advanced Nemo Mobile Sensor Web Sensor

Benefits of Integrating Sensors

• The ability to access sensor webs – in particular, space-based sensors – in a time-critical manner will enable new observation measurements and information products.

• The ability to integrate sensor webs owned and controlled by various parties will reduce the risk, cost, size, and development time for Earth science space-based and ground-based information systems.

• The ability to combine data from various sensor webs will result in new discoveries.

Collaborators and Partners

• Universal Space Networks (USN)• General Dynamics, • Surrey Satellite Technology Limited (SSTL)• Cisco Systems• United States Geological Survey (USGS)• Air Force Space Battlelab• Army Space & Missile Defense Battle Lab• University of Oklahoma• National Institute of Information and

Communication Technology, Japan (NICT)– Japan Manned Space Systems, Inc. (JAMSS)– Hiroshima Institute of Technology (HIT)

Scenarios / Triggers

• Seismic Monitoring / Buoys– Tsunami– Earth Quakes

• USGS Water Gauges– Flooding

• Weather Prediction• UAV/Satellite Integration

– NASA Dryden UAV with Synthetic Aperture Radar

Examples of Sensor Webs

European-Mediterranean Seismological Centre United States Steam Flow Gages

Sensor Buoys

b•Automotive HVAC Controls

•Humidistat and motor speed controls

•Time Controls

•Thermostats

•Heat alarms

•Time Controls

HomeAgent(GRC)

US Army Space & Missile Defense

Battle LabColorado Springs

Segovia NOC

Multi-User Ground Station (MUGS)

Colorado Springs, COSSTL

Guildford England

VMOC-1(GRC)

Open Internet

VMOCDatabase

ExperimentsWorkstationSatellite

Scheduler& Controller

Hiroshima Institute of Technology

Hiroshima, Japan

Universal Space NetworksGround Network

Alaska, Hawaii and Australia

UK-DMC/CLEO

Network Configuration

HomeAgent(GRC)

Battlefield Operations

(Vandenberg AFB)

Segovia NOC

2nd Ground Station

VMOC-2(GRC)

SSTL

VMOC-1

Open Internet

VMOCDatabase

ExperimentsWorkstationSatellite

Scheduler& Controller

Rate MismatchProblem

Desire is to buffer locally

while in sight of the satellite

then redistribute to the VMOC

<<- Time <<-

Large File TransferOver Multiple Ground Stations

- The Problem -

Home Agent

VMOC

Open Internet

VMOCDatabase

SatelliteScheduler

& Controller

Ground Station 3

Ground Station 2Ground

Station 1

->> Time ->>

Large File TransferOver Multiple Ground Stations- DTN is a Potential Solution -

DTN Bundle AgentIntermediary

DTN Bundle AgentIntermediary

DTN Bundle AgentIntermediary

DTN Bundle AgentSink

Home Agent

VMOC

Open Internet

VMOCDatabase

SatelliteScheduler

& Controller

Ground Station 3

Ground Station 2Ground

Station 1

->> Time ->>

DTN Bundle AgentSource

DTN Bundle Agent

Sink

Combining Mobile-IP and DTN for File Upload

Virtual Mission Operations Center (VMOC)

• Enable system operators and data users to be remote

• Verify individual users and their authorizations• Establish a secure user session with the platform• Perform user and command prioritization and

contention control• Apply mission rules and perform command

appropriateness tests• Relay data directly to the remote user without

human intervention• Provide a knowledge data base and be designed to

allow interaction with other, similar systems• Provide an encrypted gateway for

“unsophisticated” user access (remote users of science data)Note, Users can be machines!

Virtual Mission Operations Center

Delay/Disruption Tolerant Network (DTN) protocol

• A standardized store and forward protocol and routing protocol

• Designed for extreme environments– Large transmission link delays – Extended periods of network partitioning– Routing capable of operating efficiently in the

following environments• Frequently-disconnected• Pre-scheduled• Opportunistic link availability• High per-link error rates making end-to-end reliability

difficult• Heterogeneous underlying network technologies

(including non-IP-based internets)

• The architecture operates as an overlay network– Institutes a new naming architecture based on

Uniform Resource Identifier (URI)

Large file transfer from DMC orbiter to multiple ground stations

• Collaboration with Surrey Space Technology Ltd. (SSTL).• Developed new, small DTN implementation in RTEMS, the real-

time operating system of the orbiter’s solid state data recorder (SSDR).

• SSTL's code and RTEMS development environment working.– Tested our build of SSTL's code on the PowerPC SSDR.– Using SSTL’s file transfer protocol, “Saratoga,” as a DTN

convergence sublayer: convergence layer adapter wraps images into DTN bundles and writes them to files for transfer via Saratoga.

• Implemented a DTN bundle checksum extension header that holds MD5 sums (or other checksums) to validate the payload. – Does not involve implementing the DTN security spec. This

spec is impractical because it requires RSA as a mandatory algorithm for signatures, and no simple checksum component is specified.

• Looking at extending Saratoga address space to allow for IPv6 Implementation

• Possibility of standardizing SSTL’s Saratoga within the IETF.

UK-DMC Implementation

Only Bundling and Forwarding

Implemented

Full DTN Protocol Implemented

DTN Bundle Agent Discovery

• Goal– Develop for two environments: opportunistic (low

delay), scheduled (very long delays)

• Approach FY07– Contractor and NASA CS jointly working problem– Possibility of using OpNet or other simulation tools to

determine scheduling– Investigate Discovery Techniques– Determine what information is useful to transfer

• Bandwidth• Modulation and coding• Contact Time• Ephemeris data• Storage capacity

Bundle Agent discovery hasmany similarities to

Sensor Web discovery

Open Internet

Interoperability – It is all about security and policy!

US Army Space & Missile Defense (US Govt - .mil)

Surrey Satellite Technology Limited

(UK Industry)

Virtual Mission Operations Center

(US Govt. - .gov)

Mobile-IP NEMOHome Agent

(US Govt. - .gov)

Hiroshima Institute of Technology

(Japan Academia - .edu)

Universal Space Network - Alaska

(US Industry - .com)

Universal Space Network - Hawaii

(US Industry - .com)

Universal Space Network - Australia (US Industry - .com)

International Multi-organizational Network Centric Operations “Proposed” Security Research

• Intrusion Detection• Penetration Testing• Ground Rules

– What Information will be shared regarding security implementations?

– What degree of probing will be allowed?

– What information will be shared regarding probing techniques?

– What information will be shared regarding vulnerabilities found?

• Leave Markers?

– How and to whom will this information be reported?

International Interoperability

• NASA claims of International Interoperability– For the most part it is at the data-link layer and modulation and coding

(CCSDS)– Federal Express layer. – The space-link extension (SLE)

• Not required for IP-based systems (at least the data-link extension portion of the SLE protocol)

• Wraps data-link in IP; therefore all security issues associated with tying IP networks together must be addressed

• Mission Planning and Scheduling service must be implemented. – A “framework” for such exists as part of the mission services portion of SLE

• Full interoperability means– Forward and return data is actually transmitted though systems owned

and operated by various entities. (Note, this has an enormous security aspect to it.)

• Ground stations• Network-layer space relays (satellite, rovers, or whatever infrastructure may be

utilized as part of the communication network).

– Requires autonomous routing mechanisms– Store and forward such as Delay/Disruption Tolerant Networking (DTN)

• Requires securing data at rest

IPv6 Technology for Mobile Sensor Webs

• Auto configuration of addresses• Scoped Addressing (link, unique local and global)• Large address space

– Enables Globally unique addressing – Enables cryptographic addressing– Enables location management

• Route Optimization for mobile-IP• Extensible header in IPv6 header format rather than

“options”• Enhanced multicast capability

– Scoped multicast – Routing protocols run on link-local multicast

• Increased use of anycast addressing

Research Areas for IPv6-Based Mobile Sensor Webs

• Autonomous identification of services such as domain name servers, network time servers, location managers and security servers;

• Identification of reachback paths to the big Internet;

• Route optimization of mobile networks;• Security mechanism for mobile and ad hoc

networks (other than radio link encryption); and,

• Scalability of mobile sensor networks.

Self-Forming Communication

Path

Reach back to Internet

Communication Path

Mining / Cave/Canyon Exploration

VMOC

NOCNOCNOC

6

Stored data transferred to ground

Sensor

1Seismic Sensor alerts VMOC

5

Space Sensor acquires data (e.g. image)

44

4

4

Network Control Center Configures Spacecraft

via VMOCVMOC negotiates for ground station

services

VMOC negotiates for ground station

services

2 2

VMOC negotiates for Space Assets

3

3

Network Control Center Configures

Ground Assets

Network Control Center Configures

Ground Assets

Stored data transferred to ground (Large file transfer over multiple

ground stations)

7

System Operation – True Interoperability

Conclusions

• Development of the secure sensor web network is will underway.

• Securely integrating senor webs is a system-of-systems, network centric operations problem.

• The ability to integrate infrastructure and sensor webs owned and controlled by various parties provides the following benefits:– Reduce the risk, cost, size, and development time for Earth

science space-based and ground-based information systems.

– Increased science through collaborative sensor webs– New discoveries by combine data from various sensor

webs (data mining)• The network required to perform secure, autonomous,

intelligent control of integrating distributed sensor webs provides and excellent opportunity to perform international multi-organizational network centric operations “proposed” security research.