slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction and Objectives PowerPoint Presentation
Download Presentation
Introduction and Objectives

Loading in 2 Seconds...

play fullscreen
1 / 14

Introduction and Objectives - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

What is the IETV? The IETV ( Interoperability Experimentation, Testing and Validation ) is a tool in support of (CIS) systems certification, interoperability enhancement and experimentation for multinational, NATO-led expeditionary operations. Which CIS functions does the IETV cover?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction and Objectives' - lamar


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

What is the IETV?

  • The IETV (Interoperability Experimentation, Testing and Validation) is a tool in support of (CIS) systems certification, interoperability enhancement and experimentation for multinational, NATO-led expeditionary operations.

Which CIS functions does the IETV cover?

The IETV covers CIS interfaces (with the national systems), transmission, bandwidth management, voice/video/VTC services, information exchange, network services, core IS services, functional services, information assurance and management.

  • What makes up the IETV?
  • The IETV Capability is made-up of four essential components:
        • - Processes
        • - Supporting Documentation
        • - A (HW/SW) test bed
        • - Know-how

How will the IETV be used during SFCE 09?

The IETV will be used to validate a nationally-provided (CIS) system (LCC-HQ –NRF-13 (GBR) and LCC-HQ-NRF-14 (DNK) in support of NRF-13/14.

To resolve an outstanding IO issue implementing a deployable secure cross-domain gateway for MIP-DEM data function to allow automated information exchange between a national-secret system (provided by 1GNC) and the NATO secret system (JCOP), in compliance with applicable INFOSEC regulations.

To experiment a future interoperability enhancement, by testing Secure Voice Gateway between national-secret system (provided by 1GNC) and the NATO secret network.

To support the SFCE09 test plan with automation of testing functions, allowing multiple tests to be conducted in few minutes, without operator’s involvement and with automated integration with SFCE09 data base.

Where is the IETV?

The IETV has a deployable footprint, which provides basic on-site (deployed) representative interfaces and gateways.

Then, connects through any (NATO or not) WAN to the static part of the IETV, which groups most NC3A test beds and laboratories.

Introduction and Objectives

  • What can it be used for?
  • The IETV Capability can be used to:
        • - Validate nationally-provided CIS
        • - Support the Commander with the certification of the Unit
        • - Develop new applications and technologies
        • - Experiment and test new CIS concepts and applications
slide2

Deployable Point

of Presence (

dPoP

)

Nationally

-

provided

A generic architecture based on a functional analysis. Comprises all relevant CIS functions in the Deployable CIS for a NATO expeditionary mission.

Allows maximum modularity and re-use of existing test beds and labs at NC3A.

systems to validate,

NETWORK

test and experiment

SERVICES

Interface with

Nations Module (INM)

VOICE/VIDEO

INTERFACES

BANDWIDTH

INFORMATION

MANAGEMENT

EXCHANGE

TRANSMISSION

INFORMATION

ASSURANCE

To static IETV core

infrastructure

at NC3A (The Hague)

CORE SERVICES

EXPERIMENTS

INFORMATION

ASSURANCE

Micro information

Systems Module (

µ

ISM)

The IETV Architecture

The modular design allows deploying only those elements which are essential to provide local, identical interfaces and services. This is called the deployable footprint of the IETV.

The most complex systems stays at the static part of the IETV, in The Hague, along with the on-site expertise and know-how. This optimizes availability of the test bed and reduces the cost of deployment. National facilities can join the IETV as needed.

In 2009, an extended (includes some information systems) deployable footprint of the IETV can be seen at SFCE 09 Exercise

slide3

The CIS Validation process (left) departs from a nationally assessed systems, and uses verification to determine compliance with NATO DCIS requirements.

Results from verification are subject to a verification assessment process (right), which aims to explain which are the interoperability issues, how to mitigate them, and consequences of not doing so.

CIS Validation using the IETV

slide5

What is the IATT?

The IETV Automated Testing Tool (IATT) provides the means to quickly verify a number of interoperability requirements in an automatic manner. This degree of automation allows conducting a large number of tests in a few minutes, and repeat those tests for different security domains and different units.

How can nations use the IATT ?

By using the IATT nations can quickly and inexpensively identify and resolve configuration issues that might impair interoperability at the application level. In particular, the IATT looks at the interconnection of NATO and Nation with special emphasis on firewall/gateway configuration, services configuration, routing capabilities or network/application protocols, to name a few.

How does it work?

Two IATT nodes (master and slave) are connected at the user sides of two networks interconnected through a Service Interoperability Point (SIOP). Each node represents a different user communities.

Automatic processes exercise multiple traffic types and services across the SIOP. Tests are done in accordance with outstanding interoperability criteria (NC3A TN-1174). Results are captured and reported back to the user.

Several CIS can be verified at the same time using only one master IATT node and several slave IATT nodes, one per CIS.

  • Which functionality is provided?
  • The IATT automatically verifies CIS interoperability for the following services:
    • Transmission and communications: connectivity, routing, protocol/port/service filtering, NTP, DNS, FTP, etc.
    • core services, mail, web and secure web

The IETV Automated Testing Tool (IATT)

slide6

The IETV Automated Testing Tool (IATT)-II

  • IATT in SFCE-09
  • The IATT automatically verifies CIS interoperability for the following services:
    • Transmission and communications: connectivity, routing, protocol/port/service filtering, NTP, DNS, etc.
    • core services, mail, web and secure web
    • IATT will integrate the results of the automated test in the exercise data base,
    • IATT will be deploy during all the exercise in LCC-HQ-NRF-13/14 helping to resolve interoperability issues.
slide7

NC3A Experimentation Program of Work

IEG-Light Extension “MIP-DEM”

What is the MIP-DEM IEG-Light Extension

The MIP-DEM IEG-Light Extension proxy functionality for the MIP-DEM protocol for interconnecting C2 application across security domains (NATO Secret <-> National Secret).

  • Which functionality is provided?
  • Controlling the information flow between the security domains
  • Ensuring the integrity of the MIP-DEM protocol

How does it work?

JCOP Layer Manager (LM) implantation is used as service proxy. All MIP-DEM information exchange is terminated and forwarded by the MIP-DEM IEG-Light Extension in both directions.

The contracts between the C2 applications on the different security domains are always created via the MIP-DEM Proxy located in the IEG-Light.

slide8

NC3A Experimentation Program of Work

IEG-Light Extension “IEG-Light Voice Module”

What is the IVM?

The IEG-Light Voice Module (IVM) provides a secured voice gateway functionality between voice services of different security domains.

  • Which functionality is provided?
  • Access Control for security domain access
    • LDAP / PIN / Calling Party number
  • Limits the information exchange between security domains to voice/fax/modem services
  • Codec and Protocol Conversion
  • Content Scanning, control if voice, fax or modem signals are transported in the channels

IEG-Light

Voice-

Gateway

ISDN

E1

IP

SIP/IAX2

H.323

IP

SIP/IAX2

H.323

How does it work?

The IVM prototype is realized with single board computers (SBC), running the EAL4+ evaluated Linux operating system and the Asterisk soft switch software.

All VoIP traffic from one security domain is terminated at the IVM. All incoming calls are converted to ISDN (G.711) and forwarded over an ISDN E1 trunk. The outgoing traffic is transcoded to any required codec (G.726, G.729, G.711 etc.). Supported protocols for interconnecting to the IVM are SIP, AIX2 (IP trunking) and H.323.

Actual IVM developments will allow to recognise the contents and type of the traffic (Voice, FAX, Modem) as well as detect hidden channels. Traffic is going to be controlled due to it’s contents.

Access

Control

Codec

Conversion

Security Domain A

e.g.

NATO

Secret

Security Domain B

e.g. NATIONAL Secret

Content

Scanning

Protocol

Conversion

slide9

NC3A Experimentation Program of Work

Secure Voice Gateway

What is the SVG?

The Secure Voice Gateway (SVG) is a tool designed to provide end-to-end secure voice services between networks using different voice and/or encryption technology (ISDN, POTS, VoIP, etc.).

  • Which functionality is provided?
  • Secure voice services between participants using different media and voice encryption devices.
  • Local and remote.
  • Multiple parallel voice services.
  • Open design for easy integration of additional crypto devices.

How does it work?

The SVG prototype is built from two (a secure and a non-secure) PABX, which are connected via appropriate crypto devices. Currently, the two PABXs are realized with single board computers (SBC), running the EAL4+ evaluated Linux operating system and the Asterisk soft switch software.

Traffic from User A is encrypted (using User A specific cryptos) and tunneled through the NATO network towards the SVG. In the SVG the traffic is decrypted, encrypted (using the User B1 specific cryptos), switched and forwarded to User B1. Alternatively users on the red IP network (User B2) can reach users on the PSTN network (User A and B2) and vice versa.

The SVG currently supports the following interfaces: ISDN PRI, ISDN BRI, analogue and Ethernet.

slide10

NC3A Experimentation Program of Work

NC3A – 1GNC Voice Experiment

What is the NC3A – 1GNC Voice Experiment about?

Interconnection of Secure Voice Services between 1GNC National Secret (IP based) and NATO Secret (ISDN based).

The security domains are separated by the IEG-Light with a IEG-Light Voice Module (IVM). The transition between Secure ISDN and Voice over Secure IP is done by the Secure Voice Gateway (SVG) developed by NC3A.

slide11

How does it work?

The IEG-Light component filters all traffic from the nation in its router. The firewall directs all granted traffic to the proxy servers in the IEG-Light DMZ. All unwanted traffic is dropped. The proxies can be accessed from the NATO side. All Traffic is audited by the IDS. Therefore, no direct communication between the NS network and the national network is possible. Traffic is audited by the IDS.

The IVM prototype is realized with single board computers (SBC), running the EAL4+ evaluated Linux operating system and the Asterisk soft switch software.

Which functionality is provided?

The IEG-Light packet switched (PS) component is a secure interface between the NATO secret (NS) network and the national secret network. Services supported by the IEG-Light PS component are the core information services mail, web publishing and GAL synchronization.

For SFCE 09 new functionality provided inside the IEG-Light is FS support by the MIP-DEM extension and secure VoIP support by the IEG-Light Voice Module (IVM)

The IEG-Light (I)

What is the IEG-Light?

The Information Exchange Gateway (IEG) “Light” is a small, highly deployable and affordable module that provides secure gateway services between deployed NATO and a deployed national CIS of a NATO member nation.

IEG-Light Main Module

IEG-Light Specialized

Module

slide12

The IEG-Light (II)

VOICE SERVICES

Access Control

Protocol Conversion

Codec Conversion

Content Scanning

Concept of Operation of the IEG-Light

IEG-Light Functional Architecture

IEG-Light Hardware Architecture

IEG-Light Software Architecture

IEG-Light (Remote) Management Interface

IEG-Light Main (bottom) and Specialized

(top) Modules

slide14

Objectives of the 2009 SFCE IETV campaign

  • Primary objectives:
      • Test and validate nationally provided CIS (LCC-HQ-NRF-13-GBR)
      • Test and validate nationally provided CIS (LCC-HQ-NRF-14-DNK)
      • Test interoperability between NATO C2/FS and National C2/FS
      • Test cross-domain data and voice exchange mechanism
      • Identification (resolution) of interoperability issues
  • Other objectives:
      • Experiment the IETV Automated Testing Tool (IATT)
      • Experiment NATO gateways for national MIP-DEM traffic
      • Support national experiment with IETV (NRDC-SP-JCOP-XML)
      • Demonstrate NATO gateways for FS traffic
      • Demonstrate “zero-configuration” model for national CIS provision