ietv : interoperability experimentation, testing
Download
Report
Transcript ietv : interoperability experimentation, testing
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
Introduction and Objectives
What is the IETV?
The IETV (Interoperability Experimentation, Testing and Validation) is a tool in support of (CIS) systems certification,
interoperability enhancement and experimentation for multinational, NATO-led expeditionary operations.
What makes up the IETV?
Where is the IETV?
The IETV Capability is made-up of four essential components:
- Processes
- Supporting Documentation
- A (HW/SW) test bed
- Know-how
The IETV has a deployable footprint, which provides basic on-site
(deployed) representative interfaces and gateways.
What can it be used for?
How will the IETV be used during SFCE 09?
The IETV Capability can be used to:
- Validate nationally-provided CIS
- Support the Commander with the certification of the Unit
- Develop new applications and technologies
- Experiment and test new CIS concepts and applications
The IETV will be used to validate a nationally-provided (CIS) system (LCCHQ –NRF-13 (GBR) and LCC-HQ-NRF-14 (DNK) in support of NRF-13/14.
Which CIS functions does the IETV cover?
The IETV covers CIS interfaces (with the national systems),
transmission, bandwidth management, voice/video/VTC
services, information exchange, network services, core IS
services, functional services, information assurance and
management.
©
Then, connects through any (NATO or not) WAN to the static part of the
IETV, which groups most NC3A test beds and laboratories.
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
To resolve an outstanding IO issue implementing a deployable secure
cross-domain gateway for MIP-DEM data function to allow automated
information exchange between a national-secret system (provided by 1GNC)
and the NATO secret system (JCOP), in compliance with applicable
INFOSEC regulations.
To experiment a future interoperability enhancement, by testing Secure
Voice Gateway between national-secret system (provided by 1GNC) and the
NATO secret network.
To support the SFCE09 test plan with automation of testing functions,
allowing multiple tests to be conducted in few minutes, without operator’s
involvement and with automated integration with SFCE09 data base.
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
The IETV Architecture
Deployable Point
of Presence ( dPoP)
NETWORK
SERVICES
VOICE/VIDEO
BANDWIDTH
MANAGEMENT
Nationally -provided
systems to validate,
test and experiment
INTERFACES
A generic architecture based on a functional analysis. Comprises all
relevant CIS functions in the Deployable CIS for a NATO expeditionary
mission.
Allows maximum modularity and re-use of existing test beds and labs
at NC3A.
Interface with
Nations Module (INM)
INFORMATION
EXCHANGE
TRANSMISSION
INFORMATION
ASSURANCE
Functional Services
Reference Systems
NATO
C2 Applications
National C2
Applications
Information Exchange Mechanisms (Examples)
Import/Export Import/Export
E-mail
File
Serial Feed
Replication
Socket
Database
Information
Assurance
Services
Deployed NATO CIS
Deployed NATO-Nation CIS
Deployed Coalition-Nation CIS
Local Authorities
NGO’s
CORE SERVICES
EXPERIMENTS
INFORMATION
ASSURANCE
Interfaces
User terminal Equipment
To static IETV core
infrastructure
at NC3A (The Hague)
Circuit-Switched (CS)
Core Services
Data Exchange and Interoperability
File Sharing
Collaboration
Foundation
Services
Identity
Mgmt
Packet-Switched (PS)
Time-Division Multiplexing (TDM)
Authentication
Information Exchange Services
E-mail
Directory
Military Messaging
Micro information
Systems Module ( µISM)
Web
Specialized
Data
Services
Virus
Protection
NATO
Gateway and Guard
The modular design allows deploying only those elements which are
essential to provide local, identical interfaces and services. This is
called the deployable footprint of the IETV.
Voice/Fax/Telex/Video/VTC
Network Services
IP LAN (NS)
IP LAN (MS)
Switch
NATO
Gateway and Guard
Conference
Unit
Intrusion
Detection
Bandwidth
Management
Function
(BMF)
IP LAN (NU)
TRANSMISSION
©
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
The most complex systems stays at the static part of the IETV, in The
Hague, along with the on-site expertise and know-how. This
optimizes availability of the test bed and reduces the cost of
deployment. National facilities can join the IETV as needed.
In 2009, an extended (includes some information systems) deployable
footprint of the IETV can be seen at SFCE 09 Exercise
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
CIS Validation using the IETV
Results from verification are subject to a verification
assessment process (right), which aims to explain which
are the interoperability issues, how to mitigate them, and
consequences of not doing so.
“ANALYSIS”
REQUIREMENTS
UNIT’s
DESIGN
“INSPECTION”
REQUIREMENTS
“TEST”
REQUIREMENTS
(1)
(1)
Available know-how
Available venue/test
assets
(1)
“SIMPLE” TEST
CASES
<
>
SUFFICIENT
INFO?
Y
<
>
“Non-Covered”
requirements
“Covered”
requirements
N
(2)
SPECIFIC TEST
CASES
TESTING
Y
SUCCESS ?
N
Y
SUCCESS ?
VERIFICATION
The CIS Validation process (left) departs from a nationally
assessed systems, and uses verification to determine
compliance with NATO DCIS requirements.
TECHNICAL
CRITERIA
N
Unit-Level Assessment
<
>
DESCRIPTION OF
UNIT’S CIS
Partially
Compliant (PC)
requirements
Compliant (C)
requirements
N
CHANGES
(1)
(2)
Not
Applicable (NA)
requirements
Partially-Verified
and Not-Verified
requirements
NATO TECHNICAL
CIS CRITERIA
Non
Compliant (NC)
requirements
OK?
Architectures,
know-how,
best practices
PREPARE SPECIFIC TEST PLAN
END
VERIFICATION ASSESSMENT
ANALYSIS
Verification
Y
RISK
ASSESSMENT
VERIFICATION
ASSESSMENT
PREPARE SUPPORTING DOCUMENTS
(HANDBOOKS, TEMPLATES, etc.)
N
ACTION ?
MITIGATION
ANALYSIS
Y
TESTING
IETV TEST BED
N
CRITICAL ?
MITIGATION
PROCEDURE
CRITERIA
Y
CHANGES &
MITIGATIONS
N
TEST
SUCCESS
?
N
CRITICAL ?
CHANGE REQUEST
Y
Y
VERIFICATION ASSESSMENT
Re-do Validation
Assessment
results
REMARKS
Validated CIS
©
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
VALIDATION
OF RESULTS
(Based on Assessment
of verification results)
Remarks
Mitigation
Required
changes
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
The IETV in SFCE 09 (II: detailed view)
©
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
The IETV Automated Testing Tool (IATT)
What is the IATT?
The IETV Automated Testing Tool (IATT) provides the means to quickly verify a number of interoperability
requirements in an automatic manner. This degree of automation allows conducting a large number of tests in a few
minutes, and repeat those tests for different security domains and different units.
Which functionality is provided?
The IATT automatically verifies CIS interoperability
for the following services:
• Transmission and communications:
connectivity, routing, protocol/port/service
filtering, NTP, DNS, FTP, etc.
• core services, mail, web and secure web
How does it work?
Two IATT nodes (master and slave) are connected at
the user sides of two networks interconnected
through a Service Interoperability Point (SIOP). Each
node represents a different user communities.
Automatic processes exercise multiple traffic types
and services across the SIOP. Tests are done in
accordance with outstanding interoperability criteria
(NC3A TN-1174). Results are captured and reported
back to the user.
Several CIS can be verified at the same time using
only one master IATT node and several slave IATT
nodes, one per CIS.
©
How can nations use the IATT ?
By using the IATT nations can quickly and inexpensively identify and resolve
configuration issues that might impair interoperability at the application level. In
particular, the IATT looks at the interconnection of NATO and Nation with special
emphasis on firewall/gateway configuration, services configuration, routing capabilities
or network/application protocols, to name a few.
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
The IETV Automated Testing Tool (IATT)-II
IATT in SFCE-09
The IATT automatically verifies CIS
interoperability for the following
services:
• Transmission and
communications: connectivity,
routing, protocol/port/service
filtering, NTP, DNS, etc.
• core services, mail, web and
secure web
IATT will integrate the results of the
automated test in the exercise data
base,
IATT will be deploy during all the
exercise in LCC-HQ-NRF-13/14
helping to resolve interoperability
issues.
©
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
For additional information contact : [email protected]
IETV
: INTEROPERABILITY EXPERIMENTATION,
NC3A Experimentation Program of Work
TESTING AND VALIDATION CAPABILITY
IEG-Light Extension “MIP-DEM”
What is the MIP-DEM IEG-Light Extension
The MIP-DEM IEG-Light Extension proxy functionality for the MIPDEM protocol for interconnecting C2 application across security
domains (NATO Secret <-> National Secret).
Which functionality is provided?
• Controlling the information flow between the security domains
• Ensuring the integrity of the MIP-DEM protocol
How does it work?
JCOP Layer Manager (LM) implantation is used as service proxy.
All MIP-DEM information exchange is terminated and forwarded by
the MIP-DEM IEG-Light Extension in both directions.
The contracts between the C2 applications on the different security
domains are always created via the MIP-DEM Proxy located in the
IEG-Light.
©
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
For additional information contact : [email protected]
IETV
: INTEROPERABILITY EXPERIMENTATION,
NC3A Experimentation Program of Work
TESTING AND VALIDATION CAPABILITY
IEG-Light Extension “IEG-Light Voice Module”
What is the IVM?
The IEG-Light Voice Module (IVM) provides a secured voice gateway functionality between voice services of different security
domains.
Which functionality is provided?
IEG-Light
• Access Control for security domain access
– LDAP / PIN / Calling Party number
• Limits the information exchange between security domains
to voice/fax/modem services
• Codec and Protocol Conversion
• Content Scanning, control if voice, fax or modem signals are
transported in the channels
VoiceGateway
How does it work?
The IVM prototype is realized with single board computers
(SBC), running the EAL4+ evaluated Linux operating system
and the Asterisk soft switch software.
All VoIP traffic from one security domain is terminated at the
IVM. All incoming calls are converted to ISDN (G.711) and
forwarded over an ISDN E1 trunk. The outgoing traffic is
transcoded to any required codec (G.726, G.729, G.711 etc.).
Supported protocols for interconnecting to the IVM are SIP,
AIX2 (IP trunking) and H.323.
Actual IVM developments will allow to recognise the contents
and type of the traffic (Voice, FAX, Modem) as well as detect
hidden channels. Traffic is going to be controlled due to it’s
contents.
©
ISDN
E1
IP
SIP/IAX2
H.323
Security
Domain A
e.g.
NATO
Secret
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
IP
SIP/IAX2
H.323
Codec
Conversion
Access
Control
Content
Scanning
Protocol
Conversion
Security
Domain B
e.g.
NATIONAL
Secret
For additional information contact : [email protected]
IETV
: INTEROPERABILITY EXPERIMENTATION,
NC3A Experimentation Program of Work
TESTING AND VALIDATION CAPABILITY
Secure Voice Gateway
What is the SVG?
The Secure Voice Gateway (SVG) is a tool designed to provide end-to-end secure voice services
between networks using different voice and/or encryption technology (ISDN, POTS, VoIP, etc.).
Which functionality is provided?
• Secure voice services between participants using
different media and voice encryption devices.
• Local and remote.
• Multiple parallel voice services.
• Open design for easy integration of additional crypto
devices.
SVG
Red-SVG
Packet
Switch
Switched
DB
User B2
Crypto
A
How does it work?
The SVG prototype is built from two (a secure and a nonsecure) PABX, which are connected via appropriate crypto
devices. Currently, the two PABXs are realized with single
board computers (SBC), running the EAL4+ evaluated Linux
operating system and the Asterisk soft switch software.
Traffic from User A is encrypted (using User A specific
cryptos) and tunneled through the NATO network towards the
SVG. In the SVG the traffic is decrypted, encrypted (using the
User B1 specific cryptos), switched and forwarded to User
B1. Alternatively users on the red IP network (User B2) can
reach users on the PSTN network (User A and B2) and vice
versa.
Crypto
B
Crypto
n
Supported Crypto Equipment:
• NSIE BRI/PRI
• SCIP Sectera crypto
• NBSV-II (Integration phase)
Black-SVG
Crypto
B
Circuit & Packet
Switched
Switch
DB
Circuit & Packet
Switched
Crypto
n
Crypted circuit/packet switched voice traffic (Unclassified, NU)
Uncrypted circuit switched classified voice traffic (NS)
User A
(Originator)
User B1
Uncrypted packet switched classified voice traffic (NS)
DB
Database
The SVG currently supports the following interfaces: ISDN
PRI, ISDN BRI, analogue and Ethernet.
©
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
For additional information contact : [email protected]
IETV
: INTEROPERABILITY EXPERIMENTATION,
NC3A Experimentation Program of Work
TESTING AND VALIDATION CAPABILITY
NC3A – 1GNC Voice Experiment
What is the NC3A – 1GNC Voice Experiment about?
Interconnection of Secure Voice Services between 1GNC National Secret (IP based) and NATO Secret
(ISDN based).
The security domains are separated by the IEG-Light with a IEG-Light Voice Module (IVM). The
transition between Secure ISDN and Voice over Secure IP is done by the Secure Voice Gateway
(SVG) developed by NC3A.
©
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
The IEG-Light (I)
What is the IEG-Light?
The Information Exchange Gateway (IEG) “Light” is a small, highly deployable and affordable module that provides
secure gateway services between deployed NATO and a deployed national CIS of a NATO member nation.
Which functionality is provided?
The IEG-Light packet switched (PS) component is a
secure interface between the NATO secret (NS)
network and the national secret network. Services
supported by the IEG-Light PS component are the
core information services mail, web publishing and
GAL synchronization.
For SFCE 09 new functionality provided inside the
IEG-Light is FS support by the MIP-DEM extension
and secure VoIP support by the IEG-Light Voice
Module (IVM)
How does it work?
The IEG-Light component filters all traffic from the
nation in its router. The firewall directs all granted
traffic to the proxy servers in the IEG-Light DMZ. All
unwanted traffic is dropped. The proxies can be
IEG-Light Specialized
accessed from the NATO side. All Traffic is audited
Module
by the IDS. Therefore, no direct communication
between the NS network and the national network is
possible. Traffic is audited by the IDS.
The IVM prototype is realized with single board
computers (SBC), running the EAL4+ evaluated
Linux operating system and the Asterisk soft switch
software.
© NATO
Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
IEG-Light Main Module
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
The IEG-Light (II)
IPS – Information
Protection Services
IES – Information Exchange Services
VOICE
VOICE
SERVICES
DATA SERVICES
SERVICE “i”
Publishing
(Proxy)
SS – Supporting
Services
IEG-Light
IEG-Light
specialized module #n
MANAGEMENT
Mail
Web
Access
Control
Secure
Forwarding
Protocolet
e
Conversion
t Y bl
Release
Control
Content
Scanning
VTC
No aila
Av
Codec
Sanitizing
PolicyEnforcement
User I/F
Information
Assurance
Passive
Monitoring
DMZ
et
e
t Y bl
No aila
Av
Active
Monitoring
Conversion
Software
Patch/Update
IEG-Light
specialized module #1
Decomposition
Content
Scanning
Control
KVM-input
Traffic Monitoring
Audit/
Event Logging
NPS – Network Protection Services
Content Checking
Intrusion Detection
Public Key
Infrastructure
(future upgrade)
Numbering/
Dialling
Packet Switching
Circuit Switching
CONSOLE
(SCREEN/KBD)
Remote Console
Alarm
Processing
KVM-input select
NATO-side DATA
NON CIS
Power/
UPS
DMZ
IEG-Light
main module
LOCAL
CONSOLE
Change
Management
Network-level Traffic Filtering
IP Plan /
Network Address Translation (NAT)
select
Access Router
Management
Enclosure
Ancillary
Local UPS
Management
LOCAL POWER
UPS
POWER
Nation-side DATA
UPS
MANAGEMENT
IEG-Light
UPS module
Encryption/Decryption
Transmission
Concept of Operation of the IEG-Light
IEG-Light Software Architecture
©
IEG-Light Functional Architecture
IEG-Light (Remote) Management Interface
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
IEG-Light Hardware Architecture
IEG-Light Main (bottom) and Specialized
(top) Modules
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
Example of IETV CIS Verification Results
EXAMPLE CIS INTEROPERABILITY TEST CAMPAIGN RESULTS SUMMARY
Compliant
(C)
Partially
Compliant
(PC)
Not
Not Tested
Compliant
(NT)
(NC)
Secure data
Informal messaging system (e-mail)
Directory Service
Web-based services
31
10
18
12
2
1
1
2
4
2
1
0
7
2
44
15
20
14
Low-level tests
71
6
7
9
93
0.84
|||||||||||||||||||||
0.90
||||||||||||||||||||||
MS to IETV MS (conf #1)
NAT-S to IETV NS
MS to IETV NS (conf #1)
NAT-S to IETV MS
MS to IETV MS (conf #2)
NAT-S to static IETV NS
MS to static IETV NS (conf #1)
MS to static IETV NS (conf #2)
MCCIS
ICC
12
14
12
8
2
2
1
1
5
2
3
7
2
13
19
1
4
4
2
9
11
6
||||||||||||||||
|||||||||||||||||||
0.91
0.78
1.00
0.92
0.00
0.89
1.00
0.00
0.62
0.81
||||||||||||||||||||||
|||||||||||||||||||
|||||||||||||||||||||||||
|||||||||||||||||||||||
1
0.86
0.62
0.81
0.61
0.00
0.42
0.70
0.00
0.67
0.79
|||||||||||||||||||||
|||||||||||||||
||||||||||||||||||||
|||||||||||||||
9
8
15
27
14
13
13
18
11
9
29
31
Service-Level tests
95
11
26
48
180
32
63
5
6
6
20
17
31
60
120
166
17
33
57
273
0.74
||||||||||||||||||
0.79
|||||||||||||||||||
Total
Interoperability (IO)
Score
Reliability of IO
measure
Low level MS-MS test results
Inter-domain test results
FS Tests
Non-FS Tests
Summary of all tests
©
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
6
1
13
2
||||||||||
|||||||||||||||||
||||||||||||||||||||||
|||||||||||||||||||||||||
|||||||||||||||
||||||||||||||||||||
For additional information contact : [email protected]
IETV : INTEROPERABILITY EXPERIMENTATION,
TESTING AND VALIDATION CAPABILITY
Objectives of the 2009 SFCE IETV campaign
• Primary objectives:
•
•
•
•
•
Test and validate nationally provided CIS (LCC-HQ-NRF-13-GBR)
Test and validate nationally provided CIS (LCC-HQ-NRF-14-DNK)
Test interoperability between NATO C2/FS and National C2/FS
Test cross-domain data and voice exchange mechanism
Identification (resolution) of interoperability issues
• Other objectives:
•
•
•
•
•
©
Experiment the IETV Automated Testing Tool (IATT)
Experiment NATO gateways for national MIP-DEM traffic
Support national experiment with IETV (NRDC-SP-JCOP-XML)
Demonstrate NATO gateways for FS traffic
Demonstrate “zero-configuration” model for national CIS provision
NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int
For additional information contact : [email protected]