Decentralized Fully Redundant Cyber Secure
Governmental Communications Concept
Dr. Jyri Rajamäki, Paresh Rathod and John H...
Outline
• Background and motivation
▶ Public safety communications
(PSC), (mission) critical
communications
▶ Multi organi...
Public Safety
Communications

12/4/2013

Presenter: Paresh Rathod

3
Main Challenges in European
Governmental Communications

Lack of interoperability

limits
the effectiveness of public safe...
Multi organizational environment
Core
Services
& data
storage

Interface nodes

Organization A
DSiP
Router

Organization E...
Market Need for Critical
Communications
• Military, PPDR (public protection and disaster relief) & CIP
(critical infrastru...
Important topics when
considering PSC

1(2)

1. Technical reliability and trustworthiness
 The communication must be safe...
Important topics when
considering PSC

2(2)

4. Co-operation between different actors
 Users may have different ”statuses...
What is multichannel
communication?

Presenter: Paresh Rathod

9
Multichannel communication
is the ability to communicate over multiple physical connections
simultaneously and in parallel...
How Multi-modems work
Each modem will get its own ip-address
from their operators
At this point, the ”control room” applic...
Multi-channel communication
All the separate IP-addresses should ”merge”.
NO changes to the application should need to be ...
Multichannel communication is:
Parallel use of data links regardless of technology
All the multiple parallel communication...
Reasons for developing a
new protocol
1.

Cyber warfare IS REALITY – Viruses, Denial of Service attacks etc.

2.

The IP p...
Empirical case
DSiP – Distributed Systems
intercommunication Protocol ®

Presenter: Paresh Rathod

15
DSiP Consists of two types ofstart, they Nodes and Routers make
When the nodes and routers software; interconnect. Routers...
DSiP Consists of two types of software; Nodes and Routers
Nodes are the ending/interface points in a DSiP routing network
...
With DSiP you can
interconnect any device or
network segment using any
kind of media, be it IP or
Non-IP, in a redundant a...
With DSiP the connections between network segments and
devices will be unbreakable because they interconnect using
Multich...
The modular DSiP system is not sensitive to DOS attacks since
nodes actively maintain the connections – if a connection br...
If Router to Router connections breaks, the DSiP
system routes information via other DSiP routers

DSiP
Router
3G, TETRA
S...
DSiP may be regarded as a
multi-point to multi-point
VPN tunnel with better
control over priority,
security and reliabilit...
DSiP can use both IP-based
networks and non-IP
communication in parallel!
IPv4, IPv6 and non-IP
can all co-exist
12/4/2013...
DSiP may, for example, connect IP-based networks together
using non-IP communication. DSiP is capable of tunneling
data th...
Remote devices may connect using non-IP communication
and IP-based connections in parallel

non-IP
radiolink
IP network
se...
Applications and devices
will ”see” the multiple
connections as they would
be a single connection

No need to modify ANY
a...
Avoid drilling holes in your security, instead provide services!
Core
Services
& data
storage

Interface nodes

Organizati...
DSiP Distributed Systems intercommunication Protocol ®

IP
TETRA 3G WiMAX
WAN
DSiP
GPRS SATELLITE
LANUSES ALL KINDS OF
4G/...
DSiP contains tools for:
Monitoring the network
Centralized authentication
Configuring the system

12/4/2013

Presenter: P...
Configuration
server

DSiP
Router
DSiP
Router

RTU

DSiP
Router

RTU
RTU
RTU
RTU

RTU

RTU
12/4/2013

Presenter: Paresh Ra...
Centralized Authentication Server

DSiP
Router
DSiP
Router

RTU

DSiP
Router

RTU
RTU
RTU
RTU

RTU

RTU
12/4/2013

Present...
Network Management Server

DSiP
Router
DSiP
Router

RTU

DSiP
Router

RTU
RTU
RTU
RTU

RTU

RTU
12/4/2013

Presenter: Pare...
All the aforementioned is handed to you
in the DSiP multichannel communication
architecture

DSiP – A software solution fo...
2Com-TETRA router

•
•
•
•
•

Internal
TETRA modem
Two internal 3G modems
GPS receiver
External possibility for satellite ...
Discussions and Future work
Benefits
In many connections
(e.g. PSCE conference 78 June 2011), common

secure network for
MIL, PPDR & CIP is
needed.
Se...
Future work
To solve
1. mission critical voice roaming in cross-border
operations
•

TETRA push-to-talk (PTT) services ove...
On going project

12/4/2013

Presenter: Paresh Rathod

38
Decentralized fully redundant cyber secure governmental communications concept
Upcoming SlideShare
Loading in …5
×

Decentralized fully redundant cyber secure governmental communications concept

525 views

Published on

IEEE publications: This paper focuses on future requirements of broadband data transmission of public protection and disaster relief, critical infrastructure protection and military, and presents the concept of redundant and secure data communication network system in ...

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
525
On SlideShare
0
From Embeds
0
Number of Embeds
37
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Decentralized fully redundant cyber secure governmental communications concept

  1. 1. Decentralized Fully Redundant Cyber Secure Governmental Communications Concept Dr. Jyri Rajamäki, Paresh Rathod and John Holmström Finland
  2. 2. Outline • Background and motivation ▶ Public safety communications (PSC), (mission) critical communications ▶ Multi organizational environment ▶ Multichannel communications • Empirical case ▶ DSiP - Decentralized fully redundant cyber secure communications in a multi organizational environment • Discussions and Future work 12/4/2013 Presenter: Paresh Rathod 2
  3. 3. Public Safety Communications 12/4/2013 Presenter: Paresh Rathod 3
  4. 4. Main Challenges in European Governmental Communications Lack of interoperability limits the effectiveness of public safety and security actors in actual operations • • Gaps in technology, procedure and procurement or research Lack of standardization Lack of broadband connectivity of wireless communications for existing and future public safety and security applications. Lack of secure decentralized and redundant data communications 12/4/2013 Presenter: Paresh Rathod 4
  5. 5. Multi organizational environment Core Services & data storage Interface nodes Organization A DSiP Router Organization E Public Safety Communications, PSC DSiP Router Organization B DSiP Router Organization D Organization C 12/4/2013 Presenter: Paresh Rathod 9.3.2011 Page 5 5Ajeco Oy
  6. 6. Market Need for Critical Communications • Military, PPDR (public protection and disaster relief) & CIP (critical infrastructure protection [e.g. energy supply]) actors have similar needs for communications • In many connections (e.g. PSCE conference 7-8 June 2011), common secure network for MIL, PPDR & CIP is needed • TETRA/TETRAPOL based voice • LTE based data (operational from 2020’s, common European wide frequency allocation needed) • Roaming is essential • cross-border PPDR operations, • multinational CI; power (electricity, gas) networks and companies 12/4/2013 Presenter: Paresh Rathod 6
  7. 7. Important topics when considering PSC 1(2) 1. Technical reliability and trustworthiness  The communication must be safe and ”unbreakable” 2. Considering the long time investment  Solutions must withstand time as technology constantly evolves 3. ”Special circumstances” may occur at any time  The telecom operator may not ALWAYS be there? 12/4/2013 Presenter: Paresh Rathod 7
  8. 8. Important topics when considering PSC 2(2) 4. Co-operation between different actors  Users may have different ”statuses” and ICT-policies. For example: Government vs. Civilian as in Army, Public Safety and Industry – yet users may need to interact on the same communications platform. Solutions should support, not suppress, co-operation 5. Freedom of choice  The customer should be the ”master” of his application, not the telecom operator or vendor 6. Special situations  Communication solutions should allow Ad-hoq users in a safe way – Safety and Reliability first 12/4/2013 Presenter: Paresh Rathod 8
  9. 9. What is multichannel communication? Presenter: Paresh Rathod 9
  10. 10. Multichannel communication is the ability to communicate over multiple physical connections simultaneously and in parallel so that all communication links appear like a single uninterruptable and robust link People can do this (if they want) IP: x.y.z.q Computers can’t generally do this even if “they would want to” IP: q.w.e.r The IP protocol used for data transfer can not bind a socket over two or more physical connections simultaneously 12/4/2013 Presenter: Paresh Rathod 9.3.2011 Page 10 10Ajeco Oy
  11. 11. How Multi-modems work Each modem will get its own ip-address from their operators At this point, the ”control room” application will see connection attempts fom 3 different IP-addresses 3G ADSL TETRA The ”remote” application 123.nn.12.3 88.pp.1.5 45.qq.54.19 tt.pp.12.20 ADSL The ”control room” application A ”multimodem” system cannot share communication between different physical media without re-writing the application program to do so. The reason is: TCP/IP does not support multichannel communication! Re-writing an application to support multichannel communication is practially very difficult in most cases. Presenter: Paresh Rathod 12/4/2013 11
  12. 12. Multi-channel communication All the separate IP-addresses should ”merge”. NO changes to the application should need to be done! The ”remote” application The ”control room” application Multichannel Router 123.nn.n.3 3G ADSL TETRA 88.tt.t.5 45.qq.q.19 nn.tt.12.20 ADSL Multichannel router The structure should make the applications ”to believe” that they are communicating over a single connection, however, the communication is spread over multiple physical connections which may be IP or non-IP based! The possibility of combining multiple communication channels into a single enables regular telecommunication to be used in mission critical systems – the demand for secure communication is huge and ever increasing! Presenter: Paresh Rathod 12/4/2013 12
  13. 13. Multichannel communication is: Parallel use of data links regardless of technology All the multiple parallel communication paths must appear as a SINGLE uninterruptable communications channel REMOTE SITE or LAN WEATHER TELECOMMUNICATION SAT CONTROL ROOM or HQ LAN CAMERA LAN EXT 3G, UMTS RADIOLINK TETRA… 12/4/2013 Presenter: Paresh Rathod 13
  14. 14. Reasons for developing a new protocol 1. Cyber warfare IS REALITY – Viruses, Denial of Service attacks etc. 2. The IP protocol can’t do multichanneling and multichanneling VPN’s do NOT solve the problem 3. More and more applications use IP-protocol for transfer 4. Machines and Software are not compatible 5. Mixing teleoperators and the application can be problematic 6. Taking future protocols into account: IP v4, IP v6 and others 12/4/2013 Presenter: Paresh Rathod Copyright (C) Ajeco Oy 14
  15. 15. Empirical case DSiP – Distributed Systems intercommunication Protocol ® Presenter: Paresh Rathod 15
  16. 16. DSiP Consists of two types ofstart, they Nodes and Routers make When the nodes and routers software; interconnect. Routers Nodes are the interface points in a DSiP routing network neighbour connections and nodes connect to one or more router All connections are authenticated Multichannel connections! 3G/4G, SAT TETRA, TEDS, VHF, LAN… DSiP node DSiP Router DSiP Router DSiP Router Multichannel connection OBSERVE: Nodes may connect to multiple routers 12/4/2013 Presenter: Paresh Rathod IP and non-IP traffic 16
  17. 17. DSiP Consists of two types of software; Nodes and Routers Nodes are the ending/interface points in a DSiP routing network All connections are authenticated DSiP node DSiP Router Routers do also have Multichannel connections! Routers also interconnect over multiple channels DSiP Router DSiP Router Multichannel connection 12/4/2013 Presenter: Paresh Rathod IP and non-IP traffic 17
  18. 18. With DSiP you can interconnect any device or network segment using any kind of media, be it IP or Non-IP, in a redundant and secure way 12/4/2013 Presenter: Paresh Rathod 18
  19. 19. With DSiP the connections between network segments and devices will be unbreakable because they interconnect using Multichannel technique. All connections are authenticated DSiP Router 3G, TETRA SAT, TEDS, VHF, LAN Etc… DSiP Router DSiP Router All connections are Multichannel 12/4/2013 Presenter: Paresh Rathod Connections can be IP and non-IP traffic 19
  20. 20. The modular DSiP system is not sensitive to DOS attacks since nodes actively maintain the connections – if a connection breaks, others will automatically form. DSiP Router 3G, TETRA SAT, TEDS, VHF, LAN Etc… DSiP Router DSiP Router 12/4/2013 Presenter: Paresh Rathod 20
  21. 21. If Router to Router connections breaks, the DSiP system routes information via other DSiP routers DSiP Router 3G, TETRA SAT, TEDS, VHF, LAN Etc… DSiP Router DSiP Router 12/4/2013 Presenter: Paresh Rathod 21
  22. 22. DSiP may be regarded as a multi-point to multi-point VPN tunnel with better control over priority, security and reliability 12/4/2013 Presenter: Paresh Rathod 22
  23. 23. DSiP can use both IP-based networks and non-IP communication in parallel! IPv4, IPv6 and non-IP can all co-exist 12/4/2013 Presenter: Paresh Rathod 23
  24. 24. DSiP may, for example, connect IP-based networks together using non-IP communication. DSiP is capable of tunneling data through itself using any kind of physical communication non-IP radiolink IP network segment DSiP Router DSiP Router DSiP Router IP network segment 12/4/2013 IP network segment IP-based network All connections are Multichannel Presenter: Paresh Rathod 24
  25. 25. Remote devices may connect using non-IP communication and IP-based connections in parallel non-IP radiolink IP network segment DSiP Router DSiP Router DSiP Router Remote device, RTU or equivalent 12/4/2013 IP network segment IP-based network Non-IP and IP traffic, TETRA, TEDS all work in parallel Presenter: Paresh Rathod 25
  26. 26. Applications and devices will ”see” the multiple connections as they would be a single connection No need to modify ANY application or device 12/4/2013 Presenter: Paresh Rathod 26
  27. 27. Avoid drilling holes in your security, instead provide services! Core Services & data storage Interface nodes Organization A DSiP Router DSiP Router Organization E Organization B DSiP Router Organization D 12/4/2013 Presenter: Paresh Rathod Organization C 27
  28. 28. DSiP Distributed Systems intercommunication Protocol ® IP TETRA 3G WiMAX WAN DSiP GPRS SATELLITE LANUSES ALL KINDS OF 4G/LTERADIO CAN COMMUNICATION ADSL RS232 PLC I2C ETHERNET MODBUS RS485 MBUS Non-IP RS422 12/4/2013 Presenter: Paresh Rathod 28
  29. 29. DSiP contains tools for: Monitoring the network Centralized authentication Configuring the system 12/4/2013 Presenter: Paresh Rathod 29
  30. 30. Configuration server DSiP Router DSiP Router RTU DSiP Router RTU RTU RTU RTU RTU RTU 12/4/2013 Presenter: Paresh Rathod 30
  31. 31. Centralized Authentication Server DSiP Router DSiP Router RTU DSiP Router RTU RTU RTU RTU RTU RTU 12/4/2013 Presenter: Paresh Rathod 31
  32. 32. Network Management Server DSiP Router DSiP Router RTU DSiP Router RTU RTU RTU RTU RTU RTU 12/4/2013 Presenter: Paresh Rathod 32
  33. 33. All the aforementioned is handed to you in the DSiP multichannel communication architecture DSiP – A software solution for Secure Multichannel Communication DSiP Distributed Systems intercommunication Protocol ® 12/4/2013 Presenter: Paresh Rathod 33
  34. 34. 2Com-TETRA router • • • • • Internal TETRA modem Two internal 3G modems GPS receiver External possibility for satellite modem Power relay for RTU RTU POWER CONTROL GPS SENSORS 12/4/2013 Presenter: Paresh Rathod 34
  35. 35. Discussions and Future work
  36. 36. Benefits In many connections (e.g. PSCE conference 78 June 2011), common secure network for MIL, PPDR & CIP is needed. Separate networks are wasting of resources! 12/4/2013 Presenter: Paresh Rathod 36
  37. 37. Future work To solve 1. mission critical voice roaming in cross-border operations • TETRA push-to-talk (PTT) services over LTE 2. secure PPDR & CIP (data) communication challenges before 2020’s, when LTE based systems might be operable. • Use case: • Secure communications for multinational electricity supply • Mobile field command center for PPDR field operations 12/4/2013 Presenter: Paresh Rathod 37
  38. 38. On going project 12/4/2013 Presenter: Paresh Rathod 38

×