introduction and objectives
DESCRIPTION
What is the IETV? The IETV ( Interoperability Experimentation, Testing and Validation ) is a tool in support of (CIS) systems certification, interoperability enhancement and experimentation for multinational, NATO-led expeditionary operations. Which CIS functions does the IETV cover? - PowerPoint PPT PresentationTRANSCRIPT
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
Introduction and Objectives
How will the IETV be used during SFCE 09?
The IETV will be used to validate a nationally-provided (CIS) system (LCC-HQ –NRF-13 (GBR) and LCC-HQ-NRF-14 (DNK) in support of NRF-13/14.
To resolve an outstanding IO issue implementing a deployable secure cross-domain gateway for MIP-DEM data function to allow automated information exchange between a national-secret system (provided by 1GNC) and the NATO secret system (JCOP), in compliance with applicable INFOSEC regulations.
To experiment a future interoperability enhancement, by testing Secure Voice Gateway between national-secret system (provided by 1GNC) and the NATO secret network.
To support the SFCE09 test plan with automation of testing functions, allowing multiple tests to be conducted in few minutes, without operator’s involvement and with automated integration with SFCE09 data base.
What is the IETV?The IETV (Interoperability Experimentation, Testing and Validation) is a tool in support of (CIS) systems certification,
interoperability enhancement and experimentation for multinational, NATO-led expeditionary operations.
Where is the IETV?The IETV has a deployable footprint, which provides basic on-site
(deployed) representative interfaces and gateways.Then, connects through any (NATO or not) WAN to the static part of the
IETV, which groups most NC3A test beds and laboratories.
What makes up the IETV?The IETV Capability is made-up of four essential components:
- Processes- Supporting Documentation- A (HW/SW) test bed- Know-how
Which CIS functions does the IETV cover?The IETV covers CIS interfaces (with the national systems),
transmission, bandwidth management, voice/video/VTC services, information exchange, network services, core IS services, functional services, information assurance and management.
What can it be used for?The IETV Capability can be used to:
- Validate nationally-provided CIS- Support the Commander with the certification of the Unit- Develop new applications and technologies- Experiment and test new CIS concepts and applications
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
The IETV Architecture
A generic architecture based on a functional analysis. Comprises all relevant CIS functions in the Deployable CIS for a NATO expeditionary mission. Allows maximum modularity and re-use of existing test beds and labs at NC3A.
The modular design allows deploying only those elements which are essential to provide local, identical interfaces and services. This is called the deployable footprint of the IETV.
The most complex systems stays at the static part of the IETV, in The Hague, along with the on-site expertise and know-how. This optimizes availability of the test bed and reduces the cost of deployment. National facilities can join the IETV as needed.
In 2009, an extended (includes some information systems) deployable footprint of the IETV can be seen at SFCE 09 Exercise
Network Services
Information Exchange Mechanisms (Examples)
Core Services
Information Assurance Services
Functional Services
Interfaces
Circuit-Switched (CS)
Foundation Services
Identity Mgmt
Specialized Data Services
Data Exchange and Interoperability
DirectoryE-mail Web
CollaborationFile Sharing CollaborationFile Sharing
FileE-mail Socket Database
IP LAN (NS) IntrusionDetection
Reference Systems
IP LAN (MS)
IP LAN (NU)
Information Exchange Services
Military Messaging
Authentication
Virus Protection
Import/Export ReplicationSerial FeedImport/Export
NATOGateway and Guard
NATOC2 Applications
National C2Applications
Packet-Switched (PS)
Time-Division Multiplexing (TDM)
BandwidthManagement
Function(BMF)
TRANSMISSION
NATOGateway and Guard
Voice/Fax/Telex/Video/VTC
SwitchConference
Unit
User terminal Equipment
Deployed NATO CISDeployed NATO-Nation CIS
Deployed Coalition-Nation CISLocal Authorities
NGO’s
CORE SERVICES
INFORMATION ASSURANCE
INFORMATIONEXCHANGE
INFORMATION ASSURANCE
INTE
RFA
CES
NETWORKSERVICES
VOICE/VIDEO
BANDWIDTHMANAGEMENT
TRANSMISSION
Nationally-provided systems to validate, test and experiment
EXPERIMENTS
Deployable Point of Presence (dPoP)
Interface with Nations Module (INM)
Micro information Systems Module ( µISM)
To static IETV coreinfrastructure
at NC3A (The Hague)
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
CIS Validation using the IETV
DESCRIPTION OFUNIT’S CIS
ANALYSIS
PREPARE SPECIFIC TEST PLAN
PREPARE SUPPORTING DOCUMENTS(HANDBOOKS, TEMPLATES, etc.)
TESTSUCCESS
?
Validated CIS
N
Y
TESTING
NATO TECHNICALCIS CRITERIA
<><>
CHANGES
IETV TEST BED
CHANGES &MITIGATIONS
Assessmentresults
Y
N
VERIFICATION ASSESSMENT
Architectures, know-how,
best practices
Verif
icat
ion
Unit-Level Assessment
OK?
The CIS Validation process (left) departs from a nationally assessed systems, and uses verification to determine compliance with NATO DCIS requirements.
Results from verification are subject to a verification assessment process (right), which aims to explain which are the interoperability issues, how to mitigate them, and consequences of not doing so.
VERI
FIC
ATIO
NVE
RIF
ICAT
ION
ASSE
SSM
ENT
Compliant (C)requirements
TECHNICALCRITERIA
“ANALYSIS”REQUIREMENTS
“INSPECTION”REQUIREMENTS
“TEST”REQUIREMENTS
UNIT’sDESIGN
<><><>SUFFICIENTINFO?
SUFFICIENTINFO?
“SIMPLE” TESTCASES<><><>
Available know-howAvailable venue/test
assets
“Covered”requirements
“Non-Covered”requirements
SPECIFIC TESTCASES
TESTINGTESTINGSUCCESS ?SUCCESS ?
SUCCESS ?SUCCESS ?
Partially-Verified and Not-Verified
requirements
PartiallyCompliant (PC)requirements
NonCompliant (NC)requirements
Not Applicable (NA)
requirements
Not Applicable (NA)
requirements
Y
N
Y
N
Y
N
(1) (2)
(2)
(1) (1) (1)
VERIFICATIONASSESSMENT
ENDEND
RISKASSESSMENT
MITIGATIONANALYSIS
REMARKS
MITIGATIONPROCEDURE
CHANGE REQUEST
ACTION ?ACTION ?
Y
CRITICAL ?CRITICAL ?
Y
N
N
Re-do Validation
CRITERIA
RemarksMitigation
CRITICAL ?CRITICAL ?
Y
N
Requiredchanges
VALIDATION OF RESULTS
(Based on Assessment of verification results)
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
The IETV in SFCE 09 (II: detailed view)
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
The IETV Automated Testing Tool (IATT)
What is the IATT?
The IETV Automated Testing Tool (IATT) provides the means to quickly verify a number of interoperability requirements in an automatic manner. This degree of automation allows conducting a large number of tests in a few minutes, and repeat those tests for different security domains and different units.
How does it work?Two IATT nodes (master and slave) are connected at the user sides of two networks interconnected through a Service Interoperability Point (SIOP). Each node represents a different user communities.
Automatic processes exercise multiple traffic types and services across the SIOP. Tests are done in accordance with outstanding interoperability criteria (NC3A TN-1174). Results are captured and reported back to the user.
Several CIS can be verified at the same time using only one master IATT node and several slave IATT nodes, one per CIS.
Which functionality is provided?The IATT automatically verifies CIS interoperability for the following services:
• Transmission and communications: connectivity, routing, protocol/port/service filtering, NTP, DNS, FTP, etc.
• core services, mail, web and secure web
How can nations use the IATT ?By using the IATT nations can quickly and inexpensively identify and resolve
configuration issues that might impair interoperability at the application level. In particular, the IATT looks at the interconnection of NATO and Nation with special emphasis on firewall/gateway configuration, services configuration, routing capabilities or network/application protocols, to name a few.
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
The IETV Automated Testing Tool (IATT)-II
IATT in SFCE-09The IATT automatically verifies CIS interoperability for the following services:
• Transmission and communications: connectivity, routing, protocol/port/service filtering, NTP, DNS, etc.
• core services, mail, web and secure web
IATT will integrate the results of the automated test in the exercise data base,
IATT will be deploy during all the exercise in LCC-HQ-NRF-13/14 helping to resolve interoperability issues.
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
NC3A Experimentation Program of Work
IEG-Light Extension “MIP-DEM”
What is the MIP-DEM IEG-Light Extension
The MIP-DEM IEG-Light Extension proxy functionality for the MIP-DEM protocol for interconnecting C2 application across security domains (NATO Secret <-> National Secret).
How does it work?JCOP Layer Manager (LM) implantation is used as service proxy. All MIP-DEM information exchange is terminated and forwarded by the MIP-DEM IEG-Light Extension in both directions.
The contracts between the C2 applications on the different security domains are always created via the MIP-DEM Proxy located in the IEG-Light.
Which functionality is provided?• Controlling the information flow between the security domains• Ensuring the integrity of the MIP-DEM protocol
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
IEG-Light
Voice-Gateway
What is the IVM?
The IEG-Light Voice Module (IVM) provides a secured voice gateway functionality between voice services of different security domains.
How does it work?The IVM prototype is realized with single board computers (SBC), running the EAL4+ evaluated Linux operating system and the Asterisk soft switch software.
All VoIP traffic from one security domain is terminated at the IVM. All incoming calls are converted to ISDN (G.711) and forwarded over an ISDN E1 trunk. The outgoing traffic is transcoded to any required codec (G.726, G.729, G.711 etc.). Supported protocols for interconnecting to the IVM are SIP, AIX2 (IP trunking) and H.323.
Actual IVM developments will allow to recognise the contents and type of the traffic (Voice, FAX, Modem) as well as detect hidden channels. Traffic is going to be controlled due to it’s contents.
Which functionality is provided?• Access Control for security domain access
– LDAP / PIN / Calling Party number• Limits the information exchange between security domains
to voice/fax/modem services• Codec and Protocol Conversion • Content Scanning, control if voice, fax or modem signals
are transported in the channels
Security Domain B
e.g. NATIONAL
Secret
Security Domain A
e.g. NATOSecret
ProtocolConversion
AccessControl
CodecConversion
Content Scanning
ISDNE1
IPSIP/IAX2
H.323
IPSIP/IAX2
H.323
NC3A Experimentation Program of WorkIEG-Light Extension “IEG-Light Voice Module”
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
What is the SVG?
The Secure Voice Gateway (SVG) is a tool designed to provide end-to-end secure voice services between networks using different voice and/or encryption technology (ISDN, POTS, VoIP, etc.).
How does it work?The SVG prototype is built from two (a secure and a non-secure) PABX, which are connected via appropriate crypto devices. Currently, the two PABXs are realized with single board computers (SBC), running the EAL4+ evaluated Linux operating system and the Asterisk soft switch software.
Traffic from User A is encrypted (using User A specific cryptos) and tunneled through the NATO network towards the SVG. In the SVG the traffic is decrypted, encrypted (using the User B1 specific cryptos), switched and forwarded to User B1. Alternatively users on the red IP network (User B2) can reach users on the PSTN network (User A and B2) and vice versa.
The SVG currently supports the following interfaces: ISDN PRI, ISDN BRI, analogue and Ethernet.
Which functionality is provided?• Secure voice services between participants using
different media and voice encryption devices.• Local and remote.• Multiple parallel voice services.• Open design for easy integration of additional crypto
devices.
SVGRed-SVG
Crypto B
Crypto A
Crypto n
Black-SVG
SwitchCrypto B
Switch
Crypto n
DB
DB
User A(Originator)
User B1
DB Database
User B2
Crypted circuit/packet switched voice traffic (Unclassified, NU)
Uncrypted circuit switched classified voice traffic (NS)
Circuit & PacketSwitched
Circuit & PacketSwitched
PacketSwitched
Uncrypted packet switched classified voice traffic (NS)
Supported Crypto Equipment:• NSIE BRI/PRI• SCIP Sectera crypto• NBSV-II (Integration phase)
NC3A Experimentation Program of WorkSecure Voice Gateway
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
NC3A Experimentation Program of WorkNC3A – 1GNC Voice Experiment
What is the NC3A – 1GNC Voice Experiment about?Interconnection of Secure Voice Services between 1GNC National Secret (IP based) and NATO Secret
(ISDN based). The security domains are separated by the IEG-Light with a IEG-Light Voice Module (IVM). The
transition between Secure ISDN and Voice over Secure IP is done by the Secure Voice Gateway (SVG) developed by NC3A.
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
The IEG-Light (I)What is the IEG-Light?
The Information Exchange Gateway (IEG) “Light” is a small, highly deployable and affordable module that provides secure gateway services between deployed NATO and a deployed national CIS of a NATO member nation.
How does it work?The IEG-Light component filters all traffic from the nation in its router. The firewall directs all granted traffic to the proxy servers in the IEG-Light DMZ. All unwanted traffic is dropped. The proxies can be accessed from the NATO side. All Traffic is audited by the IDS. Therefore, no direct communication between the NS network and the national network is possible. Traffic is audited by the IDS.The IVM prototype is realized with single board computers (SBC), running the EAL4+ evaluated Linux operating system and the Asterisk soft switch software.
Which functionality is provided?The IEG-Light packet switched (PS) component is a
secure interface between the NATO secret (NS) network and the national secret network. Services supported by the IEG-Light PS component are the core information services mail, web publishing and GAL synchronization.
For SFCE 09 new functionality provided inside the IEG-Light is FS support by the MIP-DEM extension and secure VoIP support by the IEG-Light Voice Module (IVM)
IEG InfrastructureNation (NAT-S) SideNATO (NS) Side
NICENICE
Firewall
Web
FilteringRouter
NICENICEData (IP)Data (IP)
Messaging
DirectoryServices
Optional IPEncryption
Optional IPEncryption
IDS IDS
IDS
InformationSharing
IEG Core
Functional ServicesXML GuardFunctional
ServicesSanitizing
FunctionalServices
Decompos.
IEG FS
Messaging
IEG-Light
DMZ
Managementworkstation
NATOSECRET
CISNAT-S
CIS
IEG-Light SpecializedModule
IEG-Light Main Module
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
The IEG-Light (II)
NON CIS
IES – Information Exchange Services
NPS – Network Protection Services
IPS – InformationProtection Services
MANAGEMENT
Power/UPS Enclosure Ancillary
Packet Switching
Transmission
Encryption/Decryption
Circuit Switching
IP Plan / Network Address Translation (NAT)
Numbering/Dialling
Network-level Traffic Filtering
Intrusion Detection
Content Checking
InformationAssurance
Policy-Enforcement
Public KeyInfrastructure
(future upgrade)
DATA SERVICES VTCVOICE
SERVICE “i”
Decomposition
Sanitizing
ReleaseControl
Publishing(Proxy)
SecureForwarding
ContentScanning
SS – SupportingServices
PassiveMonitoring
ActiveMonitoring
Control
Audit/Event Logging
User I/F
AlarmProcessing
ChangeManagement
MailWeb
IEG-LightUPS module
IEG-Lightmain module
IEG-Lightspecialized module #1
IEG-Lightspecialized module #n
LOCAL POWER
UPSPOWER
NATO-side DATA
UPSMANAGEMENT
KVM-input select
KVM-inputselect
DMZ
DMZ
CONSOLE(SCREEN/KBD)
LOCALCONSOLE
Remote Console
Access RouterManagement
Local UPSManagement
Nation-side DATA
IEG-Light
Traffic Monitoring
SoftwarePatch/Update
NATO WAN(NGCS)
NATO HQ/UnitNS
NU
NUMU NS
MS
Z
LOCAL ISP
National HQ/UnitNS
NAT-SRegional, staticIEG scenario B
NATOdPoPIEGC
Deployed C2 Unit NATO-ProvidedCIS
MU
IEG-Light(B)
NationalDefenceNetwork
(NDN)
SubordinateUnit(s)
NS
NAT-S orNon-NS
Z
GOs/NGOs
NGO (unclass) Other NATO HQs/Units
LOCAL ISP
Firewall
Mail Services
Intrusion DetectionSystem
ManagementConsole
Web Services
Information SharingServices
DirectoryServices
Other specializedServices
FunctionalServices
IDS ConfigurationIDS Event Collection
IDS Database
FW Configuration,
FW Engine
OperatingSystem
Drivers
HARDWARE
ContentScanning,
Release Control,Publishing
Content ScanningRelease Control
Relay
Release ControlSynchronization
Customer furnished
applications
Proxyapplications
for otherspecialized
services
MonitoringControlLogging
Alarm ProcessingChange Mgmt.
Concept of Operation of the IEG-Light IEG-Light Functional Architecture IEG-Light Hardware Architecture
IEG-Light Software Architecture IEG-Light (Remote) Management Interface IEG-Light Main (bottom) and Specialized(top) Modules
VOICE SERVICES
Access Control
Protocol Conversion
Codec Conversion
Content Scanning
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
Compliant (C)
Partially Compliant
(PC)
Not Compliant
(NC)
Not Tested (NT) Total
Low level MS-MS test results
Secure data 31 2 4 7 44Informal messaging system (e-mail) 10 1 2 2 15Directory Service 18 1 1 20Web-based services 12 2 0 14
Low-level tests 71 6 7 9 93 0.84 ||||||||||||||||||||| 0.90 ||||||||||||||||||||||
Inter-domain test results
MS to IETV MS (conf #1) 12 2 1 15 0.86 ||||||||||||||||||||| 0.91 ||||||||||||||||||||||NAT-S to IETV NS 14 2 5 6 27 0.62 ||||||||||||||| 0.78 |||||||||||||||||||MS to IETV NS (conf #1) 12 2 14 0.81 |||||||||||||||||||| 1.00 |||||||||||||||||||||||||NAT-S to IETV MS 8 1 3 1 13 0.61 ||||||||||||||| 0.92 |||||||||||||||||||||||MS to IETV MS (conf #2) 13 13 0.00 0.00NAT-S to static IETV NS 9 7 2 18 0.42 |||||||||| 0.89 ||||||||||||||||||||||MS to static IETV NS (conf #1) 8 1 2 11 0.70 ||||||||||||||||| 1.00 |||||||||||||||||||||||||MS to static IETV NS (conf #2) 9 9 0.00 0.00MCCIS 13 1 4 11 29 0.67 |||||||||||||||| 0.62 |||||||||||||||ICC 19 4 2 6 31 0.79 ||||||||||||||||||| 0.81 ||||||||||||||||||||
Service-Level tests 95 11 26 48 180
FS Tests 32 5 6 17 60Non-FS Tests 63 6 20 31 120
Summary of all tests 166 17 33 57 273 0.74 |||||||||||||||||| 0.79 |||||||||||||||||||
Interoperability (IO) Score
Reliability of IO measure
EXAMPLE CIS INTEROPERABILITY TEST CAMPAIGN RESULTS SUMMARY
Example of IETV CIS Verification Results
IETV : INTEROPERABILITY EXPERIMENTATION, TESTING AND VALIDATION CAPABILITY
© NATO Consultation, Command and Control Agency, 2009. http://www.nc3a.nato.int For additional information contact : [email protected]
• Primary objectives: • Test and validate nationally provided CIS (LCC-HQ-NRF-13-GBR)• Test and validate nationally provided CIS (LCC-HQ-NRF-14-DNK)• Test interoperability between NATO C2/FS and National C2/FS• Test cross-domain data and voice exchange mechanism• Identification (resolution) of interoperability issues
• Other objectives:• Experiment the IETV Automated Testing Tool (IATT)• Experiment NATO gateways for national MIP-DEM traffic • Support national experiment with IETV (NRDC-SP-JCOP-XML)• Demonstrate NATO gateways for FS traffic• Demonstrate “zero-configuration” model for national CIS provision
Objectives of the 2009 SFCE IETV campaign