requirements and technical hypotheses for the …...security - principles • data...
TRANSCRIPT
![Page 1: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/1.jpg)
Requirements and technical hypotheses for the system design
Catherine Morlet & Andrea Santovincenzo
![Page 2: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/2.jpg)
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
![Page 3: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/3.jpg)
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
![Page 4: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/4.jpg)
Iris Requirements
![Page 5: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/5.jpg)
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
![Page 6: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/6.jpg)
Capacity analysis Capacity analysis –– principlesprinciples
• COCR (Communication Operating Concept and Requirements – joint FAA and Eurocontrol document) taken as baseline to determine requirements for the future data applications while applications are not yet defined (definition for the airport applications has started)
• Evaluation of the impact on the dimensioning of the system, especially:– Capacity (=volume of information to transmit)– Data rate (=speed at which the information is transmitted)– Number of access (=number of simultaneous communications)– EIRP per carrier at satellite level (=power consumption of the
satellite) – G/T of the satellite antenna (=size of the satellite antenna)
![Page 7: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/7.jpg)
Capacity analysis Capacity analysis -- principlesprinciples
The size of the antenna for the return link is driven
by the user terminal peak rate
Whatever the volume of info, the size will be the same
The payload mass+poweris driven by the volume of information and number of aircraft on the forward link i.e. the number of carriers
![Page 8: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/8.jpg)
Capacity analysis Capacity analysis –– applicationsapplications
• Air traffic growth based on Long Term Forecast published by Eurocontrol (4 different traffic growth options specified)
• All COCR communication applications (i.e. ATS and AOC)
• Various message sizes (as stated in COCR)
• Short messages with stringent latency requirements
• Receive and transmit is infrequent and not predictable
• Average throughput per aircraft is a few bps
![Page 9: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/9.jpg)
Capacity analysis Capacity analysis –– applicationsapplications
• Some uncertainties remaining on the definition of applications:– Definition in COCR is a best guess of future 4D
concept so characterisation of each application (size, occurrence, delay requirement…) is an approximation
– AOC applications are not all safety-critical and not all aircraft flying IFR uses AOC (in particular not all General aviation aircraft)
– No surveillance applications considered but position reporting in particular in oceanic is possible while there is no other mean of communication
• As a result, options for the capacity to be supported by the system need to be considered
![Page 10: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/10.jpg)
Capacity analysis Capacity analysis –– applicationsapplications
• COCR has not been written for a satellite network infrastructure idea of multicast/broadcast almost inexistent and refers to small geographical areas
• COCR doesn’t specify services in multicast/broadcast post 2020
• It could make sense to provide some services by broadcast or multicast in an operational environment, e.g. for a satellite spot beam
It is up to aviation to define the applications and operational concept
![Page 11: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/11.jpg)
Capacity analysis Capacity analysis –– voicevoice
• Voice will still exist and will be used in specific operational cases– In oceanic or remote areas:
» In case of emergency along the flight that cannot be handled by data communications
» In case the 4D applications are not working (in the aircraft or on-ground) but the satellite technology is still up and running
– In continental airspace: as a last mean of voice communication in case of unusual circumstances and when VHF is not working
voice communications shall be a very small amount of the total data communications foreseen. Its volume depends on the quality of the voice required and so of the vocoder technology and compression techniques.
![Page 12: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/12.jpg)
Example of capacity analysis resultExample of capacity analysis result
• Distribution of communication traffic depending on aircraft latitude– Volume of traffic over the 6 peak hours– repartition as a function of the aircraft latitude (the
higher the latitude, the lower the elevation angle of a GEO satellite seen from the aircraft), the worse for getting good “quality” of the transmission:
ECAC areaFL - % Messages RL - % Messages
70-75deg. North 0.04 0.0460-69deg. North 2.56 2.5725-59deg. North 97.40 97.39
![Page 13: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/13.jpg)
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
![Page 14: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/14.jpg)
Geographical Coverage Requirement
The mandatory coverage region is the ECAC region that goes as far North as 73 deg and includes Canary Islands on the West and Azerbaijan on the East
Polygonal coordinates
![Page 15: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/15.jpg)
ECAC Coverage from GEO
Above 73 deg the satellite elevation angle becomes too low to guarantee link availability. Polar coverage impossibleRedundant ECAC coverage with sufficient elevation can be achieved by two satellites within the GEO long arc ~5 W to 5 E
Elevation angle
5 deg
55 deg
![Page 16: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/16.jpg)
Polar Coverage
• Polar Coverage would require an additional constellation of at least three HEO (High Elliptical Orbit) satellites (up to 6 for redundancy).
• Present assumption is that this constellation and the associated Ground Segment are not part of the Iris programme
• However, in order to guarantee interoperability, the communication standard and the User Terminals developed within Iris will be compatible with a HEO system
• There are presently two planned future (2013-2016) HEO missions targeting ATC application:– Polar Communication and Weather (PCW) mission from
CSA (Canadian Space Agency)– ARKTICA mission from Russia
• The Iris programme is looking at collaboration with both to ensure future interoperability
![Page 17: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/17.jpg)
Visible Earth coverage
• From GEO about one third of Earth surface is visible
• In principle, a satellite global beam could provide coverage over Africa and extend coverage over the Atlantic and the Middle East which would benefit intercontinental flights
• This is presently studied as an optional add-on to the ECAC-only design of the satellite payload.
• Depending on the results of this analysis and the impact on the payload and satellite design, a decision will be taken to extend coverage beyond ECAC
![Page 18: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/18.jpg)
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
![Page 19: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/19.jpg)
Approach to global deployment
• It is assumed that the Satellite Communication System deployment will be gradual
A. In timeB. In coverageC. In capacity
• Steps:1. Deployment of pre-operational system with ECAC coverage
only and possibly reduced capacity2. Deployment of the operational system with full capacity and
ECAC coverage + (possibly) global beam3. Extension of the service: Deployment of non-Iris HEO system(s)
for polar coverage and/or Deployment of/interoperability with other non-European regional systems (e.g. Navisat) or global systems
• Key to the success of this strategy is the ICAO standardisation of the communication standard
![Page 20: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/20.jpg)
Airspace Coverage Requirements
P: primaryB: back-up
Present assumption on role of the Satellite System in the different airspaces
Future Communication Systems
Airspaces Satellite Communication
System
LDACS AeroMACS
ORP P NA NA ENR P P NA TMA P P NA APT TBD B (when
available) P
![Page 21: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/21.jpg)
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
![Page 22: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/22.jpg)
Security Security -- principlesprinciples
• Data security/protection shall be ensured to operate a safety system
• Steps to be followed:– Identify threats– Assess risk, based on threats, vulnerabilities and
impact of a threat materializing into a successful attack– Formulating security design requirements– Designing countermeasures– Assessing residual risk, iterating the process is
necessary. Eventually, accepting residual risk
![Page 23: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/23.jpg)
Security Security -- principlesprinciples
• Data security mechanisms are generally identified by the following concepts:– Authentication– Non repudiation– Encryption– Access control– Integrity– Jamming
• Most of the above techniques are linked to each other and one technique can help mitigating risks for several aspects
![Page 24: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/24.jpg)
Security Security –– threatsthreats
• Security mechanisms to be implemented depend on the threats identified
• How to identify the threats?– Who would try to get access to some data exchanges
and for doing what?– Who would try to exchange information with one or
more aircraft or controller and for doing what?– What are the physical entities to protect and against
which attacks? (on-board the aircraft and on ground)
![Page 25: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/25.jpg)
Security Security –– link specificitieslink specificities
• Each link between 2 physical entities of the system requires its own protection since it has its own vulnerability(ies)– User data: AOC may carry more
confidential/commercial information than ATS– Signalling data e.g. for synchronising elements among
themselves is not sensitive but critical for the proper behaviour of the system
– Control and management data among physical elements of the satellite network may carry sensitive information (e.g. billing)
– Satellite operations relies on the telemetry and telecommand which shall be protected
![Page 26: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/26.jpg)
Security Security –– aviation requirementsaviation requirements
• Information exchanges shall be accurate– “better no information than a wrong information”– Calls for implementation of integrity for each radio
technology to be used for air traffic management
• Information exchanges shall be done among authorised entities– Calls for some authentication, access control and
non-repudiation– But is it the person to be identified?, the physical box
used for the transmission? The identifier of the flight and control tower?
– The solution can be internal or external to the satellite radio-link
![Page 27: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/27.jpg)
Security Security –– aviation requirementsaviation requirements
• Information exchanges shall be fast and emergency communications possible with any flight or control tower– Calls for NOT encrypting the emergency data
information– But for AOC there might be data not safety critical and
commercial that would need encryption
• Information exchanges shall be of good “quality” i.e. fast and understandable– Calls for some robustness to jamming by intentional
or unintentional source which would use the frequency band where communication takes place to transmit other data or just noise
– The level of robustness is not determined today
![Page 28: Requirements and technical hypotheses for the …...Security - principles • Data security/protection shall be ensured to operate a safety system • Steps to be followed: – Identify](https://reader034.vdocument.in/reader034/viewer/2022042305/5ed160a8d2fe6b0b7b19e9b2/html5/thumbnails/28.jpg)
Contact pointsContact points
ESA Iris Programme
[email protected]@esa.int
ESA Iris System Design Studies
[email protected] (System Engineer)[email protected] (Communication System)[email protected] (Iris Safety Board)Tony Azzarelli (Regulatory / frequency matters)
Documentation available via www.telecom.esa.int/iris