The following case studies provide examples of our experience and expertise in defence network analysis.
- Executable System Modelling for Defence Options Analysis
For large, software-intensive networked systems, predicting system performance metrics early in the design lifecycle can be an extremely difficult task. Whilst the system's model components are known at an early stage in terms of functionality and high-level behaviour, they are usually not fully defined. Such an approach is needed, however in order to help identify, manage and retire risk associated with system design much earlier than traditional methods employed in the Australia defence sector.
In the laboratory the system-of-study is decomposed into components using middleware technologies: this middleware is deployed onto hardware similar to that found in a target platform, and the middleware is deployed using the same technologies that would be expected in the target platform; such as DDS and CCM. This is known as "System Execution Modelling". The rough initial approximations applied to the model are refined throughout the modelling phase through test and feedback on the concepts and help to better inform designers on the impact of their design choices. The deployment allows performance tests of an integrated system to be conducted very early in the design stage, highlighting problems that are usually only found toward the end of projects with “traditional” design methodologies.
CDCIN has participated in collaborative research and development with the Defence Science and Technology Organisation (DSTO) on a System Execution Modelling capability, where high-level system model components execute on representative hardware and software. The University of Adelaide and DSTO have established laboratories and models for early-stage testing of the performance of distributed computing systems such as maritime combat systems and avionics systems.
CDCIN paper at MilCIS 2014 Session 2.7a: "Executable System of Systems Modelling for Options Analysis"
- DSTO: Measurement Architecture for Defence Network Bandwidth Brokerage
The Defence IP networking environment carries a wide range of traffics over land and satellite links. Router DiffServ capabilities can be used to ensure the traffic carried on this network are assigned different priorities and help protect the Quality of Service (QoS) provided to real-time applications such as Voice over IP. DSTO investigated the use of Bandwidth Brokerage and router configuration to guarantee QoS for mission critical traffic and network efficiency during periods of heavy use.
We assisted DSTO by analysing measurement architectures, router configurations and admission control algorithms in order to achieve the required QoS whilst maximising the throughput of the network.
A network simulator was created to model the proposed architecture. Different traffics - such as voice, video, and data - were modelled and sent through the simulated network. This enabled pinpointing of potential bottlenecks and problems in the network. Cisco router mechanisms to enable QoS were also modelled and specific configurations investigated to determine the most suitable one for a given network. Different call admission schemes, in conjunction with a measurement architecture, were also considered so as to enable the network to admit as much traffic as possible without causing an overload. All of these aspects were put together to create a consistent, robust design for a high network utilisation with efficient mechanisms for assigning traffic priorities.
The results of our research assisted DSTO in achieving their goal and are now being incorporated into a Concept Technology Demonstrator.
- Tenix: Network Design and Analysis for Robust and Efficient Maritime Military Communications
The Australian Department of Defence is modernizing their Maritime Communications Information Management Architecture. The modernisation of maritime military communications is an extremely complex task, not only because of the range of technologies involved, but also because of the ever-increasing number of applications that such networks need to support. Tenix, in preparing a tender for the project, needed to rapidly and accurately analyse proposed architectures across a wide range of usage and failure scenarios critical to the design of a robust and efficient network.
We assisted Tenix by analysing proposed architectures, network configurations and prioritization of application traffic. By working together, potential bottlenecks and critical failure scenarios were identified. This analysis enabled us to suggest a more robust, efficient traffic routing model. This in turn enabled Tenix to enhance their proposed solution and produce increasingly more effective network designs.
We then incorporated our analysis process in software, enabling Tenix to undertake similar analyses as the proposed network architecture evolved further and the range of applications to be included in the analysis expanded.
The results of our research assisted Tenix in proposing a thoroughly analysed, robust and efficient maritime military communications network architecture.
- DSTO: Experimental Research Infrastructure for Network Topology Research
An important problem in defence surveillance is creating a capability for discovering the topology of an adversary’s communications network from indirect data, such as measurements of the delays of packets across the network in question, the existence of flows through a network and the capture of routing related messaging. Such problems come under the general heading of inverse problems, and are often solved using “tomographic” techniques.
A major problem in the conduct of such research is the difficulty in validating the effectiveness of the tomographic techniques developed. Typically, the difficulty arises in two distinct forms:
- Simulated networks are often employed in research because they enable controlled experiments to be conducted, and causes and effects can be more readily identified. Simulated networks, however, typically lack the “richness” of real networks, for example, being restricted to investigation only of interior routing protocols, through having relatively few nodes, or using only simulated traffic rather than actual traffic generated by real applications.
- Real network data is difficult to obtain, difficult to manage, and it is almost impossible to obtain clear information on “ground truth”, that is, if a major network event is observed it is rarely possible to find out the actual cause of the event.
Building on the Netkit platform developed by Roma Tre University, we have developed a network emulation environment for network tomography research verification and validation. In our environment virtual machines operate as routers in a virtual network. Each router can be individually configured and can run real network routing protocols, in this case, using open source software implementations of protocols such as BGP, RIP and so on. Multiple Autonomous Systems (ASs) can be configured, and real applications configured to run across the virtual network. Real users can also be connected into the virtual network.
The researcher is then in a position to make specific changes to the network state, observe and measure the changes that occur, and validate network analysis undertaken on the collected data against the “ground truth”.
The advantage to Defence is that research is enabled to be undertaken at all levels of the network, from link level through network level through application level, in a significantly more realistic environment that provided through the use of traditional simulation packages such as OPNET and NS-2.
- DSTO: Tactical Data Links QoS Analysis
The defence community has a number of platform simulators. For example a fully set up cockpit of an F-18 will simulate all of the aerodynamics and combat systems of that aircraft. Different simulators are however connected with large low latency data pipes. Therefore the communication between these simulators is robust and quick, which is not realistic.
To create a realistic environment the data links between the simulators must be degraded artificially.
To do this a realistic model of the tactical environment must be created. This model must incorporate both current TADIL technologies - Link 11, Link 16, VMF and Link22 – and developing technologies such as TTNT, WNW, and TCDL.
CDCIN has created a simulation tool that calculates the QoS of tactical data links in a realistic environment.
The simulator uses the COTS Arc-View GIS software module to incorporate relevant geographical data into the QoS model. A radio propagation module which incorporates both the land elevation data and a land use model has been developed to approximate the radio attenuation of any radio signals in the tactical environment.
The radio attenuation of point to point radio communication links determines the data rate capabilities of these point to point links. These rates depend on the specific technology being deployed. The different tactical links can also be combined into a network to look at routing capabilities and how they can lead to a higher QoS.
The results of this tool are the model’s resultant bandwidths of the links between platforms which can in turn be used to create realistic data rates between tactical simulators.
- Traffic Analysis and Obfuscation in Wireless Networks: Hiding in the Open
The problem of traffic analysis and the counter-problem of obfuscating traffic have a long and interesting history. Detecting traffic patterns in a network can lead to inferences about the nature of the information being carried by a network, which in turn can have deleterious consequences for the observed. Therefore whilst it is the interest of the observed to hide their intentions as much as possible, it is in the interests of the observer to infer as much information as possible from the traffic.
Listening to a wireless network without being detected is a very simple thing to do. And whilst encryption of data can hide the content of a message a lot of other information can be inferred from the nature of the data transmission.
One technique used to obfuscate traffic information from an observer is to “pad” the transmission, filling all leftover bandwidth with “junk” traffic. However, in multi-user access systems, such as 802.11 networks, bandwidth is at a premium and therefore schemes for hiding traffic by using padding or complicated routing strategies may be too inefficient to be employed in the wireless domain.
So the question is – What information can be inferred from the timing of transmissions in CSMA/CA networks (such as 802.11)?
Which has the corresponding counter problem of – How can efficiently obfuscate traffic demands in CSMA/CA networks?
There has been little work on traffic analysis techniques within a CSMA/CA network, even though any traffic analysis technique would be of great interest in the military domain. Essentially the traffic analysis problem inverts some of the more traditional analysis questions. Rather than determining performance based on network characteristics these characteristics are inferred from observed network performance measures. It is not necessarily the case that a simple inversion of the traditional analysis work will suffice - inferring data from the network is often a more complex task than this.
We developed new techniques for analysing measurable traffic statistics in CSMA/CA systems and inferring the number of users actively transmitting data. These measurements comprise information only on when information is transmitted and not by whom or to whom.
This analysis then enabled us to develop techniques for padding transmissions so as to use up most of the available capacity (and hence hiding when “real” information is being transmitted) while at the same time only minimally impacting on the performance of other legitimate users.
- FogNet: Real-time Emulation of Wide Area Networks
Network Centric Warfare (NCW) will necessitate changes to Tactics, Techniques, Procedures (TTP) and Training. However, providing realistic environments in which to explore TTP is generally expensive, in terms of equipment and effort. As a result, experimentation tends to be performed in small scale environments, providing a very limited functional demonstration of capability at best.
FogNet is an innovative software platform that mimics the behaviour of communication networks (e.g. military tactical networks). FogNet users cannot tell whether they are connected to the real network or to a virtual one emulated by FogNet. Hence, it is a safer, more cost-effective, controllable and repeatable test-environment in comparison to actual hardware tests.
By providing realistic, real-time network emulation, FogNet supports the analysis and training of personnel who require superior decision-making and rapid response skills in situations where
- urgent action is needed and
- only incomplete information is available.
A major technical advantage of the FogNet approach of using network emulation, rather than simulation, is that direct experimentation between existing Australian Defence Force systems and proposed systems for integration into the ADF is also enabled.
In other words, network configuration and performance aspects of Systems of Systems analysis is enabled. This includes studies involving IPv4 to IPv6 migration and performance issues.
This is a significant leap over other approaches, such as simulation using expensive and complex software packages which rely on the integrity of simulation models rather than the systems themselves, and full scale network construction.