ASGW

Advanced Security Gateway ( ASGW ) is a specification of the German Air Force for a security gateway for the transmission of air surveillance data in real time between different IT architectures with different IT security requirements.

Functionality

The ASGW is used to guarantee the secure transmission of data between data networks of different IT security levels. The main components are a data diode and a radar converter (RACO). Only standard hardware is used here. The proprietary software is based on developments from ARKONA software . The unwanted backflow of classified data, for example from a system “high-to-low” (also “high” to “low” or “red / black”), is supported by software and additionally guaranteed by a unidirectional data connection via the above-mentioned data diode . This also achieves galvanic separation of the networks, whereby the unwanted data return flow can be prevented with a probability bordering on certainty.

Although an in-house development by the Air Force, the ASGW is CPM compliant, has a project-related IT security concept and is approved for use by the Federal Office for Information Security (BSI).

System requirements

The ASGW meets the following system requirements:

Receiving and sending of data
Bundling of data and data distribution
Validation and filtering of data
Prevention of unwanted transfer of data
Conversion of data formats and data protocols
Security gateway to / for FüWES Lw

Use cases and scenarios

Some typical use cases and scenarios are described below as examples.

MilRADNET - ARKONA

In this operational scenario, the ASGW is used to transfer radar plot data from the military radar network (MilRADNET) of the Bundeswehr to the FüWES ARKONA . The MilRADNET serves as a data sink for the military sensor data, but also for civil radar devices of the German Air Traffic Control (DFS). The connectivity of ARKONA usually takes place via a lopcal data node of the MilRADNET (RMCDE). The radar plot data are transmitted in the ASTERIX data format of the categories CAT 001, 002, 034 and 048.

Ramos - Arkona

In this application scenario, the " Radar identification device query / data network mode S " (RAMOS) of the radar sensors of the Air Force are connected to the ARKONA FüWES. The components of the RAMOS can be located in the military security area ("red" area) of the radar devices as well as in the security area ("red") of the relevant "Control and Reporting Center" (CRC) of the air force command and control units. The information is transmitted SINA-encrypted in the ASTERIX data format (CAT 001, 002, 034, 048 and 253). The data received are fed to the “RAMOS control computer” (ROSA-PC) in the CRC via the ASGW. The ASGW filters out CAT 253 and transmits the other data categories while at the same time securely separating the FüWES ARKONA, whereby the unwanted backflow of data from the security area from "high" to "low" can be prevented. The ROSA-PC processes the relevant information and sends control commands for mode "S" to the radar sensors.

DASDIPS

In addition to the stationary use in the security area of the military radar devices and in the CRC of the operational command areas of the Air Force, there is a need for ASGW use in the Deplyoable CRC , for DASDIPS and interested third-party users.

For third-party users in connection with ARKONA, this is also applicable with regard to selected functionalities such as:

Interface function / data exchange via tactical data links
Protection of IT security gradients "high-to-low" via a BSI- certified security gateway
ASTERIX conversion of proprietary radar data formats
Mode S processing / display

Deployable systems in the air force operations management service are referred to as "DASDIPS". Mainly it concerns the ARKONA air situation display component, the remaining ground radio stations aeronautical radio service (R-863, Flugfunk Ost) and possibly CSI device. DASDIPS is mainly used for small projects (e.g. administrative assistance for the police etc.) with a focus on air situation display and interface function and serves to improve local, regional and supra-regional awareness of the situation.

The IT architecture of the NATO Computer SAM Interface / Intelligent Interface Processor is referred to as the CSI device .

ASTERIX CATs ASGW

The ASGW can u. a. Process the following ASTERIX (ATC Standard) categories (CAT):

000 - User Interface Definition for the MADAP Track Server
001 - Monoradar Data Target Reports, from a Radar Surveillance System to an SDRS (replaced by CAT048)
002 - Mono Radar Service Message (replaced by CAT034)
003 - User Interface Definition for the MADAP Track Server
004 - Safety Net Messages (Part 17)
007 - Directed Interrogation Messages (Part 21)
008 - Monoradar Weather Data (Part 3)
009 - User Interface Definition for the MADAP Track Server
010 - Monoradar Surface Movement Data (Part 7)
017 - Mode S Surveillance Co-ordination Function Messages (Part 5)
018 - Mode S Data Link Function Messages (Part 6)
021 - ADS-B Messages (Part 12)
034 - Successor version of CAT002 (PSR Radar, SSR Radar, M-SSR Radar and MODE-S Stations)
048 - Successor version of CAT001 (PSR Radar, SSR Radar, M-SSR Radar and MODE-S Stations)
061 - SDPS Session & Service Control Messages (Part 11)
062 - System Track Data (Part 9)
063 - Sensor Status Messages (Part 10)
065 - SDPS Service Status Messages (Part 15)
150 - User Interface Definition for the MADAP Plan Server
151 - User Interface Definition for the MADAP Plan Server
152 - User Interface Definition for the MADAP Plan Server
240 - Radar Video Transmission
247 - Other Categories
253 - Remote Station Monitoring and Control Information

Hardware software

The ASGW can run on commercially available COTS hardware that meets the specific minimum technical requirements.

Commercially available hardware is also sufficient as IT for data supply. Microsoft Windows is used as the operating software. The software maintenance and modification (SWPÄ) of the proprietary software was carried out in-house by the Air Force's weapon system support center (TE: System Support Center for Air Force Command Services (SysUstgZ FüDstLw) in Erndtebrück).

User management

The LWA , later the Air Force Material Command and ultimately the WaSysKdo Lw , is responsible for the ASGW usage management. Obsolescence management, configuration control and SWMM commissioning also took place there. With the restructuring of the logistics, this responsibility has been transferred to the BAAINBw.

literature

50 years EinsFüDstLw 1960 - 2010, L. Fölbach 2001, www.foelbach.de

Web links

Individual evidence

↑ Radar Converter (RACO) of the Luftwaffe = system for converting proprietary radar plot information into the ASTERIX format.
↑ Customer Product Management (CPM), BMVg Org 1 Az. 79-01-01, Bonn May 24, 2004
^ Radar Message Conversion and Distribution Equipment

[1] Radar Converter (RACO) of the Luftwaffe = system for converting proprietary radar plot information into the ASTERIX format.

[2] Customer Product Management (CPM), BMVg Org 1 Az. 79-01-01, Bonn May 24, 2004

[3] Radar Message Conversion and Distribution Equipment