An IP/Ethernet Interface Standard for Marine Electronic ...
Post on 23-Oct-2021
1 Views
Preview:
Transcript
An IP/Ethernet InterfaceStandard
for Marine Electronic Devices
IMEA OneNet
OneNet
© 2017 IMEA/NMEA
OneNet
“We cannot solve problems by using the same kind of thinking we used when we created them”- Albert
Einstein
© 2017 IMEA/NMEA
4
Technology Convergence
Integrations
Consolidation and Collaboration
Electrical, Mechanical and Electronic
Device and System
Maritime Electronic Drivers
Standards, Manufacturers, Integrators © 2017 IMEA/NMEA
5
E-Navigation
Automatic Identification System
Aids to Navigation (A to N)
Maritime Electronic Drivers
Upgrades, Satellites and New Requirements
Safe Navigation and CommunicationOptimal Vessel Operation
© 2017 IMEA/NMEA
6
Demand for More Information
IT Systems
Escalating Security Concerns
Ship to Ship, Ship to Shore, Shore to Ship
Maritime Electronic Drivers
Larger Networking Systems, “Big Data”
Cyber Security Demands © 2017 IMEA/NMEA
Courtesy of Ericsson
IMEA OneNet
© 2017 IMEA/NMEA
© 2016 NMEA Courtesy of Ericsson
IMEA OneNet
© 2017 IMEA/NMEA
© 2016 NMEA Courtesy of Ericsson
IMEA OneNet
5Seconds between eachmotion measurement on a ship
2,800Sensors hardwired into vessel’s control system
200Sensors in the main engine room measuring temperature and pressure
7,000Channels monitored forsituational awareness and alarms
30TBData transfer each month
$20 millionFuel cost savings/year
Source: Maersk Group with permission from Inmarsat© 2017 IMEA/NMEA
OneNet
Hyper - Connected Society
Connectivity is GLOBAL
Connectivity is an Enabler
Connectivity is not a COST
© 2017 IMEA/NMEA
OneNet
© 2017 IMEA/NMEA
Conservative statements from Cisco Visual Networking Index 2015-2020 (June 2016)
Annual global IP traffic surpassed the Zettabyte in 2016
Global IP traffic will increase nearly threefold over thenext 5 years
Global Internet traffic in 2020 will be equivalent to 95times the volume of the entire global Internet in 2005
Traffic from wireless and mobile devices will account for66% of total IP traffic by 2020.
With permission from Inmarsat© 2017 IMEA/NMEA
© 2014 NMEA
NMEA on IPNMEA OneNet
© 2017 IMEA/NMEA
OneNet
05
101520253035404550
2015 2020
7.2 7.7
13.4
40.5 ConnectedDevicesWorldPopulation
Connected Devices vs World Population
Billio
ns
Source: Intel© 2017 IMEA/NMEA
OneNet
Internet of Things (IoT)aka Networked Society
© 2017 IMEA/NMEA
Standard Committee• 50 worldwide companies participate• All categories of electronics, electrical
represented• Drafting Working Group• Beta Testing Working Group• Radar Message Working Group
IMEA OneNet Standards CommitteeIMEA OneNet
© 2017 IMEA/NMEA
MembersNMEA OneNet
Actisense Chetco Hemisphere GNSS Mercury Marine SRT
Andy Sifferman Cisco Jeppesen Microsoft Terma NA
Airmar Digital Yacht Johnson Outdoors Molex USCG (Headquarters)
Azimut Dongseo University
Kvaser Navico USCG (R&D Center)
BEP Marine ETRI KVH Net Savvy Veedims
Blue Seas Flir Larry Anderson Offshore Limited Victron Energy
Boning Automationstechnologie GmbH
Fugawi Maretron Phoenix Contact Whisper Power
Canadian Coast Guard Furuno Mastervolt Raymarine Yaesu Standard Horizon
Carling Technologies Garmin Maritime University of South Korea
RosepointNavigation
• Embraces Ethernet for Marine Networking
• Simplifies Installation, Configuration, and Use
• Interoperates with Established Marine Standards
• Extendible, Scalable Architecture
• Supports High Bandwidth Applications
• Security – A High Priority
OneNet Goals
© 2017 IMEA/NMEA
Physical Module
DatagramSecurity Module
GatewayModule
DiscoveryModule
DatagramServiceModule
ApplicationInformation
Module
PGN Transport Module
Application Security Module
CertificationVerification
Module
Base Module
DeviceArchitecture
IMEA OneNet
CertificationTesting
© 2017 IMEA/NMEA
Application Information
© 2017 IMEA/NMEA
{"manufacturer": "2πr Electronics, Inc.",
"manufacturerCode": 628,"product": "Marine Auto-π-lot 1000","productCode": 12345,"serialNumber": "ALN-21050105","softwareVersion": "1.2.15-beta","hardwareVersion": "3B","label": "Starboard Pilot","installDesc1": "Setup by Frank Jones, MarineTEK LLC","installDesc2": "Call (206) 555-1212 with issues","requiresSecureMode": true,"powerOverEthernet": {
"deviceType": "PD","class": 2,"maxPower": 5.2
} }
Datagram Services
© 2017 IMEA/NMEA
• All Datagram Services listen to multicast data on port 10111 Registered with Internet Assigned Numbers Authority (IANA)
• 16 Multicast addresses ff02::160 to ff02::16f have been reserved with IANA
• OneNet (only ff02::160 is used at the moment)
Datagram Service Fixed Header
OneNet Signature 4bytes
0x31, 0x4e, 0x45, 0x54 –“1NET”
Header Version 2 bytes 0x0001
Next Header Optional 1 bit
Next Header Type 15 bits
Message Sequence Number
2 bytes
Reserved 2 bytes
© 2017 IMEA/NMEA
PGN Transport Header Format
Next Header Optional (must be 0) 1 bit
Next Header Type (must be 0) 15 bits
Header Length 2 bytes
PGN # 4 bytes
PGN DB Version 2 bytes
PGN Sequence Number 2 bytes
Priority 1 byte
Reserved 3 bytes
Payload uses little endian to match N2K© 2017 IMEA/NMEA
OneNet uses IP v6
IPv4 IPv6Deployed 1981 1999
Address size 32-bit number 128 bit number
Address Format Dotted Decimal Notation
192.149.252.76
Hexadecimal Notation
3FFE:F200:0234:AB00: 0123:4567:8901:ABCD
Number of Addresses
232 4,294,967,296 2128
340,282,366,920,938, 463,463,374,607,431, 768,211,456
© 2017 IMEA/NMEA
Reasons…• Improved multicast routing• Simpler header format• Simplified, more efficient routing• True quality of service (QoS), also called "flow
labeling"• Built-in authentication and privacy support• Flexible options and extensions
OneNetIPv6
© 2017 IMEA/NMEA
Why IPv6?
• Some More Reasons…• IPv6 is the the future, IPv4 is the past• IPv6 offers more flexibility in routing and configuration• IPv6 has better security and true QoS management• IPv6 Allows larger number of devices
• One Really Important Reason…• “Stateless Auto-Configuration of Link Local Addresses”
© 2017 IMEA/NMEA
IMEA OneNet Cyber Security
Cyber Security-as-a-servicebest practiceTrusted partners
Trusted devices
Secured Network
© 2017 IMEA/NMEA
IMEA OneNet Cyber Security
Generally 2 Types of Cyber Attacks• Untargeted – one of many • Targeted – specifically aimed at
Group Motivation Objective
Activists (including disgruntled employees)
• Reputational damage• Disruption of operations
• Destruction of data• Publication of sensitive data• Media attention
Criminals • Financial gain• Commercial espionage• Industrial espionage
• Selling stolen data• Ransoming stolen data• Ransoming system operability• Arranging fraudulent transportation of
cargoOpportunists • The challenge • Getting through cyber security
defenses• Financial gain
StatesState sponsored organizationsTerrorists
• Political gain• Espionage • Gaining knowledge
• Disruption to economies and critical national infrastructure.Courtesy of Bimco “Guidelines on
Cyber Security onboard Ships”© 2017 NMEA
IMEA OneNet
© 2017 IMEA/NMEA
3%
6%
6%
13%
35%
39%
0 5 10 15 20 25 30 35 40 45
Coordinating Effort
Lack of Budget
Virus/Physical Attacks
Lack of Expertise
Complexity of Systems
Lack of Training
PERCENTAGE
Cyber Security: Main Issues and Challenges
Source: Ship Operators Cyber Security Survey by FutureNautics 2017 with permission from Inmarsat
IMEA OneNet
© 2017 IMEA/NMEA
44% Do not believe their company’s current IT defenses are not effective at repelling cyber attacksSource: Ship Operators Cyber Security Survey by FutureNautics 2017 with permission from Inmarsat
IMEA OneNet
© 2017 IMEA/NMEA
50% Not confident they would know about a cyber issue on board
Source: Ship Operators Cyber Security Survey by FutureNautics 2017 with permission from Inmarsat
Lower Cyber Risks:• Raise awareness • Protect shipboard IT infrastructure• Manage users, ensuring appropriate access• Protect data used onboard ships• Authorize administrator privileges for users• Protect data being communicated between the ship and the
shore side.
IMEA OneNet
© 2017 IMEA/NMEA
Key Management
Message Authentication
Network Monitoring
IMEA OneNet
© 2017 IMEA/NMEA
Key Management (Locking)• Randomly generates a private key unique to the vessel
(or segmented network on the vessel)• Installer declares trust in a device, securely sharing the
vessel key (similar to Bluetooth Pairing)• Once keys are shared, all OneNet traffic is signed
cryptographically, and authenticated on receipt• Does not rely on public key infrastructure (PKI), avoiding
problems with certificates and revocation
IMEA OneNet
© 2017 IMEA/NMEA
Message Authentication• Every transmitted message is cryptographically signed,
certifying from a trusted device• Every device validates messages it receives as being correctly
signed, ignoring invalid messages• Rolling sequence system prevents replay attacks, even in a
multi-listener multi-talker environment• Encryption
IMEA OneNet
© 2017 IMEA/NMEA
Network Monitoring• Each OneNet node reports information on errors or network
congestion• A display or MFD can use reported information to inform
operator of potential problems that affect the integrity of navigation data
• Provides some defense against denial of service attacks or other network infrastructure attacks
• Not a replacement for a properly secured network
IMEA OneNet
© 2017 IMEA/NMEA
DatagramSecurity Module
Application Security Module
IMEA OneNet
The Security Goal: Provide a significant defense against unauthorized devices or users mitigating attacks
© 2017 IMEA/NMEA
Application Security Module
IMEA OneNet
• OneNet Applications operate with Secure Mode enabled or disabled
• Applications with Secure Mode enabled possess a copy of a 2048-bit symmetric Master Key
• Secure Mode is enabled from a Human Interface Device (HID)• HIDs must allow user to disable through user interface• Only a trusted source may disable secure mode
© 2017 IMEA/NMEA
DatagramSecurity Module
IMEA OneNet
Many ideas inspired by IPsec• Datagram Services establish a relationship before transferring
secure messages • Security Association (SA)• Security Parameters Index (SPI)• Source Port• Destination Address (unicast or
multicast)• Sequence Number (SQN) – prevents
replay• 256-bit Session Key• Declared with SA Declaration message• Must transition to a new SA when SQN
reaches maximum value© 2017 IMEA/NMEA
OneNet Modules
Physical Module
DatagramSecurity Module
GatewayModule
DiscoveryModule
DatagramServiceModule
ApplicationInformation
Module
PGN Transport Module
Application Security Module
Base Module
DeviceArchitecture
CertificationVerification
Module
Certification Verification• User is informed that a device is non-
certified• Certification is verified before enabling
secure mode• Defines 8 public/private key pairs stored in
Microsoft Azure Key Vault• Private key is used to sign certification
digital certificate
© 2017 IMEA/NMEA
OneNetGet Ready for E-Navigation Applications
• IPv6 Being Deployed in All Industries Worldwide• Maritime – Small Commercial and Leisure Vessels• Necessary for future M2M, IoT and On and Off Ship
Applications• Integration of Data, Communication, and Navigation
• Potential for decades to come with future capabilities unforeseen today• Autonomous Shipping• Ship Automation• Remote Ship Infrastructure Monitoring• “Big Data” Implementations
© 2017 IMEA/NMEA
OneNet
Get Ready for E-Navigation Applications• Ship to Ship, Ship to Shore, Shore to Ship• Share Critical Data• Safe Navigation and Communication• Optimal Ship Operation• Cyber Security• Common Marine Data Structures (CMDS)
• Information and Communication to Grow Exponentially• Full Interoperability with NMEA or IEC Interfaces
© 2017 IMEA/NMEA
OneNet
Beta Working Group Team
Drafting Working Group
Resolution
OneNet Draft Standard –
What’s Left?
© 2017 IMEA/NMEA
OneNet
Draft to OneNet
Committee
Comment Resolution
Voting
OneNet Draft Standard –
What’s Left?
© 2017 IMEA/NMEA
Physical Module
DatagramSecurity Module
GatewayModule
DiscoveryModule
DatagramServiceModule
ApplicationInformation
Module
PGN Transport Module
Application Security Module
CertificationVerification
Module
Base Module
DeviceArchitecture
© 2017 NMEA
Certification and Testing
Publication
OneNet
© 2017 IMEA/NMEA
OneNet
Next Version• Switches• Radar Messages• Device configuration• Wireless connections• Device Web Pages• Redundancy© 2017 IMEA/NMEA
OneNet
© 2017 IMEA/NMEA
“The scale of the technology and infrastructure that must be built is unprecedented, and we believe this is the most important problem we can focus on.” - Mark Zuckerberg
© 2017 IMEA/NMEA
Thank You Questions
Steve SpitzerDirector of Standardssspitzer@nmea.org
IMEA/NMEAwww.nmea.org
www.imea-marine.org
OneNet
© 2017 IMEA/NMEA
top related