Requirements and technical hypotheses for the system design Catherine Morlet & Andrea Santovincenzo
Requirements and technical hypotheses for the system design
Catherine Morlet & Andrea Santovincenzo
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
Iris Requirements
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
Capacity analysis Capacity analysis –– principlesprinciples
• COCR (Communication Operating Concept and Requirements – joint FAA and Eurocontrol document) taken as baseline to determine requirements for the future data applications while applications are not yet defined (definition for the airport applications has started)
• Evaluation of the impact on the dimensioning of the system, especially:– Capacity (=volume of information to transmit)– Data rate (=speed at which the information is transmitted)– Number of access (=number of simultaneous communications)– EIRP per carrier at satellite level (=power consumption of the
satellite) – G/T of the satellite antenna (=size of the satellite antenna)
Capacity analysis Capacity analysis -- principlesprinciples
The size of the antenna for the return link is driven
by the user terminal peak rate
Whatever the volume of info, the size will be the same
The payload mass+poweris driven by the volume of information and number of aircraft on the forward link i.e. the number of carriers
Capacity analysis Capacity analysis –– applicationsapplications
• Air traffic growth based on Long Term Forecast published by Eurocontrol (4 different traffic growth options specified)
• All COCR communication applications (i.e. ATS and AOC)
• Various message sizes (as stated in COCR)
• Short messages with stringent latency requirements
• Receive and transmit is infrequent and not predictable
• Average throughput per aircraft is a few bps
Capacity analysis Capacity analysis –– applicationsapplications
• Some uncertainties remaining on the definition of applications:– Definition in COCR is a best guess of future 4D
concept so characterisation of each application (size, occurrence, delay requirement…) is an approximation
– AOC applications are not all safety-critical and not all aircraft flying IFR uses AOC (in particular not all General aviation aircraft)
– No surveillance applications considered but position reporting in particular in oceanic is possible while there is no other mean of communication
• As a result, options for the capacity to be supported by the system need to be considered
Capacity analysis Capacity analysis –– applicationsapplications
• COCR has not been written for a satellite network infrastructure idea of multicast/broadcast almost inexistent and refers to small geographical areas
• COCR doesn’t specify services in multicast/broadcast post 2020
• It could make sense to provide some services by broadcast or multicast in an operational environment, e.g. for a satellite spot beam
It is up to aviation to define the applications and operational concept
Capacity analysis Capacity analysis –– voicevoice
• Voice will still exist and will be used in specific operational cases– In oceanic or remote areas:
» In case of emergency along the flight that cannot be handled by data communications
» In case the 4D applications are not working (in the aircraft or on-ground) but the satellite technology is still up and running
– In continental airspace: as a last mean of voice communication in case of unusual circumstances and when VHF is not working
voice communications shall be a very small amount of the total data communications foreseen. Its volume depends on the quality of the voice required and so of the vocoder technology and compression techniques.
Example of capacity analysis resultExample of capacity analysis result
• Distribution of communication traffic depending on aircraft latitude– Volume of traffic over the 6 peak hours– repartition as a function of the aircraft latitude (the
higher the latitude, the lower the elevation angle of a GEO satellite seen from the aircraft), the worse for getting good “quality” of the transmission:
ECAC areaFL - % Messages RL - % Messages
70-75deg. North 0.04 0.0460-69deg. North 2.56 2.5725-59deg. North 97.40 97.39
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
Geographical Coverage Requirement
The mandatory coverage region is the ECAC region that goes as far North as 73 deg and includes Canary Islands on the West and Azerbaijan on the East
Polygonal coordinates
ECAC Coverage from GEO
Above 73 deg the satellite elevation angle becomes too low to guarantee link availability. Polar coverage impossibleRedundant ECAC coverage with sufficient elevation can be achieved by two satellites within the GEO long arc ~5 W to 5 E
Elevation angle
5 deg
55 deg
Polar Coverage
• Polar Coverage would require an additional constellation of at least three HEO (High Elliptical Orbit) satellites (up to 6 for redundancy).
• Present assumption is that this constellation and the associated Ground Segment are not part of the Iris programme
• However, in order to guarantee interoperability, the communication standard and the User Terminals developed within Iris will be compatible with a HEO system
• There are presently two planned future (2013-2016) HEO missions targeting ATC application:– Polar Communication and Weather (PCW) mission from
CSA (Canadian Space Agency)– ARKTICA mission from Russia
• The Iris programme is looking at collaboration with both to ensure future interoperability
Visible Earth coverage
• From GEO about one third of Earth surface is visible
• In principle, a satellite global beam could provide coverage over Africa and extend coverage over the Atlantic and the Middle East which would benefit intercontinental flights
• This is presently studied as an optional add-on to the ECAC-only design of the satellite payload.
• Depending on the results of this analysis and the impact on the payload and satellite design, a decision will be taken to extend coverage beyond ECAC
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
Approach to global deployment
• It is assumed that the Satellite Communication System deployment will be gradual
A. In timeB. In coverageC. In capacity
• Steps:1. Deployment of pre-operational system with ECAC coverage
only and possibly reduced capacity2. Deployment of the operational system with full capacity and
ECAC coverage + (possibly) global beam3. Extension of the service: Deployment of non-Iris HEO system(s)
for polar coverage and/or Deployment of/interoperability with other non-European regional systems (e.g. Navisat) or global systems
• Key to the success of this strategy is the ICAO standardisation of the communication standard
Airspace Coverage Requirements
P: primaryB: back-up
Present assumption on role of the Satellite System in the different airspaces
Future Communication Systems
Airspaces Satellite Communication
System
LDACS AeroMACS
ORP P NA NA ENR P P NA TMA P P NA APT TBD B (when
available) P
OverviewOverview
• Iris Requirements
• Capacity analysis
• Service provision area
• Approach to global deployment
• Security: aviation requirements
Security Security -- principlesprinciples
• Data security/protection shall be ensured to operate a safety system
• Steps to be followed:– Identify threats– Assess risk, based on threats, vulnerabilities and
impact of a threat materializing into a successful attack– Formulating security design requirements– Designing countermeasures– Assessing residual risk, iterating the process is
necessary. Eventually, accepting residual risk
Security Security -- principlesprinciples
• Data security mechanisms are generally identified by the following concepts:– Authentication– Non repudiation– Encryption– Access control– Integrity– Jamming
• Most of the above techniques are linked to each other and one technique can help mitigating risks for several aspects
Security Security –– threatsthreats
• Security mechanisms to be implemented depend on the threats identified
• How to identify the threats?– Who would try to get access to some data exchanges
and for doing what?– Who would try to exchange information with one or
more aircraft or controller and for doing what?– What are the physical entities to protect and against
which attacks? (on-board the aircraft and on ground)
Security Security –– link specificitieslink specificities
• Each link between 2 physical entities of the system requires its own protection since it has its own vulnerability(ies)– User data: AOC may carry more
confidential/commercial information than ATS– Signalling data e.g. for synchronising elements among
themselves is not sensitive but critical for the proper behaviour of the system
– Control and management data among physical elements of the satellite network may carry sensitive information (e.g. billing)
– Satellite operations relies on the telemetry and telecommand which shall be protected
Security Security –– aviation requirementsaviation requirements
• Information exchanges shall be accurate– “better no information than a wrong information”– Calls for implementation of integrity for each radio
technology to be used for air traffic management
• Information exchanges shall be done among authorised entities– Calls for some authentication, access control and
non-repudiation– But is it the person to be identified?, the physical box
used for the transmission? The identifier of the flight and control tower?
– The solution can be internal or external to the satellite radio-link
Security Security –– aviation requirementsaviation requirements
• Information exchanges shall be fast and emergency communications possible with any flight or control tower– Calls for NOT encrypting the emergency data
information– But for AOC there might be data not safety critical and
commercial that would need encryption
• Information exchanges shall be of good “quality” i.e. fast and understandable– Calls for some robustness to jamming by intentional
or unintentional source which would use the frequency band where communication takes place to transmit other data or just noise
– The level of robustness is not determined today
Contact pointsContact points
ESA Iris Programme
[email protected]@esa.int
ESA Iris System Design Studies
[email protected] (System Engineer)[email protected] (Communication System)[email protected] (Iris Safety Board)Tony Azzarelli (Regulatory / frequency matters)
Documentation available via www.telecom.esa.int/iris