Satelliidi ESTCube-1 missioonijuhtimissüsteemi turvalisuse parendamine
Files
Date
2014
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Lühikokkuvõte
ESTCube-1 on Eesti esimene satelliit ja ühtlasi onta ehitatud tervenisti üliõpilaste poolt. ESTCube-1 paljudestallsüsteemidest on üks osa missioonijuhtimissüsteemist (ingl. k.Mission Control System- MCS). Missioonijuhtimise tarkvara on modulaarne, moodulid võivad asuda erinevates serverites. Praeguses seadistusestöötab enamik moodulitest vaikimisi konfiguratsiooniseadetes ja mõnel juhul ei ole andmed piisavalt kaitstud – näiteks suhtlevad osad komponendidilma turvalise võrguühenduseta. Käesoleva töö eesmärk on süstemaatiliselt läheneda missioonijuhtimise süsteemi kui terviku turvalisusele ja leida lahendus senisest paremini turvatud süsteemi seadistamiseks.
Töö koosneb järgnevatest sammudest:kirjeldada ESTCube-1 missioonijuhtimissüsteemi arhitektuuri, analüüsida kõikide süsteemi moodulite turvalahenduste võimalusi, rakendada leitud terviklahendus missioonijuhtimissüsteemi turvalahendustetestkeskkonnas, katsetadaja kontrollida süsteemi tööd uues seadistuses.
Töös valitud lahendus võimaldab turvalisiühendusi erinevate moodulite vahel ja krüpteerib salvestatud andmed. Andmetele juurdepääsu saab piirata ka kasutajapõhiselt.
Kokkuvõttes võib missioonijuhtimissüsteemi tarkvara panna tööle avatud ligipääsuga üle Interneti. Seni kasutatud lahendus tugines VPN ja SSH tunnelitele, mis on küll sobiliksüsteemi arenduseks, aga käesolev lahendus võimaldab süsteemile turvalise ligipääsu satelliidi opereerimise igapäevatöös.
Võtmesõnad: ESTCube-1, Mission Control System, CubeSat, Hummingbird, Atlassian Crowd, Mongodb, Oracle 11g, Apache ActiveMQ, Jetty Web Server
Abstract: ESTCube-1 is Estonia’s first satellite project built by university students. ESTCube-1 Mission Control System (MCS) software is also developed as part of this educational project. Mission Control System is a modular system, comprised of various components in multiple servers, of which most of them are running on default or basic security configuration settings and in some cases, data is not protected well enough in the present state. Some of the components communicate over unsecured network thereby making its data vulnerable. As this thesis title “Security Implementation of Mission Control System for ESTCube-1 Satellite” implies, there is need for a systematic approach about the entire data security of the mission and my aim is to improve the security of ESTCube-1 Mission Control System. The following steps are taken in the thesis: establish a good understanding ESTCube-1 MCS architecture, understand the possibilities of security configurations of all used technologies, analyse the effect of a possible selection of security methods, implement the chosen solutions in a sandbox environment, test and verify the operating of the complete MCS with the implemented solution. The results shows security implementations done on the various components allows the connection between components are secure and data in motion are encrypted. Access to the data at rest are restricted, some are encrypted and only privileged users can gain access. Mission Control System accessibility over the Internet is more secure and access to the hardware tightened. In conclusion, the Mission Control System can certainly be accessed via the Internet securely as long as the user has valid certificates. Other access means are through other means like VPN and SSH Tunnelling. The original system configuration providedESTCube-1 MCS with just adequate security that would be befitting for a production environment, with the security solution found in current thesis, the system could be elevated for enterprise-level usage. Keywords: ESTCube-1, Mission Control System, CubeSat, Hummingbird, Atlassian Crowd, Mongodb, Oracle 11g, Apache ActiveMQ, Jetty Web Server
Abstract: ESTCube-1 is Estonia’s first satellite project built by university students. ESTCube-1 Mission Control System (MCS) software is also developed as part of this educational project. Mission Control System is a modular system, comprised of various components in multiple servers, of which most of them are running on default or basic security configuration settings and in some cases, data is not protected well enough in the present state. Some of the components communicate over unsecured network thereby making its data vulnerable. As this thesis title “Security Implementation of Mission Control System for ESTCube-1 Satellite” implies, there is need for a systematic approach about the entire data security of the mission and my aim is to improve the security of ESTCube-1 Mission Control System. The following steps are taken in the thesis: establish a good understanding ESTCube-1 MCS architecture, understand the possibilities of security configurations of all used technologies, analyse the effect of a possible selection of security methods, implement the chosen solutions in a sandbox environment, test and verify the operating of the complete MCS with the implemented solution. The results shows security implementations done on the various components allows the connection between components are secure and data in motion are encrypted. Access to the data at rest are restricted, some are encrypted and only privileged users can gain access. Mission Control System accessibility over the Internet is more secure and access to the hardware tightened. In conclusion, the Mission Control System can certainly be accessed via the Internet securely as long as the user has valid certificates. Other access means are through other means like VPN and SSH Tunnelling. The original system configuration providedESTCube-1 MCS with just adequate security that would be befitting for a production environment, with the security solution found in current thesis, the system could be elevated for enterprise-level usage. Keywords: ESTCube-1, Mission Control System, CubeSat, Hummingbird, Atlassian Crowd, Mongodb, Oracle 11g, Apache ActiveMQ, Jetty Web Server