image

MobiWeb™—A Secure Real-time Messaging System

MobiWeb is a new secure real-time messaging system for the Coast Guard that is designed to operate over commercial satellite services. It employs a proxy-based architecture that works with existing servers and clients to deliver cost-effective and fast data communications between cutters and the shore-based command centers (via Web and E-mail) over non-dedicated satellite links. Architecture Technology Corporation (ATCorp) developed MobiWeb for the U.S. Coast Guard under a DoT Phase II SBIR.

The majority of the USCG fleet (60+ ships, including four cutters operating in the Persian Gulf) has been outfitted with MobiWeb for secure message traffic. Plans are currently being executed to install MobiWeb on 20 more ships.

MobiWeb addresses:

  • The use of commercial satellites for transmission:
    • the Operational costs of using commercial satellites.
    • the use of non-secure satellites for transmitting sensitive data
  • Present and future operational standards such as TCP/IP.
  • Performance concerns associated with running Web-based applications via satellite communication.

Figure 1 shows a typical MobiWeb operation.

[Figure 1]

Figure 1: Typical MobiWeb Operation

MobiWeb relies on software running on the mobile client and on the access point that connects the fixed network to the satellite link. This software implements three novel capabilities: a dial-on-demand router, a tunable TCP/IP stack, and Web/e-mail proxies. Figure 2 shows the overall structure of this software.

[Figure 2]

Figure 2 Structure of MobiWeb Proxy-Based Software Architecture (highlighted components are MobiWeb developed)

Dial-on-Demand (DoD) Router

In typical Coast Guard mission scenarios, the satellite link might be idle up to 95% of the time. Dial-on-demand functionality saves on operating costs by disconnecting during these idle periods.

The Dial-on-Demand (DoD) router resides in the data link and network layers of the protocol stack of Figure 3. It establishes a virtual network connection between the mobile client and the remote access point when it senses network traffic generated by interactions between Web (or e-mail) client and the Web server and tears down the connection when the satellite link reaches the idle phase.

Furthermore, this approach provides “anytime” or pervasive access to mobile platforms from the fixed infrastructure and allows real-time messaging between mobiles. In contrast, the traditional dial-up approach shown in Figure 1 does not provide “anytime” connectivity between the fixed infrastructure and the mobile. A machine on the fixed network may only be able to send messages to the mobile when the latter is logged on to the RAS. This precludes, for instance, the dissemination of emergency messages from on-shore sources to the mobiles over the IP network or for real-time message exchanges between mobiles.

The MobiWeb Dial-on-Demand router has been designed to operate in secure environments. That router has the ability to integrate with Type-1 secure encryption devices, encrypting traffic sent over satellite links. Integration with such devices is fully automated, allowing for “hands-free” operation. The router also provides authentication mechanisms using the AES cryptographic algorithm. This ensures that dialup connections are not accepted from malicious users attempting to masquerade as other Dial-on-Demand routers.

[Figure 3]

Figure 3: Layered Protocol Architecture of Mobile Web Applications

Tunable TCP/IP Stack

The Tunable TCP/IP Stack, which optimizes the standard TCP/IP stack specifically for satellite links, delivers significant improvements in the latency of Web transactions between the mobile client and the on-shore web servers. It provides significantly quicker delivery of Web pages to the user.

Fine-grained tailoring of TCP protocol functions and parameters allows MobiWeb to optimize TCP performance for different types of satellite links, such as narrow-band GEO links, narrow-band LEO links, broadband GEO links with narrow-band reach back, or bi-directional broadband LEO links. We do so by interposing both a client-side and a server-side Web/e-mail proxy. This proxy architecture requires no changes to legacy Web (or e-mail) clients and Web (or e-mail) servers. Such clients and servers may use the standard TCP/IP stack to communicate with the client-side and server-side proxy respectively. Transport-layer optimizations are pushed to the proxies that use the optimized stack.

The client-side proxy resides on the mobile platform and the server-side proxy resides on the on-shore fixed network. The transport layer connection between the two proxies is tailored to optimize its performance across the wireless satellite link. This includes TCP/IP optimizations as well as optimizations to the SSL protocol that are needed to minimize connection set-up and data transfer latencies of these transport layer functions. In fact, this approach even allows us to replace the TCP/IP protocol between the proxies by any other protocol tailored for satellite environments.

In addition to optimizing the transport layer connection between the proxies, techniques such as application-specific data filtering and data caching can be implemented within the proxies to further minimize data transfer latency for Web transactions and thereby further reduce airtime for satellite links.



© 2010 Architecture Technology Corporation
Send comments to: webmaster@atcorp.com