Evaluating the performance of secure gateway between real-time simulation networks
Tamminen, Julius (2021)
Tamminen, Julius
2021
Tietotekniikan DI-ohjelma - Master's Programme in Information Technology
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2021-10-14
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202109277304
https://urn.fi/URN:NBN:fi:tuni-202109277304
Tiivistelmä
The current trend of digitalization and automation continues strongly onward within all industries, which creates innovations and improvements to existing solutions. In the field of communication and networking, there are many new and old network solutions, that each can be utilized in various ways and have their own unique purposes and configurations. One network can connect and serve multiple users allowing communication between them, whereas some networks can simulate real-life scenarios and perform complicated calculations. In addition, these networks can co-operate and share mutual information, if they are connected with proper equipment such as gateways. These connections allow the creation of even wider networks, which can enable use cases, where multiple organizations can share data and operate together. One example of such massive scale networks is the Live Virtual Constructive (LVC) concept, where real time live and simulated events are combined to the same environment, which can be accessed from different geographical locations.
However, when connecting two or more networks together, the information security aspect must be considered, especially when some of the networks contains more sensitive data than the other networks. The security aspect can be fulfilled, and the leak of the sensitive data to other networks can be prevented by utilizing a secure gateway that performs the necessary filtering operations. Nevertheless, the secure gateway must consider the performance requirements of the networks, which can vary depending on the end purpose and the use case of the networks. The performance requirements, in the context of real-time simulation networks, were determined by the latency and the throughput benchmarks that the real-time simulation network must fulfill. The benchmark values were established by analyzing the literature and studies, with the help of a commercial simulation system and by interviewing the experts of the field.
Once the performance requirement benchmarks were found out, the final evaluation of the effect of a real-world secure gateway implementation, Cross Domain Solution (CDS) made by Insta DefSec, could be made. The results for the evaluation were made by executing the latency and throughput tests in separate measurement set-ups: one measurement set-up measured the latency, and the other set-up measured the maximum throughput of the network, when the CDS was attached and connected between the two real-time simulation networks. Then, the same measurement set-ups were repeated by replacing the CDS with a commercial protocol translation and bridging software VR-Exchange, which only passed the data through it, to determine the reference results.
For the performance requirements it was found out, that the throughput requirement would be 1870 entities/s, whereas the upper limit for the latency would be 100 ms. The throughput measurement disclosed that the maximum throughput of the CDS was 386.4 entities/s, while the VR-Exchange resulted in 1077 entities/s. Furthermore, the latency measurement with a single updating entity resulted in an average latency of 3.9 ms for the CDS and 13.7 ms for the reference. Thus, the performance requirements were achieved only partially, as the throughput requirement was not reached. Nevertheless, the latency of the CDS was below the requirement of 100 ms, when a single updating entity was measured. Thus, the CDS fulfills the latency requirement when the number of simultaneously updating entities is minimal. However, optimization of the software of the CDS would improve the throughput and the latency capabilities even further.
However, when connecting two or more networks together, the information security aspect must be considered, especially when some of the networks contains more sensitive data than the other networks. The security aspect can be fulfilled, and the leak of the sensitive data to other networks can be prevented by utilizing a secure gateway that performs the necessary filtering operations. Nevertheless, the secure gateway must consider the performance requirements of the networks, which can vary depending on the end purpose and the use case of the networks. The performance requirements, in the context of real-time simulation networks, were determined by the latency and the throughput benchmarks that the real-time simulation network must fulfill. The benchmark values were established by analyzing the literature and studies, with the help of a commercial simulation system and by interviewing the experts of the field.
Once the performance requirement benchmarks were found out, the final evaluation of the effect of a real-world secure gateway implementation, Cross Domain Solution (CDS) made by Insta DefSec, could be made. The results for the evaluation were made by executing the latency and throughput tests in separate measurement set-ups: one measurement set-up measured the latency, and the other set-up measured the maximum throughput of the network, when the CDS was attached and connected between the two real-time simulation networks. Then, the same measurement set-ups were repeated by replacing the CDS with a commercial protocol translation and bridging software VR-Exchange, which only passed the data through it, to determine the reference results.
For the performance requirements it was found out, that the throughput requirement would be 1870 entities/s, whereas the upper limit for the latency would be 100 ms. The throughput measurement disclosed that the maximum throughput of the CDS was 386.4 entities/s, while the VR-Exchange resulted in 1077 entities/s. Furthermore, the latency measurement with a single updating entity resulted in an average latency of 3.9 ms for the CDS and 13.7 ms for the reference. Thus, the performance requirements were achieved only partially, as the throughput requirement was not reached. Nevertheless, the latency of the CDS was below the requirement of 100 ms, when a single updating entity was measured. Thus, the CDS fulfills the latency requirement when the number of simultaneously updating entities is minimal. However, optimization of the software of the CDS would improve the throughput and the latency capabilities even further.