Resilience Theatre

Personal projects for resilience

User Tools

Site Tools


edgemap:introduction

EdgeMap

EdgeMap is simple browser based map UI designed for simplicity and resilience. It's main purpose is to allow peoples and organizations to integrate sensory sources to map display without complex and often externally hosted dependencies.

EdgeMap can be implemented to various embedded devices. I've created small footprint Linux firmware for Raspberry Pi 4 with very low runtime memory requirements ( < 500 MB RAM) and small firmware image size (~550 MB).

Image can be extracted to MicroSD card and separate read only partition can hold pmtiles maps, making system totally off the grid capable.

Edgemap for Raspberri PI hardware is not based on any Linux distribution. It's standalone 'firmware' built with buildroot and offers no packaging and requires no updates based on ever evolving distribution life cycle. This makes it easy to maintain and if you setup build environment for off line usage, you are able to develop and deliver this solution in total off the grid mode. Reducing dependencies and overhead of true Linux distribution, makes Edgemap small and flexible for any given tasks with deep integration possibilities and crypto agility.

Typical use cases are Tactical Edge deployments with mesh/manet radios or LoRA based communication, direct cabling between sites or private LTE segments with no access to Internet based cloud services.

Features

Bellow are summarized some Edgemap features. Most of these are present and implemented as technology demonstration & proof of concept but require further work or back end integration work to be really usable product.

Operational flexibility

  • Requires no Internet connection (for complete off the grid use)
  • Uses offline pmtiles vector map sources
  • Designed to work with minimum dependencies (only apache & php required)
  • Simple and documented blocks for easy integration and development
  • For EUD's there is no need to install any software, works with Web browser!
  • Usable with range of devices: desktops, laptops, tablets, mobiles and custom terminals
  • Better OPSEC when operating on denied areas: EUD does not contain any software or data
  • Better OPSEC when operating on denied areas: you can obtain EUD's 'in country'
  • On boarding third party members is easy, share URL and off they go. No need for VPN's, SW installs, certificates etc.
  • After mission OPSEC: flush the EdgeMap MicroSD card and trash that RPi4

Networks

  • Local LAN segments
  • Global internet
  • Public cellular networks with CGNAT
  • Private LTE networks
  • Tactical MESH / MANET networks
  • Satellite networks with CGNAT

Videostreams

  • 10 x video stream overlays from Zoneminder surveillance system
  • Zoneminder server presence detection and video on/off control on map UI
  • ZM auth api token is currently manually provided to UI load url.
  • Note: This feature is not maintained currently.

Target display

  • Full MIL-STD-2525 (and APP6) symbology via excellent milsymbol project
  • Example implementation of Cursor On Target (CoT) GeoJSON target display
  • CoT targets with controllable tail trace
  • Example of high rate navigation target display with smooth 20 Hz update rate over websocket connection.

Sensory integration

  • Example for 'Sniper Control' status display over low latency websocket connection
  • Meshtastic detection sensor for 'switch close' sensor event to map alarm.

Meshtastic LoRA

  • Supports messaging over Meshtastic radios
  • Out-of-band & Low probability of interception (LPI) & Low probability of detection (LPD) method
  • See also bill of materials for different Meshtastic configurations.

Video conference

  • On board Janus WebRTC gateway
  • Web UI for quick Video Conference capability of six team members
  • Requires TLS connection to Web UI (Note that TLS is evil on OPSEC/EW space)

Secure PTT

  • Exclusively encrypted SecurePTT with One-Time-Pad encryption
  • Suitable for small teams with high security requirements
  • Supports UDP unicast & multicast with local and global routing
  • Can secure existing PTT streams from Silvus & other MESH/MANET gears
  • UDP Jamming resistant

Local GPS support

  • Supports locally attached GPS/GNSS receivers
  • Location sharing from GPS source
  • Note that we don't utilize Meshtastic positioning due OPSEC reasons

Other features

  • Coordinate Copy & Paste with two mouse clicks (select and copy)
  • Simple Web UI suitable for desktop browsers and tables
  • Since all resources are local, it's fast and resilient.

Messaging and markers

  • Small PoC implementation of tactical messages via IP networks & Meshtastic channels
  • Marker creation and delivery over tactical message channel
  • Needs 'tacmsgrouter' to be functional demo or Meshtastic radios

Compability

  • Tested with TAKY CoT server and CivTAK clients
  • curlcot - CoT client for taking CoT messages to local sqlite db for map display.

Simulation tools

  • cotsim - CoT simulation tool to feed CoT server with location data
  • highrate - High rate target simulation tool (GPX → CSV → webSocket)

Resilience

  • Utilizes Protomaps for fully off line world map & terrain data
  • Support imagery data usage via pmtiles for selected regions
  • Minimize network attribution by being 'localhost' as much as possible
  • Understand battle space requirements for tactical applications in cyber domain.
  • Avoid vendor lock, kill switches & commercial traps

Hardware support

  • Embedded Linux for variety of ARM based designs
  • Can be utilized on desktop Linux installations on AMD64 and others

Licenses

  • Based on variety of open source components
  • Edgemap is fully open source with GPLv2 and GPLv3 licenses on various components
  • Can be scaled and delivered without a license costs
  • Freely available open source project by Resilience Theatre

EdgeMap resilience

EdgeMap is created as an resilience example, where your Operating System image is created from source code which you have at hand. Buildroot build can be kept offline and on premises, supporing your mission critical deployment tasks in any situation. This same approach can be used with OSM map data creation, where mbtiles are produced 'on prem' as well. This makes it possible to have security of supply and resilience for solution to be available in any circumstances.

With this approach we can be Executive Order (EO) 14028 compliant and produce SBOM automatically on build:

Typical use cases

EdgeMap can be deployed for fast prototyping or product development. It's main purpose is to offer understandable & working codebase for sensor developers, communication engineers and other groups who just like to have decent spatial illustration for their work.

You might use EdgeMap with CivTAK android software to experiment CoT message delivery for TAKY CoT server and make 'curlcot' to read those messages for EdgeMap visualization. Equally you can deploy totally off the grid capability with EdgeMap for your MANET/MESH or Private LTE segment - so no more that LTE router to provide gateway for Google maps.

Experimenting highrate navigation solutions with EdgeMap allows you to check your highly manoeuvrable asset visualization on map with 10/20 Hz update rate. Integrate your Drone highrate GPS to EdgeMap and enjoy 20x more frequent updates of drone position. Correlate fast rate navigation solution with low latency video delivery with synchronized map visualization.

Edge Computing capability for different networks and applications. You can deploy solution to SATCOM for global access or in mobile delivery in Private or public LTE networks. Raspberry Pi4 image contains also MACSEC layer2 encryption, making it suitable for network piggybacking. You can deploy your covert team inside Hotel WIFI with Layer2 encryption and evade all IP layer monitoring solutions and minimize traceability. Since this solution keeps all data local, it's perfect match for low bandwidth custom radio solutions & denied areas. You can bridge message delivery over LORA and enjoy rich presentation by locally stored map data and application functionality. If you choose to go full blown tactical networks, presented solution gives you also application dominance with tactical networks operating globally in harsh conditions. No more VPN peoples or IT department excuses.

Please note that this UI is not complete 'ATAK alternative' and not by any means production ready solution. However, it proves that rich spatial applications can be built to small scale and deployed to most demanding environments - where big tech provided solutions often fails to deliver.

Simple pouch

Picture right illustrates pouch with RaspberryPi 2W Zero connected to Meshtastic radio.

This kit exposes Wifi Access Point (AP) from RaspberryPi 2W Zero which EUD is attached to. EUD web browser allows user to access and control Edgemap running on RaspberryPi 2W Zero and all communication between nodes happens over LoRA based Meshtastic radio attached to USB port.


Kit is powered from USB power bank and provides +9 hours operational time.

Configuring with is easy and can happen by end user directly.


Bunker communications

You can network Edgemap nodes over dark fiber or any tactical Ethernet cabling and it can provide you rich mission planning capabilities and Secured Push-To-Talk with optional Video Conferencing.

This makes Edgemap viable solution for limited connectivity situations where you need to establish environment fast and with zero EW fingerprint.

Tactics on MESH

You can utilize Edgemap for integrations with your MESH radio provider and integrated radio locations from Cursor On Target (CoT) messages to map and illustrate mesh topology with signal strengths on map.

When you're conducting missions with MESH you need to understand team locations, mesh network state & strength and moving direction all at once. Traditionally these had been different views from your radio engineering interfaces and command & control systems.

With Edgemap you can bring these to same view and simplify execution of your mission. I've implemented these integrations with Edgemap and AN/PRC-169 (Silvus) radios.

Milliwats

Silvus radios (with increasing RF output power) combined with Edgemap, communicating via LoRA based Meshtasic could create closed loop decision making platform without need for Internet access.

SecurePTT

Latest versions of Edgemap has also SecurePTT onboard. SecurePTT is exclusively secured Push-To-Talk (PTT) with crypto agility. It can be equipped with symmetric algorithm support or used with out-of-band keyed One-Time-Pad (OTP).

It can be configured to work global or local network segments and is UDP jamming and interception resistant solution providing Full Duplex Secure PTT where needed.

Demo video

Here is small demo video how mbtiles work with EdgeMap php page. This screencast is recorded from EdgeMap instance running on RaspberryPi4 with 2GB RAM and 128 GB microSD card. All map data is stored locally and illustrated functionality does not require internet connection. All target data is locally simulated.

:!: This video is old. You can find more videos at my Youtube channel.

Technical details

Illustration of components running on demonstration firmware on RaspberryPi4.

  • apache & php with EdgeMap UI
  • Taky - CoT server
  • Simulation sources
  • gwsocket as simple websocket server

Build instructions

There are several variants available at my Github and depending on delivery target, those could be utilized as they are or modified to meet requirements. Some of images are provided as 'initramfs' type, which means they do not allow storing any configuration changes and they do run completely from RAM.

Immutable design

Some aspects of D.I.E1) model can be seen in my current approach where I utilize 'initramfs' type image. It means that nothing is persisted to running system and changes are always discarded on reboots and shutdowns.

Functionality

Demo image contains standard RPi4 boot partition and 'Image' file as Linux kernel with initramfs bundled into it. During boot systemd is utilized to decrypt data and map partitions on MicroSD with decryption key stored into FIDO2 token. Crypto ignition with FIDO2 token makes sure that edgemap entity returns into secured state if RPi4 is powered off and restarted again without FIDO2 token.

Info graph

:!: Click image to get full scale version.

CONOPS

Following picture gives some concepts of operations.

:!: Click image to get full scale version.

Edgemap as ATAK bridge

You can enable Edgemap to receive CoT messages from restricted ATAK segment and deliver same situational awareness to other organizations without enrolling them into ATAK infrastructure.

Integration infographic

Information of provided UI elements and integration sources for them. Click image to see it bigger.

Meshtastic

Current development includes meshtastic branch2) where integration to USB attached Meshtastic radio allows users to message between Edgemap instances and enjoy on board world map with simple browser usable UI.

Typical use cases for this approach would include teams working in situations where normal networks are down or targeted with hostile surveillance or coverage is otherwise limited.

edgemap/introduction.txt · Last modified: 2024/11/22 04:01 by admin

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki