Case study: Authenticating seismic stations at Conrad Observatory, Austria

March 2006

The Conrad Observatory of the Central Institute for Meteorology and Geodynamics (ZAMG) is a multidisciplinary geophysical observatory in Lower Austria. Güralp Systems were asked to collaborate with ZAMG to develop a secure, authenticating seismic station at the observatory.

For this project three CMG-3T weak motion seismometers were installed:

Two identical vault instruments share a seismic pier in an underground vault.

A CMG-3TB instrument is installed in a nearby borehole.

Installing the vault sensors.

Each of the three instruments is connected to a unit which combines a CMG-DM24 digitizer and CMG-AM Authentication Module in a borehole casing. In the case of the vault instruments, these modules are connected direct to a local network, whilst the DM24/AM inside the borehole has an internal short-haul modem which communicates with a DCM at the surface. Each digitizer also receives timing information from Güralp GPS units using the observatory's existing GPS repeater system.

Finally, a “data centre” was installed at the observatory, consisting of two Linux PCs and network hardware. These PCs run customized software developed for the project by Güralp Systems. They are connected to the institution's local network, and to the Internet and other global networks (optionally) over separate VSAT links.

Digitizer-AM units ready for installation.

To meet customer requirements, data must be cryptographically authenticated as close to its source as possible. At Conrad, authentication is performed by the digitizer-AM unit, which signs data with an on-board token as soon as it is generated. In the case of the CMG-3TB installation, data is fully authenticated before it exits the borehole.

Additional security is provided by a network of tamper switches in and around the seismic hardware. When tripped, these switches set flags in outgoing data which alert operators that a tamper attempt has been made.

The data centre

Each AM produces signed CD1.0 and CD1.1 subframes from the data it receives from the attached digitizer. Station administrators can choose whether to compress this data, and whether it should be signed before or after compression (in the case of CD1.1 subframes.)

One of the Linux PCs at the data centre fetches these subframes from the AMs and builds full CD1.0 and CD1.1 station frames from them. The station frames are then transmitted. It also keeps the data in a local database, so that frames can be backfilled in the event of a break in communications. Backfilling is done according to the m-LIFO algorithms specified in the CD1.0 and CD1.1 standards. The software can also recover from an outage within the array, and from combinations of nested outages.

The station alert interface.

The second Linux PC is intended for use by station operators. It runs custom software which inspects incoming CD1.0 and CD1.1 subframes and checks that the status flags and signatures are satisfactory. This information is displayed in an at-a-glance visual format. The software also gives an indication of the average latency for each stream.

Examining status information.

Status information can be examined in more detail by the same software. In addition to the tamper switches described above, CD1.1 status flags provide information about the operation of the GPS receiver, calibration status, and other events.

Other data transfer methods

The station is capable of providing many kinds of data simultaneously:

CD1.0 and CD1.1 station frames can be sent to extra locations over the WAN or Internet as required.
The AM units each run Scream! servers to provide station operators with real-time waveform and mass position data. Optionally, this information can be concentrated at the data centre to provide clients at the local institution with GCF data from all the instruments.
As part of the additional requirements of the customer, the Conrad station provides an AutoDRM service, which allows raw data to be requested over e-mail. It also supports IMS2.0, a protocol which allows station operators to maintain the installation by exchanging commands inside S/MIME authenticated e-mail messages.

Noise performance

Short period surface noise (40 samples/s stream)

These graphs show the acceleration power spectral density of signals received from the installed sensors.

The data from the Conrad instruments will be used to carry out a full noise survey of the site.

Preliminary experiments performed immediately after installation, with the commissioning team still present, show all sensors already operating near Low Noise Model levels.

Short (40 samples/s, left) and long (1 sample/s) period noise levels measured at the borehole.

Installation ideas

Installing the borehole sensor.

The authenticating seismic station at the Conrad Observatory is a prime example of the flexibility of Güralp Systems' data flow hardware.

Using CMG-DM24 digitizers and CMG-AM authentication modules, ground movements can be expressed in multiple formats and transmitted using several protocols to a number of clients, all simultaneously.

The strong cryptographic ability of the CMG-AM made it the first choice of our customer for their sensitive monitoring work. Using a downhole CMG-AM, cryptographically signed CD1.0 and CD1.1 data can be generated within the borehole, minimizing the opportunity to interfere with the station.

This feature, together with the low power consumption of the CMG-AM, also makes it ideal for arrays containing remote, autonomous stations which are nevertheless required to generate authenticated data.

The CMG-3T and CMG-3TB weak motion instruments are the first choice monitoring small ground motions from low-noise sites.



Home Products New installations Customer support Troubleshooting and returning goods Manuals and documentation Software for your computer Firmware updates Calibration information How-to guides Installation topics Case studies Find your nearest service centre About us	Printable version Case study: Authenticating seismic stations at Conrad Observatory, Austria March 2006 The Conrad Observatory of the Central Institute for Meteorology and Geodynamics (ZAMG) is a multidisciplinary geophysical observatory in Lower Austria. Güralp Systems were asked to collaborate with ZAMG to develop a secure, authenticating seismic station at the observatory. For this project three CMG-3T weak motion seismometers were installed: Two identical vault instruments share a seismic pier in an underground vault. A CMG-3TB instrument is installed in a nearby borehole. Installing the vault sensors. Each of the three instruments is connected to a unit which combines a CMG-DM24 digitizer and CMG-AM Authentication Module in a borehole casing. In the case of the vault instruments, these modules are connected direct to a local network, whilst the DM24/AM inside the borehole has an internal short-haul modem which communicates with a DCM at the surface. Each digitizer also receives timing information from Güralp GPS units using the observatory's existing GPS repeater system. Finally, a “data centre” was installed at the observatory, consisting of two Linux PCs and network hardware. These PCs run customized software developed for the project by Güralp Systems. They are connected to the institution's local network, and to the Internet and other global networks (optionally) over separate VSAT links. Digitizer-AM units ready for installation. To meet customer requirements, data must be cryptographically authenticated as close to its source as possible. At Conrad, authentication is performed by the digitizer-AM unit, which signs data with an on-board token as soon as it is generated. In the case of the CMG-3TB installation, data is fully authenticated before it exits the borehole. Additional security is provided by a network of tamper switches in and around the seismic hardware. When tripped, these switches set flags in outgoing data which alert operators that a tamper attempt has been made. The data centre Each AM produces signed CD1.0 and CD1.1 subframes from the data it receives from the attached digitizer. Station administrators can choose whether to compress this data, and whether it should be signed before or after compression (in the case of CD1.1 subframes.) One of the Linux PCs at the data centre fetches these subframes from the AMs and builds full CD1.0 and CD1.1 station frames from them. The station frames are then transmitted. It also keeps the data in a local database, so that frames can be backfilled in the event of a break in communications. Backfilling is done according to the m-LIFO algorithms specified in the CD1.0 and CD1.1 standards. The software can also recover from an outage within the array, and from combinations of nested outages. The station alert interface. The second Linux PC is intended for use by station operators. It runs custom software which inspects incoming CD1.0 and CD1.1 subframes and checks that the status flags and signatures are satisfactory. This information is displayed in an at-a-glance visual format. The software also gives an indication of the average latency for each stream. Examining status information. Status information can be examined in more detail by the same software. In addition to the tamper switches described above, CD1.1 status flags provide information about the operation of the GPS receiver, calibration status, and other events. Other data transfer methods The station is capable of providing many kinds of data simultaneously: CD1.0 and CD1.1 station frames can be sent to extra locations over the WAN or Internet as required. The AM units each run Scream! servers to provide station operators with real-time waveform and mass position data. Optionally, this information can be concentrated at the data centre to provide clients at the local institution with GCF data from all the instruments. As part of the additional requirements of the customer, the Conrad station provides an AutoDRM service, which allows raw data to be requested over e-mail. It also supports IMS2.0, a protocol which allows station operators to maintain the installation by exchanging commands inside S/MIME authenticated e-mail messages. Noise performance Short period surface noise (40 samples/s stream) These graphs show the acceleration power spectral density of signals received from the installed sensors. The data from the Conrad instruments will be used to carry out a full noise survey of the site. Preliminary experiments performed immediately after installation, with the commissioning team still present, show all sensors already operating near Low Noise Model levels. Short (40 samples/s, left) and long (1 sample/s) period noise levels measured at the borehole. Installation ideas Installing the borehole sensor. The authenticating seismic station at the Conrad Observatory is a prime example of the flexibility of Güralp Systems' data flow hardware. Using CMG-DM24 digitizers and CMG-AM authentication modules, ground movements can be expressed in multiple formats and transmitted using several protocols to a number of clients, all simultaneously. The strong cryptographic ability of the CMG-AM made it the first choice of our customer for their sensitive monitoring work. Using a downhole CMG-AM, cryptographically signed CD1.0 and CD1.1 data can be generated within the borehole, minimizing the opportunity to interfere with the station. This feature, together with the low power consumption of the CMG-AM, also makes it ideal for arrays containing remote, autonomous stations which are nevertheless required to generate authenticated data. The CMG-3T and CMG-3TB weak motion instruments are the first choice monitoring small ground motions from low-noise sites.