Transmission Security (TRANSEC) in an IP based VSAT Architecture April 2007

Similar documents
Transmission Security (TRANSEC)

TRANSEC BASIC VT idirect, Inc.

Supporting critical IP applications across the enterprise from VoIP and VPN, to streaming media

idirect Satellite Routers

idirect Defense Portfolio

idirect Satellite Routers

Overview of Adaptive TDMA in idx 3.2. May 2015

Eight Essentials to Implementing Backhaul over Satellite for Mobile Operators. June 2009

General Tariff Information

Evolution Innovations Q1- Q VT idirect, Inc.

EXHIBIT A-1 to Appendix D to DIR Contract NO. DIR-TEX-AN-NG-CSA-ICXXX. Service Description: PCI Texas South Region Dedicated Burstable/Shared Network

WhitePaper: XipLink Real-Time Optimizations

This regulation outlines the policy and procedures for the implementation of wireless networking for the University Campus.

Radyne s SkyWire Gateway Quality of Service

ENTERPRISE CONNECTIVITY

Satellite-Based Cellular Backhaul in the Era of LTE

National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products

Communications Infrastructure for Fractionated Spacecraft

idirect Government Remote Operator Commissioning Course (irocc) Syllabus irocc Course Syllabus Jan 2015

Premium Services Using Vipersat Dynamic SCPC (dscpc) With Guaranteed Bandwidth

ENTERPRISE CONNECTIVITY

Implementation and use of Software Defined Radio (SDR) technology for Public Safety, Traffic applications, and Highway Engineering

Security for SIP-based VoIP Communications Solutions

Performance Challenge of 3G over Satellite Methods for Increasing Revenue & Quality of Experience. February 2018

Wireless technology Principles of Security

idirect Hubs and Line Cards

COMMON CRITERIA CERTIFICATION REPORT

Wireless Network Policy and Procedures Version 1.5 Dated November 27, 2002

Understanding Layer 2 Encryption

Integrated C4isr and Cyber Solutions

Capacity Planning for Next Generation Utility Networks (PART 1) An analysis of utility applications, capacity drivers and demands

BANDWIDTH EFFICIENT CELLULAR BACKHAUL SOLUTIONS

Simple Satellite Network Solutions. Radyne SkyWire Company Proprietary -- 1

QUALITY OF SERVICE AND THE EFFECTS OF DATA ENCRYPTION ON VSAT NETWORKS (GOVERNMENT NETWORKS)

CHAPTER TWO LITERATURE REVIEW

Network Planning Guide

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

TamoSoft Throughput Test

Network Media and Layer 1 Functionality

DECODIO. for TETRA. Air interface analysis Network traffic measurements and statistics Coverage tests Network monitoring DETECT DECODE VISUALIZE

TASMUS.

First Satlabs DVB-RCS Symposium: DVB-S, S2 and RCS for U.S. DoD Satellite Communications

Cisco Group Encrypted Transport VPN

Department of Public Health O F S A N F R A N C I S C O

COMPUTER NETWORK Model Test Paper

Understanding SROS Priority Queuing, Class-Based WFQ, and QoS Maps

54M Wireless LAN Module User s Manual

Vodacom Power to you. Managed Network Services for Ready Business.

HN/HX System Bandwidth Efficiency

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

The Modern Manufacturer s Guide to. Industrial Wireless Cisco and/or its affiliates. All rights reserved.

Cloud Connect. Gain highly secure, performance-optimized access to third-party public and private cloud providers

GDPR Update and ENISA guidelines

Wireless# Guide to Wireless Communications. Objectives

Local Area Networks NETW 901

Delivering IP Applications in a Tactical Communications Network. A white paper by

Not all SD-WANs are Created Equal: Performance Matters

Automating VPN Management

GSA Protocols: How and Why they are Important and Relevant to

SLM A Satellite Modem. Modems

Boundary control : Access Controls: An access control mechanism processes users request for resources in three steps: Identification:

Security SSID Selection: Broadcast SSID:

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Introduction to Network Discovery and Identity

Verizon Software Defined Perimeter (SDP).

Federal Information Processing Standard (FIPS) What is it? Why should you care?

SLM-5650A Satellite Modem

SLM-5650A Satellite Modem

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

AMCP/4-WP/70. b) requirements and recommendations together with their rationale; and

National Information Assurance (IA) Policy on Wireless Capabilities

Department of Defense INSTRUCTION

UNIT-II OVERVIEW OF PHYSICAL LAYER SWITCHING & MULTIPLEXING

Introduction to Network Discovery and Identity

idirect Broadband Router Hub Solutions

How Secured2 Uses Beyond Encryption Security to Protect Your Data

Payment Card Industry (PCI) Point-to-Point Encryption

Five Considerations for Choosing a HTS/DVB-S2X Platform

Service Managed Gateway TM. Configuring IPSec VPN

UNIT- 2 Physical Layer and Overview of PL Switching

Subject: Adhoc Networks

Not all SD-WANs are Created Equal

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

Guide to Wireless Communications, 3 rd Edition. Objectives

Trust Harris for LTE. Critical Conditions Require Critical Response

Header Compression Capacity Calculations for Wireless Networks

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Sections Describing Standard Software Features

White Paper. Implementing an IP Architecture Using Layer 2-Based Traffic Management. 17 October 2009

Rapidly deployable secure cellular comms

Security Standards for Electric Market Participants

Wireless Challenges and Resolutions

UHP - UNIVERSAL VSAT PLATFORM PRODUCT OVERVIEW

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

PRODUCT LINE COMPONENTS

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

WHITE PAPER ULTRA LOW LATENCY MICROWAVE THE NEED FOR SPEED: BEST PRACTICES FOR BUILDING ULTRA-LOW LATENCY MICROWAVE NETWORKS

Connecting the Unconnected Via Satellite: From Mobiles to Money

Sections Describing Standard Software Features

Transcription:

Transmission Security (TRANSEC) in an IP based VSAT Architecture April 2007-1 -

As the ability to monitor satellite transmissions grows increasingly sophisticated, the need to implement increased levels of security becomes even more critical. In combatant situations, where even a small spike in traffic can be a critical piece of intelligence, the need to mask any communications activity becomes readily apparent. The National Security Agency (NSA) has outlined the following vulnerabilities inherent in an IP based TDMA transmission that must be addressed in order to provide true Transmission Security, or TRANSEC: Channel Activity The ability to secure transmission energy to conceal traffic volumes. Control Channel Information Disguise traffic volumes to secure traffic source and destination. Hub and Remote Unit Validation Ensuring remote terminals connected to the network are authorized users. Anti-Jam and Low Probability of Intercept While a consideration, this is not a mandate by the NSA or any other organization. This paper will discuss elements and considerations of providing a TRANSEC compliant IP based VSAT network and the approach idirect Government Technologies has taken to implement TRANSEC. TRANSEC requires all network control channels and Management & Control (M&C) data to be encrypted and, that any and all traffic engineering information be obfuscated from an adversary. For example, TRANSEC requires a communications channel appear completely full to an adversary even if little or no actual data is flowing. This is contrasted with Communications Security or COMSEC, where the actual communications (e.g. voice, video or data stream) is encrypted but certain header information is sent in the clear. An example of COMSEC encryption in an IP network includes any High Assurance IP Encryptor (HAIPE) such as a KG 175 TACLANE or KG 235 SECTERA. While the encryption of a HAIPE device is virtually impenetrable, the information in the IP header including the source address, destination address and most importantly the ToS field are in the clear. With the IP header of a HAIPE encrypted packet in the clear an adversary can determine how much of the traffic stream is voice, video or data. More significantly an adversary could determine when high priority flash-override traffic has been initiated and from which location. In an SCPC satellite network topology, achieving, TRANSEC compliance is relatively straight forward. For SCPC connections, a bulk encryptor such as a KIV 19A is employed to encrypt any data and control information traversing the network. If HAIPE COMSEC (High Assurance Internet Protocol Encryption,) encryption is employed in a TRANSEC SCPC network, the IP header of the HAIPE packet would be encrypted by the bulk encryptor prior to being transmitted to the satellite. In addition, since an SCPC link is static and always on and no control information needs to be exchanged between the SCPC modems, all of the TRANSEC requirements are met. In a TDMA network TRANSEC compliance is substantially more difficult. A TDMA network dynamically allocates bandwidth to remotes; therefore, there must be some type of control information transmitted to each device in the network. This control data, containing traffic engineering information, as well as information available from a HAIPE encrypted IP packet header can be exploited by an adversary. For example, anomalous traffic volume to a specific remote can indicate new activity in that area while varying ratios of voice to data traffic can denote the distribution of intelligence (data) compared to lower priority voice traffic. - 2 -

The security vulnerabilities of an IP based TDMA transmission have been defined in a number of NSA and DoD documents including the NSA s Kubic document and DoD s Deployed TRANSEC Whitepaper. Both papers define the security vulnerabilities of TDMA VSAT network. Following is an outline of the challenges that must be addressed according to the NSA and DoD and idirect Government Technologies response to those requirements. Channel Activity The first vulnerability that exists in a TDMA network is the availability of traffic engineering information. In an SCPC network, the link is static with no variation in transmission characteristics based on end user communications. Therefore an adversary looking at a satellite transponder with a spectrum analyzer will see a constant RF signal. This is contrasted with a TDMA network. A TDMA in-route carrier energizes and de-energizes as traffic flows and stops. The on and off nature of a TDMA inroute is the natural extension of the ability to allocate satellite transponder space to remotes which have transient demands. While this characteristic makes TDMA networks much more bandwidth efficient, it allows an adversary to determine peak periods of activity, identify unusual or unexpected activity spikes and identify locations of remotes that have remained quiet for a period of time and suddenly experience increased traffic volumes. The obvious risk in having this information in the hands of an adversary is the potential to extrapolate timing, location of scale of strategic activity. idirect Government Technologies has implemented free slot allocation in its TDMA bandwidth distribution algorithm. With free slot allocation, an adversary snooping satellite transponder energies will see a constant wall of data regardless of traffic profiles. As the name implies, free slot allocation keeps the in-routes active regardless of actual traffic flows. Free slot allocation preserves the efficiencies of a TDMA system while obfuscating actual traffic volumes, negating the risk of using transmission activity as an intelligence gathering mechanism. Control Channel Information A great deal of traffic volume and priority information can be gleaned by examining the in-band or outof-band control information within a HAIPE encrypted TDMA network. As was previously discussed, the IP header of a HAIPE packet contains source, destination and priority information. In order for a TDMA network to be able to provide the quality of service needed to support real time traffic, data quantities and prioritization information must be gathered. This information could be even more useful to an adversary than channel activity data because, it is specific enough to delineate between general communications like email and web traffic, versus tactical communications like voice and video. The only solution for this vulnerability is to completely encrypt all Layer 2 information as well as any control information disseminated to the remotes. The encryption methodology must be secure enough to thwart an adversary long enough that the data becomes old, and unusable. idirect has implemented FIPS 140-2 certified 256 bit keyed AES encryption for all Layer 2 and control information. The encryption of the Layer 2 frames has a side benefit of re-encrypting the data payload. Therefore, the - 3 -

transmitted HAIPE IP header itself is AES encrypted. Additionally, the idirect TRANSEC TDMA slot is a fixed size, again to obfuscate any traffic characteristics. This Layer 2 encryption solution solves all existing control channel vulnerabilities. The idirect Layer 2 encryption method goes a step beyond to feature over-the-air key update and a unique Layer 2 frame format including an Initialization Vector which ensures randomization of repetitive data streams. The net result is that adversaries are precluded from detecting any repetitive pattern, which can aid in deciphering encryption algorithms. TDMA TRANSEC SLOT Encryption Header Segment FEC Coding IV Seed Key ID Enc Demand LL Headers & Payload Figure 1 Hub and Remote Unit Validation One vulnerability of a TDMA VSAT system not addressed by either DoD or NSA is the concept of Hub and Remote Unit validation. In traditional SCPC architectures, when a link is established, it remains active for very long periods of time. Because these connections are fixed, and there is a significant level of coordination between personnel commissioning the SCPC, a high degree of confidence exists that an adversary is not trying to assume the identity of a trusted entity. In TDMA networks remotes are routinely coming into and dropping out of the network. This is especially true of networks with COTM (Communications on The Move) terminals where vehicles are traveling under bridges and behind buildings. This type of dynamic environment gives an adversary a greater opportunity to obtain a VSAT remote through licit or illicit channels, spoof the device ID and insert a rogue remote into a secure network. Equally feasible is an adversary acquiring a VSAT hub terminal and coaxing a blue force remote into the adversary s network. To mitigate this risk, idirect has implemented X.509 digital certificates on TRANSEC remotes. An X.509 certificate utilizes RSA public key encryption. With public key encryption two, related keys are generated, one private key and one public key. The functionality of these keys is such that anything encrypted with the public key can only be decrypted with the private key and anything encrypted with the private key can only be decrypted with the public key. In the idirect system, X.509 certificates can be generated via the NMS server or they can be provided by a third party. Certificates are placed on all TRANSEC line cards and Protocol Processors as well as on the remotes. The hub system keeps the public keys of each remote configured to operate on the hub and the remotes have the public keys of each hub device. During network acquisition, the remote encrypts its X.509 certificate with its private key and the hub verifies by decrypting the certificate with the remote s public key and vice versa. This process ensures a remote is authorized to operate in the network as well as ensuring that the hub is a trusted entity. - 4 -

Anti-Jam and Low Probability of Intercept While not a strict requirement of TRANSEC as defined by NSA or DoD, Anti-Jam and Low Probability of Intercept could prove useful in thwarting an adversary. The risk in any RF environment is the potential for an adversary to gain visibility into frequency activity which would enable signal jam with high energy radio frequencies. Both Anti-Jam and Low Probability of Intercept can be accomplished by employing Spread Spectrum technology/ idirect has implemented a DSSS (Direct Sequence Spread Spectrum) waveform whose primary role is for COTM applications. This DSSS waveform could be used to spread the modulated energy to a level where it is virtually undetectable above the noise floor and could mitigate intentional interference projected over a sufficiently narrow bandwidth. Conclusion There are inherent benefits to the IP based TDMA platform that idirect utilizes, with respect to bandwidth efficiency, scalability and the scope of applications that it enables. There also inherent security risks with a TDMA platform. The idirect TRANSEC architecture is able to provide the highest levels of network security while maintaining the efficiencies and benefits of the TDMA architecture. idirect Government Technologies has implemented the only TRANSEC and COMSEC compliant network architecture in the VSAT industry available today, which exceeds the requirements defined by NSA and DoD, while ensuring the QoS characteristics of the network are preserved. - 5 -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback