TRANSEC BASIC VT idirect, Inc.

Similar documents
Transmission Security (TRANSEC) in an IP based VSAT Architecture April 2007

Transmission Security (TRANSEC)

Supporting critical IP applications across the enterprise from VoIP and VPN, to streaming media

idirect Satellite Routers

0x1A Great Papers in Computer Security

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Wireless LAN Security (RM12/2002)

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

idirect Satellite Routers

NETLMM Security Threats on the MN-AR Interface draft-kempf-netlmm-threats-00.txt

A SIMPLE INTRODUCTION TO TOR

CTS2134 Introduction to Networking. Module 08: Network Security

Wireless LAN Security. Gabriel Clothier

Firewalls, Tunnels, and Network Intrusion Detection

Ruijie Anti-ARP Spoofing

idirect Defense Portfolio

TRAFFIC FLOW SECURITY USING SENETAS HIGH- ASSURANCE ENCRYPTORS TECHNICAL PAPER

Security: The Key to Affordable Unmanned Aircraft Systems

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

KALASALINGAM UNIVERSITY

Chapter 24 Wireless Network Security

Internet Protocol and Transmission Control Protocol

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Vidder PrecisionAccess

Understanding the Dynamic Update Mechanism Tech Note

Industrial Control System Security white paper

Network Security and Cryptography. December Sample Exam Marking Scheme

Pluggable Transports Roadmap

Denial of Service, Traceback and Anonymity

Cyber Moving Targets. Yashar Dehkan Asl

PrecisionAccess Trusted Access Control

Overview of Adaptive TDMA in idx 3.2. May 2015

Strongly Anonymous Communications in Mobile Ad Hoc Networks

Metrics for Security and Performance in Low-Latency Anonymity Systems

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Introduction to VANET

Student ID: CS457: Computer Networking Date: 5/8/2007 Name:

Service Managed Gateway TM. Configuring IPSec VPN

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

1. Diffie-Hellman Key Exchange

VPN Auto Provisioning

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

e-commerce Study Guide Test 2. Security Chapter 10

Wi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018

Configuring ARP attack protection 1

Network Encryption 3 4/20/17

SENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY

ARM Security Solutions and Numonyx Authenticated Flash

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Area Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low

Network Security. Thierry Sans

Certified Secure Web Application Engineer

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

Configuring ARP attack protection 1

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Verizon Software Defined Perimeter (SDP).

Wireless technology Principles of Security

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Virtual Dispersive Networking Spread Spectrum IP

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

EXAM - CAS-002. CompTIA Advanced Security Practitioner (CASP) Exam. Buy Full Product.

Cryptography and Network Security. Sixth Edition by William Stallings

CSCE 715: Network Systems Security

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

CSci530 Final Exam. Fall 2011

Define information security Define security as process, not point product.

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Findings for

VPN Overview. VPN Types

Time Synchronization Security using IPsec and MACsec

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

2. INTRUDER DETECTION SYSTEMS

Understanding Cisco Unified Communications Security

Secure management using HP Network Node Manager SPI for SNMPv3

Linux Network Administration

Configuring WEP and WEP Features

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

CIS 5373 Systems Security

Finding and Supporting Collaboration Needs and Opportunities

Achieving End-to-End Security in the Internet of Things (IoT)

Cryptography and Network Security

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Secure Telephony Enabled Middle-box (STEM)

Microsoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

A Proposed Method for Cryptography using Random Key and Rotation of Text

Attacks on WLAN Alessandro Redondi

Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic

AIT 682: Network and Systems Security

Securing Data-at-Rest

IPv6 and New Security Paradigm

Wireless Network Security

Transcription:

TRANSEC BASIC 2008 VT idirect, Inc.

Security Tradeoffs DVB-S2 DVB-S2 w/aes Efficiency infiniti infiniti w/aes S2 TRANSEC ACM S2 TRANSEC CCM infiniti TRANSEC Anti-Jam/Low Prob of Detect Security

What is TRANSEC? Transmission security (TRANSEC) prevents an adversary from exploiting information available in a communications channel even without defeating encryption With only link encryption, an adversary can still answer questions like: What types of applications are active on the network? Who is talking to whom? Is the network or a particular remote site active now? Based on traffic analysis, what is the correlation between network activity and real world activity? Is a particular remote site moving? Is there significant acquisition activity?

TRANSEC Goals TRANSEC Requirement Mask Channel Activity Control Channel Information Hub and Remote Authentication and Validation Benefits Prevents transmission activity from being used as an intelligence gathering Detection of repetitive data streams unsuccessful Ensures only authorized use of network resources

TRANSEC Goals Mask Channel Activity Transmission activity can be used as an intelligence gathering mechanism TDMA carriers are based on dynamic traffic bursts so changing traffic volumes and number of active senders can be detected. DVB-S2 carriers send easily identifiable fill frames when there s no user data to send These vulnerabilities allow adversaries to extrapolate information on timing, location or scale of strategic activities

TRANSEC Goals Mask Channel Activity TRANSEC negate these risks by: Using Free Slot Allocation for TDMA bandwidth distribution Creates a constant wall of data regardless of traffic profiles Free slots preserve bandwidth efficiencies of TDMA Empty bursts are indistinguishable from user data Creating fill-frames with random data for underutilized DVB-S2 carriers Empty frames are indistinguishable from user data Obfuscating acquisition activity Creates traffic in the acquisition slot when no remotes are actually joining the network Suppresses acquisition slot bursts even when remotes are acquiring

TRANSEC Goals Control Channel Information When only user data payloads are encrypted, a great deal of data is still available Both Layer 2 and Layer 3 packets have traffic engineering information (source, destination, priority, size) embedded in their headers Size and priority information can betray the type of application in use Source and destination tell an adversary who is talking and when Control information sent in the clear can reveal network activity levels

TRANSEC Goals Control Channel Information TRANSEC solves this by: Encrypting both payload and header information even at Layer 2 Independently encrypting network control information Changing encryption keys frequently

TRANSEC Goals Hub and Remote Validation Unauthorized use of network resources can lead to a man-in-the-middle attack A remote might be spoofed and inserted into a secure network A secure remote might be coerced into joining an insecure network While these kinds of attacks are extremely difficult even in non-transec environments, the risk of eavesdropping cannot be ignored

TRANSEC Goals Hub and Remote Validation TRANSEC eliminates these threats by: Using public-key cryptography Key distribution Message authentication Employing X.509 standards for: Verifying identities Establishing trust between network elements Providing methods for dealing with security compromises

TRANSEC Solution Hub System XXLMXXLLMLX LLVLMXX XLM VMXXMM XXXMVLL Wall of Data KR IV XXLMXXLLMLX LLVLMXX XLM VMXXMM XXXMVLL KR IV 00110101101001 SA DA TOS X.509 Certificate ACC key IP encryptor $%^#$#%@^&&# SA DA TOS ACC key DCC key $%^#$#%@^&&# SA DA TOS Demand Header DID Strong Authentication DID #456789 Public Key Signature X.509 Certificate DCC key Evolution e8000 Series Remotes IP encryptor WAN DID #123456 Public Key Signature ACC key DCC key Protocol Processor TRANSEC Hub Evolution e8000 Series Remotes IP encryptor

Our TRANSEC Solution At a Glance TRANSEC Requirements Mask channel activity idirect s Solution Free slot allocation creating uniform size of all TDMA slots Wall of Data and Acquisition Obfuscation Benefits Negates the risk of using transmission activity as intelligence gathering mechanism Control Channel Information FIPS 140-2 certified encryption 256 bit keyed AES encrypted Over-the-air key update feature Detection of repetitive data streams unsuccessful Hub and Remote authentication and validation Public and private key encryption on remotes and hubs X.509 digital certificates Ensures remotes and hubs are authorized and validated Installation of TRANSEC-enabled networks made easy

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback