Securing an IP based VSAT network with
TRANSEC in Satellite Communications
Michael Haddad
Sr Systems Engineer, iDirect
October 27th 2010
© 2010 VT iDirect, Inc.
Agenda
• iDirect brief introduction
• General Satcom System Architecture
• Justification of TRANSEC
• Description of TRANSEC Solution
Agenda
• iDirect brief introduction
• General Satcom System Architecture
• Justification of TRANSEC
• Description of TRANSEC Solution
Quick Facts
World leader in IP-based, satellite
communications since 1994
340+ Employees,13 global offices
40 Working in over 40 diverse industries
50 Customers in more than 50 countries
350+ Global network of 350+ partners
24/7 World-class, 24/7 support
5 Global training centers
Agenda
• iDirect brief introduction
• General Satcom System Architecture
• Justification of TRANSEC
• Description of TRANSEC Solution
Satcom System Architecture
DVB-S2/ACM – 145MB/s
Hub System
Outbound - Time Division Multiplexing
36 MHz
36 MHz
36 MHz
36 MHz
36 MHz
36 MHz
14000
14500
4M
14158
14122
14125.750
Broadcast to All
Network Remotes
TDM
Downstream Carrier
User E
User D
Uplink
Hub/Teleport Location
Downlink
User A
User B
User C
General Hub Architecture
Hub System
Data Transfer : Frequency Hopping – MF-TDMA
Fast Hopping MF-TDMA
Inroute Group 1
TDM Downstream
Inroute
1
Inroute
n
Inroute Group 2
Inroute p
Inroute q
Hub
Group 1 Remotes
Group 2 Remotes
Star – TDMA Multiple Upstreams
36 MHz
36 MHz
36 MHz
36 MHz
36 MHz
36 MHz
Multiple Upstreams
14000
14500
14123.530
430 kHz
D
14158
14122
E
E
C
C
TDMA Upstream
Downlink
A
B
User E
TDMA Bursts using Upstream Carrier(s)
on a ‗Demand/Assigned‘ Time Slot Basis
D
User D
A
B
C
Uplink
Hub/Teleport Location
Downlink
User A
User B
User C
Agenda
• iDirect brief introduction
• General Satcom System Architecture
• Justification of TRANSEC
• Description of TRANSEC Solution
Why TRANSEC?
• Ability to monitor satellite transmissions
• TDMA network environment requires dynamic
exchange of control and traffic engineering
data between remote and hub that needs to be
protected
• TDMA Satellite transmission can reveal:
•
•
•
•
What type of applications are active?
Who is talking to whom?
Is the network or a particular remote active now?
Is it possible to determine, based on traffic analysis, a
correlation between network activity and real world activity?
What is TRANSEC?
• Any IP-based TDMA transmission features the
following inherent vulnerabilities that must be
addressed in order to provide true TRANSEC:
• Channel Activity
The ability to secure transmission energy to conceal traffic volumes
• Control Channel Information
Strongly encrypt both Layer 2 signaling and IP data
• Hub and Remote Unit Validation
Ensuring remote terminals connected to the network are authorized
users
• Low Probability of Intercept
Mitigate the risk of any RF environment that an adversary can
potentially gain visibility into frequency activity
What is TRANSEC?
Definition
Transmission security (TRANSEC) prevents an adversary from
exploiting information available in a communications channel
without necessarily having defeated the encryption.
Agenda
• iDirect brief introduction
• General Satcom System Architecture
• Justification of TRANSEC
• Description of TRANSEC Solution
TRANSEC Components
Mask Channel Activity
The ability to secure transmission energy
to conceal traffic volumes and remote
activity
Control Channel Information
The ability to strongly encrypt both Layer 2
signaling and IP data
Hub and Remote Authentication and Validation
The ability to ensure that remote terminals connected to the
network are indeed authorized users
Masking Channel Activity
• Necessary because:
• TDMA carriers are based on dynamic traffic bursts transmitted
by remotes within the TDMA frame.
• Traffic spikes, increased traffic volumes, and active remotes can
be detected
• Creates vulnerability allowing adversaries to extrapolate
information on timing, location, or scale of strategic activities
• TRANSEC :
• Added free slot allocation in the TDMA bandwidth distribution
algorithms
• Creates a constant ―wall of data‖ regardless of traffic profiles
• Free slots preserve bandwidth efficiencies of TDMA
• Acquisition Obfuscation to create traffic in the acquisition slot
even when no remotes are coming into the network
Control Channel Information
• Necessary because:
• IP encrypted TDMA networks have traffic engineering
information (source, destination, priority) embedded in the
IP header
• Traffic and priority information determines applications
used
• General communication (email, web browsing) versus
• Tactical communication (voice and video)
• Without TRANSEC, all layer 2 signaling information is in the
clear
• TRANSEC :
• Encrypts all the IP packet and Layer 2 and control information
with:
• FIPS 140-2 certified encryption based on AES 256 algorithm
• Over-the-air key update feature
Hub and Remote Validation
• Necessary because:
• TDMA remotes dynamically drop in and out of the network
based on traffic patterns and movement
• Risk that remotes might be spoofed and adversary inserts rogue
remote into secure network
• TRANSEC:
• Implementation of public key encryption on the remotes through
X.509 digital certificates
• Certificates are generated by the Hub and placed on all TRANSECenabled components of the satcom network (hub elements and
remotes)
• Utilizes RSA public key encryption (private and public key) :
• Remotes encrypts its X.509 certificate with a private key
• Hub decrypts the certificate with the remote‘s public key and
vice versa
TRANSEC Overview
Before TRANSEC
Outroute
Inroute
Inroute
PC
XXLMXXLLMLX
XX MM
TOS
SA DA
TOS
00110101101001
XXLMXXLLMLX
XX MM
XX MM
BTP
BTP
XXBTP
MM
BTP
TOS
XXLMXXLLMLX
TOS
TOS
SA DA
Demand
Header DID
Demand
Header DID
XXLMXXLLMLX XX MM
00110101101001
TOS
XXLMXXLLMLX
TOS
Demand
Header
Demand
Header
DID
DID
Demand
Header DID
IP encryptor
IP encryptor
$%^#$#%@^&&#
SA DA
DID# 512
TOS
SA DA
TOS
$%^#$#%@^&&#
XXLMXXLLMLX
SA DA
$%^#$#%@^&&#
SA DA
Demand
Header DID
SA DA
TOS
TOS
TOS
$%^#$#%@^&&#
XX ML
TOS
XXLMXXLLMLX
Demand
Header DID
Protocol Processor
296
DID# 512
TRANSEC Overview
After TRANSEC
Outroute
$%^#$#%
XXLMXXLLMLX
$%^#$#%
XXLMXXLLMLX
$%^#$#%
XXLMXXLLMLX
$%^#$#%
XXLMXXLLMLX
#$%
$%^#$#%
XLM
SA DA
TOS
00110101101001
SA DA
TOS
00110101101001
XXLMXXLLMLX
XLM XLM XLM XLM
PC
$%^#$#%
$%^#$#% $#% KEY RING IV
$%^#$#%
$%^#$#% $#% KEY RING IV
$%^#$#%
$%^#$#% $#% KEY RING IV
$%^#$#%
$%^#$#% $#% KEY RING IV
IP encryptor
X.509
CERTIFICATE
TOS
SA DA
TOS
$%^#$#%@^&&#
SA DA
Demand
Header DID
$%^#$#%
TOS
TOS
TOS
XXLMXXLLMLX
SA DA
$%^#$#%@^&&#
SA DA
$%^#$#%
TOS
XXLMXXLLMLX
$%^#$#%@^&&#
Inroute
$%^#$#%
$%^#$#% $#% KEY RING IV
IP encryptor
$%^#$#%@^&&#
Inroute
Demand
Header DID
Protocol Processor
DID# Can Not be
Spoofed.
DID# 512
DID# 296
ACQ Obfuscation
Start of Frame
Inroute 1
Deliberately empty slot
Inroute 2
Assigned Real ACQ slot with no
response from remote
Inroute 3
Inroute 4
Dummy ACQ bursts
Inroute 5
Real ACQ burst
Time
Data slots (ACC and DCC)
ACQ slot
Our TRANSEC Solution — At a Glance
TRANSEC
Requirements
iDirect‘s Solution
Benefits
Mask channel activity
Free slot allocation creating
uniform size of all TDMA slots
―Wall of Data‖ and Acquisition
Obfuscation
Negates the risk of using
transmission activity as
intelligence gathering
mechanism
Control Channel
Information
FIPS 140-2 certified encryption
256 bit keyed AES encrypted
Over-the-air key update feature
Detection of repetitive
data streams unsuccessful
Hub and Remote
authentication and
validation
Public and private key encryption
on remotes and hubs
X.509 digital certificates
Ensures remotes and
hubs are authorized
and validated
Installation of TRANSEC-enabled networks made easy
THANK YOU
FOR YOUR ATTENTION