230 likes | 390 Views
Broadband for a mobile planet TM. Government Roadmap Tom Clark Delta Wave Communications, Inc. BGAN and information assurance. Requirements in the government sector. Information assurance implies that The content cannot be altered or intercepted by an uninvited parties.
E N D
Broadband for a mobile planetTM Government Roadmap Tom Clark Delta Wave Communications, Inc.
Requirements in the government sector • Information assurance implies that • The content cannot be altered or intercepted by an uninvited parties. • The confidentiality (identity and location of the end user) is protected • Statistical analysis of the data transfers is prevented • Security has to be deployed at two levels to cover these requirements: • At the Transport mechanism level (or Network level) • A the Data exchange level (Ciphering the data content)
BGAN network: Built-in protection (1) IP Core Network WWW Server Internet DP POP Burum SAS Customer HQ Air Interface • Data and signaling ciphered in accordance with UMTS standards (TS33.102) • Position report encrypted • Temporary IDs used to maintain anonymity of the terminal user (SIM). • Satellite control is US Type-1 Encrypted
BGAN network: Built-in protection (2) IP Core Network WWW Server Internet DP POP Burum SAS Customer HQ Satellite Access Station • Joint military/commercial Satellite Earth Stations in the Netherlands and Italy. • Fully Redundant SAS sites • Data communications network protected by firewalls
BGAN network: Built-in protection (3) IP Core Network WWW Server Internet DP POP Burum SAS Customer HQ Typical DP PoP Interconnect • Routed over leased lines or VPN over IP networks • Redundancy - backup links: VPN over public IP network or ISDN • Firewall protected • IPSec encryption applied between Inmarsat and DP POPs
BGAN network: Built-in protection (4) IP Core Network WWW Server Internet DP POP Burum SAS Customer HQ Typical DP / Customer Interconnect • VPN over IP networks:IPSec encryption • Firewall protected
Leased Line BGAN network: Built-in protection (5) IP Core Network DP POP Burum SAS Customer HQ Dedicated DP / Customer Interconnect • Private dedicated links • IP Sec encryption • Firewall protected
Leased Line End-to-end Application Layer • COTS VPN (e.g. Cisco, Checkpoint, Nortel, Netscreen) • Government standard encryption including Type-1/Top Secret Protecting the content over IP networks IP Core Network WWW Server Internet DP POP Burum SAS Customer HQ
End-to-end Application Layer • ISDN Encryption - STE • Serial Bulk Encryption – KIV-7 • Analogue Encryption – STU-IIb/III Protecting the content over circuit-switched Circuit Switched Core Network STU International PSTN/ISDN Burum SAS Customer HQ STU
Focus on encryption devices 64Kb Circuit Switched Data - 3.1Khz Audio • STU-IIIMotorola/ATT/GE • Sectera Wireline (FNBDT/PSTN)General Dynamics • OmniXi L3 • STE (via STU interface) L3 Circuit Switched Data - ISDN UDI/RDI • STE L3 • KIV-7 Mykotronics • OmniXi L3 • Brent, Brent 2, Hannibal, Thamer Packet Switched Services • DC2K IP EncryptorThales • KG-175 Taclane ClassicGeneral Dynamics • KG-235 Sectera INEGeneral Dynamics • KG-250 AltaSecViaSat • KG-240 Red Eagle L3
Interoperability results so far… • Thales DC2K • STU-IIB/III • STE • Viasat KG-250 • Taclane KG-175 • Sectera KG-235 • Successfully tested over BGAN
Preliminary results(i) Up to 100% improvement • FTP transfer of 1MB file, using T&T explorer 500 and LINUX platform; • Throughputaveraged over 10 file transfers • Best Throughput observed over 10 file transfers
Conclusions • Network Security (TRANSEC) • BGAN uses all of the latest Commercial security measures to protect itself against service interception, eavesdropping or statistical analysis from third parties. • Content Security (INFOSEC) • Commercial and Government Grade encryption mechanisms have been proven to work over BGAN ensuring end-to-end confidentiality and integrity of the data content.
BGAN - position reporting • Why is User Terminal position reporting required? • Regulatory • May require that UT position is known when operating in certain jurisdictions • Billing • Allows for zone/country based tariffs • Expedites call setup process • BGAN UT contains built-in GPS receiver • GPS position reported (encrypted) to network as part of registration process • Special circumstances mean that important government customers may find this facility an obstacle to purchasing the service
Solution – disable position reporting • Considerations • Minimum level of UT position reporting for network access is required – spot beam ID • GPS receiver required in UT in order to determine its location and provide optimised operation • Solution • Disablement through a SIM feature • UT translates GPS position to a spot beam ID using internal map • Only spot beam ID reported to network • UT operates discretely within a spot beam (200 - 600 km diameter)
Discrete Operation SIM Solution – disable position reporting Position Reporting Disabled
Secure voice in the government sector • Key application for both Civil and Military Government agencies • Core Secure Voice traffic is low but stable and expected to remain stable • Secure Voice is an enabler for BGAN Sales in Government Sector. • Cost and Functionalities scrutinised by Procurement decision makers in that sector • Secure Voice over 3.1kHz Audio Channel (64kb/s) does not cater for all markets • Need for Cost Effective Secure Voice Solutions over BGAN
Example of architecture Solutions: Technical • The 4kbps Voice service cannot be used for encrypted voice • Secure Voice over IP is the way forward:The BGAN 32kbps Streaming Class (IP) service can be used as transport mechanism for Encrypted Voice.