Transcript Government Related Presentation

Broadband for a mobile planet
Government Roadmap
Tom Clark
Delta Wave Communications, Inc.
TM
BGAN and information assurance
Requirements in the government sector
• Information assurance implies that
– The content cannot be altered or intercepted by an uninvited
parties.
– The confidentiality (identity and location of the end user) is
protected
– Statistical analysis of the data transfers is prevented
• Security has to be deployed at two levels to cover these
requirements:
– At the Transport mechanism level (or Network level)
– A the Data exchange level (Ciphering the data content)
BGAN network: Built-in protection
IP Core
Network
Burum SAS
(1)
WWW Server
DP POP
Internet
Customer
HQ
Air Interface
 Data and signaling ciphered in accordance with
UMTS standards (TS33.102)
 Position report encrypted
 Temporary IDs used to maintain anonymity of
the terminal user (SIM).
 Satellite control is US Type-1 Encrypted
BGAN network: Built-in protection
IP Core
Network
(2)
WWW Server
DP POP
Internet
Burum SAS
Customer
HQ
Satellite Access Station
 Joint military/commercial Satellite Earth Stations in the
Netherlands and Italy.
 Fully Redundant SAS sites
 Data communications network protected by firewalls
BGAN network: Built-in protection
IP Core
Network
Burum SAS
(3)
WWW Server
DP POP
Internet
Customer
HQ
Typical DP PoP Interconnect
 Routed over leased lines or VPN over IP networks
 Redundancy - backup links: VPN over public IP
network or ISDN
 Firewall protected
 IPSec encryption applied between Inmarsat and DP
POPs
BGAN network: Built-in protection
IP Core
Network
Burum SAS
(4)
WWW Server
DP POP
Internet
Customer
HQ
Typical DP / Customer Interconnect
 VPN over IP networks:IPSec encryption
 Firewall protected
BGAN network: Built-in protection
IP Core
Network
(5)
DP POP
Leased Line
Burum SAS
Customer
HQ
Dedicated DP / Customer Interconnect
 Private dedicated links
 IP Sec encryption
 Firewall protected
Protecting the content over IP networks
IP Core
Network
WWW Server
DP POP
Internet
Burum SAS
Leased Line
Customer
End-to-end Application Layer
 COTS VPN (e.g. Cisco, Checkpoint, Nortel,
Netscreen)
 Government standard encryption including
Type-1/Top Secret
HQ
Protecting the content over circuit-switched
Circuit
Switched
Core Network
STU
International
PSTN/ISDN
Burum SAS
STU
Customer
HQ
End-to-end Application Layer
 ISDN Encryption - STE
 Serial Bulk Encryption – KIV-7
 Analogue Encryption – STU-IIb/III
Focus on encryption devices
64Kb Circuit Switched Data - 3.1Khz Audio
• STU-III
Motorola/ATT/GE
• Sectera Wireline (FNBDT/PSTN) General Dynamics
• OmniXi
L3
• STE (via STU interface)
L3
Circuit Switched Data - ISDN UDI/RDI
• STE
L3
• KIV-7
Mykotronics
• OmniXi
L3
• Brent, Brent 2, Hannibal, Thamer
Packet Switched Services
• DC2K IP Encryptor
• KG-175 Taclane Classic
• KG-235 Sectera INE
• KG-250 AltaSec
• KG-240 Red Eagle
Thales
General Dynamics
General Dynamics
ViaSat
L3
Interoperability results so far…
• Successfully tested over BGAN
– Thales DC2K
– STU-IIB/III
– STE
– Viasat KG-250
– Taclane KG-175
– Sectera KG-235
Preliminary results(i)
Up to 100% improvement
Without TCP PEP
Upload
(kbps)
Download
(kbps)
With TCP PEP
Upload
Download
(kbps)
(kbps)
Thales DC2K
109(ii)
172(ii)
215(ii)
252(ii)
Viasat KG-250
76(iii)
128(iii)
Not tested
Not tested
Taclane
KG-175
136(iii)
112(iii)
Not tested
Not tested
(i)
(ii)
(iii)
FTP transfer of 1MB file, using T&T explorer 500 and LINUX platform;
Throughput averaged over 10 file transfers
Best Throughput observed over 10 file transfers
Conclusions
• Network Security (TRANSEC)
– BGAN uses all of the latest Commercial security measures to
protect itself against service interception, eavesdropping or
statistical analysis from third parties.
• Content Security (INFOSEC)
– Commercial and Government Grade encryption mechanisms
have been proven to work over BGAN ensuring end-to-end
confidentiality and integrity of the data content.
Position reporting in BGAN
BGAN - position reporting
• Why is User Terminal position reporting required?
– Regulatory
• May require that UT position is known when operating in certain
jurisdictions
– Billing
• Allows for zone/country based tariffs
– Expedites call setup process
• BGAN UT contains built-in GPS receiver
• GPS position reported (encrypted) to network as part of registration
process
• Special circumstances mean that important government customers
may find this facility an obstacle to purchasing the service
Solution – disable position reporting
• Considerations
– Minimum level of UT position reporting for network access is
required – spot beam ID
– GPS receiver required in UT in order to determine its location and
provide optimised operation
• Solution
– Disablement through a SIM feature
– UT translates GPS position to a spot beam ID using internal map
– Only spot beam ID reported to network
• UT operates discretely within a spot beam (200 - 600 km diameter)
Solution – disable position reporting
Discrete
Operation
SIM
Position Reporting
Disabled
Secure voice over 32kbps streaming
IP BGAN Service
Secure voice in the government sector
• Key application for both Civil
and Military Government
agencies
• Core Secure Voice traffic is low
but stable and expected to
remain stable
• Secure Voice is an enabler for
•
BGAN Sales in Government
Sector.
Cost and Functionalities
scrutinised by Procurement
decision makers in that sector
• Secure Voice over 3.1kHz
Audio Channel (64kb/s)
does not cater for all
markets
• Need for Cost Effective
Secure Voice Solutions over
BGAN
Solutions: Technical
• The 4kbps Voice service cannot be used for encrypted voice
• Secure Voice over IP is the way forward:
The BGAN 32kbps Streaming Class (IP) service can be used as
transport mechanism for Encrypted Voice.
Example of architecture
TM
Broadband for a mobile planet