Government Related Presentation
-
Upload
sandra4211 -
Category
Documents
-
view
1.397 -
download
5
description
Transcript of Government Related Presentation
Government Roadmap
Tom ClarkDelta Wave Communications, Inc.
Broadband for a mobile Broadband for a mobile planetplanetTMTM
BGAN and information assurance
Requirements in the government sector
• Information assurance implies that– The content cannot be altered or intercepted by an
uninvited parties.– The confidentiality (identity and location of the end user)
is protected– Statistical analysis of the data transfers is prevented
• Security has to be deployed at two levels to cover these requirements:– At the Transport mechanism level (or Network levelNetwork level)– A the Data exchange level (Ciphering the data Ciphering the data
contentcontent)
BGAN network: Built-in protection BGAN network: Built-in protection (1)(1)
IP Core Network
Burum SAS
DP POP
InternetInternetInternetInternet
WWW Server
Customer
HQ
Air InterfaceAir Interface Data and signaling ciphered in accordance
with UMTS standards (TS33.102) Position report encrypted Temporary IDs used to maintain anonymity of
the terminal user (SIM). Satellite control is US Type-1 Encrypted
BGAN network: Built-in protection BGAN network: Built-in protection (2)(2)
IP Core Network
Burum SAS
DP POP
InternetInternetInternetInternet
WWW Server
Customer
HQ
Satellite Access StationSatellite Access Station Joint military/commercial Satellite Earth Stations in the
Netherlands and Italy. Fully Redundant SAS sites Data communications network protected by firewalls
BGAN network: Built-in protection BGAN network: Built-in protection (3)(3)
IP Core Network
Burum SAS
DP POP
InternetInternetInternetInternet
WWW Server
Customer
HQ
Typical DP PoP InterconnectTypical DP PoP Interconnect Routed over leased lines or VPN over IP networks Redundancy - backup links: VPN over public IP
network or ISDN Firewall protected IPSec encryption applied between Inmarsat and
DP POPs
BGAN network: Built-in protection BGAN network: Built-in protection (4)(4)
IP Core Network
Burum SAS
DP POP
InternetInternetInternetInternet
WWW Server
Customer
HQ
Typical DP / Customer InterconnectTypical DP / Customer Interconnect VPN over IP networks:IPSec encryption Firewall protected
BGAN network: Built-in protection BGAN network: Built-in protection (5)(5)
IP Core Network
Burum SAS
DP POP
Customer
HQ
Leased Line
Dedicated DP / Customer InterconnectDedicated DP / Customer Interconnect Private dedicated links IP Sec encryption Firewall protected
Protecting the content over IP networks
IP Core Network
Burum SAS
DP POP
InternetInternetInternetInternet
WWW Server
Customer
HQEnd-to-end Application LayerEnd-to-end Application Layer
COTS VPN (e.g. Cisco, Checkpoint, Nortel, Netscreen)
Government standard encryption including Type-1/Top Secret
Leased Line
Protecting the content over circuit-switched
Circuit Switched
Core Network
Burum SAS Customer
HQ
International International PSTN/ISDNPSTN/ISDN
International International PSTN/ISDNPSTN/ISDN
STU
STU
ISDN Encryption - STE
Serial Bulk Encryption – KIV-7
Analogue Encryption – STU-IIb/III
End-to-end Application LayerEnd-to-end Application Layer
Focus on encryption devices Focus on encryption devices 64Kb Circuit Switched Data - 3.1Khz Audio • STU-III Motorola/ATT/GE• Sectera Wireline (FNBDT/PSTN) General Dynamics• OmniXi L3• STE (via STU interface) L3
Circuit Switched Data - ISDN UDI/RDI • STE L3• KIV-7 Mykotronics• OmniXi L3• Brent, Brent 2, Hannibal, Thamer
Packet Switched Services • DC2K IP Encryptor Thales• KG-175 Taclane Classic General Dynamics• KG-235 Sectera INE General Dynamics• KG-250 AltaSec ViaSat• KG-240 Red Eagle L3
Interoperability results so far…
– Thales DC2K– STU-IIB/III– STE– Viasat KG-250– Taclane KG-175– Sectera KG-235
• Successfully tested over BGAN
Preliminary results(i)
Without TCP PEP With TCP PEP
Upload(kbps)
Download (kbps)
Upload(kbps)
Download(kbps)
Thales DC2K 109(ii) 172(ii) 215(ii) 252(ii)
Viasat KG-250
76(iii) 128(iii) Not tested Not tested
Taclane KG-175
136(iii) 112(iii) Not tested Not tested
(i) FTP transfer of 1MB file, using T&T explorer 500 and LINUX platform; (ii) Throughput averaged over 10 file transfers(iii) Best Throughput observed over 10 file transfers
Up to 100% improvementUp to 100% improvement
ConclusionsConclusions
• Network Security (TRANSEC)– BGAN uses all of the latest Commercial security measures
to protect itself against service interception, eavesdropping or statistical analysis from third parties.
• Content Security (INFOSEC)– Commercial and Government Grade encryption
mechanisms have been proven to work over BGAN ensuring end-to-end confidentiality and integrity of the data content.
Position reporting in BGAN
BGAN - position reporting• Why is User Terminal position reporting required?
– Regulatory• May require that UT position is known when operating in
certain jurisdictions
– Billing• Allows for zone/country based tariffs
– Expedites call setup process
• BGAN UT contains built-in GPS receiver• GPS position reported (encrypted) to network as part of
registration process• Special circumstances mean that important government
customers may find this facility an obstacle to purchasing the service
Solution – disable position reporting
• Considerations– Minimum level of UT position reporting for network access is
required – spot beam ID– GPS receiver required in UT in order to determine its location
and provide optimised operation
• Solution– Disablement through a SIM feature– UT translates GPS position to a spot beam ID using internal map– Only spot beam ID reported to network
• UT operates discretely within a spot beam (200 - 600 km diameter)
Solution – disable position reporting
Discrete Operation SIM
Position Reporting Disabled
Secure voice over 32kbps streaming IP BGAN Service
• Key application for both Civil and Military Government agencies
• Core Secure Voice traffic is low but stable and expected to remain stable
• Secure Voice is an enabler for BGAN Sales in Government Sector.
• Cost and Functionalities scrutinised by Procurement decision makers in that sector
• Secure Voice over 3.1kHz Audio Channel (64kb/s) does not cater for all markets
• Need for Cost Effective Secure Voice Solutions over BGAN
Secure voice in the government sectorSecure voice in the government sector
Solutions: Technical• The 4kbps Voice service cannot be used for encrypted voice• Secure Voice over IP is the way forward:
The BGAN 32kbps Streaming Class (IP) service can be used as transport mechanism for Encrypted Voice.
Secure Telephone RemoteGateway
BGAN CN
RAN
DP PoP
Gateway Secure Telephone
PSTN
32kb/s streaming IP
IP sessionanalogue analogue
GGSN
Secure Call
Example of architecture
Broadband for a mobile Broadband for a mobile planetplanet
TMTM