Government Related Presentation

Government Roadmap

Tom ClarkDelta Wave Communications, Inc.

Broadband for a mobile Broadband for a mobile planetplanetTMTM

BGAN and information assurance

Requirements in the government sector

• Information assurance implies that– The content cannot be altered or intercepted by an

uninvited parties.– The confidentiality (identity and location of the end user)

is protected– Statistical analysis of the data transfers is prevented

• Security has to be deployed at two levels to cover these requirements:– At the Transport mechanism level (or Network levelNetwork level)– A the Data exchange level (Ciphering the data Ciphering the data

contentcontent)

BGAN network: Built-in protection BGAN network: Built-in protection (1)(1)

IP Core Network

Burum SAS

DP POP

InternetInternetInternetInternet

WWW Server

Customer

HQ

Air InterfaceAir Interface Data and signaling ciphered in accordance

with UMTS standards (TS33.102) Position report encrypted Temporary IDs used to maintain anonymity of

the terminal user (SIM). Satellite control is US Type-1 Encrypted

BGAN network: Built-in protection BGAN network: Built-in protection (2)(2)

IP Core Network

Burum SAS

DP POP

InternetInternetInternetInternet

WWW Server

Customer

HQ

Satellite Access StationSatellite Access Station Joint military/commercial Satellite Earth Stations in the

Netherlands and Italy. Fully Redundant SAS sites Data communications network protected by firewalls

BGAN network: Built-in protection BGAN network: Built-in protection (3)(3)

IP Core Network

Burum SAS

DP POP

InternetInternetInternetInternet

WWW Server

Customer

HQ

Typical DP PoP InterconnectTypical DP PoP Interconnect Routed over leased lines or VPN over IP networks Redundancy - backup links: VPN over public IP

network or ISDN Firewall protected IPSec encryption applied between Inmarsat and

DP POPs

BGAN network: Built-in protection BGAN network: Built-in protection (4)(4)

IP Core Network

Burum SAS

DP POP

InternetInternetInternetInternet

WWW Server

Customer

HQ

Typical DP / Customer InterconnectTypical DP / Customer Interconnect VPN over IP networks:IPSec encryption Firewall protected

BGAN network: Built-in protection BGAN network: Built-in protection (5)(5)

IP Core Network

Burum SAS

DP POP

Customer

HQ

Leased Line

Dedicated DP / Customer InterconnectDedicated DP / Customer Interconnect Private dedicated links IP Sec encryption Firewall protected

Protecting the content over IP networks

IP Core Network

Burum SAS

DP POP

InternetInternetInternetInternet

WWW Server

Customer

HQEnd-to-end Application LayerEnd-to-end Application Layer

COTS VPN (e.g. Cisco, Checkpoint, Nortel, Netscreen)

Government standard encryption including Type-1/Top Secret

Leased Line

Protecting the content over circuit-switched

Circuit Switched

Core Network

Burum SAS Customer

HQ

International International PSTN/ISDNPSTN/ISDN

International International PSTN/ISDNPSTN/ISDN

STU

STU

ISDN Encryption - STE

Serial Bulk Encryption – KIV-7

Analogue Encryption – STU-IIb/III

End-to-end Application LayerEnd-to-end Application Layer

Focus on encryption devices Focus on encryption devices 64Kb Circuit Switched Data - 3.1Khz Audio  • STU-III Motorola/ATT/GE• Sectera Wireline (FNBDT/PSTN) General Dynamics• OmniXi L3• STE (via STU interface) L3

Circuit Switched Data - ISDN UDI/RDI • STE L3• KIV-7 Mykotronics• OmniXi L3• Brent, Brent 2, Hannibal, Thamer

Packet Switched Services  • DC2K IP Encryptor Thales• KG-175 Taclane Classic General Dynamics• KG-235 Sectera INE General Dynamics• KG-250 AltaSec ViaSat• KG-240 Red Eagle L3

Interoperability results so far…

– Thales DC2K– STU-IIB/III– STE– Viasat KG-250– Taclane KG-175– Sectera KG-235

• Successfully tested over BGAN

Preliminary results(i)

Without TCP PEP With TCP PEP

Upload(kbps)

Download (kbps)

Upload(kbps)

Download(kbps)

Thales DC2K 109(ii) 172(ii) 215(ii) 252(ii)

Viasat KG-250

76(iii) 128(iii) Not tested Not tested

Taclane KG-175

136(iii) 112(iii) Not tested Not tested

(i) FTP transfer of 1MB file, using T&T explorer 500 and LINUX platform; (ii) Throughput averaged over 10 file transfers(iii) Best Throughput observed over 10 file transfers

Up to 100% improvementUp to 100% improvement

ConclusionsConclusions

• Network Security (TRANSEC)– BGAN uses all of the latest Commercial security measures

to protect itself against service interception, eavesdropping or statistical analysis from third parties.

• Content Security (INFOSEC)– Commercial and Government Grade encryption

mechanisms have been proven to work over BGAN ensuring end-to-end confidentiality and integrity of the data content.

Position reporting in BGAN

BGAN - position reporting• Why is User Terminal position reporting required?

– Regulatory• May require that UT position is known when operating in

certain jurisdictions

– Billing• Allows for zone/country based tariffs

– Expedites call setup process

• BGAN UT contains built-in GPS receiver• GPS position reported (encrypted) to network as part of

registration process• Special circumstances mean that important government

customers may find this facility an obstacle to purchasing the service

Solution – disable position reporting

• Considerations– Minimum level of UT position reporting for network access is

required – spot beam ID– GPS receiver required in UT in order to determine its location

and provide optimised operation

• Solution– Disablement through a SIM feature– UT translates GPS position to a spot beam ID using internal map– Only spot beam ID reported to network

• UT operates discretely within a spot beam (200 - 600 km diameter)

Solution – disable position reporting

Discrete Operation SIM

Position Reporting Disabled

Secure voice over 32kbps streaming IP BGAN Service

• Key application for both Civil and Military Government agencies

• Core Secure Voice traffic is low but stable and expected to remain stable

• Secure Voice is an enabler for BGAN Sales in Government Sector.

• Cost and Functionalities scrutinised by Procurement decision makers in that sector

• Secure Voice over 3.1kHz Audio Channel (64kb/s) does not cater for all markets

• Need for Cost Effective Secure Voice Solutions over BGAN

Secure voice in the government sectorSecure voice in the government sector

Solutions: Technical• The 4kbps Voice service cannot be used for encrypted voice• Secure Voice over IP is the way forward:

The BGAN 32kbps Streaming Class (IP) service can be used as transport mechanism for Encrypted Voice.

Secure Telephone RemoteGateway

BGAN CN

RAN

DP PoP

Gateway Secure Telephone

PSTN

32kb/s streaming IP

IP sessionanalogue analogue

GGSN

Secure Call

Example of architecture

Broadband for a mobile Broadband for a mobile planetplanet

TMTM