210 likes | 481 Vues
BGAN and information assurance . Requirements in the government sector. Information assurance implies thatThe content cannot be altered or intercepted by an uninvited parties.The confidentiality (identity and location of the end user) is protectedStatistical analysis of the data transfers is preventedSecurity has to be deployed at two levels to cover these requirements:At the Transport mechanism level (or Network level)A the Data exchange level (Ciphering the data content).
E N D
2. BGAN and information assurance
3. Requirements in the government sector Information assurance implies that
The content cannot be altered or intercepted by an uninvited parties.
The confidentiality (identity and location of the end user) is protected
Statistical analysis of the data transfers is prevented
Security has to be deployed at two levels to cover these requirements:
At the Transport mechanism level (or Network level)
A the Data exchange level (Ciphering the data content)
4. BGAN network: Built-in protection (1) Position report public key encrypted, 640 bit key, RSAES-OAEPPosition report public key encrypted, 640 bit key, RSAES-OAEP
5. BGAN network: Built-in protection (2) Position report public key encrypted, 640 bit key, RSAES-OAEPPosition report public key encrypted, 640 bit key, RSAES-OAEP
6. BGAN network: Built-in protection (3) Position report public key encrypted, 640 bit key, RSAES-OAEPPosition report public key encrypted, 640 bit key, RSAES-OAEP
7. BGAN network: Built-in protection (4) Position report public key encrypted, 640 bit key, RSAES-OAEPPosition report public key encrypted, 640 bit key, RSAES-OAEP
8. BGAN network: Built-in protection (5)
9. Protecting the content over IP networks
10. Protecting the content over circuit-switched
11. Focus on encryption devices 64Kb Circuit Switched Data - 3.1Khz Audio
STU-III Motorola/ATT/GE
Sectera Wireline (FNBDT/PSTN) General Dynamics
OmniXi L3
STE (via STU interface) L3
Circuit Switched Data - ISDN UDI/RDI
STE L3
KIV-7 Mykotronics
OmniXi L3
Brent, Brent 2, Hannibal, Thamer
Packet Switched Services
DC2K IP Encryptor Thales
KG-175 Taclane Classic General Dynamics
KG-235 Sectera INE General Dynamics
KG-250 AltaSec ViaSat
KG-240 Red Eagle L3
12. Interoperability results so far Thales DC2K
STU-IIB/III
STE
Viasat KG-250
Taclane KG-175
Sectera KG-235
13. Preliminary results(i)
14. Conclusions Network Security (TRANSEC)
BGAN uses all of the latest Commercial security measures to protect itself against service interception, eavesdropping or statistical analysis from third parties.
Content Security (INFOSEC)
Commercial and Government Grade encryption mechanisms have been proven to work over BGAN ensuring end-to-end confidentiality and integrity of the data content.
15. Position reporting in BGAN
16. BGAN - position reporting Why is User Terminal position reporting required?
Regulatory
May require that UT position is known when operating in certain jurisdictions
Billing
Allows for zone/country based tariffs
Expedites call setup process
BGAN UT contains built-in GPS receiver
GPS position reported (encrypted) to network as part of registration process
Special circumstances mean that important government customers may find this facility an obstacle to purchasing the service
17. Solution disable position reporting Considerations
Minimum level of UT position reporting for network access is required spot beam ID
GPS receiver required in UT in order to determine its location and provide optimised operation
Solution
Disablement through a SIM feature
UT translates GPS position to a spot beam ID using internal map
Only spot beam ID reported to network
UT operates discretely within a spot beam (200 - 600 km diameter)
18. Solution disable position reporting
19. Secure voice over 32kbps streaming IP BGAN Service
20. Secure voice in the government sector
21. Solutions: Technical The 4kbps Voice service cannot be used for encrypted voice
Secure Voice over IP is the way forward:The BGAN 32kbps Streaming Class (IP) service can be used as transport mechanism for Encrypted Voice.