A Layered Approach to Cybersecurity in SATCOM
by Karl Fuchs, iDirectGov
There exists an ever-growing connected world, which means pathways of communications open potential attack vectors for malicious actors to remotely eavesdrop, disrupt, intercept and modify sensitive data.
These malicious actors have a variety of methods at their disposal to conduct an attack, enter a network or device, or jam communications. A SATCOM network is potentially vulnerable to cyber attacks from actors located anywhere in the satellite’s footprint.
With government and defense agencies being the biggest users of SATCOM, their networks present a highly desirable target for bad actors. Applying cybersecurity in a SATCOM environment requires a layered security approach, or Defense-in-Depth as it is sometimes called. As recognized by the National Security Agency (NSA), Defense-in-Depth is an effective means to protect networks by presenting multiple obstacles for would-be hackers. This approach brings together multiple strategies to mitigate threats, protecting agencies’ sensitive data and SATCOM networks. Here are some of the layers incorporated in iDirect Government solutions.
Interference Mitigation
The introduction of radio frequency (RF) noise or interference to a SATCOM network, intentional or unintentional, can degrade the SATCOM network, sometimes rendering it completely unusable. iDirect Government addresses the concern of interference with signal excision, part of the Glowlink product line.
The Communications Signal Interference Removal or CSIR, which has signal excision capability, eliminates an interfering signal from the authorized signal of interest (SOI). With only the SOI’s center frequency, bandwidth and symbol rate information, CSIR will monitor and remove an unwanted interfering signal in real-time. This includes modulated carriers, unmodulated tones and interference that changes characteristics (such as burst and sweeping tones).
CSIR can monitor and remove an interfering signal with as little as 1dB of power separation from the SOI. CSIR brings an ingenious and proven capability that protects vital communication but is simple to use and implement. This technology provides a baseline anti-jam capability without requiring additional bandwidth.
TRANSEC
TRANSEC (Transmission Security) protects against adversaries who try to obtain traffic engineering information by monitoring the satellite waveforms traveling between remotes and hubs and addressing vulnerabilities in an IP-based VSAT architecture’s transmission path. Factors such as increased traffic, terminal acquisition rate and data interception can all be used to infer classified data. The waveforms and protocols of TRANSEC-enabled networks are specially designed to always appear the same, regardless of the amount of traffic or the number of active users.
With the release of the 9-Series Satellite Routers and Defense Line Cards (DLCs), iDirectGov developed a TRANSEC module designed to meet the stringent FIPS 140-2 Level 3 requirements as defined by the National Institute of Standards and Technology (NIST). Through hardware and software development, the embedded yet independent TRANSEC module operates through a separate and trusted path from all other interfaces on the product. The module features a robust physical security measure for tamper prevention and the capability to zeroize the security keys or critical security parameters stored on the module itself. If required, the revocation or zeroization of the keys can be accomplished either over-the-air by the hub operator or locally on the remote by authorized personnel.
A great deal of traffic volume and priority information can be gleaned by examining the in-band or out-of-band control information within an encrypted TDMA network. The IP header of a packet contains source, destination, and priority information. For a TDMA network to provide the quality of service (QoS) needed to support real-time traffic, data quantities and prioritization information must be gathered. This information could be more useful to an adversary than channel activity data because it is specific enough to delineate between general communications (like email and web traffic) and tactical communications (like voice and video).
The only solution for this vulnerability is to completely encrypt all Layer 2 information and any control information disseminated to the remotes. iDirectGov has implemented FIPS 140-2 certified 256-bit keyed Advanced Encryption Standard (AES) for all Layer 2 and control information on products.
The encryption of the Layer 2 frames has a side benefit of re-encrypting the data payload. Therefore, the transmitted IP header is AES-encrypted. Additionally, the TRANSEC TDMA slot is a fixed size to obfuscate any traffic characteristics.
This Layer 2 encryption solution solves all existing control channel vulnerabilities. The Layer 2 encryption method features over-the-air key updates and a unique Layer 2 frame format, including an initialization vector that ensures randomization of repetitive data streams. This keeps adversaries from detecting any repetitive pattern.
One-Way Networks
Securing one-way broadcast transmissions is accomplished with the 900 and 9350 (remotes with dual-modulator support) that are capable of dual-domain TRANSEC—the ability to establish two independent chains of trust (sets of X.509s) between two different certificate authorities. An example use case of this feature is having one demodulator on a two-way TRANSEC network while the second demodulator receives a separate one-way TRANSEC secured broadcast. With one-way TRANSEC, Elliptical Curve Cryptography is used for key generation along with X.509 certificates for authentication in each security domain. The 9-Series Satellite Routers and DLCs have been designed to provide higher performance and data rates, plus increased functionality and security, compared to their predecessors.
X.509 Certificates
SATCOM networks are vulnerable when looking at hub and remote unit validation. In traditional single channel per carrier (SCPC) architectures, established links remain active for long periods of time. Because these connections are point-to-point fixed and there is a significant level of coordination between personnel commissioning the SCPC, users have a high degree of confidence an adversary is not trying to assume the identity of a trusted entity. In time division multiple access (TDMA) networks, remotes are routinely coming into and dropping out of the network. This is especially true of networks with mobile or itinerate terminals where terminals are in moving vehicles, aircraft and maritime vessels.
To mitigate risk, iDirectGov has implemented X.509 digital certificates on TRANSEC remotes. An X.509 certificate uses RSA public-key encryption. With public-key encryption, two related keys are generated: one private key and one public key. The functionality of these keys is so that anything encrypted with the public key can only be decrypted with the private key, and anything encrypted with the private key can only be decrypted with the public key.
X.509 certificates can be generated via the NMS server. Certificates are placed on all TRANSEC line cards and protocol processors and on the remotes. The hub system keeps the public keys of each remote configured to operate on the hub, and the remotes have the public keys of each hub.
During network acquisition, the remote encrypts its X.509 certificate with its private key, and the hub verifies by decrypting the certificate with the remote’s public key and vice versa. This process ensures a remote is not only authorized to operate in the network, but also that the hub is a trusted entity. Through these security measures, the use of TRANSEC adds an authentication mechanism that prevents adversaries from joining a protected network or launching “man-in-the middle” attacks. Conversely, adversaries would not be able to re-direct a TRANSEC-enabled remote to join another network without the proper identification and authentication.
FIPS 140-2 Certification
FIPS Publication 140-2, a U.S. government security standard for accrediting cryptographic modules, is published by NIST. FIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be used by a government agency. FIPS 140-2 establishes the Cryptographic Module Validation Program as a joint effort between NIST and Canada’s Communications Security Establishment.
FIPS validation applies to the cryptographic solution, including the operating system and software. iDirectGov’s TRANSEC module in the 9-Series Satellite Routers and Defense Line Cards is certified FIPS 140-2 Level 3. With the introduction of this TRANSEC module, a daughter card is integrated at the board level. The TRANSEC module will contain all the cryptographic information and functionality, and most importantly, can be zeroized when compromised. In addition, by moving the encryption function to the TRANSEC module, re-certification is only required when there’s a change to code on the TRANSEC module.
Security Content Automation Protocol (SCAP)
SCAP is the configuration standard for the U.S. Department of Defense (DoD) Information Assurance (IA) program and IA-enabled devices and systems. SCAP provides technical guidance to “lock down” information systems and software that might otherwise be vulnerable to a malicious computer attack. Implementing SCAP standards ensures the highest level of compliance has been met. In addition, we support several manual configuration changes to meet additional SCAP guidelines, including Red Hat Linux-specific recommendations.
Security Readiness Review scripts test products for SCAP compliance and are available for operating systems and databases that have SCAPs. Threats to systems and data come in many forms, ranging from malware infecting a system to a sophisticated cyber-attack on critical systems by state-sponsored actors.
Conclusion
Incorporating embedded capabilities in iDirectGov’s platform protects and minimizes the attack surface from actors that may, intentionally or unintentionally, interfere with the lines of communications. Battle-tested security measures meet today’s strictest security standards.
About the Author
Karl Fuchs is senior vice president of technology at iDirect Government, Herndon, VA.
(683)
