Advanced Encryption Support

For years, Spacenet has been a leader in providing its customers with data security over VSAT networks to keep mission-critical data safe in transit. Spacenet now offers US government-grade security (on downstream transmissions for Skystar 360E users and bi-directional for SkyEdge users) for VSAT network users using the advanced Rijndael/AES encryption algorithm for maximum protection from data interception.

Because of their asymmetric nature, Spacenet VSATs utilize different technologies for upstream (low-power, VSAT-to-hub) and downstream (high-power, hub-to-VSAT) transmissions. Spacenet’s upstream communications utilize a patented, proprietary Gilat technology – Frequency/Time Division Multiple Access (FTDMA), which offers capacity management advantages as well as strong, built-in security. Downstream transmissions, however, use the industry standard Digital Video Broadcast (DVB) carrier, which offers advantages, such as the use of standardized equipment that results in less expensive VSAT equipment for customers.

However, the standard DVB-S (DVB over Satellite) carrier does not include encryption to scramble the downstream transmissions so they would be unreadable by any outside party that might receive them. Spacenet has developed a system to encrypt its DVB-S downstream transmissions using the Rijndael (pronounced “Rhine-dahl” or “Rain-dahl”) fast symmetric encryption algorithm to provide very high-grade security. Rijndael is a new-generation symmetric block cipher with variable block and key lengths (128, 192 or 256 bits; 128 bits is most common). The algorithm is a substitution linear transformation cipher, using triple discreet invertible uniform transformations (layers).

Rijndael was recently adopted by the National Institute of Standards and Technology (NIST) as the new Advanced Encryption Standard (AES). Rijndael was selected as the AES over other new-generation encryption algorithms because of its flexibility, ease of implementation, and modular design, which should make modification to counter any attack developed in the future much simpler than with past algorithm designs. This new standard will replace the older DES encryption (adopted in 1977) as a Federal Information Processing Standard (FIPS) used by all federal agencies to protect sensitive, unclassified information for the next several decades.

The Spacenet centralized Network Management System (NMS) is used to configure use of encryption for individual VSATs and on a network-wide basis. The Spacenet DVB-S encryption implementation is also able to balance performance (throughput) while adhering to particular security policies. The encryption is configurable, allowing the selection of encryption optimized for maximum security (Rijndael) or a reduced run-time version optimized for throughput. This choice may also be applied selectively, based on selected TCP sockets.

Upon initial end-to-end connection across the network, the VSATs initiate an encryption key exchange using the public key algorithm with the hub. After successfully exchanging keys, the Hub Protocol Server (HPS) will compress and encrypt downstream user data based on all data or on selected TCP sockets. The NMS allows selection of sockets for each VSAT in the network based on IP address, subnet mask, and TCP port range. A 1024-bit Diffie-Hellman public key algorithm is used to exchange symmetric keys between each VSAT and the hub. Keys are never stored physically on a hard disk or fetched from remote servers.

• Which Connexstar Service is Right for You?
• Learn More About Satellite