INTEL: Mobile Routers For MILSATCOM Ops: What To Look For...
author: Roly Rigual, Director of Systems Engineering, iDirect Government Technologies (iGT)
Communications On The Move (COTM) has gained a great deal of attention recently as the need for broadband connectivity on a mobile platform has increased dramatically in the past few years for both commercial and military applications. When assessing routers for COTM MILSATCOM operations, there are several physical layer, security and operational considerations that must be taken into account. This article will look at physical, security and operational characteristics of routers that are best suited to COTM MILSATCOM operations.
Physical Layer Considerations
Ideally, a mobile MILSATCOM router should be available in multiple form factors to accommodate the varying physical constraints of different mobile platforms. For example, a terrestrial vehicle will have different size, weight, power and regulatory constraints than an airborne system. The ability to have the same router running the same software in different form factors allows for platform flexibility while maintaining the same hardware (of varying form factors) and software throughout the network.
In addition, due to the more stringent link budget requirements for small aperture antennas used for on-the-move applications, routers should provide support of the latest and most efficient forward error correction coding (FEC). In MILSATCOM applications where there is greater demand for higher and higher inbound rates, having the option of highly efficient FEC codes like 2D 16-State Forward Error Correction (FEC) brings a new level of IP payload and link budget efficiency. Codes such as 2D 16-State can operate at a lower threshold and utilizes a superior algorithm to older Turbo Product Codes.
Also, in OTM MILSATCOM networks which access methodology to use in conjunction with spread spectrum is a major consideration when deploying larger mobile networks.
A major consideration when deploying larger OTM (On-The-Move) MILSATCOM networks, consideration must be given to the methodology that is used in conjunction with the speed spectrum.
The most efficient approach to spread spectrum for a COTM (Communications-On-The-Move) network is to apply Direct Sequence Spread Spectrum (DSSS) in a TDMA architecture. In DSSS, a pseudo noise code is applied prior to data entering a carrier modulator. The modulator, therefore, sees a much larger bit rate, which corresponds to the chip rate of the pseudo noise code number sequence. The spectrum is spread by the chip factor, resulting in lower transmitted power spectral density. By using DSSS in a TDMA architecture, only one remote terminal will be transmitting at a time. This lowers the required spread factor and yields a much more resource efficient system as compared to other access methods such as Code Division Multiple Access (CDMA).
While DSSS in a TDMA architecture provides more resource efficiency and network scalability, the very nature of TDMA creates security challenges that must also be addressed for OTM routers.
The mobile and itinerant nature of COTM MILSATCOM exacerbates already existing security requirements for SATCOM routers. In the world of satellite communications, the definitions of COMSEC (Communications Security) and TRANSEC (Transmission Security) are often confused. For clarity in this article, COMSEC refers to the methods used to ensure confidentiality, authenticity, and integrity of the user data (type 1 encryption, digital signatures, and so on). TRANSEC refers to the measures used to secure channel activity (e.g., traffic flow analysis), control channel information (e.g., acquisition activity), unit validation (e.g., X.509 certificates, crypto module validation), and physical security.
Transmission security prevents an adversary from exploiting information available in a communications channel without necessarily having defeated the encryption inherent in the channel. For example, even if an adversary cant defeat the encryption placed on individual packets, by analyzing transmission patterns, cloning inactive terminals, and traffic flow analysis, etc. an adversary may be able to gather operational intelligence including location of a terminal.
A mobile router should present to an adversary that is eavesdropping on the RF link a constant wall of fixed-size, strongly encrypted (AES, 256 bit key, CBC Mode) traffic segments, the frequency of which do not vary in response to network utilization. All network messages, including those that control the admission of a remote terminal into the network, should be encrypted and their original size hidden. The content and size of all user (Layer 3 and above), as well as network link layer (Layer 2) traffic, should be completely indeterminate from an adversarys perspective. Also, no higher layer information should be revealed by monitoring the physical layer (Layer 1) signal.
Finally, remote unit validation should be a part of a mobile routers security protocol. Mobile routers are often dropping in and out of networks and there must be a methodology to provide a high level of confidence that an adversary is not trying to assume the identity of a trusted entity. This can be accomplished by ensuring that mobile routers are required to have valid X.509 certificates before being allowed to come into a network.
In regard to cryptographic module validation and physical security of COTM MILSATCOM, mobile units may require additional levels of security due to the increased risk that an adversary may acquire physical access to the router. The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government security standard used to accredit cryptographic modules. Four levels of security are defined by the National Institute of Standards and Technology (NIST). FIPS 140-2 Level 1 validates the cryptographic module of the router. The required security level of a mobile router should be determined and the existence of tamper-evident coatings and the reduction of physical access to the cryptographic keys should also be considered (FIPS 140-2 Level 2).
– Efficient MILSATCOM mobile networks require the ability to rapidly acquire into global networks, be flexible enough to operate on different commercial and military satellites and to support different bands (Ku-, Ka-, X-, C-bands, etc.).
– As many mobile MILSATCOM routers need to be able to roam over larger geographic areas, mobile router systems should have the built in intelligence to communicate with antenna control units and on-board navigation systems to switch between beams based on geographic location, visibility of beam, and usability of beam. The remote must be able to communicate with the antenna controller to control and point the antenna while maintaining its IP addressing, routing, and connectivity.
– To further ensure proper operation of a network in which routers are in constant motion and in varying states of operation, powerful network management tools should be a part of any mobile router solution. Maintaining real-time situational awareness, centralized control of global networks, and visual correlation of large numbers of mobile routers statistics is necessary to maintaining high reliability and rapid deployment of mobile MILSATCOM networks.
– Communications On The Move (COTM) satellite routers have matured to the point where simple one-off terminals that lack efficiency, high level security, and comprehensive network management tools are a thing of the past. When considering todays COTM routers, there is no reason to compromise performance for operational and security requirement.
For additional details, please visit...
About the author
Roly Rigual is Director of Systems Engineering for iDirect Government Technologies (iGT).