IP Security over Satellite - IABG

  • Status
    Ongoing
  • Status date
    2013-11-21
Objectives

Satellite technologies represent, like other wireless technologies an, easy target for potential attacker. To protect against these threats, proper security technologies have to be applied. The objectives of this study are to determine how existing security technologies can be used for satellite networks, to assess their advantages and disadvantages, to consider the costs of these technologies and to recommend architectures for their deployment.


Furthermore emerging security technologies shall be analysed concerning their potential benefits for satellite networks. Finally a specification for a demonstrator shall be given, which is able to verify the suitability of the recommended security architectures for the scenario of business intranets connected by satellite networks.

Challenges

One of the key issues is the influence of satellite network characteristics to existing and emerging security technologies. An example of these characteristics are the TCP accelerator technologies frequently used in satellite networks. These technologies often modify transport layer information, which is not accessible if certain security technologies are in place. A second example for these satellite characteristics is the possibility of an easy and efficient way to deploy IP Multicast, which restricts again the selection of adequate security technologies.


Another key issue is the benchmarking of new security technologies currently under development and their usability within satellite networks.

Benefits

The following are the main benefits of this study:


  • Provision of guidelines to be followed starting from the risk analysis of satellite networks, to the selection of an appropriate security technology and the integration of this security technology in a security architecture.
  • Provision of an overview and benchmarking of existing and emerging security technologies.
  • Provision of four security architectures for common satellite network constellations.
  • Provision of the specification for a technology demonstrator.
Features

The work undertaken for this project consisted of analysis and research only, and has not included development, simulation and experiments.

Plan


  • Discussion of the security threats to satellite networks, of the general security services to protect against these threats as well as of the influence of satellite characteristics to security technologies
  • Provision of an overview and benchmarking of existing security technologies like ATM Security, IPSec or SSL
  • Provision of an overview and benchmarking of emerging security technologies like Multicast Security or emerging work in the area of IPSec
  • Definition of security architectures to be used for certain satellite network constellations connecting business intranets
  • Specification of an outline design for a technology demonstrator protecting business to business communication over satellite networks
Current status

The project is complete.

All the tasks to address within the project objectives are completed:

The demonstrator has been procured, integrated, configured, tested and delivered to ESTEC. Training of ESTEC staff on the usage of the demonstrator will follow.

A huge variety of applications have been installed.

Security functionality has been integrated and appropriate security attacks have been performed.

Performance enhancement has been integrated and appropriate performance measurements have been performed.

A verification of the results obtained by using a network simulator has been done using real satellite and Internet links.

The Final Presentation has been given at ESTEC.

An Implementation Handbook has been produced.

The Executive Summary and the Final Report for the project have been provided and are available for download.