The project develops extensions to the SkyWAN® network, used to protect the network, ensure integrity of user and management data and safe operation.
Key issues of the extension are:
The major benefits of the SkyWAN® Secure extensions are:
The key features of SkyWAN® Secure are:
Network Access Control
It is assured that unauthorized ground stations cannot enter a SkyWAN® network. The station authorization and registration is independent from a slave’s local configuration.
Management Access Points
SkyWAN® node and network management is based on IP services provided by the SkyWAN® network. It comprises:
In addition a scheme for management access control is introduced which supports the network operator by automatically spanning up a dedicated administration IP network over the satellite and by restricting the access to this network and individual nodes. It allows the configuration of management access points over which a SkyWAN® network may be accessed for node management or network management.
The introduction of Link Encryption establishes extensive protection on the link level. Once enabled in a network, every kind of administrative satellite link layer data is encrypted prior to transmission over satellite.
Link Encryption is an integrated and autonomous network service. It is an integrated service of the SkyWAN® network and completely independent from any network external equipment. Also, it makes security relevant information inaccessible in the system.
The operation of Link Encryption is hardware accelerated. In order to achieve high encryption throughput, sensitive satellite link layer data is encrypted and decrypted by a security engine inside the indoor unit. The security engine offloads computationally intensive security functions, such as key generation, key exchange, bulk encryption, and bulk decryption from the processor core.
SKYWAN UIM-IP Interface Board
The UIM-IP board is designed especially for IP applications and provides four Ethernet interfaces with an integrated Ethernet switch.
A dedicated Ethernet interface for management traffic grants full independency between user traffic and management traffic from the security point of view. The remaining three Ethernet interfaces are user interfaces permitting further IP services.
The project has passed its Final Review.