TOPIC: SATELLITE LINK PROTECTION

Msc. Telecommmunication Eng. 1

Presentation Layout

 Introduction
 Conventional Protection
 Advanced link protection
 Encryption
 Intrusion Detection Systems

Msc. Telecommmunication Eng. 2

Introduction
 Link Protection is a blanket term that refers to
the methods employed to thwart attempts to
“steal” data from a data transfer link .
 For an Unprotected Link, traffic is sent and
received in “cleartext”, which means that
anybody who can “see” the network traffic is free
to copy and use the data on the link as they see
fit .

Msc. Telecommmunication Eng. 3

Conventional Link Protection
 Conventional methods for protecting ground
controlled satellites from unauthorized
acquisition include the use of a coded
command.
 For such system the required electronic
phase synchronization equipment is not only
costly but also adds weight to the system
resulting in payload reduction by as much as
28pounds.

Msc. Telecommmunication Eng. 4

Advanced link protection

 In modern ways satelite link protection is

done by either
 Encryption
 Intrusion Detection Systems

Msc. Telecommmunication Eng. 5

Encryption
 Encryption is typically used to take this ability
away from those watching network traffic.
 This makes it possible to transfer media from
the content source to a rendering device in a
secure manner.
 Normally Advanced Encryption Standard
(AES-128) is used to encrypt data before
transport.

Msc. Telecommmunication Eng. 6

 This encryption establishes the secure
channel necessary for Link Protection.
 Hence Earth Stations can authenticate other Earth
Stations, as well as communicate without fear of
content misuse or theft.
 And normally this is implemented relatively
transparently.

Msc. Telecommmunication Eng. 7

Msc. Telecommmunication Eng. 8
Msc. Telecommmunication Eng. 9
Intrusion Detection Systems
 The advanced method is the use of Intrusion
Detection System (IDS)
 IDS will be properly tailored to detect
anomalous events along interconnected
networks and provide countermeasures to
avoid system failure

Msc. Telecommmunication Eng. 10

 Satellite IDS exploits two types methods
 Traffic analyzer, and
 The SYN detector

Msc. Telecommmunication Eng. 11

Traffic analyzer
 Traffic analyzer probes run on the access router of all the
networks interfaced to the satellite network. Such probes
aim to collect statistics about traffic coming from and going
to the satellite network.
 Specifically, a traffic analyzer grabs the number of
transferred bytes over any active connection.
 A time interval must be defined for such measurements.
 A large value allows a better measurement accuracy, but it
slows down statistic updates for the attack detection
matters.
 On the contrary, a low value could be affected by transitory
traffic dynamics, as for instance unexpected traffic spikes
or idle times.

Msc. Telecommmunication Eng. 12

The “SYN detector”

 The SYN detector is installed on Satellite

gateway and is in charge to monitor all the
traffic in order to create an IPFIX record for
every SYN/FIN exchange through satellite
link.
 Each record includes the parameters
identifying the specific connection and it is
enhanced with the time information.

Msc. Telecommmunication Eng. 13

Telespazio (TSP) a satellite geostationary link,
remote terrestrial LAN of Polska Telefonia Cyfrowa (PTC),
ISP represented by Telefonica (TID).

Msc. Telecommmunication Eng. 14

Thanks for your attentions….

Msc. Telecommmunication Eng. 15