Earlier this week at Satellite 2019, iDirect Government was recognized as having the Top Cybersecurity Solution in 2019 by the Mobile Satellite Users Association (MSUA) for our TRANSEC during the Mobility Satellite Innovation Awards luncheon.
But what makes our TRANSEC award-worthy? This technology keeps communications, and ultimately our military, safe and secure as they transmit sensitive data over the airwaves. Recently, we made this technology even better by making usability improvements. We talked to Principal Professional Services Engineer Jason Choe earlier this month to get his take on what TRANSEC incorporates, and why the usability improvements are such a big deal to our end users and warfighters.
What is TRANSEC?
Before diving into TRANSEC, which is short for transmission security, you need to understand the seven layers of Open Systems Interconnection. Layer 1 is the physical layer, the actual product; layer 2 is the data-link layer; layer 3 is the network layer; layer 4 is the transport layer; layer 5 is the session layer; layer 6 is the presentation layer; and layer 7 is the application layer.
TRANSEC includes everything from layer 2 and above, and link encryption is from layer 3 and above. What we’ve done with our products is encrypt everything from layer 2 and above and have put an extra layer on top of encryption.
Why is it important to the end user?
The end user is sometimes in dire situations or enemy territory, and the last thing warfighters want is the enemy finding out what information is being sent back and forth; you pretty much want to hide everything from everybody.
While we can’t hide anything physically – unless we find a way to make our products invisible – we can hide everything from layer 2 and up. We can hide, or encrypt, everything that’s being transmitted or received from the intruder.
How do we make our products secure? How do we use TRANSEC?
We embedded something called a cloak module into our products on both the hub and remote sides. Once TRANSEC is enabled, all the communication goes through the cloak module so all the data is encrypted.
We are also using elliptic-curve cryptography, ECC, to encrypt the key on the remote. The remote will not transmit nor receive the information if the proper key isn’t used. The proper key is generated based on the remote’s unique ECC key.
Not only have we encrypted all the data through the cloak module, you also have to have the right password or key to be able to see those messages. This adds another layer of protection.
There’s one-way TRANSEC and two-way TRANSEC. What’s the difference?
Two-way TRANSEC encrypts data that’s being transmitted and received. For example, I’m talking to you and you’re talking to me; we’re engaged in conversation. That’s two-way.
One-way TRANSEC is encrypting data that’s only going one way, like a TV broadcast or a drone feed. The drone or news station isn’t expecting to receive data back from recipients; it’s just transmitting information out.
We have, with Evolution 4.2, improved the TRANSEC usability. What’s new?
We made the management of TRANSEC a feature in iBuilder with a user interface that is easy to navigate minimizing user errors that could be caused by a manual process. With the enhancements, users have centralized support for features including; management of X.509 certificates and Global Key Distribution, Acquisition Ciphertext Channel (ACC) key retrieval, one-way TRANSEC management, zeroization of security keys, Web User Interface (WUI) for TRANSEC, and a user feedback mechanism.
Prior to Evolution 4.2 all of these tasks were manual and not readily available.
Why is that important?
Before these improvements, network operators had to go through a pretty time-consuming process to generate keys or issue certificates. They might enter one wrong letter and bring down the entire network by mistake.
Now they only have to do one step without having to go into different systems, saving a tremendous amount of time.