Security in IP satellite networks: COMSEC and TRANSEC integration aspects

Interactive broadband satellite systems may encounter several types of threats e.g. data communication eavesdropping, signalling spoofing, etc. The integration of security countermeasures is therefore seen as a major system requirement for institutional, military and industry applications. There are commonly two types of technologies to implement security in satellite systems: the support of secure VPN to guarantee Communications Security (COMSEC) for end to end user security communications and security at transmission level (TRANSEC) implemented at the lower protocol layers. Since the satellite networks are transparent at network layer, apparently there is no problem in the security and encryption procedures integration. However they are not always adapted and optimized to satellite networks (e.g. end-to-end IPSec is not compatible with TCP accelerator technologies that modify the transport layer information) and are far from addressing all the security requirements. This paper analyzes the different techniques used within TRANSEC and COMSEC and the most important integration issues.