Agristar Global Networks
Downstream (Receive) SecurityOur system utilizes a Conditional Access technology that employs multiple levels of encryption technology to protect information flows against unauthorized access on the satellite downlink to a user’s computer. Conditional Access provides a high level of security to transmissions (email, etc) that ensures another site will not intercept it over the space link. Conditional access also protects multimedia multicasts and digital file transmissions from being intercepted by any unauthorized site.
The Hughes Network Operations Center (NOC) individually encrypts each Agristar Global Networks multimedia stream or package with a unique session key. Access to a stream or package is controlled by the Hughes NOC, which makes the session key only available in usable form to authorized receivers. The NOC passes to an Agristar Global Networks receiver its session keys in a scrambled format only usable by that specific receiver. Each receiver includes a tamper–resistant crypto–facility (secure ASIC) containing unique key material installed as part of the manufacturing process. The crypto–facility is only capable of decrypting with session key material created by the NOC especially for the crypto–facility. As such, the receiver is only capable of decrypting Agristar Global Networks satellite services.
The NOC utilizes the Data Encryption Standard (DES) with 56-bit key length as the bulk encryption algorithm. Triple–DES with 112-bit key length is used within the key–distribution algorithms.
Agristar Global Networks Upload (Transmit) Security
With our satellite return channel or uplink, there is no encryption algorithm applied to data traveling from the user to the NOC and then on to the Internet. However, uplinks are inherently secure because of their method of operation. Uplinks use a Time Division Multiple Access (TDMA) method of access and transmission, which means that multiple Agristar Global Networks transmitters will be using the same in routes or set of in routes for transmission. Transmissions occur in almost random bursts on the return channel, and the timing of the transmissions is controlled via the receive/downlink channel. Thus, the downstream channel’s security must first be compromised before it is possible to gain unauthorized access to the uplink. Error correction algorithms applied to the data make it additionally more difficult to monitor transmissions and make sense of the data.
Hughes Network Operation Configuration
The network architecture of the Hughes NOC provides further protection for our users. A single IP address is assigned to each user site. The IP addresses assigned to user sites, however, are “non-routable,” meaning that if they appear on the Internet, network routers will not know where to direct the data packets. The Hughes NOC employs Network Address Translation, or NAT, on its interface to the Internet which translates the non-routable addresses to routable addresses for the duration of each user’s session. The assignment of the routable address is dynamic so users will typically use a different routable IP address each time they use Agristar Global Networks. (Note: Dynamic IP address information only applicable to the Star 100 connection plan.)
In addition, gateway systems in the NOC preclude other Internet systems or hackers from initiating a remote connection with an Agristar Global Networks site, even if a hacker could guess the routable IP address assigned to the system. Because of this, it would be extremely difficult for hackers to launch an attack on an Agristar Global Networks computer site from the Internet.
