Security

Evolution® is the leading IP-based, bandwidth-efficient satellite platform for commercial, government and military communications, and the first TRANSEC-compliant, FIPS-certified security package in the satellite industry. Certain situations require the absolute highest levels of security that go beyond encryption, masking traffic fluctuations and authenticating remote terminals.

The flexibility and scalability of the iDirect product line make possible the implementation of “true” private networks with AES encryption, VLAN segregation and military-grade TRANSEC security along with FIPS 140-2 certification to ensure secure connectivity for end users.

AES
Advanced Encryption Standard (AES) is an encryption standard with a key size of 256-bit. iDirect’s remote routers and line cards offer two-way AES encryption. Link encryption encrypts everything over the satellite concurrently, allowing TCP acceleration to be performed on TCP traffic. This is unlike other IPSec architectures that defeat TCP acceleration and are subject to severe throughput issues. iDirect link encryption comes with a dynamic key exchange that provides a very high level of security within the network.

VLAN
With IP routing protocols such as Virtual Local Area Network (VLAN) tagging, the iDirect platform seamlessly integrates into core MPLS networks. IDirect’s 802.1q VLAN support allows for traffic segregation using only one infrastructure by permitting a remote router to have multiple VLANs associated with it.

FIPS 140-2 Compliance
iDirect’s solutions are designed to be FIPS 140-2 compliant. This meets the strict Federal Information Processing Standards (FIPS) security requirement – the U.S. government’s security standards for handling sensitive information.

TRANSEC
iDirect TRANSEC (Transmission Security) communications platform secures VSAT transmissions from interception and exploitation by incorporating encryption.

iDirect complies with all three TRANSEC requirements:

  • Masking channel activity: With its free slot allocation, the iDirect solution has uniform sizes of all TDMA slots. This creates a wall of data that negates the risk of using transmission activity as an intelligence-gathering mechanism.
  • Control channel information: With FIPS 140-2 certified encryption, 256-bit keyed AES encryption and over-the-air key update features, the content and size of all user traffic, as well as network link layer traffic, is completely indeterminate from an adversary’s perspective.
  • Hub and remote authentication and validation: iDirect’s TRANSEC solution includes a remote-to-hub and a hub-to-remote authentication protocol based on standard X.509 certificates. This is designed to prevent man-in-the-middle attacks with public and private key encryption on remotes and hubs.