Professional Documents
Culture Documents
H29335 Ecryption & Conditional Access
H29335 Ecryption & Conditional Access
Conditional Access
Data encryption is achieved by using “keys” to encrypt and decrypt messages. These keys are
used with an algorithm designed to convert text or other data into digital gibberish and then
restore it to its original form. The longer the key, the more complicated the encryption;
consequently, more computing power is required to decipher the message. To decipher an
encrypted message without the encryption key, the message would have to be cracked by trying
every possible key (by brute force). Keys are made up of bits. In the case of a 16-bit key, there
is a total of 216 = 65,536 possible values. In the case of a 56-bit key, there is a total of
72 quadrillion possible combinations.
• Conditional Access (CA) system, which authenticates each user’s network activity and
ensures that authorized users have access only to their data.
The unique key “burned” into the ASIC at the time of manufacture is referred to as the
Hardware Master Key. This hardware key is used to decrypt the Software Master key sent when
the terminal is commissioned into the network.
The Software Master Key is a special key generated at the time the terminal is shipped. This
key is created using the Hardware Master key and the NOC ID of the NOC on which that
terminal is to be commissioned. Using this process, the Software Master key uniquely “links”
the terminal to that specific NOC. Hence, the terminal may only be commissioned and operated
on the NOC that has an ID that matches the ID in the Software Master Key.
After commissioning, the NOC sends separate software keys to the terminal for its unicast traffic
and each multicast session. These software keys are generated at the NOC using the Conditional
Access Control (CAC) server. They are sent to the terminal using the Software Master key. As
such, the terminal only receives key information (in encrypted form) that is addressed
specifically to it. Thus, the terminal is capable only of decrypting and receiving data that is
authorized by the NOC via the keys it is sent.
4.1 Community
A “community” in the DIRECWAY conditional access nomenclature refers to a group of
terminals that share the same conditional access key. By being part of a particular community, a
terminal can decipher traffic specifically meant for the group of terminals in that community.
There are three types of communities: the Unlimited Community, the Implicit Community, and
the Limited Community. Figure 4-1 illustrates the general hierarchy of entities within the
different communities.
Communities
Unlimited Implicit
Implicit Limited
••••
DIRECWAY DIRECWAY DIRECWAY DIRECWAY DIRECWAY
Terminals Terminals Terminals Terminals Terminals
DIRECWAY
TERMINALS
DIRECWAY
DIRECWAY DIRECWAY TERMINALS
TERMINALS TERMINALS
DIRECWAY
TERMINALS
As an example, suppose there is a network of 1,000 terminals that is to receive unicast traffic, as
well as up to five different streams of multicast traffic. The system would then have a total of
1,000 Implicit Communities, one Implicit Community for every commissioned terminal. Each
Implicit Community would have a unique key and would support unicast traffic between the
NOC and that specific remote terminal. In addition, the system would have five Limited
Communities, one for each of the five multicast streams. Each Limited Community would have
its own unique key defined.
Each terminal would have at least three unique keys: 1) the key for the Unlimited Community
for system data traffic, 2) a key for the Implicit Community for its unicast traffic, and 3) a key
for each Limited Community to which that terminal belongs. If the terminal wishes to be part of
more than one multicast group, it would have one unique key for each of the different Limited
Communities from which it is to receive data.
The CAC sends a table of communities to each terminal specifying the communities to which
that terminal belongs. This table includes its own Implicit Community for unicast traffic and
The CAC also sends each terminal a table with a list of multicast addresses and Community IDs
for every Limited Community to which that terminal belongs (Table 6-2).
The tables above are sent to each terminal encrypted with the Software Master Key. This means
that only that terminal can decrypt traffic sent to it. When a terminal becomes operational, it
searches its Community-Multicast table to obtain the Community ID for every Limited
Community to which it belongs. Once the Community ID has been determined, the terminal
searches its Community-Key table to obtain the corresponding decryption key for that
community. This key information is then loaded into the receiver so that when traffic is received
on the outroute, the address and keys are already available in hardware. (Since a terminal is
already a member of its Implicit Community at startup, the unicast key is always present in the
receiver after it is commissioned.)
For multicast traffic, the terminal extracts the multicast address from the satellite header and
uses the associated key for that community. Once this information is processed, the terminal is
able to listen to the multicast traffic and decipher the information based on the key associated
with the community.
The CAC uses the Backbone LAN and predefined IP multicast addresses to send conditional
access control messages to the IP gateways in the NOC. There are two such IP multicast
addresses: one for sending key information for unicast traffic, one for sending key information
for multicast traffic. All of the unicast encryption keys for every enabled remote terminal are
sent to all NOC IP gateways. The IP gateways store the received keys in a table. Likewise, the
CAC sends encryption keys to the IP gateways for multicast service elements. The gateways
store these multicast keys in a separate table and use the table to extract multicast encryption
keys for forwarding multicast IP packets. The rate at which the CAC sends conditional access
messages is controlled by parameters in the CAC server. The messages are sent fairly
frequently to support key changes and/or the addition of new remote terminals, as well as to
support new and restarted gateways.
When traffic arrives at an IP gateway, the destination IP address is found in a local configuration
file stored in the gateway. The serial number of the remote terminal is extracted. This serial
number is converted into a satellite address and is used to look up the encryption key from the
table received from the CAC server. Subsequently, a satellite header is built using the
encryption key, satellite address, IP packet length, and sequence number. This header is
appended to the IP packets and is shipped off to the satellite gateway for transport over the
outroute.
Once a specific remote terminal receives a message, it will decrypt it using the decryption key
previously sent to it from the CAC server. After successfully deciphering the message, the
satellite header is stripped off, and the IP packet is forwarded to the terminal’s IP header.
7.0 Conclusion
HNS’ DIRECWAY system provides security as a standard feature. The security system has the
following major attributes:
• Outroute data traffic is encrypted in hardware using unique keys for each terminal and
each type of traffic.
• A multilevel encryption scheme is employed that utilizes both hardware and software
keys to prevent unauthorized system access.
• A Conditional Access System is used to control the data traffic that the terminal can
receive.
• Terminals are sent their own unique keys to ensure that they can only receive data on
the satellite link that they are authorized to receive.