DIRECWAY® Encryption and

Conditional Access

HNS International Division

June 12th, 2003
 1.0 Introduction
The Hughes Network Systems, Inc. (HNS) DIRECWAY® system offers built-in network
security as a standard feature. All data transmissions are encrypted on the broadband outroute.
Conditional access control is also provided to ensure that only authorized terminals can access
the network.

Data encryption is achieved by using “keys” to encrypt and decrypt messages. These keys are
used with an algorithm designed to convert text or other data into digital gibberish and then
restore it to its original form. The longer the key, the more complicated the encryption;
consequently, more computing power is required to decipher the message. To decipher an
encrypted message without the encryption key, the message would have to be cracked by trying
every possible key (by brute force). Keys are made up of bits. In the case of a 16-bit key, there
is a total of 216 = 65,536 possible values. In the case of a 56-bit key, there is a total of
72 quadrillion possible combinations.

2.0 DIRECWAY Encryption Technique

The DIRECWAY system utilizes the Data Encryption Standard (DES) with a 56-bit key length
as the bulk data encryption algorithm. DES was originally developed by IBM in the early 1970s
and was known as Lucifer. This algorithm was adopted by what was then the National Bureau
of Standards (now U.S. National Institute of Standards and Technology), and it officially
became a federal standard in 1977. The DES algorithm has a 64-bit block size and utilizes a
56-bit key during execution (8 parity bits are stripped off from the full 64-bit key). The triple-
DES algorithm, which in effect takes the input data and encrypts it three times, is used for
additional security to protect the transmission of the DIRECWAY data encryption keys to the
remote terminals. Two 56-bit keys are used by the triple DES algorithm for key distribution.

3.0 DIRECWAY Multilevel Encryption System

DIRECWAY implements a multilevel encryption scheme utilizing both hardware and software
keys combined with a conditional access system to ensure the privacy of data transported over
the network. This standard feature, essential in the provision of services to enterprise and
consumer customers alike, differentiates DIRECWAY technology from other satellite
broadband systems. Important aspects of the DIRECWAY network security include:

• Encryption for all outbound data, performed in hardware to avoid performance

degradation.

• Conditional Access (CA) system, which authenticates each user’s network activity and
ensures that authorized users have access only to their data.

• Tamper-Proof Application-Specific Integrated Circuit (ASIC), which implements

encryption and CA protection. HNS believes that its CA system has never been
compromised.

© 2003 Hughes Network Systems, Inc. 1 HNS-29335

 An important element in the ability to protect the integrity of the DIRECWAY network is the
fact that HNS has implemented (and controlled) proprietary solutions for critical transport
technologies. This has allowed HNS to integrate security into the ASICs at the remote terminal,
thereby significantly reducing the possibility of “hackers” compromising the system. The
tamper-hardened design of the remote equipment’s secure ASIC incorporates measures that
protect against retrieval of any encryption keys from hardware; this includes protection against
any exposed (outside-of-chip) signals as well as destructive reverse engineering. HNS believes
this is a key differentiation from the encryption schemes used by other satellite-based systems.

3.1 Hardware Cryptofacility

DIRECWAY terminals are manufactured with a tamper-hardened cryptofacility. This is a
secure, one-time-programmable ASIC in which unique key information is stored at the time of
manufacture. The cryptofacility is only capable of decrypting data using session key material
created by the DIRECWAY NOC especially for that cryptofacility. One remote terminal cannot
be used to emulate another remote terminal to receive data intended for another user, nor can it
be used as a general-purpose hardware encryptor or decryptor. Another advantage of the
hardware cryptofacility is that the decryption is performed without burdening the main processor
within the terminal. This ensures that the decryption of high-speed multicast transmissions can
be performed without any degradation in terminal throughput.

The unique key “burned” into the ASIC at the time of manufacture is referred to as the
Hardware Master Key. This hardware key is used to decrypt the Software Master key sent when
the terminal is commissioned into the network.

3.2 Software Keys

When a DIRECWAY terminal is activated, its identity is cryptographically authenticated to the
NOC via a digitally signed message that verifies that it is authorized for service. The
authentication is performed by sending the Software Master key to the terminal encrypted using
the Hardware Master key burned into the remote terminal’s ASIC. Thus, only the terminal with
the matching Hardware Master key can decrypt this message.

The Software Master Key is a special key generated at the time the terminal is shipped. This
key is created using the Hardware Master key and the NOC ID of the NOC on which that
terminal is to be commissioned. Using this process, the Software Master key uniquely “links”
the terminal to that specific NOC. Hence, the terminal may only be commissioned and operated
on the NOC that has an ID that matches the ID in the Software Master Key.

After commissioning, the NOC sends separate software keys to the terminal for its unicast traffic
and each multicast session. These software keys are generated at the NOC using the Conditional
Access Control (CAC) server. They are sent to the terminal using the Software Master key. As
such, the terminal only receives key information (in encrypted form) that is addressed
specifically to it. Thus, the terminal is capable only of decrypting and receiving data that is
authorized by the NOC via the keys it is sent.

© 2003 Hughes Network Systems, Inc. 2 HNS-29335

 4.0 DIRECWAY Conditional Access
The DIRECWAY NOC includes a CAC Server. All traffic sent across the DIRECWAY
outroute is encrypted, and the CAC server is responsible for determining which remote terminals
can receive which packets. For this, the CAC server uses encryption keys distributed to the
appropriate NOC components and corresponding decryption keys distributed to the remote
terminals.

4.1 Community
A “community” in the DIRECWAY conditional access nomenclature refers to a group of
terminals that share the same conditional access key. By being part of a particular community, a
terminal can decipher traffic specifically meant for the group of terminals in that community.
There are three types of communities: the Unlimited Community, the Implicit Community, and
the Limited Community. Figure 4-1 illustrates the general hierarchy of entities within the
different communities.

Figure 4-1. General Community Hierarchy

Communities

Unlimited Implicit
Implicit Limited

••••
DIRECWAY DIRECWAY DIRECWAY DIRECWAY DIRECWAY
Terminals Terminals Terminals Terminals Terminals

• Unlimited Community: Every terminal that is commissioned after the creation of an

Unlimited Community will be a member of this community. Any multicast components
in the database associated with this community will be available to all terminals defined
in the system.

• Implicit Community: Implicit Communities are created automatically for every

terminal commissioned and allow the terminals to exchange unicast traffic with the
NOC.

• Limited Community: Limited Communities allow a subset of terminals to receive

certain specified multicast traffic.

© 2003 Hughes Network Systems, Inc. 3 HNS-29335

 4.2 Unicast Traffic
As part of the commissioning process for a terminal, the system creates an Implicit Community
for that terminal. Each Implicit Community is given a unique key. The Implicit Community is
used for unicast traffic between the NOC and the terminal. When the terminal is commissioned
it is sent this Implicit Community key from the NOC, over the outroute, encrypted using the
triple-DES algorithm.

4.3 Multicast Traffic

For multicast traffic, an Unlimited or Limited Community is used. A Limited Community must
have an element and MAC multicast address defined in it. The terminals that wish to receive the
intended multicast traffic must then be assigned to this community. Each Limited Community
that a customer/operator creates is for the purpose of transmitting specific multicast traffic to a
specified group of remote terminals. Figure 6-1 shows the functional hierarchy for the Limited
Community.

Figure 6-1. Functional Hierarchy

Limited IP Multicast MAC Ethernet

Communities Element
Address Multicast Address

DIRECWAY
TERMINALS
DIRECWAY
DIRECWAY DIRECWAY TERMINALS
TERMINALS TERMINALS
DIRECWAY
TERMINALS

As an example, suppose there is a network of 1,000 terminals that is to receive unicast traffic, as
well as up to five different streams of multicast traffic. The system would then have a total of
1,000 Implicit Communities, one Implicit Community for every commissioned terminal. Each
Implicit Community would have a unique key and would support unicast traffic between the
NOC and that specific remote terminal. In addition, the system would have five Limited
Communities, one for each of the five multicast streams. Each Limited Community would have
its own unique key defined.

Each terminal would have at least three unique keys: 1) the key for the Unlimited Community
for system data traffic, 2) a key for the Implicit Community for its unicast traffic, and 3) a key
for each Limited Community to which that terminal belongs. If the terminal wishes to be part of
more than one multicast group, it would have one unique key for each of the different Limited
Communities from which it is to receive data.

The CAC sends a table of communities to each terminal specifying the communities to which
that terminal belongs. This table includes its own Implicit Community for unicast traffic and

© 2003 Hughes Network Systems, Inc. 4 HNS-29335

 1 to N Limited Communities for multicast traffic. Table 6-1 contains the ID of the community
and the key to use for decryption.

The CAC also sends each terminal a table with a list of multicast addresses and Community IDs
for every Limited Community to which that terminal belongs (Table 6-2).

Table 6-1. Community-Key Table 6-2. Community-Multicast

The tables above are sent to each terminal encrypted with the Software Master Key. This means
that only that terminal can decrypt traffic sent to it. When a terminal becomes operational, it
searches its Community-Multicast table to obtain the Community ID for every Limited
Community to which it belongs. Once the Community ID has been determined, the terminal
searches its Community-Key table to obtain the corresponding decryption key for that
community. This key information is then loaded into the receiver so that when traffic is received
on the outroute, the address and keys are already available in hardware. (Since a terminal is
already a member of its Implicit Community at startup, the unicast key is always present in the
receiver after it is commissioned.)

For multicast traffic, the terminal extracts the multicast address from the satellite header and
uses the associated key for that community. Once this information is processed, the terminal is
able to listen to the multicast traffic and decipher the information based on the key associated
with the community.

5.0 Dataflow for Conditional Access Messages

The CAC server in the DIRECWAY NOC has two 10/100 BaseT network interfaces that attach
the server to two different LANs. One interface sits on the Management/Billing LAN, and the
second sits on the Backbone/MUX LAN. The CAC sends encryption keys to the appropriate
NOC components and distributes decryption keys to the remote terminals. Different encryption
keys are used for unicast versus multicast traffic.

The CAC uses the Backbone LAN and predefined IP multicast addresses to send conditional
access control messages to the IP gateways in the NOC. There are two such IP multicast
addresses: one for sending key information for unicast traffic, one for sending key information
for multicast traffic. All of the unicast encryption keys for every enabled remote terminal are
sent to all NOC IP gateways. The IP gateways store the received keys in a table. Likewise, the
CAC sends encryption keys to the IP gateways for multicast service elements. The gateways
store these multicast keys in a separate table and use the table to extract multicast encryption
keys for forwarding multicast IP packets. The rate at which the CAC sends conditional access
messages is controlled by parameters in the CAC server. The messages are sent fairly
frequently to support key changes and/or the addition of new remote terminals, as well as to
support new and restarted gateways.

© 2003 Hughes Network Systems, Inc. 5 HNS-29335

 The CAC sends decryption keys to the remote terminals via the outroute. Unicast keys are sent
in Periodic Adapter Conditional Access Update (PACAU) messages addressed to the specific
remote terminal’s unicast conditional access space link MAC address. The PACAUs also
contain multicast keys for the multicast service elements for which that remote terminal has
been enabled. The mapping of service elements to actual multicast addresses is sent by the CAC
server in Periodic Element Broadcast (PEB) messages. These messages are sent to a broadcast
conditional access space link MAC address. All of the commissioned remote terminals receive
the PEB messages. All keys sent over the space link are encrypted using the Triple-DES
algorithm.

When traffic arrives at an IP gateway, the destination IP address is found in a local configuration
file stored in the gateway. The serial number of the remote terminal is extracted. This serial
number is converted into a satellite address and is used to look up the encryption key from the
table received from the CAC server. Subsequently, a satellite header is built using the
encryption key, satellite address, IP packet length, and sequence number. This header is
appended to the IP packets and is shipped off to the satellite gateway for transport over the
outroute.

Once a specific remote terminal receives a message, it will decrypt it using the decryption key
previously sent to it from the CAC server. After successfully deciphering the message, the
satellite header is stripped off, and the IP packet is forwarded to the terminal’s IP header.

6.0 Export Considerations

Until 1996, the U.S. government considered anything stronger than 40-bit encryption a
“munitions” and its export, therefore, was illegal. The government now allows the export of
56-bit encryption, with some restrictions. In December 1998, the government came out with
new guidelines allowing encryption hardware and software products with encryption strength up
to 56-bit DES or equivalent to be exported without a license, after a one time technical review,
to all users with the exception of certain countries identified by the State Department. HNS’
DIRECWAY system has gone through the technical review required by the State Department
and is in full compliance with all U.S. government regulations regarding the export of
encryption. Similar restrictions apply in most of Western Europe.

7.0 Conclusion
HNS’ DIRECWAY system provides security as a standard feature. The security system has the
following major attributes:

• Outroute data traffic is encrypted in hardware using unique keys for each terminal and
each type of traffic.

• A multilevel encryption scheme is employed that utilizes both hardware and software
keys to prevent unauthorized system access.

• A Conditional Access System is used to control the data traffic that the terminal can
receive.

© 2003 Hughes Network Systems, Inc. 6 HNS-29335

 • Each terminal has a hardware cryptofacility that decrypts the received traffic in real time
using the keys received from the NOC.

• Terminals are sent their own unique keys to ensure that they can only receive data on
the satellite link that they are authorized to receive.

In conclusion, the DIRECWAY system has a very sophisticated encryption system

complemented with a conditional access scheme that provides security for the customers’ data
traffic and enables multiple services to be provided to the entire network while ensuring that
only authorized sites are able to receive these services.

© 2003 Hughes Network Systems, Inc. 7 HNS-29335