[ale] OT: How fast is your connection, and how much do you pay?

[Charles Marcus]

> From: Jeff Hubbs [mailto:hbbs at attbi.com]
> Sent: Monday, March 25, 2002 7:39 PM
> To: Geoffrey
> Cc: Ale (E-mail)
> Subject: Re: [ale] OT: How fast is your connection, and how much do you pay?

<snip>

> Maybe three years ago, Scientific American said that in
> two years, satellite would become the primary mechanism
> for broadband Internet access.  Hasn't happened.  

And it probably won't, for reasons you outline below, but I believe it will definitely be the broadband choice of last resort for those who simply cannot get DSL or Cable, and I think these numbers will be considerabel for quite some time.

> What occurs to me is that not only is there a built-in
> latency associated with satellite broadband due to the
> distance of the satellites' orbits from the Earth, but
> that also due to the fact that you and however many other
> people have their dishes pointed at the same "bird," you
> are sharing the connection bigtime in the same way that a
> cable modem "neighborhood" is shared.  Well, except for the
> fact that, with satellite, your "neighbors" could be in
> Poughkeepsie, Igor, Knoxville, and pretty much anywhere on
> your side of the Third Stone.  
>
> There will also be two times a year, I think, where your
> Internet service is going to go toes for a few minutes a
> day at roughly the same time of day for a few consecutive
> days.  This will be during the periods when your bird feebly
> tries to eclipse the Sun.  

All true enough, but it still beats the hell our of dial-up, hands down.

> Does anyone know how (or if) satellite broadband is encrypted
> on the downlink?

Don't know about all of them, but the following is from the PDF document for DirectPC on DirecWay Security:

DIRECWAY Download (Receive) Security

DIRECWAY Conditional Access utilizes encryption technology to protect the various DIRECWAY services against unauthorized access by interlopers on the satellite downlink to a userÂ’s PC. For Turbo-Internet, conditional access provides privacy protecting transmissions (email, etc.) to a site from being intercepted by any other site over the spacelink. Conditional access protects multimedia streams and digital file transmissions from being intercepted by any site except those designated by the information provider to the DIRECWAY NMC.  The DIRECWAY NMC individually encrypts each multimedia stream or package with a unique session key. Access to a stream or package is controlled by the NMC, which makes its session key available in usable form only to authorized DIRECWAY receivers. The NMC passes to a DIRECWAY receiver its session keys in a scrambled format usable only by that specific receiver. Each receiver includes a tamper-resistant crypto-facility (secure ASIC) in which unique key material is stored at manufacturing time. The crypto- facility is capable of decrypting only with session key material created by the NMC especially for the crypto-facility. As such, the receiver is capable of decrypting only DIRECWAY satellite services.  The NMC utilizes the Data Encryption Standard (DES) with 56-bit key length as the bulk encryption algorithm. Triple-DES with 112-bit key length is used within the key-distribution algorithms.

DIRECWAY Return Channel Security

Using DIRECWAY with a dial- up return channel to the Internet provides no more security on the return channel than is provided by the PPP provider, typically username/password authentication with no packet level encryption.  With a satellite return channel, there is no encryption algorithm applied to data traveling from the user to the NMC and eventually to the Internet. However, inroutes are inherently secure because of their method of operation. Inroutes use a Time Division Multiple Access (TDMA) method of access and transmission, which means that multiple DIRECWAY transmitters will be using the same inroute or set of inroutes for transmission. Transmissions occur in almost random bursts on the inroutes, and timing of the transmissions is controlled via the receive/downlink channel, so compromise of outroute security is necessary to even have a chance of compromising the inroutes. In addition, error correction algorithms applied to the data make it more difficult to monitor transmissions and make sense of the data.  The expense and effort necessary to extract useful data from the inroute is prohibitive, especially since the data is destined for a public network, the Internet.

DIRECWAY NMC Configuration

The network architecture of the DIRECWAY NMC also provides protection for DIRECWAY end users. A single IP address is assigned to each DIRECWAY end station. The IP addresses assigned are in general “non-routable,” which means that if they appear on the Internet, Internet routers will not know where to route the packets. Because of this, the DIRECWAY NMC employs Network Address Translation, or NAT, on the interface to the Internet and translates the non-routable address to a routable address for the duration of a DIRECWAY user’s session. The assignment of the routable address is dynamic, and means that a DIRECWAY user will in general use a different routable IP address each time he uses the DIRECWAY system.  In addition, gateway systems in the NMC preclude other Internet systems or hackers from initiating a connection with DIRECWAY remote, even if a hacker could “guess” the routable IP assigned to the DIRECWAY system. Because of this, it would be difficult for hackers to launch an attack on a DIRECWAY system from the Internet.


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.