CONFIDENTIAL

Senetas Security
Whitepaper Microwave link encryption
June 2006

-1-

CONFIDENTIAL

1. Overview
1.1. Microwave links
Microwave links are an established part of defence, corporate, education, health, finance and utility networks and are popular for their ability to be quickly and easily deployed over both short and long distances.

The maturity of radio frequency (RF) technology has permitted the use of microwave links as the major trunk channel for long distance communication. The use of microwave links has major advantages over cabling systems:

Freedom from land acquisition rights. Removes requirement for permanent access to cabling infrastructure for installation and repair. Ease of communication over difficult terrain. Removes the requirement to install difficult and expensive cabling

The use of microwave links however has some disadvantages that mainly arise from the use of free-space communication:

Bandwidth allocation is extremely limited. The competition for RF bandwidth from various competing users leads to very strict allocations of bandwidth.

-2-

CONFIDENTIAL

Atmospheric effects. The use of free-space communication results in susceptibility to weather effects, particularly rain. Transmission path needs to be clear. Microwave communication requires line-of-sight, point-to-point communication. Interference. The microwave system is open to RF interference. Security Vulnerability to tapping

1.2. Microwave security concerns

Microwave links are very vulnerable to interception during transmission as the signal is sent across free-space line of sight links. Commercial equipment to tap into the signal for this kind of interception is readily and cheaply available. Fixed microwave facilities such as office buildings are common targets for this kind of interception as a very small rooftop antenna and decoder in the vicinity of the microwave link are all that is required. Antenna radiation patterns also present the opportunity for monitoring of links outside direct line of sight due to the presence of signal sidelobes which can be picked up by sensitive receivers in the area. Electronic surveillance intelligence agencies such as the NSA are also known to have satellite-based microwave link interception capabilities. These systems can intercept microwave beams from satellites placed in appropriate positions.

-3-

CONFIDENTIAL

2. Encryption solution case study

2.1. Background
A new multi-million dollar public safety data network was recently developed in a major Australian city. The goal was to allow public safety agencies to share information and communicate more effectively by using an end-end wireless information network. The digital network was designed to deliver up to date operational information to emergency services and allow greater coordination when responding to incidents. A critical part of the infrastructure was the provision of microwave links between three sites that would carry sensitive voice and data. It was a requirement that all information carried across the microwave links be secured through digital encryption. The customer required an encryption solution capable of securing a mix of traffic types and one that would not impact performance by increasing bandwidth requirements across the link. Working with a major wireless communications vendor and a local law enforcement agency Senetas demonstrated layer 2 encryption of voice and data traffic on the microwave link at 2Mbps using its CypherNet E1 link encryption platform as shown on the right. During rigorous acceptance tests not a single error was observed and the network is now fully operational.

Command & Control Centre

2M Encryptor

2M Encryptor

Microwave link

Microwave link

Encrypted voice & data

Encrypted voice & data

Microwave link

Microwave link

2M Encryptor

2M encryptor

Communications Centre Operational Centre

-4-

CONFIDENTIAL

2.2. CypherNet Link encryptor

The CypherNet E1/T1 link encryptor is a high-performance purpose built integrated security solution for protocol independent networks. CypherNet has been designed to integrate transparently and simply into protocol independent network architectures and has the following features: Operates on G.703 data transmission networks Full duplex speed up to 2Mbps Support for triple DES or AES Fully automated key management using X.509 certificates for authentication Secure remote management using SNMPv3 Designed to International Security Standards Common Criteria EAL4 FIPS PUB 140-2 Level 3

-5-