Network Computingwww.networkcomputing.com

Smith says he believes a few companies will be able to win exceptions to offer strong encryption globally--basically those willing to play the Washington game, donating significant sums to political parties and hiring high-powered lobbyists. He believes, for example, that Motorola was able to gain permi ssion to encrypt its Iridium wireless phone traffic in China because it hired a well-known former National Security Council member to work for the company. Motorola is quick to point out that it has done nothing illegal; but Smith's point is that encryption laws are so vague that decisions become a matter of individual bureaucratic discretion. He argues that companies shouldn't have to pursue such elaborate measures to win export approvals.

Teledesic's Braun, however, isn't entirely pessimistic. He thinks it may be possible to come up with global or regional agreements that would allow satellite providers to protect their own traffic as long as they don't offer encryption as a customer service.

John Pike, director of the Intelligence Resource Program of the Federation of American Scientists, also tends to think that the government would allow satellite companies to use strong encryption to protect pure telemetry as long as non-U.S. traffic terminates in friendly nations and in a room entirely under the control of the satellite provider. However, he says that the National Security Agency isn't going to let a satellite provider use strong crypto on generic traffic, with or without key escrow, "since they have too much riding on monitoring international traffic." He says the same is true of international fiber.

But even if providers find a way to surmount export issues, they still face a very fractured world of multinational security policies (a new worldwide policy survey is available at www.gilc.org/crypto/crypto-survey. html). Joel Halpern, of Newbridge Networks, thinks most global satellite providers are likely to mimic Motorola by including the issue of security in the negotiations they, or their partners, are already pursuing to gain access to spectrum in each nation. He also agrees with many others that this process "may be too cumbersome to ever work," especially if one or more nations require key escrow.

Of course there's an argument to be made f or security being too much of a good thing. Braun warns that the flip side to this whole equation is that too much security can interfere with network engineering, workload profiles and detailed customer billing. It can also lead to the dreaded celestial "L" word--latency.

The GEO Conundrum Latency and security also aren't apt to mix well when it comes to end-to-end security schemes like standards-based IPSec (IP Security). That's because a common method used to bring GEO (geostationary earth orbit) transmissions up to speed, TCP spoofing, isn't expected to work with IPSec. Benevolent TCP spoofing (unlike the IP spoofing used to attack networks) is a satellite-specific measure for generating early packet acknowledgments to fill broadband pipes.

Spoofing generally benefits larger data transfers and can be augmented by other latency-reducing measures (see "GEOs Turn Up the Speed," on page 76), but Craig Partridge, a principal scientist at BBN, suggests that even with these other options, GEOs cann ot yet be brought into the same performance range as LEOs (low-earth orbit) without spoofing.

Security experts say spoofing and IPSec are incompatible because once a transmission is encrypted, it becomes impossible for an outside entity such as a satellite service provider to see into the packets to perform spoofing. This is true even if TCP is encapsulated in ATM, as most service providers intend.

Satellite expert and University of California graduate student Tom Henderson says IPSec's transport and tunnel models won't accommodate TCP spoofing. A suggestion has been made to leave the TCP header outside of the encryption, but since this would leave the data stream vulnerable to malicious TCP or IP spoofing, additional security procedures are needed, according to Henderson.

From a security standpoint, the primary alternative to IPSec is application-layer security, like SSL (Secure Sockets Layer), which secures the user, transaction or application, instead of the node, as IPSec does. Application-layer security is compatible with TCP spoofing. The downside to application security is it must be implemented individually in each application and intruders can still snoop out certain information, including the destination of transmission. Philip Mellinger, vice president of public key infrastructure for First Data Corp., adds that with application security alone, network proxies--like mail and other ports--end up in the clear, providing an entry point for attacks.

IETF's Schiller thinks it might be possible to perform spoofing on the traffic at the user site before it's encrypted--but that means the traffic will be in the clear until it reaches the spoofing box. Still others say that even if encryption follows spoofing, it will defeat the process.

Another security hurdle for broadband satellite providers lies in their widespread acceptance of ATM infrastructure. While link encryption can be used on ATM, a standard for end-to-end cell-based encryption is still evolving. @Home Network's St. Johns says a few proprietary "key agile" products exist for ATM encryption, but they tend to cost about as much as the workstations they serve. His guess is that the encryptors won't become affordable over the next few years since they are primarily used in the middle of the wire--where fewer systems are needed--rather than at the edges.

NASA officials and others say they believe that the Department of Defense could be extremely helpful to the broadband satellite industry if it chose to share its security technology. Defense's technology apparently allows for extremely high throughput rates at low power, which would foster high-speed and real-time voice and video.

What else can be done? The technology issues are tough, but they're probably easiest to resolve. Alternatives to spoofing are being researched and security standards are evolving. The solid-granite issues are those dealing with laws and policies. Many providers hope that by the time they launch, new and improved policies will be in place. Providers also have taken their case to the Clinton administration. But the issues are apt to remain largely beyond the control of business or those who provide broadband satellite services to business.