Enterprise Solutions

Government & Military


Emergency Response


Small Business Solutions

Education Solutions


Contact Us




Customers Served

Security and Data Encryption

For years, OptiStreams has been a leader in providing its customers with data security over VSAT networks to keep mission-critical data safe in transit. OptiStreams offers U.S. government-grade security for VSAT network users using the advanced Rijndael/AES encryption algorithm for maximum protection from data interception over its SkyEdge Network.

Because of their asymmetric nature, OptiStreams VSATs utilize different technologies for upstream (low-power, VSAT-to-hub) and downstream (high-power, hub-to-VSAT) transmissions. OptiStreams’  upstream communications utilize a patented, proprietary Gilat technology called Frequency/Time Division Multiple Access (FTDMA), which offers capacity management advantages as well as strong built-in security. Downstream transmissions use the industry standard Digital Video Broadcast (DVB) carrier, which offers advantages such as the use of standardized equipment that results in less expensive VSAT equipment for customers. However, the standard DVB-S carrier does not include encryption to scramble the downstream transmissions so they would be unreadable by any outside party that might receive them.

The system to encrypt its DVB-S downstream transmissions uses the Rijndael (pronounced “Rhine-dahl” or “Rain-dahl”) fast symmetric encryption algorithm to provide very high-grade security. Rijndael is a new-generation symmetric block cipher with variable block and key lengths (128, 192 or 256 bits; 128 bits is most common). The algorithm is a substitution linear transformation cipher, using triple discreet invertible uniform transformations (layers).

Rijndael was selected as the AES over other new-generation encryption algorithms because of its flexibility, ease of implementation, and modular design, which should make modification to counter any attack developed in the future much simpler than with past algorithm designs. This new standard will replace the older DES encryption (adopted in 1977) as a Federal Information Processing Standard (FIPS) used by all federal agencies to protect sensitive, unclassified information for the next several decades.

Our centralized Network Management System (NMS) is used to configure use of encryption for individual VSATs and on a network-wide basis. The DVB-S encryption implementation is also able to balance performance (throughput) while adhering to particular security policies. The encryption is configurable, allowing the selection of encryption optimized for maximum security (Rijndael) or a reduced run-time version optimized for throughput. This choice may also be applied selectively, based on selected TCP sockets.

Upon initial end-to-end connection across the network, the VSATs initiate an encryption key exchange using the public key algorithm with the hub. After successfully exchanging keys, the Hub Protocol Server (HPS) will compress and encrypt downstream user data based on all data or on selected TCP sockets. The NMS allows selection of sockets for each VSAT in the network based on IP address, subnet mask, and TCP port range. A 1024-bit Diffie-Hellman public key algorithm is used to exchange symmetric keys between each VSAT and the hub. Keys are never stored physically on a hard disk or fetched from remote servers.

Cisco Integrated FIPS 140-2 Certified Encryption Solution

Cisco/OptiStreams FIPS 140-2 certified encryption solution provides new satellite communications options to government customers, including services for CONUS-based Department of Defense agencies and backhaul services between EMEA and the U.S., utilizing their existing Cisco infrastructure.

OptiStreams offers the industry’s only Cisco certified and integrated satellite networking solution, the Cisco VSAT network module, enabling seamless integration into select models of Cisco’s ISR and access routers. This platform enables easy deployment of fixed VSAT networks in mission-critical applications; transportable solutions for rapid deployment and disaster recovery; and continuity of operations planning (COOP) connectivity. In addition, OptiStreams offers comprehensive network management services including 24x7 customer support, network design and implementation, and program management. OptiStreams services are available in North America and select countries in Europe, the Middle East, South America and Africa.

Federal Information Processing Standard (FIPS) 140-2, a standard published by the National Institute of Standards and Technology (NIST), defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. OptiStreams’s integrated VSAT Cisco solution not only supports FIPS 140-2 but also supports acceleration of the encrypted traffic without the need to install additional devices at the remote location. The solution utilizes the OptiStreams and Cisco co-developed Integrated Acceleration and Encryption (ITAE) technology to provide end-to-end accelerated FIPS 140-2 certified encryption over satellite. The Cisco/OptiStreams FIPS certified solution supports mission-critical disaster recovery, backup networks and other on-demand applications that are integrated directly into an organization’s  existing infrastructure.

The combination of OptiStreams’s fully managed service, guaranteed SLA’s and Cisco’s integrated FIPS 140-2 certified module delivers a whole new level of flexibility to government agencies as well as the ability to utilize their existing Cisco platform and investment. This ability to leverage existing infrastructure should also significantly reduce the amount of training required by agencies to deploy the service or to maintain it.

Toll Free (866) 745-7356 · Phone (559) 440-6366 · Fax (415) 354-8487
email: info@optistreams.com   ·   website: www.optistreams.com

Copyright © 2011 Optistreams Inc. All rights reserved.