Some applications may need to take advantage of the new non-geostationary orbit (NGSO) satellite constellations deployed by commercial vendors, such as Iridium® and O3b®, for data transportation. These next-generation commercial satellite communications (SATCOM) services may provide pole-to-pole Internet protocol (IP) based broadband connectivity to mobile users, such as department of defense (DoD) subscribers, including manned and unmanned aerial platforms, maritime assets, ground mobile units and dismounted warfighters. For instance, Iridium Certus®, the broadband IP service built upon the NGSO Iridium® Next constellation, may provide DoD users with high-speed data services up to 1.4 Mbps. For this service, which is slated to be operational worldwide in a couple of years, data traffic between mobile DoD users (or platforms) are routed among 66 cross-linked low-Earth orbit satellites, through a dedicated gateway and controlled infrastructure owned and operated by the DoD.
With the availability of ubiquitous broadband services, such as Certus®, it may become possible for the DoD to provide mobile users with worldwide access to mission-oriented cloud services, such as surveillance, intelligence, reconnaissance information system (SIRIS). The SIRIS may fuse intelligence, surveillance and reconnaissance (ISR) information obtained from a variety of unmanned aerial vehicle (UAV) platforms as well as other sources and make mission-tailored information products including imagery and video available through a continental United States (CONUS) based web site to remote users equipped with a web browser. A commercial satellite broadband service such as Certus® may offer the promise of ubiquitous broadband reach back to such mission cloud services for remote DoD users. In addition, the commercial satellite broadband service may enable manned and unmanned aerial platforms which produce high-volume ISR streams to transfer the data to CONUS based cloud servers or processing, exploitation, and dissemination (PED) systems. However, the commercial satellite services may lack a key capability needed by the missions, e.g., protection of classified mission data in transit. Depending on the kind of mission information exchanged between the communicating elements, the IP data traffic over the commercial satellite service may need to be protected up to the Top Secret level.
The existing and conventional method for implementing classified network applications over the broadband commercial satellite services may suffer from two major limitations. First, the existing method for interconnecting platform local area network (LAN) enclaves over the SATCOM wide area network (WAN) may use high assurance Internet protocol encryption (HAIPE) based inline network encryptors (INEs) with two IP routers straddling each INE. There may be three major drawbacks for the method: (1) the method may employ three boxes with concomitant CSWaP implications especially for constrained UAV environments; (2) the method may use three layers of IP packet encapsulation producing high network overhead; specifically, each 1000 byte TCP payload incurs 94 bytes of overhead or 9.4%; and (3) the INEs for encrypting up to Top Secret may be controlled cryptographic items (CCIs) which cannot be used in unmanned environments such as UAVs.
Second, HAIPEs may not be suitable for mobile users with handheld devices such as tablets and smartphones who may need to access classified information over broadband satellite services. Although miniaturized HAIPEs such as the L-3 Talon 3 are emerging, this may still require the mobile user to carry another piece of equipment. In addition, the equipment is not self-powered and must draw power from the handheld end user device (EUD) which may deplete the EUD battery. Furthermore, the HAIPE may come with special CCI handling requirements making it cumbersome to use.