Internet over satellite - Is it safe?



Ding Dang Doo
My Satellite Setup
DreamBox 7000s - Nokia Freeview - Several GameBoys - DS Lite - ZX81 - SNES - N64 - Saturn - Dreamcast - PlayStation - PS2 - Gamecube - PSP - iPod - iPhone - XBox - PS3 - Wii - iPad - No Life!
My Location
Researchers at the Ruhr University of Bochum managed to read comprehensive information about individuals in studying satellite Internet access (DSL via satellite) of Deutsche Telekom, Megasys and Netsystems. For instance, they managed to read the name, address, date of birth, income, and EC card number of a surfer in the data streams of an Astra transponder within a 24-hour period. They were also able to tap the email communication between commercial users. All they needed to do so was a usual commercial PC, a DVB-S card and a satellite dish.

In its test of various offers in issue 24/03, c't pointed out the basic lack of security in the use of the Internet via satellite. Both Strato and Europe Online also offer this technology as an alternative to wired DSL, though Strato uses Eutelsat for broadcasting. Any satellite user can, in principle, read everyone else's data unless they have activated security functions. Internet access via satellite is generally asymmetric: the client's request is send via telephone or ISDN lines, with the server's response generally being sent back via satellite.

If this connection is tapped, only the answers from the server can be read. Passwords transmitted to read email or log in to a server from a client, for instance, cannot be read in this manner. Applications that users have encrypted, such as online banking with SSL, are secure. Unfortunately, there are enough cases where providers list data entered in a registration form in an unencrypted confirmation email again -- and this email is usually transmitted via satellite. Authentication cookies are placed on the hard drives of users in this manner. If hackers read these cookies, they may be able to log in for certain services without knowing the password.

According to André Adelsbach and Ulrich Greveler of the Center for Network and Data Security at the University of Bochum, many users of DSL via satellite do not seem to be aware of this problem. After all, providers do offer security mechanisms that allow users to protect their data from being read by just anyone when broadcast via satellite. However, to protect one's data, the proxy supplied in the operating software has to be activated. This "performance enhancement proxy" (PEP) actually serves to improve the data throughput, but also encrypts traffic.

Once the software has been installed, the proxy of most providers does just that, Walter Genz, spokesman at Deutsche Telekom confirmed toward heise Security. However, some users seem to deactivate this function. One reason is that VPN software based on IPSec does not work properly with PEP. To get around this problem, Deutsche Telekom and others offer a special VPN connection without a proxy. Here, however, customers have to take care of encryption themselves, which they are informed of. Users should make sure that the proxy installed protects all traffic. Otherwise, individual protocols such as POP3 and IMAP can be secured with SSL. However, the provider has to support this provider.