The use of PKI in next generation UHF SATCOM

The Mobile User Objective System (MUOS) is the next generation Department of Defense (DoD) Ultra High Frequency (UHF) Satellite Communications (SATCOM) system that will provide the Warfighter with modern, worldwide, mobile communication services, utilizing the Wideband Code Division Multiple Access (WCDMA) waveform. The Joint Tactical Radio System (JTRS) terminals (known as MUOS Functional Terminals (MFTs)) are the first terminals planned to implement the MUOS WCDMA waveform. The MUOS Ground Transport Segment (GTS) and Network Management Segment (NMS) as well as the JTRS Enterprise Network Manager (JENM) and MFTs will use Public Key Infrastructure (PKI) technology for authentication of waveform software, authentication of radio configuration files and in support of authenticated and secure communication for Advanced Encryption Standard (AES) key management functions in the MUOS ground system. However, the MUOS and JTRS terminals are currently planning to utilize different PKI algorithms and different root Certificate Authorities (CAs). Without compatible algorithms and trusted roots, the MFTs are incapable of authenticating provisioning data. The impact of not having compatible algorithms and shared/common certificate management architecture is the inability to digitally exchange provisioning data which ultimately prevents End-to-End (E2E) user communications. This paper describes the results of the Narrowband SATCOM Systems Engineering Group´s (NSSEG) study that was successful in identifying the requirements, identifying candidate solutions for compatible algorithms and roots as well as support for revocation checking.