164 Int. J. Security and Networks, Vol. 4, No.

3, 2009

Copyright 2009 Inderscience Enterprises Ltd.
Overview of satellite communication networks
security: introduction of EAP
Konstantinos E. Drakakis, Athanasios D. Panagopoulos*
and Panayotis G. Cottis
School of Electrical and Computer Engineering,
National Technical University of Athens,
Iroon Polytechniou 9, Zografou, 15780, Athens, Greece
E-mail: kdrakak@gmail.com
E-mail: thpanag@ece.ntua.gr
E-mail: pcottis@central.ntua.gr
*Corresponding author
Abstract: This paper overviews some of the security mechanisms, widely used in satellite
communications. The security is analysed by layer and the contribution of each layer is presented
both separately and in conjunction with the whole system. Extensible Authentication
Protocol (EAP) as a uniform security framework for satellite communication networks and
satellite communication Direct-To-User (DTU) services is also presented in the paper. Various
EAP-based methods are discussed in relation to the security needs of a satellite communication
network, revealing the advantages and the disadvantages of their incorporation.
Keywords: satellite communications networks security; EAP; extensible authentication protocol;
DTU; direct-to-user satellite applications.
Reference to this paper should be made as follows: Drakakis, K.E., Panagopoulos, A.D.
and Cottis, P.G. (2009) Overview of satellite communication networks security: introduction
of EAP, Int. J. Security and Networks, Vol. 4, No. 3, pp.164170.
Biographical notes: Konstantinos E. Drakakis entered the National Technical University
of Athens in 1997. He obtained his Diploma in Electrical and Computer Engineering in 2003.
He has been working on his PhD since then. Most of his work is on Security Architectures
and Authentication Schemes and Algorithms, especially on Satellite Networks and Broadband
over Power-Line (BPL)/Power-Line Communications (PLC) Networks. In the course of his Post
Graduate academic work, he has worked with HellasSat SA on the HellasSat Offer of Services
in Telecommunications (HOST) project of European Space Agency (ESA) and with EDUNET,
the Greek school network project.
Athanasios D. Panagopoulos received the Diploma Degree in Electrical and Computer
Engineering (summa cum laude) and the Dr. Engineering Degree from National Technical
University of Athens (NTUA) in July 1997 and in April 2002. Since May 2008, he is Lecturer
in the School of Electrical and Computer Engineering of NTUA. He has published more than
130 papers in international journals, IEEE transactions and conference proceedings. He is Senior
Member of IEEE.
Panayotis G. Cottis received the Diploma (Mechanical and Electrical Engineering) and Dr. Eng.
Degrees from the National Technical University of Athens (NTUA), Greece, in 1979 and 1984,
respectively, and MSc from the University of Manchester, (UMIST), Manchester, UK, in 1980.
Since 1996 he has been a Professor at NTUA. He has published more than 80 papers
in international journals and transactions. His research interests include microwave theory
and applications, wireless networks and satellite communications. From September 2003
to September 2006, he was the Vice Rector of NTUA.

1 Introduction
Satellite communication networks have a long successful
history of operation, offering broadband connectivity where
it was needed and connecting remote areas with the rest of
the world in the easiest way possible (Elbert, 2004). In the

multimedia era, satellite links are expected to sustain
the market needs for broadband IP connectivity, which
is probably the best platform to combine flexibility and
stability. Nowadays, there is a great development of new
space technologies facing the demand for the wide-band
satellite services and there is also employment of Ka band

Overview of satellite communication networks security: introduction of EAP 165
(2030 GHz) for DTU satellite services. DTU high
bandwidth services with more tolerant availability
requirement to users anywhere at any time have opened the
era of broadband communication provided by global
systems with low-cost terminals. A typical broadband
communication network including satellite components
is depicted in Figure 1. Security issues and challenges
are very important concerns in these integrated networks.
Figure 1 A typical broadcast/multicast broadband satellite
multimedia network (see online version for colours)

Significant security challenges have emerged from the daily
provisioning of satellite communication application to deal
with problems such as (ETSI TR 102 287 V1.1.1, 2004):
eavesdropping and active intrusion are much easier than
in terrestrial fixed or mobile networks because of the
broadcasting nature of satellites
satellite networks are resource-constrained, particularly
due to limited transmission power (channel capacity
limited) and suffer from interference (terrestrial,
adjacent satellite, etc.)
satellite transponders have limited processing
capabilities, and switching problems usually arise
satellite channels experience high bit error rates due to
adverse propagation phenomena, which lead to packet
losses and to the loss of security synchronisation
geostationary satellites links also subjected to long
propagation delays and consequently security
mechanisms must contribute only minimal delay to the
process.
All of the above major concerns of the electiveness of
satellite communication networks are nowadays addressed
with the evolution and the improvement satellite
transponder capacities and capabilities employing on board
processing techniques. However, security architectures
designed for satellite communication networks must
take these limitations into account, in particular, the need
for confidentiality and the efficient use of satellite
resources.
This paper investigates security methods currently
employed in satellite communications, and introduces the
incorporation of EAP schemes into modern security
architectures for DTU satellite communication networks.
In the second section, the issues of, firstly, how an EAP
framework may be included among the security standards
used for satellites, and secondly how it may be optimally
adapted, and become transparent to satellite transmission
protocols and equipment are examined. The advantages and
disadvantages of adopting an EAP framework in satellite
communications systems are also thoroughly analysed.
2 Security mechanisms for satellite networks
Security may be dealt with in every OSI layer, from
the physical to the application one. However, there are
security mechanisms or modules of security architectures
that cross the layer stack, spanning two or more layers
(see Figure 2). In Figure 2, the BSM (Broadband Satellite
Multimedia, ETSI TR 101 984) protocol stack is given.
Before proceeding with the analytical description
of the security issues in every layer of BSM, we discuss
briefly the S-DOCSIS (Satellite-Data Over Cable Service
Interface Specification) standard, proposed by VIASAT
(www.viasat.com). DOCSIS employs the BPI/SEC
(Baseline Privacy Interface Security) an enhancement of
BPI+. BPI/SEC provides a level of data privacy across the
shared medium. It achieves that by encrypting data flows
using 128-bit AES. The level of protection increases with
the Key management protocol where digital certificate
based authentication with PKI has been added. S-DOCSIS
is heavily used especially in USA, but here we will focus
on the BSM suite.
Figure 2 The BSM (Broadband Satellite Multimedia, ETSI TR
101 984) protocol stack

Physical layer: Restricting physical access to equipment to
authorised personnel only is the first step to be taken
towards ensuring security and proper operation of any
communication system. If this measure fails, the whole
security infrastructure may collapse. It is usual for satellite

166 K.E. Drakakis et al.
communication systems to allow for altering some security
parameters locally to safeguard against possible loss of
authentication information, such as the PIN or the
administrative accounts password. A breach in this kind
of security is always important but it might not be critical
to the security policy applied.
Data link layer: The Conditional Access (CA) mechanism
is an option provided by the fact that the satellite operators
restrict some of their data/programs transmitted to certain
users DVB-S, DVB-RCS and DVB-S2 satellite
communication standard platforms (Morello and Mignone,
2006; ETSI EN 301 790, 2003). This is achieved by the
thorough encryption of the restricted programmes.
Consequently, the programmes must be decrypted at the
receiving end terminals before they can be decoded for
viewing. CA offers capabilities such as Pay-Per-View
(PPV), interactive features such as Video-on-Demand
(VoD) and games, the ability to restrict access to certain
material and the ability to direct messages to specific set-top
boxes, for example, based on geographic regions. The CA
system used in the DVB system includes three main
functions: scrambling/descrambling, entitlement checking
and entitlement management. Implementation may include
smart cards and vendor specific variations. For interactive
satellite networks (ETSI TR 102 287 V1.1.1, 2004; See
Figure 3) such as DVB-RCS and DVB-S2, common DVB
scrambling is a straightforward choice for making the link
inherently secure but it is not necessary. Security may rely
on higher layers but this is not advisable. Moreover, satellite
interactive network individual user scrambling can be used
for both forward and return link (Pillai and Yim-Fun, 2006).
Figure 3 Security layers for interactive broadcasting/multicast
satellite networks

Network layer: Depending on the structure of the satellite
network, various methods prove to be efficient and useful.
One such possibility is IPSec (Kent and Atkinson, 1998),
which applies only if the IP protocol stack is included
in the network. This is not generally the case for satellite
networks, but it may well be in the future, with the
convergence and integration of wireless technologies.

Transport layer: Alternatively, security services may be
provided at the transport layer. Relevant examples are TLS
(RFC 2246) (Dierks and Allen, 1999) or a reliable multicast
protocol that includes security services, such as Secure
Real-Time Transport Protocol (SRTP) (Baugher et al.,
2004). A protocol such as TLS is based on a reliable
transport protocol such as TCP. Therefore, it effectively
operates above the transport layer in the protocol stack.
The TLS protocol provides communications privacy over
the Internet. The protocol allows client/server applications
to communicate in a way that is designed to prevent
eavesdropping, tampering, or message forgery. The protocol
consists of two layers: the TLS Record Protocol and the
TLS Handshake Protocol. At the lowest level, layered
on top of some reliable transport protocol (e.g., TCP),
is the TLS Record Protocol. SRTP is a profile of the
Real-Time Transport Protocol (RTP), which provides
confidentiality, message authentication and replay
protection to the RTP/RTCP (control) traffic. It may achieve
higher throughput and lower packet expansion. SRTP has
proven to provide suitable protection to heterogeneous
environments, i.e., environments including both wired and
wireless links. This is a very important feature considering
in the current trend of the hybrid technologies that include
satellite links (Giuliano et al., 2008). To get such features,
default transforms are described, consisting of an additive
stream cipher for encryption, a keyed-hash based function
for message authentication, and an implicit index for
sequencing and synchronisation based on the RTP sequence
number for SRTP and on an index number for Secure RTP.
Application layer: There are many possibilities to introduce
security mechanisms in satellite networks almost as many as
the number of satellite applications. Application security is
always encouraged even though it may prove to be the
weakest link of the security architecture due to either
programming errors or inadequate precautions. The most
serious drawback in application security is the fact that it is
vulnerable to attacks from third parties not requiring
specialised (and potentially expensive) equipment and
personnel skills. It is therefore possible for almost anyone
to mount an attack with minimum resources and cost.
Perhaps its greatest advantage is its flexibility, since it can
be tailored to specific needs.
3 Introduction of EAP in satellite
communications networks
The EAP (Aboba et al., 2004) defines a security framework
where a negotiation is engaged between two parties,
typically referred to as the supplicant and the authenticator
to designate a particular method of mutual authentication.
This authentication may be one way or mutual. EAP
is placed between the link layer and the network layer.
In other words, EAP is not an authentication method on its
own, but it is used as an extra step of the authentication
process. This step may be quite beneficial, by itself, as it

Overview of satellite communication networks security: introduction of EAP 167
may be used in an encrypted channel and may also allow for
a variety of methods used for authentication. As a result a
malevolent party should first find out which method is being
used and then attempt to compromise it. The extra
authentication step requirements may vary from a simple
username and password pair to biometrical data. EAP was
initially created for use over Point-to-Point Protocol (PPP)
(Simpson, 1994). However, it was designed to be
independent from the link layer protocols. It may
also run over IEEE 802.3 Ethernet (www.802.org/3/),
IEEE 802.5 (www.802.org/5/), and IEEE 802.11
(www.802.org/11/) and it has also been incorporated in the
IEEE 802.1x security suite. Moreover, EAP has also been
designed to be medium independent. This property is
closely related to the link layer independence. It may be run
over lossless or lossy, unreliable media. From all the
above, although EAP has been designed for PPP network
connections, it has been proved a clear cut solution for the
security concerns that arose in the field of wireless networks
of the IEEE 802.1x family protocols.
Integration of EAP in satellite communication networks
is necessary to enhance the security mechanisms previously
described. EAP is ideal for device-based authentication.
This is a very important issue, since EAP refers to an IP
protocol stack over satellite, which matches perfectly with
the increasing popular Broadband Satellite Multimedia
services. This is a slightly different service from the
standard DVB applications where the satellite terminal is
connected to a Set-Top-Box, which is connected to a TV
set. The benefit from employing EAP in DVB and IP
satellite applications is that it may provide a unified
framework for both, allowing for extra security where the
possibility exists. Also, since security can be implemented
in different layers, it is generally considered a better choice
to invest on lower layer security because bypassing or
cracking in lower layer security requires specialised
equipment and skills.
Another advantage of the EAP architecture is its
flexibility. EAP is used to select a specific authentication
mechanism, typically after the authenticator has
requested more information aiming at determining which
authentication method should be employed. EAP allows
the use of a backend authentication server, which may
implement some or all the authentication methods,
with the authenticator acting as a pass-through for some or
all methods and peers. EAPs flexibility may also be
evidenced by the fact that EAP sessions may be run
on a Residential Gateway (RG) as described in ISO-IEC
15045 (ISO/IEC 15045-1, 2004) and similarly ISO/IEC
18012 (ISO/IEC 18012-1, 2004) for Home Electronic
System (HES) devices. The devices EAP parameters
in the respective EAP method are provisioned for adding,
editing and appending following changes in the RG/HES
systems.
The use of EAP in a satellite networks environment
is a new concept and as such, is an open issue for research


and investigation. In the following sections, the various
EAP methods used to date are discussed along with their
incorporation in satellite communication networks and the
respective advantages and disadvantages:
Advantages
The EAP protocol may support multiple authentication
mechanisms without having to pre-negotiate a
particular one.
Network Access Server (NAS) devices (e.g., a switch
or access point or a Satellite Hub) do not have to
understand each authentication method and may act as
a pass-through agent for a backend authentication
server. Support for pass-through is optional. An
authenticator may authenticate local peers that are users
registered on a local database residing on the
authenticator, while at the same time acting as
a pass-through for non-local peers and authentication
methods not implemented locally.
The separation of the authenticator from the backend
authentication server simplifies credentials
management and policy decision-making.
EAP is extensible through vendor-developed EAP
authentication types providing different levels of
security
Disadvantages
In cases where the authenticator is separate from the
backend authentication server, the security
methodologies (e.g., key distribution) become more
complicated.
EAP is a lock step mechanism. The propagation delay
in satellite communications may be an issue during the
first steps of negotiation.
The position of EAP in satellite communications basic
architecture is illustrated in Figure 4. Moreover, in Figure 5,
the possible incorporation of EAP framework (EAP server)
in Broadband Satellite Multimedia communication networks
is depicted.
Figure 4 Position of the EAP layer in the satellite
communication architecture layer stack



168 K.E. Drakakis et al.
Figure 5 Employment of EAP in satellite networks

4 Various EAP methods
In the following, certain EAP methods that have been
proposed or are already in use in other wireless networks
technologies are briefly discussed. Some methods expect
that the Satellite Terminal or the Set-Top-Box perform more
functions than most implementations are doing at present.
However, adaptation and further development are possible
and not so demanding. The presentation of these methods
aims at showing, what are their capabilities and, also, at
serving as guidelines for their possible future utilisation in
modern BSM networks.
4.1 EAP-TLS
EAP Transport Layer Security (TLS) (Aboba and Simon,
1999) is an EAP authentication algorithm based on the TLS
protocol (Dierks and Allen, 1999). TLS is the current
version of Secure Socket Layer (SSL) used in most Web
browsers for secure Web application transactions. TLS has
proved to be a secure authentication scheme and is now
available as an 802.1X EAP authentication type. EAP-TLS
is based on SSL v3.0. To better understand EAP-TLS
operation, we focus on the operation of TLS with respect to
SSL. TLS is designed to provide secure authentication and
encryption for a TCP/IP connection. To provide this
functionality, TLS comprises three protocols:
Handshake protocol. The handshake protocol
negotiates the parameters for the SSL session. The SSL
client and server negotiate the protocol version,
encryption algorithms, authenticate one another, and
derive encryption keys.
Record protocol. The record protocol facilitates
encrypted exchanges between the SSL client and the
server. The negotiated encryption scheme and
encryption keys are used to provide a secure tunnel for
application data between the SSL endpoints.
Alert protocol. The alert protocol is the mechanism
used to notify the SSL client or server of errors as well
as session termination.
The TLS authentication is generally distinguished into
server-side authentication and client-side authentication.
Server-side authentication uses Public Key Infrastructure
(PKI), namely PKI certificates. While the client-side
authentication may also use PKI certificates as an option,
EAP-TLS employs client-side certificates. EAP-TLS
protocol may be applied with success to satellite
communication networks.
4.2 EAP-SIM
The EAP Subscriber Identity Module (SIM) authentication
algorithm is designed to provide per-user/per-session mutual
authentication between a Wireless LAN (WLAN) client and
an AAA server. It also defines a method for generating the
master key used by the client and the AAA server for the
derivation of WEP keys. On the client side, the EAP-SIM
protocol, as well as the code needed to interface with a
Smartcard reader and the SIM, is implemented in the
EAP-SIM supplicant. The supplicant code is linked into the
EAP framework provided by the operating system.
The EAP framework handles EAP protocol messages and
communications between the supplicant and the AAA
server; it also installs any encryption keys provided by the
supplicant in the clients WLAN radio card. On the network
side, the EAP-SIM authenticator code resides on the service
providers AAA server. Besides handling the server side of
the EAP-SIM protocol, this code is also responsible for
communication with the service provider. In a Cisco
implementation of EAP-SIM, the AAA server
communicates with a Cisco IP Transfer Point (ITP), which
acts as a gateway between the IP and Signalling System 7
(SS7) networks. The Cisco ITP translates messages
from the AAA server into standard GSM protocol messages.
EAP-SIM architecture may also be applied with success to
satellite communication networks, after having implemented
the appropriate modifications.
4.3 PEAP
Protected EAP (PEAP) is a draft EAP authentication
type (Palekar et al., 2004) designed to allow hybrid
authentication. PEAP employs server-side PKI
authentication. For client-side authentication, PEAP may
use any other EAP authentication type. Because PEAP
establishes a secure tunnel via server-side authentication,
non-mutually authenticating EAP types may be used
for client-side authentication, such as EAP Generic Token
Card (GTC) for One-Time Password (OTP), and EAP MD5
for password-based authentication. PEAP is based on
server-side EAP-TLS and it addresses the manageability
and scalability shortcomings of EAP-TLS. Satellite
operators may avoid the issues associated with installing
digital certificates on every client machine as required by
EAP-TLS by selecting the method of client authentication
that meets better their particular requirements. PEAP
behaves better than EAP-TLS with regard to scalability
properties of the security architecture. It should be noted
that scalability is an important issue in all modern wireless
Overview of satellite communication networks security: introduction of EAP 169
communication technologies and very critical to modern
broadband satellite multimedia networks.
4.4 EAP-FAST
The need to provide user friendly and easily deployable
network access solutions has increased the necessity for
strong mutual authentication protocols that internally use
weak user credentials. EAP-FAST (Cam-Winget et al.,
2007) defines the base protocol, which consists of
establishing a TLS tunnel and then exchanging data in the
form of Type, Length, Value (TLV) objects to perform
further authentication. In Cam-Winget et al. (2006)
extensions for dynamic provisioning, an additional
credential called a Protected Access Credential (PAC),
aiming at optimising the EAP-FAST exchange, have been
proposed. In addition to regular TLS cipher suites and
handshakes, EAP-FAST supports the use of PAC with the
TLS extension as defined in Salowey et al. (2006)
to support fast re-establishment of the secure tunnel
without having to maintain per-session state on the
server. EAP-FAST may also be employed in satellite
communication networks.
4.5 EAP-POTP
One-Time Password (OTP) (Nystroem, 2007) systems are
all based on the same concept but may vary substantially in
complexity, security and sophistication. This is partly due to
the different algorithms, which may be used for the system
implementation. The encapsulating environment can also
make quite a difference. Generally, an OTP procedure
could quite possibly be used in satellite communications
networks. There are two entities in the operation of the OTP
system. The generator produces the appropriate OTP from
the users secret pass-phrase and from information provided
in the challenge from the server. The server sends a
challenge that includes the appropriate generation
parameters to the generator, verifies the OTP received,
stores the last valid OTP it received, and also keeps the
corresponding OTP sequence number. The server must
also facilitate the changing of users secret pass-phrase in a
secure manner. One method could be to have the OTP
generator pass the users secret pass-phrase, along with
a seed received from the server as part of the challenge,
through multiple iterations of a secure hash function
to produce a OTP. After each successful authentication, the
number of secure hash function iterations is reduced by one.
In this way, a unique sequence of passwords is generated.
The server verifies the OTP received from the generator by
computing the secure hash function once and comparing the
result with the previously accepted OTP (Lamport, 1981).
EAPPOTP may be used on satellite communication
networks, only when the EAP conversation is protected,
something that can be achieved with technologies such as
IPsec or TLS.


5 Conclusion
In this paper, the possible incorporation of EAP in satellite
communication networks has been discussed. Subject of
further work is to modify properly some of the EAP
methodologies (more particularly the Key derivation
process) to include extra security mechanisms that reflects
the needs of satellite communication network. Summing up,
the benefits of using EAP in satellite communication
networks may prove significant, since the adoption of EAP
methods may offer flexibility and scalability in an attempt
to ensure existing networks operating under a specific
protocol will continue to function properly and securely.
An architecture including EAP may retain all functionalities
and general benefits of existing mechanisms, and still
provides add-on security and reliability to the network.
The present trends in satellite communications are the
integration with the IP protocol stack and the turn from
a channel approach to a network one. EAP conforms to
both of these trends thereby having another advantage.
References
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J. and
Levkowetz, H. (2004) Extensible Authentication Protocol
(EAP), IETF RFC 3748.
Aboba, B. and Simon, D. (1999) PPP EAP TLS Authentication
Protocol, IETF RFC 2716.
Baugher, M., McGrew, D., Naslund, M., Carrara, E. and
Norrman, K. (2004) The Secure Real-Time Transport
Protocol (SRTP), IETF RFC 3711.
Cam-Winget, N., McGrew, D., Salowey, J. and Zhou, H. (2006)
Dynamic Provisioning using EAP-FAST, draft-cam-winget-
eap-fast-provisioning-02.txt.
Cam-Winget, N., McGrew, D., Salowey, J. and Zhou, H. (2007)
The Flexible Authentication via Secure Tunneling Extensible
Authentication Protocol Method (EAP-FAST), draft-cam-
winget-eap-fast-06.txt.
Dierks, T. and Allen, C. (1999) IETF RFC 2246, The TLS
Protocol, Version 1.0, IETF RFC 2246.
Elbert, B. (2004) The Satellite Communication Applications
Handbook, 2nd ed., Artech House, Norwood, MA, USA.
ETSI EN 301 790 (2003) Digital Video Broadcasting (DVB);
Interaction Channel for Satellite Distribution Systems,
Sophia-Antipolis, France.
ETSI TR 102 287 V1.1.1 (2004) Satellite Earth Stations
and Systems (SES); Broadband Satellite Multimedia
(BSM); IP Interworking over Satellite; Security Aspects,
Sophia-Antipolis, France.
Giuliano, R., Luglio, M. and Mazzenga, F. (2008) Interoperability
between WiMAX and broadband mobile space networks,
IEEE Communications Magazine, Vol. 46, No. 3, pp.5057.
ISO/IEC 15045-1 (2004) Information Technology Home
Electronic Systems (HES) Gateway Part 1: A Residential
Gateway Model for HES.
ISO/IEC 18012-1 (2004) Information Technology Home
Electronic System Guidelines for Product Interoperability
Part 1: Introduction.


170 K.E. Drakakis et al.
Kent, S. and Atkinson, R. (1998) Security Architecture for the
Internet Protocol, IETF RFC 2401.
Lamport, L. (1981) Password authentication with insecure
communication, Communications of the ACM 24.11,
pp.770772.
Morello, A. and Mignone, V. (2006) DVB-S2: the second
generation standard for satellite broad-band services,
Proceedings of the IEEE, Vol. 94, No. 1, pp.210222.
Nystroem, M. (2007) The Protected One-Time Password Protocol
(EAP-POTP), IETF RFC 4793.
Palekar, A., Simon, D., Salowey, J., Zhou, H., Zorn, G. and
Josefsson, S. (2004) Protected EAP Protocol (PEAP),
Version 2, IETF Internet Draft (work in progress), Available
at draft-josefssonpppext- eap-tls-eap-10.txt.
Pillai, P. and Yim-Fun, H. (2006) Design and analysis of secure
transmission of IP over DVB-S/RCS satellite systems,
Wireless and Optical Communications Networks, IFIP
International Conference, 1113 April, Bangalore, India, p.5.




































Salowey, J., Zhou, H., Eronen, J. and Tschofenig, H. (2006)
Transport Layer Security Session Resumption without
Server-Side State, IETF RFC 4507.
Simpson, W. (Ed.) (1994) The Point-to-Point Protocol (PPP),
IETF RFC 1661.
Websites
www.802.org/3/
www.802.org/5/
www.802.org/11/
www.viasat.comv