-
StatusOngoing
-
Status date2014-09-24
Objectives
- To analyse the security needs of the data on telecommunications satellite payload commanding and monitoring links and to develop a system security concept covering these needs.
- To specify the requirements for a generic (potentially reusable in multiple missions) cryptographic processor for implementing the devised security concept in the space segment
- To design, manufacture and test a Breadboard Model of the on-board cryptographic processor to secure the ground-space channel used to control and reconfigure advanced telecommunication payloads.
- To design and manufacture test equipment to support the verification and validation of the cryptographic processor performance and functionality.
- To define the security assurance process used to aid in fulfilling the security requirements related to the development lifecycle and functionality of such a cryptographic processor.
Challenges
n/a
Benefits
On-board cryptographic processors (CP) are usually custom-developed with a full development life cycle for each mission. The main benefits of the developed CP are:
- Dedicated hardware implementations of CCSDS transfer frame and cryptographic processing engines – with exchangeable FPGA IP cores enabling trade-off of throughput vs. chip area
- Always-secure channel for operators to configure and monitor the CP independently of the payload operations
- Modular design enabling the exchange and customisation of cryptographic primitives and interfaces promoting much-reduced development lifecycle for a wide range of future space platforms
- Versatile/reusable symmetric key management concept compatible with standard approaches of today
- Robust operation, autonomous fault detection
Features
- Concurrent data encryption and authentication with connection integrity control on independent CCSDS-standard TM and TC channels
- Additional control interface with its own cryptographic functions for independent protection of the CP commands and TM; provision of periodic HK TM for complete monitoring capability
- Dedicated keys for each channel; standby and active key sets
- Built-in self-tests for autonomous fault detection, built-in key tests to avoid common key management organisation errors
- Separate FPGAs providing encapsulated cryptographic processing and control-and-data-processing, respectively
- PROM-cartridge-based master key storage allowing the customer to take the system security into their own hands
System Architecture
The CP consists of:
- Crypto Processor Board (CPB) - Providing all processing functions/interfaces;
- Mechanical Frame - Comprising the mechanical structure of the CP
- Cryptographic FPGA and Control-and-data-processing FPGA
- Dedicated TM, TC, CP control/monitoring interfaces and corresponding processing engines and pipelines in hardware
- EEPROM and master key PROM cartridge interface for control functionality to provide keys to the cryptographic engines
- Internal bus for control & monitoring the status of all processing stages
- Two-command-selected cryptographic bypass path for emergency or debugging operations
Plan
The activities were divided into 6 Tasks:
- Task 1: analysis of the security risks of generic telecom satellite configuration and monitoring links and devising of a corresponding security concept and on-board cryptographic processor (CP) requirements specification
- Task 2: preliminary design of the CP including architecture, state machine and external interfaces
- Task 3: detailed design and implementation of the CP and corresponding test equipment.
- Task 4: manufacturing of CP breadboard model hardware and programming of FPGAs, plus manufacturing of the test equipment
- Task 5: testing of the CP bread board model
- Task 6: parallel task to define and implement a security assurance process based on a selected security standard (FIPS-140-3) for the CP
Current status
The study has successfully devised a generically applicable security concept for telecom satellite payload configuration and control links and defined requirements for a cryptographic processor (CP) to implement the space segment of this concept. A breadboard model of the CP has been designed, implemented, manufactured and tested/demonstrated using dedicated test equipment also developed in this project. The CP is a highly modular generic and reusable hardware cryptographic unit, ready for manufacture (after possible mission-specific minor modifications), qualification and deployment for TM/TC security in future missions.