Preparation of enabling space technologies and building blocks: Boosting MO security with end2end encryption and space HSMaaS with SDLS
Programme
GSTP
Programme Reference
GT17-137TIce
Prime Contractor
CGI EESTI AS
Start Date
End Date
Status
Closed
Country
Estonia
Objectives
Objectives:
The contract combines two companies. Both had their own objectives, that are demonstrated in an OPS-SAT experiment:
•CGI: PKI-based MO application end-to-end encryption in MAL.
•Skudo: IoD/IoV of HSM providing standard encryption functions implemented on an FPGA chip exposed by a PKCS#11 compliant interface.
Description
Background and justification:
This activity creates a Public Key Infrastructure (PKI) based security solution in ground-to-space communication, demonstrated in an OPS-SAT experiment, where the onboard cryptography is optionally supported by an HSM. There are three interconnected themes in this work:
•The target protocol is Message Abstraction Layer (MAL) of Mission Operations (MO) framework. The activity implements handshake, mutual authentication using X.509 Public Key (PK) certificates, symmetric encryption following simplified TLS 1.3.
•In MO infrastructure the data security is limited to select transport implementations. The MAL encryption shall make MO applications secure end-to-end regardless of transport choice or protocol bridging.
•The onboard cryptographic functions are carried out by an HSM implemented in Verilog on a single FPGA chip.
Achievements and status:
•End-to-end MO application security demonstrated in OPS-SAT experiment 146. The MO framework proved to be extensible for the security addition. The OPS-SAT ground and space MO infrastructure was repackaged with a reusable "Secure MAL" component (developed in this work). The system was configured to use Curve25519 keys and 256bit AES/GCM encryption.
•Skudo HSM (AES-GCM, Ed25519, X25519, SHA512, X.509, tRNG) implemented on the FlatSAT and on the mitySOM Cyclone-V FPGA chip. IoV not achieved.
Benefits:
•The MAL security improvement is applicable to existing and new MO applications.
•Hardware-based cryptographic support provided via the HSM/FPGA developed for the Cyclone-V FPGA.
Application Domain
GEN-Generic Technologies
Technology Domain
2 - Space System Software
Competence Domain
9-Digital Engineering
Keywords
48-Cybersecurity
Initial TRL
TRL N/A
Target TRL
TRL N/A
Achieved TRL
TRL N/A
Public Document
Final Presentation
Executive Summary