on-board encryption in satellites

Vladimirova MAPLD 2005/184 1

On-Board Encryption in Satellites

VLSI Design and Embedded Systems Research Group

Surrey Space CentreSchool of Electronics and Physical Sciences

University of SurreyGuildford, UK, GU2 7XH

Tanya Vladimirova, Roohi Banu and Martin N. Sweeting


Presentation Overview

The Need for On-Board Security Services

Security Services in EO Satellites

Existing Security Services in Satellites

Required Security Services in Satellites

Proposed On-Board Security Architecture for Small Satellites

The Advanced Encryption Standard (AES)

Algorithm and Hardware Implementations

Fault Detection and Correction Model for On-Board Use

Simulation Results

Conclusions


Intrusions into Satellite Data

A team at the Embry Riddle Aeronautical University managed to obtain NOAA satellite imagery with the basic apparatus built as a part of their experimental project by using open Internet sources

Recently, researchers from a Japanese University were able to access data from the NASA’s Earth observation satellite LandSat as it flew over Japan

Future Space Internet

The NASA’s vision of “Space Internet” envisages that satellite users and scientists can directly access the satellite just like any other computer over Internet to get the required information

Allowing direct access to spacecraft certainly gives lots of flexibility, but at the cost of threats such as unauthorized access and illegal use of valuable data.

Eventually the problems faced by Internet due to inadequate security measurements will be repeated with the Space Internet.

The Need for On-Board Security Services


Confidentiality (Encryption) - a service used to keep the contents of information accessible to only those authorized to access it.

Integrity - a service used to make sure that data is not modified, deleted or inserted with some other data by unauthorized users.

Authentication is a service that is concerned with assuring that origin of a message is correctly identified.

Security Services


Existing Security Services in EO Satellites

Spacecraft Name

Algorithms Used Implementation Platform

What is Encrypted?

STRV 1d Data Encryption Standard (DES)

Software on SPARC processor

Low-rate downlink

METOP ExOR Hardware High-rate downlink KOMPSAT -II

International Data Encryption Algorithm (IDEA)

Hardware High-rate downlink

(EPS) EUMETSAT’s polar System

Triple Data Encryption Standard (3 -DES)

Hardware

High-rate downlink


Existing Security Services in EO Satellites - Summary

Only the downlink is protected by encryption

Existing satellites use old or proprietary algorithms for downlink encryption

The other security services, like authentication and data integrity services, required for protection of the communication links are not addressed


Required Security Services in Satellites

Uplink : should be checked for integrity and authentication in order to protect the satellite from being taken over by unauthorized personnel.

The issue of Uplink protection was highlighted in the US General Accounting Office report (GAO-02-781).

Downlink : should be encrypted with secure and suitable algorithms to protect the valuable and sensitive data transmitted to ground.


SSTL Small Satellite Platforms


The Disaster Monitoring

Constellation (DMC) Program The DMC program is a novel international

partnership, comprising a network of five low cost small satellites and ground stations.

The satellites are designed and manufactured by SSTL as a Know-How transfer to the participating countries: the United Kingdom, Nigeria, Algeria, Turkey and China.

From a low Earth orbit (LEO), each satellite provides 32 metre multispectral imaging (green, red, infrared), over a 600 km swath width.

The DMC program offers the possibility for daily revisiting of any point on the globe.

AlSat-1


UK-DMC image of England (32m)

DMC Images


Communications

Receiver

Receiver

Low rate Transmitter

Low rate Transmitter

OBC OBC

Command and Data Handling

Authentication & Integrity Check

Attitude Control

Power Imaging Payload

Encryption

Navigation

High rate Transmitter

BUS BUS

Propulsion

ControllerADCS

GPS

BUS BUS

BUS

Power

BUS

Solar Panels

High rate Transmitter

BUS

Optical Unit (Camera)

BUS

Mass Memory Unit

Real Time High-Speed Encryption

Low Speed

Downlink

Uplink

HighSpeed

Downlink

Proposed Security Architecture


Small Satellites are resource constrained in terms of – power, computational resources, etc

A typical small satellite has the following parameters:

Algorithms used on-board satellites

should consume low power and computational resources and yet

deliver the throughput demanded by the satellite high-speed downlink

On-Board Data Processing - Constraints

Satellite weight Up to 500 Kilograms

Average orbit power 50 W

Downlink speed up to 60 Mbps


Authentication Algorithm

Key Length (Bits)

Advantages/Disadvantages

Rivest, Shamir, Adleman (RSA)

1024 – 15,360 Large key size

Elliptic Curve Cryptography (ECC)

163 - 571 Small key size, hence suitable for resource constrained devices

Encryption Algorithm Key Length (Bits)

Advantages/Disadvantages

Data Encryption Standard (DES)

56 Weak and breakable because of smaller key length

Advanced Encryption Standard (AES) 128 - 256

Simple and more secure encryption algorithm suitable for a variety of platforms.

Encryption Algorithms for On-Board Use

The algorithms used on-board should be suitable to be implemented in a resource-constrained environment.


Originally known as Rijndael after its Belgium creators Daemen-Rijmen

Endorsed as AES by the US National Institute of Standards and Technology (NIST) in 2002

Suitable for a wide variety of platforms - ranging from smart cards to servers

Much simpler, faster and more secure

Advanced Encryption Algorithm(AES)


The AES Algorithm

AddRoundKey

Plaintext

AddRoundKey

MixCoulmns

ShiftRows

SubBytes

AddRoundKey

MixCoulmns

ShiftRows

SubBytes

AddRoundKey

ShiftRows

SubBytes

Ciphertext

Key

Key Expansion& Key Register

K(0)

K(1)

K(Nr-1)

K(Nr)N

r Ro

un

ds

AES is an iterative algorithm

Each iteration is known as ROUND

The number of rounds depends on key and data block size

Each round consist of four transformations:

SubBytes ShiftRows MixColumns AddRoundKey


AES Transformations

The SubBytes round transformation:

Two steps: Galois Field multiplicative inverse of each byte followed by affine transforms

Implementation approaches :

• Look-Up Table (LUT) approach - a predefined 256 X 8 LUT is used

• Non-LUT approach - Extended Euclid, Composite Field Arithmetic, Powers of Primitive Elements (Generators), Itoh Tsujii’s Algorithm


AES Transformations (Cont.)

ShiftRows is carried out by a left shift operation

MixColumns:

Uses Galois Field multiplication with a predefined vector [2 3 1 1]

Implementation approaches:

• LUT approach - Predefined Log, Antilog tables

• Non-LUT approach - Galois Field multiplication

AddRoundKey is an EXOR operation between data and key blocks


AES Hardware Implementation Survey


AES Verilog IP Core

(source: www.opencores.org)

clk

reset

ld

key [127:0]

plain data [127:0]

done

encrypted data [127:0]

AES IP Core

SubBytes – S-Box Look-Up Table (256 bytes of S-Box are stored in memory )

MixColumn – Galois field multiplication over field GF(2) (involves a single bit left shift followed by addition)

The round permutation module performs 10 iterations (for 128 bit keys).


AES IP Core - Performance

CAD tools:• Pre & post synthesis and back annotated simulations - ModelSim • Synthesis - Synplify • Implementation - Xilinx ISE

Experimental results: • FPGA - XC2V1000 • The encryption takes 13 clock cycles to encrypt a 128-bit data block• The frequency is 25 MHz. (Back annotated simulation frequency)

Throughput = (128/13)*25*106 = 246 Mbps


AES for Satellites: Radiation Issues

Satellites operate in harsh radiation environment

The implementation should be robust to radiation induced bit flip errors

On average 64 bits (50 %) are corrupted with a single error during encryption using AES !!!

The bit flip errors must be detected and corrected in order to avoid the transmission and use of corrupted data


Existing AES Fault Detection Models

The available AES fault detection models are classified into two categories:

Redundancy Based

• A decryption module is used in parallel with the encryption module and its output is compared with the input to the encryption module to detect a fault.

• More hardware overhead

Parity Based • The fault is detected by comparing the predicted parity with the calculated parity at the end of each transformation

• Less hardware overhead

There are no fault-tolerant correction models for the AES algorithm


RoundTransformation

Parity Memory

Calculated Parity Predicted parity

Parity DifferentNo

Remedial Action

Yes (Fault Detection)

Input Data[State Matrix]

Con

tinu

eE

ncry

ptio

n

Parity-Based Fault Detection Model for AES

The fault detection model is based on parity prediction

Parity is pre-calculated and stored in the parity memory

Given the input state, parity is predicted from the parity memory and compared with the calculated parity at the end of each round

Parity mismatch will lead to fault detection


Proposed Fault Correction Model for AES

RoundTransformation

Hamming CodeParity Memory

Calculated ParityHamming Code

PredictedHamming Code

Hamming CodeDifferent

No

Correct Single BitError

Yes

Input Data[State Matrix]

Continue E

ncry

ption

The fault correction model is based on the Hamming code (12,8)

The Hamming code is pre-calculated and stored in the Hamming code parity memory

Given the input state, the Hamming code is predicted from the parity memory and compared with the calculated Hamming code at the end of each round

A Hamming code mismatch will lead to a fault detection and to a subsequent single-bit fault correction.


AES Fault Detection & Correction JAVA Software Simulation

JAVA software was developed to simulate the AES fault detection and correction scheme

GUI was also developed to effectively display the fault injection and correction:

input sub-frame - displays the input data block, encryption key, cipher block and decipher block etc

inject error sub-frame - is used to simulate the error injection at different levels: round, transformation, byte and bit position

details sub-frame, which shows:

• the intermediate state of the output for every transformation and for every round in AES and

• the predicted and calculated parity or the Hamming code.


Fault Injected

Fault detected at byte level

AES Fault Detection ModelSoftware Simulation in JAVA


AES Fault Correction Model Software Simulation in JAVA

Fault injected

Fault detected at bit level


Conclusions Security services required for overall satellite protection has been identified and an on-board security architecture has been proposed.

The AES has been identified as a suitable encryption algorithm for on-board use in small satellites.

An AES fault detection model based on parity prediction has been developed and verified by software simulation.

A novel AES fault correction model to prevent single bit faults occurring due to radiation (SEUs) has been proposed, developed and verified.

The proposed AES fault detection and correction model can also be used in other harsh radiation environments, for example in unmanned aerial vehicles, etc.

on-board encryption in satellites

Documents

security services mapld

required security services

satellite data

data integrity services

encryption existing

onboard security architecture

satellites uplink

eo satellites mapld