on-board encryption in satellites
DESCRIPTION
On-Board Encryption in Satellites. Tanya Vladimirova, Roohi Banu and Martin N. Sweeting. VLSI Design and Embedded Systems Research Group Surrey Space Centre School of Electronics and Physical Sciences University of Surrey Guildford, UK, GU2 7XH. Presentation Overview. - PowerPoint PPT PresentationTRANSCRIPT
Vladimirova MAPLD 2005/184 1
On-Board Encryption in Satellites
VLSI Design and Embedded Systems Research Group
Surrey Space CentreSchool of Electronics and Physical Sciences
University of SurreyGuildford, UK, GU2 7XH
Tanya Vladimirova, Roohi Banu and Martin N. Sweeting
Vladimirova MAPLD 2005/184 2
Presentation Overview
The Need for On-Board Security Services
Security Services in EO Satellites
Existing Security Services in Satellites
Required Security Services in Satellites
Proposed On-Board Security Architecture for Small Satellites
The Advanced Encryption Standard (AES)
Algorithm and Hardware Implementations
Fault Detection and Correction Model for On-Board Use
Simulation Results
Conclusions
Vladimirova MAPLD 2005/184 3
Intrusions into Satellite Data
A team at the Embry Riddle Aeronautical University managed to obtain NOAA satellite imagery with the basic apparatus built as a part of their experimental project by using open Internet sources
Recently, researchers from a Japanese University were able to access data from the NASA’s Earth observation satellite LandSat as it flew over Japan
Future Space Internet
The NASA’s vision of “Space Internet” envisages that satellite users and scientists can directly access the satellite just like any other computer over Internet to get the required information
Allowing direct access to spacecraft certainly gives lots of flexibility, but at the cost of threats such as unauthorized access and illegal use of valuable data.
Eventually the problems faced by Internet due to inadequate security measurements will be repeated with the Space Internet.
The Need for On-Board Security Services
Vladimirova MAPLD 2005/184 4
Confidentiality (Encryption) - a service used to keep the contents of information accessible to only those authorized to access it.
Integrity - a service used to make sure that data is not modified, deleted or inserted with some other data by unauthorized users.
Authentication is a service that is concerned with assuring that origin of a message is correctly identified.
Security Services
Vladimirova MAPLD 2005/184 5
Existing Security Services in EO Satellites
Spacecraft Name
Algorithms Used Implementation Platform
What is Encrypted?
STRV 1d Data Encryption Standard (DES)
Software on SPARC processor
Low-rate downlink
METOP ExOR Hardware High-rate downlink KOMPSAT -II
International Data Encryption Algorithm (IDEA)
Hardware High-rate downlink
(EPS) EUMETSAT’s polar System
Triple Data Encryption Standard (3 -DES)
Hardware
High-rate downlink
Vladimirova MAPLD 2005/184 6
Existing Security Services in EO Satellites - Summary
Only the downlink is protected by encryption
Existing satellites use old or proprietary algorithms for downlink encryption
The other security services, like authentication and data integrity services, required for protection of the communication links are not addressed
Vladimirova MAPLD 2005/184 7
Required Security Services in Satellites
Uplink : should be checked for integrity and authentication in order to protect the satellite from being taken over by unauthorized personnel.
The issue of Uplink protection was highlighted in the US General Accounting Office report (GAO-02-781).
Downlink : should be encrypted with secure and suitable algorithms to protect the valuable and sensitive data transmitted to ground.
Vladimirova MAPLD 2005/184 8
SSTL Small Satellite Platforms
Vladimirova MAPLD 2005/184 9
The Disaster Monitoring
Constellation (DMC) Program The DMC program is a novel international
partnership, comprising a network of five low cost small satellites and ground stations.
The satellites are designed and manufactured by SSTL as a Know-How transfer to the participating countries: the United Kingdom, Nigeria, Algeria, Turkey and China.
From a low Earth orbit (LEO), each satellite provides 32 metre multispectral imaging (green, red, infrared), over a 600 km swath width.
The DMC program offers the possibility for daily revisiting of any point on the globe.
AlSat-1
Vladimirova MAPLD 2005/184 10
UK-DMC image of England (32m)
DMC Images
Vladimirova MAPLD 2005/184 11
Communications
Receiver
Receiver
Low rate Transmitter
Low rate Transmitter
OBC OBC
Command and Data Handling
Authentication & Integrity Check
Attitude Control
Power Imaging Payload
Encryption
Navigation
High rate Transmitter
BUS BUS
Propulsion
ControllerADCS
GPS
BUS BUS
BUS
Power
BUS
Solar Panels
High rate Transmitter
BUS
Optical Unit (Camera)
BUS
Mass Memory Unit
Real Time High-Speed Encryption
Low Speed
Downlink
Uplink
HighSpeed
Downlink
Proposed Security Architecture
Vladimirova MAPLD 2005/184 12
Small Satellites are resource constrained in terms of – power, computational resources, etc
A typical small satellite has the following parameters:
Algorithms used on-board satellites
should consume low power and computational resources and yet
deliver the throughput demanded by the satellite high-speed downlink
On-Board Data Processing - Constraints
Satellite weight Up to 500 Kilograms
Average orbit power 50 W
Downlink speed up to 60 Mbps
Vladimirova MAPLD 2005/184 13
Authentication Algorithm
Key Length (Bits)
Advantages/Disadvantages
Rivest, Shamir, Adleman (RSA)
1024 – 15,360 Large key size
Elliptic Curve Cryptography (ECC)
163 - 571 Small key size, hence suitable for resource constrained devices
Encryption Algorithm Key Length (Bits)
Advantages/Disadvantages
Data Encryption Standard (DES)
56 Weak and breakable because of smaller key length
Advanced Encryption Standard (AES) 128 - 256
Simple and more secure encryption algorithm suitable for a variety of platforms.
Encryption Algorithms for On-Board Use
The algorithms used on-board should be suitable to be implemented in a resource-constrained environment.
Vladimirova MAPLD 2005/184 14
Originally known as Rijndael after its Belgium creators Daemen-Rijmen
Endorsed as AES by the US National Institute of Standards and Technology (NIST) in 2002
Suitable for a wide variety of platforms - ranging from smart cards to servers
Much simpler, faster and more secure
Advanced Encryption Algorithm(AES)
Vladimirova MAPLD 2005/184 15
The AES Algorithm
AddRoundKey
Plaintext
AddRoundKey
MixCoulmns
ShiftRows
SubBytes
AddRoundKey
MixCoulmns
ShiftRows
SubBytes
AddRoundKey
ShiftRows
SubBytes
Ciphertext
Key
Key Expansion& Key Register
K(0)
K(1)
K(Nr-1)
K(Nr)N
r Ro
un
ds
AES is an iterative algorithm
Each iteration is known as ROUND
The number of rounds depends on key and data block size
Each round consist of four transformations:
SubBytes ShiftRows MixColumns AddRoundKey
Vladimirova MAPLD 2005/184 16
AES Transformations
The SubBytes round transformation:
Two steps: Galois Field multiplicative inverse of each byte followed by affine transforms
Implementation approaches :
• Look-Up Table (LUT) approach - a predefined 256 X 8 LUT is used
• Non-LUT approach - Extended Euclid, Composite Field Arithmetic, Powers of Primitive Elements (Generators), Itoh Tsujii’s Algorithm
Vladimirova MAPLD 2005/184 17
AES Transformations (Cont.)
ShiftRows is carried out by a left shift operation
MixColumns:
Uses Galois Field multiplication with a predefined vector [2 3 1 1]
Implementation approaches:
• LUT approach - Predefined Log, Antilog tables
• Non-LUT approach - Galois Field multiplication
AddRoundKey is an EXOR operation between data and key blocks
Vladimirova MAPLD 2005/184 18
AES Hardware Implementation Survey
Vladimirova MAPLD 2005/184 19
AES Verilog IP Core
(source: www.opencores.org)
clk
reset
ld
key [127:0]
plain data [127:0]
done
encrypted data [127:0]
AES IP Core
SubBytes – S-Box Look-Up Table (256 bytes of S-Box are stored in memory )
MixColumn – Galois field multiplication over field GF(2) (involves a single bit left shift followed by addition)
The round permutation module performs 10 iterations (for 128 bit keys).
Vladimirova MAPLD 2005/184 20
AES IP Core - Performance
CAD tools:• Pre & post synthesis and back annotated simulations - ModelSim • Synthesis - Synplify • Implementation - Xilinx ISE
Experimental results: • FPGA - XC2V1000 • The encryption takes 13 clock cycles to encrypt a 128-bit data block• The frequency is 25 MHz. (Back annotated simulation frequency)
Throughput = (128/13)*25*106 = 246 Mbps
Vladimirova MAPLD 2005/184 21
AES for Satellites: Radiation Issues
Satellites operate in harsh radiation environment
The implementation should be robust to radiation induced bit flip errors
On average 64 bits (50 %) are corrupted with a single error during encryption using AES !!!
The bit flip errors must be detected and corrected in order to avoid the transmission and use of corrupted data
Vladimirova MAPLD 2005/184 22
Existing AES Fault Detection Models
The available AES fault detection models are classified into two categories:
Redundancy Based
• A decryption module is used in parallel with the encryption module and its output is compared with the input to the encryption module to detect a fault.
• More hardware overhead
Parity Based • The fault is detected by comparing the predicted parity with the calculated parity at the end of each transformation
• Less hardware overhead
There are no fault-tolerant correction models for the AES algorithm
Vladimirova MAPLD 2005/184 23
RoundTransformation
Parity Memory
Calculated Parity Predicted parity
Parity DifferentNo
Remedial Action
Yes (Fault Detection)
Input Data[State Matrix]
Con
tinu
eE
ncry
ptio
n
Parity-Based Fault Detection Model for AES
The fault detection model is based on parity prediction
Parity is pre-calculated and stored in the parity memory
Given the input state, parity is predicted from the parity memory and compared with the calculated parity at the end of each round
Parity mismatch will lead to fault detection
Vladimirova MAPLD 2005/184 24
Proposed Fault Correction Model for AES
RoundTransformation
Hamming CodeParity Memory
Calculated ParityHamming Code
PredictedHamming Code
Hamming CodeDifferent
No
Correct Single BitError
Yes
Input Data[State Matrix]
Continue E
ncry
ption
The fault correction model is based on the Hamming code (12,8)
The Hamming code is pre-calculated and stored in the Hamming code parity memory
Given the input state, the Hamming code is predicted from the parity memory and compared with the calculated Hamming code at the end of each round
A Hamming code mismatch will lead to a fault detection and to a subsequent single-bit fault correction.
Vladimirova MAPLD 2005/184 25
AES Fault Detection & Correction JAVA Software Simulation
JAVA software was developed to simulate the AES fault detection and correction scheme
GUI was also developed to effectively display the fault injection and correction:
input sub-frame - displays the input data block, encryption key, cipher block and decipher block etc
inject error sub-frame - is used to simulate the error injection at different levels: round, transformation, byte and bit position
details sub-frame, which shows:
• the intermediate state of the output for every transformation and for every round in AES and
• the predicted and calculated parity or the Hamming code.
Vladimirova MAPLD 2005/184 26
Fault Injected
Fault detected at byte level
AES Fault Detection ModelSoftware Simulation in JAVA
Vladimirova MAPLD 2005/184 27
AES Fault Correction Model Software Simulation in JAVA
Fault injected
Fault detected at bit level
Vladimirova MAPLD 2005/184 28
Conclusions Security services required for overall satellite protection has been identified and an on-board security architecture has been proposed.
The AES has been identified as a suitable encryption algorithm for on-board use in small satellites.
An AES fault detection model based on parity prediction has been developed and verified by software simulation.
A novel AES fault correction model to prevent single bit faults occurring due to radiation (SEUs) has been proposed, developed and verified.
The proposed AES fault detection and correction model can also be used in other harsh radiation environments, for example in unmanned aerial vehicles, etc.