EPS/IJPS

1
THE EUMETSAT POLAR SYSTEM (EPS) Data Encryption
Presented by Ken ASHWORTH EUMETSAT
Representative to NOAA EUMETSAT
2
EPS Direct Readout Services
Direct read-out services
Data source is the
satellite for the user
HRPT and LRPT
point of view.
Possible means of
controlling access
Encryption.
Data set limited to
the observation of
the instantaneous
sub satellite
observation.
3
EPS Data Encryption

• Encryption allows the implementation of
  EUMETSAT's Polar System Data Policy and U.S.
  Requirements for Data Denial.
• The encryption system is based on the Data
  Encryption Standard -3 (DES-3) encryption
  algorithm.
• Data encryption and decryption are performed
  within the virtual channel access sub-layer of
  the Consultative Committee on Space Data Systems
  (CCSDS) standard.
• U.S. data from instruments on Metop will be
  broadcast unencrypted via HRPT and LRPT, except
  during crisis or war, as requested by the United
  States.
• The Metop satellite design does not allow the
  on-board stored global data to be encrypted.

4
EPS Data Encryption Direct Broadcast

• EUMETSAT has acquired a sound experience in the
  operational usage of encryption through the
  METEOSAT Programmes we follow a standard
  already used for METEOSAT Operational Programme
  (MOP) data
• The encryption scheme is selective on virtual
  channels and user stations for both HRPT and
  LRPT. HRPT and LRPT links are independently
  encrypted.
• Encryption of the data, generation of Message
  Keys from the uplink of encrypted satellite
  Public Keys
• The Message Key controls the encryption process.
  One Message Key is used for one encrypted Virtual
  Channel at a time. On board the satellite, the
  Message Key is generated, using a Satellite
  Public Key (uplinked by TeleCommand (TC)). On
  the ground, the Message Key is reconstructed from
  a secret Master Station Key and a Station Public
  Key is distributed via ground media.

5
EPS Data Encryption Direct Broadcast

• The EPS Encryption System provides control of the
  access to the LRPT/HRPT services by registered
  users it comprises three components
• the Key Management Centre (C-KMC) which is in
  charge of the management of the EPS Encryption
  System, including the handling of keys.
• the Satellite encryption equipment (part of the
  Metop satellite Data Handling System)
• the local users decryption units located in the
  HRPT/LRPT stations.

6
EPS Data Encryption Direct Broadcast

• The encryption of HRPT/LRPT data is under the
  control of the C-KMC, functions of which will be
  shared with the METEOSAT Second Generation (MSG)
  Programme. The tasks of the C-KMC include
• User registration
• Encryption scheduling
• Generation of public satellite and user station
  keys,
• Station Key Unit (SKU) distribution to the
  registered users
• Distribution of satellite keys via TC and Public
  Station Keys via ground networks.
• Implementation of Data Denial for U.S.
  instruments data as requested by the U.S.
  Government.

7
EPS Data Encryption Direct Broadcast

• The C-KMC coordinates its short, medium and
  long-term activities with the EPS/Metop Control
  Centre. These activities include, for example,
  the update of keys for certain group of users or
  the change of key parameters on board the Metop
  satellite.
• "refresh" rate for the keys for the HRPT/LRPT
  encryption approximately every month (specified
  rate is TBD, yet easily modified).

8
Reference Station Design
Note This is an engineering implementation to
monitor dissemination