On-Board Encryption in Satellites

1
On-Board Encryption in Satellites
Tanya Vladimirova, Roohi Banu and Martin N.
Sweeting
VLSI Design and Embedded Systems Research
Group Surrey Space Centre School of Electronics
and Physical Sciences University of
Surrey Guildford, UK, GU2 7XH
2
Presentation Overview

• The Need for On-Board Security Services
• Security Services in EO Satellites
• Existing Security Services in Satellites
• Required Security Services in Satellites
• Proposed On-Board Security Architecture for
  Small Satellites
• The Advanced Encryption Standard (AES)
• Algorithm and Hardware Implementations
• Fault Detection and Correction Model for
  On-Board Use
• Simulation Results
• Conclusions

3
The Need for On-Board Security Services

• Intrusions into Satellite Data
• A team at the Embry Riddle Aeronautical
  University managed to obtain NOAA satellite
  imagery with the basic apparatus built as a part
  of their experimental project by using open
  Internet sources
• Recently, researchers from a Japanese University
  were able to access data from the NASAs Earth
  observation satellite LandSat as it flew over
  Japan
• Future Space Internet
  
  
• The NASAs vision of Space Internet envisages
  that satellite users and scientists can directly
  access the satellite just like any other computer
  over Internet to get the required information
• Allowing direct access to spacecraft certainly
  gives lots of flexibility, but at the cost of
  threats such as unauthorized access and illegal
  use of valuable data.
• Eventually the problems faced by Internet due to
  inadequate security measurements will be repeated
  with the Space Internet.

4
Security Services

• Confidentiality (Encryption) - a service used to
  keep the contents of information accessible to
  only those authorized to access it.
• Integrity - a service used to make sure that
  data is not modified, deleted or inserted with
  some other data by unauthorized users.
• Authentication is a service that is concerned
  with assuring that origin of a message is
  correctly identified.

5
Existing Security Services in EO Satellites
6
Existing Security Services in EO Satellites -
Summary

• Only the downlink is protected by encryption
• Existing satellites use old or proprietary
  algorithms for downlink encryption
• The other security services, like authentication
  and data integrity services, required for
  protection of the communication links are not
  addressed

7
Required Security Services in Satellites

• Uplink
• should be checked for integrity and
  authentication in order to protect the satellite
  from being taken over by unauthorized personnel.
• The issue of Uplink protection was highlighted in
  the US General Accounting Office report
  (GAO-02-781).
• Downlink
• should be encrypted with secure and suitable
  algorithms to protect the valuable and sensitive
  data transmitted to ground.

8
SSTL Small Satellite Platforms
9
The Disaster Monitoring Constellation
(DMC) Program

• The DMC program is a novel international
  partnership, comprising a network of five low
  cost small satellites and ground stations.
• The satellites are designed and manufactured by
  SSTL as a Know-How transfer to the participating
  countries the United Kingdom, Nigeria, Algeria,
  Turkey and China.
• From a low Earth orbit (LEO), each satellite
  provides 32 metre multispectral imaging (green,
  red, infrared), over a 600 km swath width.
• The DMC program offers the possibility for daily
  revisiting of any point on the globe.

AlSat-1
10
DMC Images

• UK-DMC image of England (32m)

11
Proposed Security Architecture
12
On-Board Data Processing - Constraints

• Small Satellites are resource constrained in
  terms of power,
• computational resources, etc
• A typical small satellite has the following
  parameters
• Algorithms used on-board satellites
• should consume low power and computational
  resources and yet
• deliver the throughput demanded by the satellite
  high-speed downlink

Satellite weight Up to 500 Kilograms
Average orbit power 50 W
Downlink speed up to 60 Mbps
13
Encryption Algorithms for On-Board Use
Authentication Algorithm Key Length (Bits) Advantages/Disadvantages
Rivest, Shamir, Adleman (RSA) 1024 15,360 Large key size
Elliptic Curve Cryptography (ECC) 163 - 571 Small key size, hence suitable for resource constrained devices
Encryption Algorithm Key Length (Bits) Advantages/Disadvantages
Data Encryption Standard (DES) 56 Weak and breakable because of smaller key length
Advanced Encryption Standard (AES) 128 - 256 Simple and more secure encryption algorithm suitable for a variety of platforms.
The algorithms used on-board should be suitable
to be implemented in a resource-constrained
environment.
14
Advanced Encryption Algorithm (AES)

• Originally known as Rijndael after its Belgium
  creators Daemen-Rijmen
• Endorsed as AES by the US National Institute of
  Standards and Technology (NIST) in 2002
• Suitable for a wide variety of platforms -
  ranging from smart cards to servers
• Much simpler, faster and more secure

15
The AES Algorithm

• AES is an iterative algorithm
• Each iteration is known as ROUND
• The number of rounds depends on key and data
  block size
• Each round consist of four transformations
• SubBytes
• ShiftRows
• MixColumns
• AddRoundKey

16
AES Transformations

• The SubBytes round transformation
• Two steps Galois Field multiplicative inverse
  of each byte followed by affine transforms
• Implementation approaches
• Look-Up Table (LUT) approach - a predefined 256
  X 8 LUT is used
• Non-LUT approach - Extended Euclid, Composite
  Field Arithmetic, Powers of Primitive Elements
  (Generators), Itoh Tsujiis Algorithm

17
AES Transformations (Cont.)

• ShiftRows is carried out by a left shift
  operation
• MixColumns
• Uses Galois Field multiplication with a
  predefined vector
• 2 3 1 1
• Implementation approaches
• LUT approach - Predefined Log, Antilog
• tables
• Non-LUT approach - Galois Field multiplication
• AddRoundKey is an EXOR operation between data
  and key blocks

18
AES Hardware Implementation Survey
19
AES Verilog IP Core
(source www.opencores.org)
SubBytes S-Box Look-Up Table (256 bytes of
S-Box are stored in memory ) MixColumn Galois
field multiplication over field GF(2) (involves a
single bit left shift followed by addition) The
round permutation module performs 10 iterations
(for 128 bit keys).
20
AES IP Core - Performance

• Experimental results
• FPGA - XC2V1000
• The encryption takes 13 clock cycles to encrypt
  a 128-bit data block
• The frequency is 25 MHz.
• (Back annotated simulation frequency)
• Throughput (128/13)25106 246 Mbps

• CAD tools
• Pre post synthesis and back annotated
  simulations - ModelSim
• Synthesis - Synplify
• Implementation - Xilinx ISE

21
AES for Satellites Radiation Issues

• Satellites operate in harsh radiation
  environment
• The implementation should be robust to radiation
  induced bit flip errors
• On average 64 bits (50 ) are corrupted with a
  single error during encryption using AES !!!
• The bit flip errors must be detected and
  corrected in order to avoid the transmission and
  use of corrupted data

22
Existing AES Fault Detection Models

• The available AES fault detection models are
  classified into two categories
• Redundancy Based
• A decryption module is used in parallel with the
  encryption module
• and its output is compared with the input to
  the encryption module
• to detect a fault.
• More hardware overhead
• Parity Based
• The fault is detected by comparing the predicted
  parity with the
• calculated parity at the end of each
  transformation
• Less hardware overhead
• There are no fault-tolerant correction models
  for the AES algorithm

23
Parity-Based Fault Detection Model for AES

• The fault detection model is based on parity
  prediction
• Parity is pre-calculated and stored in the
  parity memory
• Given the input state, parity is predicted from
  the parity memory and compared with the
  calculated parity at the end of each round
• Parity mismatch will lead to fault detection

24
Proposed Fault Correction Model for AES

• The fault correction model is based on the
  Hamming code (12,8)
• The Hamming code is pre-calculated and stored in
  the Hamming code parity memory
• Given the input state, the Hamming code is
  predicted from the parity memory and compared
  with the calculated Hamming code at the end of
  each round
• A Hamming code mismatch will lead to a fault
  detection and to a subsequent single-bit fault
  correction.

25
AES Fault Detection Correction JAVA Software
Simulation

• JAVA software was developed to simulate the AES
  fault detection and correction scheme
• GUI was also developed to effectively display
  the fault injection and correction
• input sub-frame - displays the input data block,
  encryption key, cipher block and decipher block
  etc
• inject error sub-frame - is used to simulate the
  error injection at different levels round,
  transformation, byte and bit position
• details sub-frame, which shows
• the intermediate state of the output for every
  transformation and for every round in AES and
• the predicted and calculated parity or the
  Hamming code.

26
AES Fault Detection Model Software Simulation in
JAVA
27
AES Fault Correction Model Software Simulation
in JAVA
28
Conclusions

• Security services required for overall satellite
  protection has been identified and an on-board
  security architecture has been proposed.
• The AES has been identified as a suitable
  encryption algorithm for on-board use in small
  satellites.
• An AES fault detection model based on parity
  prediction has been developed and verified by
  software simulation.
• A novel AES fault correction model to prevent
  single bit faults occurring due to radiation
  (SEUs) has been proposed, developed and verified.
• The proposed AES fault detection and correction
  model can also be used in other harsh radiation
  environments, for example in unmanned aerial
  vehicles, etc.