• Home
  • Current congress
  • Public Website
  • My papers
  • root
  • browse
  • IAC-07
  • C1
  • 5
  • paper

    • Space Security Systems – Mandatory Technology for future Satellite Operations

    Paper number

    IAC-07-C1.5.06

    Author

    Mr. Carsten Tobehn, OHB-System AG, Germany

    Coauthor

    Andrew Weigl, OHB-System AG, Germany

    Coauthor

    Christian Gorecki, Unknown

    Coauthor

    Mr. Boris Penné, OHB-System AG, Germany

    Coauthor

    Dr. Rainer Rathje, Germany

    Coauthor

    Dr. Harald Michalik, Germany

    Year

    2007

    Abstract
    The high costs to develop, launch, and maintain a satellite network makes protecting the assets imperative. Attacks may be passive such as eavesdropping on the payload data. More serious threats are active attacks that try to gain control of the satellite, which may lead to the total loss of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity \& message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services.
This paper describes the key features relevant for security, as there are key management \& communication security methods and role based access control. The implementations of security units onboard the satellite, corresponding ground station units and EGSE as well as operational aspects of security are presented. 
The key points of current satellite control and operations are authentication of the access to the satellite TMTC link and encryption of security relevant TMTC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods.
For secure satellite management authentication \& key negotiation algorithms as HMAC-RIPEMD160, EC-DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data handling provides download data rates up to 740 Mbps. 
The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi-satellite system and German-French SAR-Lupe-Helios-II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES concepts).
In summary, the presented security operations concept and implementations feature a modular system performing any or all of the functions:  Two layer security for TMTC satellite links,  authenticated connections to satellite links,  key management for satellite constellations \& distributed ground segments and real-time \& high speed encryption and decryption.
    Abstract document

    IAC-07-C1.5.06.pdf

    Manuscript document

    IAC-07-C1.5.06.pdf (🔒 authorized access only).

    To get the manuscript, please contact IAF Secretariat.