• Home
  • Current congress
  • Public Website
  • My papers
  • root
  • browse
  • IAC-08
  • B1
  • 4
  • paper

    • Security Concepts for Satellite Links

    Paper number

    IAC-08.B1.4.6

    Author

    Mr. Carsten Tobehn, OHB-System AG, Germany

    Coauthor

    Mr. Boris Penné, OHB System AG, Germany

    Coauthor

    Prof. Harald Michalik, IDA TU Braunschweig, Germany

    Coauthor

    Dr. Andrew Weigl, OHB-System AG, Germany

    Coauthor

    Dr. Christian Gorecki, OHB-System AG, Germany

    Coauthor

    Dr. Rainer Rathje, OHB-System AG, Germany

    Year

    2008

    Abstract
    The high costs to develop, launch and maintain a satellite network makes protecting the assets imperative.  Attacks may be passive such as eavesdropping on the payload data.  More serious threat are active attacks that try to gain control of the satellite, which may lead to the total lost of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity & message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services.

This paper describes the key features relevant for security, as there are key management & communication security methods and role based access control. The implementations of security units on-board the satellite, corresponding ground station units and EGSE as well as operational aspects of security are presented. 

The key points of current satellite control and operations are authentication of the access to the satellite TMTC link and encryption of security relevant TM/TC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods.

For secure satellite management authentication & key negotiation algorithms as HMAC-RIPEMD160, EC-DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data handling provides download data rates up to Nx250 Mbps. 

The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi-satellite system and German-French SAR-Lupe-Helios-II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES concepts).
    Abstract document

    IAC-08.B1.4.6.pdf

    Manuscript document

    IAC-08.B1.4.6.pdf (🔒 authorized access only).

    To get the manuscript, please contact IAF Secretariat.