On-Board Encryption in Satellites - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

On-Board Encryption in Satellites

Description:

On-Board Encryption in Satellites Tanya Vladimirova, Roohi Banu and Martin N. Sweeting ... DMC Images UK-DMC image of England (32m) AES IP Core ... – PowerPoint PPT presentation

Number of Views:148
Avg rating:3.0/5.0
Slides: 29
Provided by: MohammedF5
Learn more at: http://www.klabs.org
Category:

less

Transcript and Presenter's Notes

Title: On-Board Encryption in Satellites


1
On-Board Encryption in Satellites
Tanya Vladimirova, Roohi Banu and Martin N.
Sweeting
VLSI Design and Embedded Systems Research
Group Surrey Space Centre School of Electronics
and Physical Sciences University of
Surrey Guildford, UK, GU2 7XH
2
Presentation Overview
  • The Need for On-Board Security Services
  • Security Services in EO Satellites
  • Existing Security Services in Satellites
  • Required Security Services in Satellites
  • Proposed On-Board Security Architecture for
    Small Satellites
  • The Advanced Encryption Standard (AES)
  • Algorithm and Hardware Implementations
  • Fault Detection and Correction Model for
    On-Board Use
  • Simulation Results
  • Conclusions

3
The Need for On-Board Security Services
  • Intrusions into Satellite Data
  • A team at the Embry Riddle Aeronautical
    University managed to obtain NOAA satellite
    imagery with the basic apparatus built as a part
    of their experimental project by using open
    Internet sources
  • Recently, researchers from a Japanese University
    were able to access data from the NASAs Earth
    observation satellite LandSat as it flew over
    Japan
  • Future Space Internet

  • The NASAs vision of Space Internet envisages
    that satellite users and scientists can directly
    access the satellite just like any other computer
    over Internet to get the required information
  • Allowing direct access to spacecraft certainly
    gives lots of flexibility, but at the cost of
    threats such as unauthorized access and illegal
    use of valuable data.
  • Eventually the problems faced by Internet due to
    inadequate security measurements will be repeated
    with the Space Internet.

4
Security Services
  • Confidentiality (Encryption) - a service used to
    keep the contents of information accessible to
    only those authorized to access it.
  • Integrity - a service used to make sure that
    data is not modified, deleted or inserted with
    some other data by unauthorized users.
  • Authentication is a service that is concerned
    with assuring that origin of a message is
    correctly identified.

5
Existing Security Services in EO Satellites
6
Existing Security Services in EO Satellites -
Summary
  • Only the downlink is protected by encryption
  • Existing satellites use old or proprietary
    algorithms for downlink encryption
  • The other security services, like authentication
    and data integrity services, required for
    protection of the communication links are not
    addressed

7
Required Security Services in Satellites
  • Uplink
  • should be checked for integrity and
    authentication in order to protect the satellite
    from being taken over by unauthorized personnel.
  • The issue of Uplink protection was highlighted in
    the US General Accounting Office report
    (GAO-02-781).
  • Downlink
  • should be encrypted with secure and suitable
    algorithms to protect the valuable and sensitive
    data transmitted to ground.

8
SSTL Small Satellite Platforms
9
The Disaster Monitoring Constellation
(DMC) Program
  • The DMC program is a novel international
    partnership, comprising a network of five low
    cost small satellites and ground stations.
  • The satellites are designed and manufactured by
    SSTL as a Know-How transfer to the participating
    countries the United Kingdom, Nigeria, Algeria,
    Turkey and China.
  • From a low Earth orbit (LEO), each satellite
    provides 32 metre multispectral imaging (green,
    red, infrared), over a 600 km swath width.
  • The DMC program offers the possibility for daily
    revisiting of any point on the globe.

AlSat-1
10
DMC Images
  • UK-DMC image of England (32m)

11
Proposed Security Architecture
12
On-Board Data Processing - Constraints
  • Small Satellites are resource constrained in
    terms of power,
  • computational resources, etc
  • A typical small satellite has the following
    parameters
  • Algorithms used on-board satellites
  • should consume low power and computational
    resources and yet
  • deliver the throughput demanded by the satellite
    high-speed downlink

Satellite weight Up to 500 Kilograms
Average orbit power 50 W
Downlink speed up to 60 Mbps
13
Encryption Algorithms for On-Board Use
Authentication Algorithm Key Length (Bits) Advantages/Disadvantages
Rivest, Shamir, Adleman (RSA) 1024 15,360 Large key size
Elliptic Curve Cryptography (ECC) 163 - 571 Small key size, hence suitable for resource constrained devices
Encryption Algorithm Key Length (Bits) Advantages/Disadvantages
Data Encryption Standard (DES) 56 Weak and breakable because of smaller key length
Advanced Encryption Standard (AES) 128 - 256 Simple and more secure encryption algorithm suitable for a variety of platforms.
The algorithms used on-board should be suitable
to be implemented in a resource-constrained
environment.
14
Advanced Encryption Algorithm (AES)
  • Originally known as Rijndael after its Belgium
    creators Daemen-Rijmen
  • Endorsed as AES by the US National Institute of
    Standards and Technology (NIST) in 2002
  • Suitable for a wide variety of platforms -
    ranging from smart cards to servers
  • Much simpler, faster and more secure

15
The AES Algorithm
  • AES is an iterative algorithm
  • Each iteration is known as ROUND
  • The number of rounds depends on key and data
    block size
  • Each round consist of four transformations
  • SubBytes
  • ShiftRows
  • MixColumns
  • AddRoundKey


16
AES Transformations
  • The SubBytes round transformation
  • Two steps Galois Field multiplicative inverse
    of each byte followed by affine transforms
  • Implementation approaches
  • Look-Up Table (LUT) approach - a predefined 256
    X 8 LUT is used
  • Non-LUT approach - Extended Euclid, Composite
    Field Arithmetic, Powers of Primitive Elements
    (Generators), Itoh Tsujiis Algorithm

17
AES Transformations (Cont.)
  • ShiftRows is carried out by a left shift
    operation
  • MixColumns
  • Uses Galois Field multiplication with a
    predefined vector
  • 2 3 1 1
  • Implementation approaches
  • LUT approach - Predefined Log, Antilog
  • tables
  • Non-LUT approach - Galois Field multiplication
  • AddRoundKey is an EXOR operation between data
    and key blocks

18
AES Hardware Implementation Survey
19
AES Verilog IP Core
(source www.opencores.org)
SubBytes S-Box Look-Up Table (256 bytes of
S-Box are stored in memory ) MixColumn Galois
field multiplication over field GF(2) (involves a
single bit left shift followed by addition) The
round permutation module performs 10 iterations
(for 128 bit keys).
20
AES IP Core - Performance
  • Experimental results
  • FPGA - XC2V1000
  • The encryption takes 13 clock cycles to encrypt
    a 128-bit data block
  • The frequency is 25 MHz.
  • (Back annotated simulation frequency)
  • Throughput (128/13)25106 246 Mbps
  • CAD tools
  • Pre post synthesis and back annotated
    simulations - ModelSim
  • Synthesis - Synplify
  • Implementation - Xilinx ISE

21
AES for Satellites Radiation Issues
  • Satellites operate in harsh radiation
    environment
  • The implementation should be robust to radiation
    induced bit flip errors
  • On average 64 bits (50 ) are corrupted with a
    single error during encryption using AES !!!
  • The bit flip errors must be detected and
    corrected in order to avoid the transmission and
    use of corrupted data

22
Existing AES Fault Detection Models
  • The available AES fault detection models are
    classified into two categories
  • Redundancy Based
  • A decryption module is used in parallel with the
    encryption module
  • and its output is compared with the input to
    the encryption module
  • to detect a fault.
  • More hardware overhead
  • Parity Based
  • The fault is detected by comparing the predicted
    parity with the
  • calculated parity at the end of each
    transformation
  • Less hardware overhead
  • There are no fault-tolerant correction models
    for the AES algorithm

23
Parity-Based Fault Detection Model for AES
  • The fault detection model is based on parity
    prediction
  • Parity is pre-calculated and stored in the
    parity memory
  • Given the input state, parity is predicted from
    the parity memory and compared with the
    calculated parity at the end of each round
  • Parity mismatch will lead to fault detection

24
Proposed Fault Correction Model for AES
  • The fault correction model is based on the
    Hamming code (12,8)
  • The Hamming code is pre-calculated and stored in
    the Hamming code parity memory
  • Given the input state, the Hamming code is
    predicted from the parity memory and compared
    with the calculated Hamming code at the end of
    each round
  • A Hamming code mismatch will lead to a fault
    detection and to a subsequent single-bit fault
    correction.

25
AES Fault Detection Correction JAVA Software
Simulation
  • JAVA software was developed to simulate the AES
    fault detection and correction scheme
  • GUI was also developed to effectively display
    the fault injection and correction
  • input sub-frame - displays the input data block,
    encryption key, cipher block and decipher block
    etc
  • inject error sub-frame - is used to simulate the
    error injection at different levels round,
    transformation, byte and bit position
  • details sub-frame, which shows
  • the intermediate state of the output for every
    transformation and for every round in AES and
  • the predicted and calculated parity or the
    Hamming code.

26
AES Fault Detection Model Software Simulation in
JAVA
27
AES Fault Correction Model Software Simulation
in JAVA
28
Conclusions
  • Security services required for overall satellite
    protection has been identified and an on-board
    security architecture has been proposed.
  • The AES has been identified as a suitable
    encryption algorithm for on-board use in small
    satellites.
  • An AES fault detection model based on parity
    prediction has been developed and verified by
    software simulation.
  • A novel AES fault correction model to prevent
    single bit faults occurring due to radiation
    (SEUs) has been proposed, developed and verified.
  • The proposed AES fault detection and correction
    model can also be used in other harsh radiation
    environments, for example in unmanned aerial
    vehicles, etc.
Write a Comment
User Comments (0)
About PowerShow.com