Satellite systems are essential to global communications, navigation, space monitoring, and security, supporting and enabling many daily implications. But as satellite constellations grow in number and complexity, their cybersecurity challenges also intensify. Ground stations, communication links, and onboard systems are all potential targets for adversaries, with any compromise can potentially have widespread consequences. REWIRE project managed to address such challenges, through its smart satellites use case, which demonstrates how trusted computing and attestation mechanisms can protect orbital assets over long operational lifecycles.
Smart Satellites Use Case Implementations
In this use case, REWIRE was integrated into a SatNOGS ground station environment, enabling realistic testing of orbital security scenarios. The TCB provided the foundation for trust and attestation. The secure software update mechanism protected firmware distribution. Zero-Touch Onboarding automated trust establishment for both ground and orbital assets. The KMS and cryptographic agility layer ensured secure key management. The Risk Assessment Engine and AIMDE added dynamic trust evaluation and anomaly detection.
Satellite SW updates are difficult due to limited connectivity and long transmission delays. REWIRE’s lightweight and cryptographically agile update mechanism ensures that updates are authenticated, integrity-protected, and securely deployed. The TCB verifies device state before and after the update, while blockchain-based logs provide immutable auditability. During the pilot, updates were transmitted from ground to satellite emulators without failure, proving the mechanism’s robustness. In addition, REWIRE’s Risk Assessment component models dependencies between ground, link, and space assets. It evaluates how risks propagate and determines required trust levels for each critical function. This enables proactive threat response, such as migrating services or enforcing stricter security policies before incidents occur. This dynamic risk-driven approach is particularly valuable in multi-satellite constellations.
Furthermore, REWIRE provided cryptographic automation, with nodes enrolled into the trust domain without manual intervention, ensuring consistent policy enforcement and traceability. This streamlines operations and strengthens security boundaries. Also, the AIMDE Tracer component continuously collected operational evidence, and analyzed behavioral deviations. During testing, all injected anomalies were correctly detected and reported, giving operators reliable situational awareness and actionable data for response. Last but not least, REWIRE’s lightweight LRBC encryption and mirrored keying provide this balance, while the KMS enables smooth migration to post-quantum algorithms as they become standardized. This ensures satellites remain secure not only today but also in the face of future cryptographic threats, with several side qualitative gains included in the results such as better operational assurance, stronger evidence-based trust, and easier compliance with EU space security frameworks.
Use Case Impact Assessment
Compounding all the above, two core observations can be extracted regarding the impact of REWIRE on the smart satellite industry: (i) We demonstrated the feasibility of the advanced ZTO scheme to securely authenticate and onboard satellite units to the network. This, in turn, enables disclosing different attributes per mission in order to enable the use of the Attribute-Based Encryption scheme (ABE) so that only intended parties are able to access data transmitted by the satellites. In this regard, the next step is to present the ZTO scheme to the relevant Working Group of the CCSDS, where LSF is a member, in order to showcase and establish these advanced security mechanisms. (ii) The REWIRE TCB is able to unlock the once-siloed low-orbit satellite to be able to accomodate the vision of Satellite-as-aService (SaaS). This is a functionality that enables renting low-orbit satellites (such as the ones provided by LSF) to parties or stakeholders who aim to utilize their operational capabilities. To this end, the appropriate mechanisms for verifiable application and state management between ground station and satellite are required, as well as strong attestation mechanisms. These outcomes are provided and exposed by the REWIRE TCB, thus bringing us one step closer to making the SaaS paradigm a reality
Conclusions
These implementations managed to drastically reduced software update verification time, improved attestation success rates, and shortened onboarding cycles from days to minutes. Anomalies were detected in real time, and key rollover became automated. Together, these results show that trusted computing is not just possible, but also operationally effective. The satellite pilot confirmed the feasibility of trusted software lifecycle management in orbital systems. It demonstrated resilience against supply chain attacks, robustness of attestation mechanisms, and scalability to constellation-scale infrastructures and commercial satellite missions.