by LSF,
NOWADAYS, satellite missions are characterised by escalating complexity. This complexity requires robust cybersecurity measures for cyber protection against critical cyber-attacks, particularly in the field of Software (SW) updates. The Libre Space Foundation as partner of the REWIRE project, is dedicated to working towards establishing and developing a secure and reliable framework for Over-the-Air (OTA) Firmware (FW) updates, addressing the vulnerabilities inherent in current satellite operations.
SatNOGS Network, the world’s biggest open-source network for satellite ground stations. Within the context of the REWIRE Smart Satellites Use Case, SatNOGS provides an essential infrastructure-as-a-service for satellite missions. Figure 1, showcases a mapping of the global ground stations network.
Figure 1: Part of the map of the SatNOGS Network ground stations
The SatNOGS-COMMS with the maximum Technology Readiness Level (TRL9), is a board already proven to work during a flight mission in space. The board is designed and developed by LSF and works as the critical interface, enabling seamless communication between the SatNOGS ground stations and simulated satellites. In Figure 2, we provide an image representation of the SatNOGS-COMMS Board. In addition, Figure 3 and Figure 4 showcase an example of the FlatSat environment setup and the demo setup using an SDR ground station and a FlatSat, respectively.
Figure 2: SatNOGS-COMMS Board
During the use case execution phase, a FlatSat testbed was used for testing the alternate for the user story scenarios and facilitated the exploration, testing and analysis for the Smart Satellite Use Case. Through this setup, the “Smart Satellites” use case (led by LSF) delved deeper into the challenges and requirements of securing satellite software.
Figure 3: An example of a FlatSat environment setup
Figure 4: Demo setup using an SDR ground station and a FlatSat
Over-The-Air (OTA) Firmware Updates
Within the context of the REWIRE project, one tested scenario has been designed, assuming that the satellite operators initiate the OTA process, through a secure connection to the mission control center. Although, since there are many stations within the SatNOGS Network, the SatNOGS Router optimises ground station selection based on the firmware file size, the availability of ground stations, the satellite orbit and the RF link (the transmit antenna and the receive antenna) quality between the satellite and the ground stations. The software update file is encrypted and fragmented, enabling distributed transmission through multiple ground stations as the satellite orbits. This fragmentation allows various SatNOGS ground stations to contribute to the transmission, providing greater efficiency and resilience to the end-to-end process.
Onboard the satellite, the received fragments are reassembled, and the software’s integrity and authenticity are rigorously verified using REWIRE’s cryptographic techniques. Upon successful verification, the new software is installed, and operators receive confirmation, ensuring a secure and transparent update process.
Strong Focus on Security
Note that a multi-layered approach is used to ensure data integrity and security. The firmware file is encrypted using the REWIRE Crypto Engine and authenticated with a cryptographic nonce from the satellite’s Trusted Execution Environment (TEE). Upon reception, each frame undergoes a basic integrity check and session validation. Valid frames are then forwarded to the onboard computer, where defragmentation, decryption, and reconstruction occur. Finally, the system verifies the firmware’s integrity, initiating the update procedure upon successful validation.
This process addresses the core need of satellite operators, who require a secure and reliable method to deploy software updates (in this scenario, across the SatNOGS Network), even when multiple ground stations are involved. This is crucial for maintaining satellite functionality, addressing bugs, and adapting to evolving mission requirements. The secure, end-to-end encryption prevents replay attacks and simplifies ground station onboarding, enhancing operational efficiency.
Satellite health monitoring and anomaly detection
Within the Smart Satellites Use Case, the need for automated identification of satellite misbehaviour, through the use and analysis of telemetry data is addressed with the implementation of the REWIRE framework. For once again, the SatNOGS Network’s continuous telemetry data collection is utilised in the created scenario. REWIRE’s infrastructure services integrate an AI-driven system to identify hidden patterns and anomalies in satellites. This system allows for proactive measures to minimise the impact of potential issues, enhancing mission reliability.
Takeaway
Leveraging its many years of R&D expertise, its SatNOGS Network, and its TRL9 SatNOGS-COMMS, the Libre Space Foundation explored and tested different scenarios for secure satellite operations for the REWIRE project. This work has led to developing key infrastructure services focusing on operator satisfaction, easy ground station integration, and protection against malicious updates. By emphasising secure communication, fail-safe mechanisms, and runtime attestation, REWIRE enhances satellite security, building a more resilient space infrastructure with trusted updates and self-healing capabilities.