Securing Space: The Next Frontier for Critical Infrastructure

September 26, 2024

Blog

Today, and as we look to the future, space systems play an ever-increasing role in our lives. They help guide us from place to place, they inform us about the weather, and they connect us to one another. As well, they are an increasingly important part of our national security infrastructure.

The size and extent of the global space economy hints at its importance. The World Economic Forum forecasts that direct investment in space infrastructure (satellites, launchers, rovers, exploration) will grow from $330B in 2023 to $755B in 2035. Over the same period, the indirect economy derived from space will grow from $300B to over $1T. Space is now deeply intertwined in the fabric of our lives.

Despite this, there has been little emphasis on the need for security in space. Cybersecurity methods that are commonplace in Earth-based applications are rare in space. Instead, the security of space systems, whether that be satellites, launchers or rovers/landers often relies on a combination of obscurity and physical distance. With cybersecurity not being high on the requirements list, few of the electronic subsystems and microprocessors used in space integrate security features.

Yet the risk is growing. The combination of ever-growing national security interests, increasing geopolitical tensions and increasing reliance on space creates both risk and incentives for malicious activities. Further, the emergence of open-source flight software creates opportunities to identify security holes which can be exploited by hackers that range in sophistication from DIY ground station operators all the way to state actors.

Given the growing risk, the will and need to respond is increasing. Space is now seen as an integral part of a nation’s critical infrastructure. Successive U.S. administrations have acknowledged both the vital national interest of space activities and the need to protect this infrastructure. In 2021, the United States Space Priorities Framework noted: 

Satellites are one of many applications for security in space infrastructure. Satellites are used for a wide range of defense, civil and commercial applications. With over 20,000 new satellites to be deployed before the end of the decade, the opportunity for malicious activity and need to protect against it has never been greater.

A typical satellite includes a platform or spacecraft bus as well as a payload section. These different sections perform different functions, making the attack vector and impact of a security vulnerability different. The Platform or Spacecraft Bus section is responsible for the flight and navigation of the satellite itself. The heart of the Platform section is the microprocessor (MPU) used in the onboard computers (OBC) within the Command and Data Handling System (CDHS). The CDHS executes flight software in real time and in response to sensor and navigation data received from the Attitude Determination and Control System (ADCS).  At the same time, the CDHS exchanges telemetry and commands with ground stations via the Telemetry and Command Communications system. Security holes in this section could result in the complete loss of the satellite, or in a worst-case scenario, trigger a calamitous cascade of satellite destruction referred to as the Kessler Syndrome.

 On the other hand, the Payload section is responsible for conducting the specific mission of the satellite itself. Example missions include Earth observation, national defense, science, broadband communications and positioning navigation and timing (for example, GPS). Like the Platform section, the Payload section features a set of onboard computers in the Payload Data Handling System (PDHS) which interfaces with mission specific functions such as instruments, communications and sensors. Earth-based Ground Stations communicate with the Payload section via the Payload Communications system.  While security holes in the payload section may not result in loss of the satellite, they could expose national security information, render GPS systems unusable or disrupt broadband communications. 

Given their central role in a space application, the microprocessors used are crucial to not just meeting the mission objectives, but the security of the system as well. Features such as overall compute performance, interfaces and fault-tolerance/avoidance are needed to meet the mission goals. Radiation-hardening and radiation-tolerance are also required to survive the harsh environment of space, especially for mission critical or crewed spaceflight applications whether that be in Low Earth Orbit (LEO), on the Moon or beyond.

Space system developers must now also consider security. A truly secure space application will leverage space-grade microprocessors that follow a layered approach to security.

At the lowest layer is secure hardware. Unless the hardware and its supply chain are secure, neither the infrastructure nor the information passing through it can be trusted. Secure hardware is achieved using techniques such as secure manufacturing, anti-tamper detection and response, built-in side-channel analysis countermeasures and, of course, NIST-certified accelerators.

Next is design security. In this layer, the infrastructure and intellectual property on which the space application is built is secured. Key microprocessor capabilities at this layer include secure-boot, secure-provisioning and secure key storage.

Finally, once we have secured both the hardware and the infrastructure, we can focus on securing the information traversing the system. In this layer, space-grade microprocessors need to incorporate high-performance cryptographic accelerators and secure key storage.

A key capability noted in Figure 2 that must not be overlooked for critical infrastructure like space is the emerging and urgent need for post-quantum cryptography.

Asymmetric cryptography is a fundamental cornerstone of any system that uses security. In just about every terrestrial application, algorithms such as RSA and Elliptic curve (ECC) are in extensive use for digital signatures and key exchange. Given traditional key sizes and the computational and mathematical challenges of factoring prime numbers, it is generally believed that it would take classical computers billions of years to break either RSA or ECC.

However, quantum computers are on the horizon. It’s possible, if not likely, that within the next 5-10 years cryptographically relevant quantum computers (those with enough Qubits) will be available to nation-based and other well-funded groups. The danger posed by such quantum computers is their ability to run Shor’s algorithm for factoring a prime number. Such an algorithm running on a quantum computer could reduce the time required to break RSA or ECC from billions of years to under one day.

Given their extensive use in a wide range of security applications such as authentication and key exchange, the ability to break RSA and ECC (ECDSA or ECDH) is an existential threat to systems worldwide.

Further – the challenge is not limited to just active communications links “in the moment”. Rogue agents could intercept and store communications “today” and break them “tomorrow.” This is a threat whether the space application is a LEO constellation for broadband communications or a strategic military asset.

The National Institute of Standards and Technology (NIST) and National Security Agency (NSA) recognized the threat and ran a competition to identify next-generation quantum safe public key algorithms. Through this competition, NIST has selected a set of module-lattice based algorithms to be the eventual replacement for RSA and ECC:

• ML-KEM – Module-lattice based Key Encapsulation Method (FIPS-203)
• ML-DSA – Module-lattice based Digital Signature Standard (FIPS-204)

ML-KEM and ML-DSA are fundamental requirements to ensure the safety and security of our cyber-physical systems for the long term.

Microchip’s PIC64-HPSC family of microprocessors combine high performance computing with a comprehensive set of security features – including full support for post-quantum cryptography – a capability needed to secure space now and into the future. With PIC64-HPSC MPUs, space-based applications such as satellites, launchers and rovers/landers can be secured in a manner consistent with their role as a key part of a nation’s critical infrastructure.