Cybersecurity is one of the most challenging aspects in the modern Information and Communications Technology (ICT) era, including space applications. The Consultative Committee for Space Data Systems (CCSDS) is issuing and updating reports and standards to address this problem in the space sector. It defined the format of secure frames to protect data with different security features and the corresponding cryptographic algorithms to be applied. Among them, the Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) is the only one that constitutes a comprehensive solution for the simultaneous confidentiality, integrity, and authentication of data (i.e. authenticated encryption). In this work, we present a configurable and scalable architecture for implementing hardware AES-GCM modules aimed at securing space applications compliant with the CCSDS specifications. The proposed architecture was designed using SystemVerilog and characterized in terms of trade-offs between resource utilization and maximum frequency by analyzing the implementation results on a space-grade KU060 FPGA. Indeed, the configurability at the synthesis level of the proposed architecture supports different approaches that can be exploited to find the most efficient solution for the target application. For this reason, we present two use cases for the integration of the proposed security module in a transmitter for CCSDS-compliant telemetry (TM) applications. The corresponding results confirm the adaptability of our solution in different application scenarios thanks to its configurability. In addition, they show that our module offers long-term protection in terms of classical and post-quantum security for modern space applications with a minimum resource cost of 672 Configurable Logic Blocks (CLBs), i.e. 1.6% of the FPGA resources.

A Scalable and Configurable Architecture for Hardware Authenticated Encryption Modules Compliant with the CCSDS Security Specifications

Crocetti, Luca
Primo
;
Fanucci, Luca;
2024-01-01

Abstract

Cybersecurity is one of the most challenging aspects in the modern Information and Communications Technology (ICT) era, including space applications. The Consultative Committee for Space Data Systems (CCSDS) is issuing and updating reports and standards to address this problem in the space sector. It defined the format of secure frames to protect data with different security features and the corresponding cryptographic algorithms to be applied. Among them, the Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) is the only one that constitutes a comprehensive solution for the simultaneous confidentiality, integrity, and authentication of data (i.e. authenticated encryption). In this work, we present a configurable and scalable architecture for implementing hardware AES-GCM modules aimed at securing space applications compliant with the CCSDS specifications. The proposed architecture was designed using SystemVerilog and characterized in terms of trade-offs between resource utilization and maximum frequency by analyzing the implementation results on a space-grade KU060 FPGA. Indeed, the configurability at the synthesis level of the proposed architecture supports different approaches that can be exploited to find the most efficient solution for the target application. For this reason, we present two use cases for the integration of the proposed security module in a transmitter for CCSDS-compliant telemetry (TM) applications. The corresponding results confirm the adaptability of our solution in different application scenarios thanks to its configurability. In addition, they show that our module offers long-term protection in terms of classical and post-quantum security for modern space applications with a minimum resource cost of 672 Configurable Logic Blocks (CLBs), i.e. 1.6% of the FPGA resources.
2024
978-9-0903-8704-8
979-8-3503-6943-4
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1255428
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact