Securing the Link - Fitting Authentication into an Existing Space Link Implementation

Stakeholders in space missions are depending to a high degree on the availability of the information obtained by the spacecraft. At the same time, the number of potential threats to mission infrastructure has increased. This is mostly due to the use of open standards in communications and the easy access to space communication hardware. New space missions should consider to implement certain security measures to respond to security threats. Common security techniques as implemented in -- for example -- internet communication can usually not directly be applied to space missions, due to the different nature of the space missions. Nevertheless, the general ideas behind the implementation of security features can serve as well-established baselines to develop space specific security protocols. On top of security concerns, space-faring entities like the European Space Agency (ESA) are taking measures to reduce cost of the space mission. For many missions, ESA has followed a delta development approach which includes extensive software reuse for the development of operational ground software for space missions. A new mission is reusing well-established kernels for the ground software in order to reduce effort for design, development, validation and maintenance. This approach of mission families is well proven and has already led to enormous cost savings regarding development and maintenance costs. For the fleet of Sentinel spacecraft, command authentication is added as new requirements on the uplink to the spacecraft. As such a feature on the commanding channel is new with respect to previous missions and as the commanding chain is a complex and well-reused aspect of the ground software, special care had to be taken for the design and implementation of the Mission Control System for the Sentinel spacecraft. This paper presents the command authentication methodology used for the Sentinel spacecraft and how those new requirements on the ground software are included into th- reused commanding infrastructure. The necessary steps taken in order to ease reusability and also maintainability are highlighted.