A CCSDS command authentication scheme

The CCSDS (Consultative Committee for Space Data System) compatible format has been adopted by some advanced spacecraft. The uplink command packets that are encapsulated into the multiplexing protocol data units (MPDUs) in the CCSDS virtual channel data units (VCDU) are normally encrypted to provide command message authentication and confidentiality for safeguarding spacecraft operation control. Since the command messages are sometimes required to be transmitted in the clear mode without encryption, command authentication is more important than command encryption as far as the spacecraft control is concerned. It is essential to implement a strong authentication scheme at the VCDU layer to enhance security. In this paper, a scheme which utilizes the existing crypto sync in the CCSDS VCDU insert zone field as the command message digest (MD) and employs a hybrid secret prefix/suffix digital signature in use with the US secure hash function (SHA-1) and GMT timing codes, is proposed for securing spacecraft command messages. This hybrid secret prefix/suffix scheme will strongly safeguard commands if they are transmitted in the clear mode while the GMT time codes will repel the replay attack. In the proposed scheme, no additional overhead for the VCDU is required and the data interface will also not be impacted.