Riga Technical University, Latvia
Faculty of Electronics and Telecommunications
December 8, 2021
Cryptographic algorithms in Satellite communications
Study of the Advanced Encryption Standard (AES)
and its utilization for Space applications
Marwa Kadhem
ABSTRACT
The Advanced Encryption Standard (AES) has been around for 11 years. It became generally recognized as the standard in many security-related applications, including the
computer network security protocol, known as TLS. Most recently, the demand to protect the sensitive and valuable data transmitted from satellites to ground has increased,
and hence the need to use encryption on-board. In this context, the AES is by far the
preferred option to encrypt satellites data. This paper introduces the need for satellite
encryption, defines some cryptography fundamentals, before investigating the use of the
AES for space applications.
KEYWORDS
Cryptography, cryptanalysis, symmetric-key encryption, block cipher, stream cipher,
public-key encryption, Advanced Encryption Standard, Rijndael algorithm, satellites,
space.
LIST OF ABBREVIATIONS
3-DES
Triple Data Encryption Standard
AES
Advanced Encryption Standard
CBC
Cipher Block Chaining
DES
Data Encryption Standard
DSS
Digital Signature Standard
ECC
Elliptic Curve Cryptography
ESA
European Space Agency
GB
Ground Base
IETF
Internet Engineering Task Force
IT
Information Theory
IV
Initialization Vector
KSA
Key Scheduling Algorithm
NASA
National Aeronautical and Space Administration
NIST
National Institute of Standards and Technology
OBC
On-Board Computer
OSI
Open Systems Interconnections
OTP
One-Time Pad
RC4
Rivest Cipher 4
RSA
Rivest–Shamir–Adleman
SC
Spacecraft
SPN
Substitution–Permutation Network
TCP
Transmission Control Protocol
TLS
Transport Layer Security
VPN
Virtual Private Network
WEP
Wired Equivalent Privacy
TABLE OF CONTENTS
1 INTRODUCTION
5
2 STAKES OF SECURITY FOR SPACE-GROUND COMMUNICATION LINKS
2.1 General introduction to Satellite Telecommunications . . . . . . . . . . . .
2.2 The need for Satellite Encryption . . . . . . . . . . . . . . . . . . . . . . . .
6
6
8
3 GENERALITIES ON CRYPTOGRAPHIC ALGORITHMS
3.1 Symmetric-key cryptography . . . . . . . . . . . . . .
3.1.1 Block cipher . . . . . . . . . . . . . . . . . . . .
3.1.2 Stream cipher . . . . . . . . . . . . . . . . . . .
3.2 Public-key cryptography . . . . . . . . . . . . . . . . .
3.2.1 Key generation for public-key cryptography . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
10
10
11
12
14
15
4 ADVANCED ENCRYPTION STANDARD (RIJNDAEL ALGORITHM)
4.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2 Working principle . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2.1 Substitution–Permutation Network . . . . . . . . . . . . . .
4.2.2 Rijndael algorithm . . . . . . . . . . . . . . . . . . . . . . .
4.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
16
16
16
16
17
20
5 SATELLITE ENCRYPTION
5.1 Satellite encryption issues: Error Control
5.2 Uplink encryption . . . . . . . . . . . . .
5.3 Downlink encryption . . . . . . . . . . .
5.4 Future of Satellite Encryption . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
22
22
22
23
23
6 CONCLUSION
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
24
Cryptographic Algorithms in Satellite Communications
1
INTRODUCTION
Given the recent attacks on satellite data, the necessity to protect sensitive and important data transferred from satellites to Earth has grown, as has the need to deploy onboard encryption. The Advanced Encryption Standard (AES), which is widely used in
terrestrial communications, is gradually gaining favour in the aerospace industry, including satellites. Satellite computer systems have limited power and processing resources,
which should be considered during the preliminary requirement review. Satellites operate in a severe radiation environment, therefore any on-board electronic equipment, including the encryption processor, is vulnerable to radiation-induced bit-errors. To avoid
inaccurate data transmission to the ground station, the processor in charge of encryption should not only use less power but also be resistant to radiation-induced bit-errors.
The goal of this study is to investigate at the usage of cryptographic algorithms in space
technologies, primarily satellite communications. Although it is feasible to employ various algorithms rather than the AES, it will remain the primary focus of this report. Furthermore, this paper will provide a thorough explanation of the fundamentals of cryptography, and hence of the AES.
5|25
Cryptographic Algorithms in Satellite Communications
2
STAKES OF SECURITY FOR SPACE-GROUND COMMUNICATION LINKS
Since the launch of the first man-made satellite known as Sputnik 1, satellite technology
has rapidly evolved to be one of the cornerstones of our modern lifestyle. Ranging from
astronomy and scientific research to navigation, Earth monitoring and communications,
satellites have at multiple occasions proven to be the main scientific tools of the 20th
and 21th centuries. The particular place that they hold in our society makes it critical to
protect satellite communications.
2.1
General introduction to Satellite Telecommunications
Before explaining the need for satellite encryption, the concept of satellite communication categories has to be addressed. There are, on one hand, the satellites that exchange
information exclusively with the Earth. They are commonly referred to as "Type 1" satellites. On the other hand, the satellites that have extra-planetary links with at least one
other satellite are included in the second category, known as "Type 2" satellites.
The definition of communication is also important in this context: communication is an
operation that occurs between two or more entities. If we simplify the process, it only
involves:
• The sender (Alice): this is essentially the encoder of information to be relayed.
• The receiver (Bob): this is the intended target and decoder of the information sent.
• The message: this is the raw information that is being conveyed, to which meaning
and/or understanding is later added.
The definition of communication given above can be applied to absolutely any communication: between humans, machines, animals etc. However, if we apply this general definition to satellite communications, new terms are used in the field of space telecommunications engineering. To begin with, the sender and the receiver are not static, meaning
that the sender can become the receiver and vice versa. This is mainly why the notion of
link needs to be introduced. The satellite (sender) sending data to the ground station (receiver) is referred to as the downlink. In the contrary, when the ground station (sender)
sends data to the satellite (receiver), we use the term uplink. As expressed implicitly
earlier, messages in satellite communications are packs of crucial data. The ground station (GB) uses the uplink to send control commands to the On-Board Computer (OBC)
of the satellite. The satellite responds then through the downlink with data giving to GB
information on the attitude, trajectory and location and/or collected scientific data. Of
course, these are just examples of the nature of the data sent by satellites to GB.
Figure 1: A comparison of "Type 1" and "Type 2" satellites.
6|25
Cryptographic Algorithms in Satellite Communications
Regardless of the mission, a subsystem that must exist in all satellites is the communication subsystem that enables the spacecraft to communicate with the ground stations
that control the satellite and to deliver the data that the mission requires. Therefore, it
is also important to focus on the architecture and functionalities of the communications
subsystem that resides on the satellite. The space segment consists of all the equipment
carried by the spacecraft (SC) required for the mission. The ground segment consists
of all the facilities, and equipment that are used to monitor and control all the assets in
space.
The communication subsystem itself is formed by antennas and transceivers to be able to
communicate with the GB, sending collected data and receiving instructions from them.
These instructions are processed by the spacecraft’s main computer (OBC) or certain
components from the On-board Data Handling (OBDH) subsystem. The requirements
that drive the design of communications subsystems are:
• Visibility or access: ability to communicate with the spacecraft requires clear field
of view to the receiving antenna and appropriate antenna gain.
• Frequency band: selection based on bands approved for spacecraft use by international agreement managed by the International Telecommunication Union (ITU).
Standard bands are S (2 GHz), X (8 GHz) and Ku (12 GHz). UHF/VHF bands are
also used.
• Baseband data characteristics: data bandwidth and allowable error rate determine
RF power level for communications.
Satellite missions are systematically built on requirements, defined during Phase A (feasibility study), including available power, data transmission rate and minimum acceptable error rate. The communication subsystem is then sized and designed in compliance
with these requirements. To do so, the data bandwidths of the uplink and downlink
are identified and frequency bands are selected before preparing power budgets for both
links. Once these tasks are fulfilled, the equipment is carefully selected depending on
their performances. The basic communications subsystem equipment consists of a transmitter, a receiver, an antenna and a RF diplexer (same antenna for transmitters operating on multiple frequencies).
Figure 2: Downlink for a satellite using S-band frequencies and showing the composition
of the space and ground segments.
7|25
Cryptographic Algorithms in Satellite Communications
2.2
The need for Satellite Encryption
In most satellite missions, data encryption techniques are required in order to secure a
communications channel. There are two specific reasons for this. To begin with, humans cannot be entirely trustworthy private data and information. In fact, refusing to
encrypt the messages would imply that there is no possibility that the data could be intercepted, decoded, used and/or tampered with by non-authorized individuals. As it has
been highlighted before, satellites, holding a tremendous amount of sensitive information, cannot be put at risk by not protecting the communication links. Imagine that for
a particular satellite mission the uplink wasn’t encrypted: it would mean that anybody
with knowledge in telecommunications could send control instructions to the satellite in
orbit, and therefore lead to its destruction. If it’s the downlink that is not correctly protected, it would mean, as stated earlier, that the data could be accessible and understood
by anyone. The first scenario is way more dangerous since it could lead million dollars’
worth scientific equipment to be lost. Moreover, for many missions the downlink is not
as important to encrypt. For instance, satellites launched in space to conduct scientific
research provide data that is almost instantly publicly published by the owner (often
space agencies like the European Space Agency or the National Aeronautics and Space
Administration).
The second reason why communication links encryption can be necessary is physical.
Imagine a "Type 1" satellite orbiting around the Earth performing a downlink with a
parabolic antenna, commonly called a dish antenna. This type of antennas are widely
used because they help focusing the signal, which propagates in space in a conical way,
until it reaches the surface of the Earth. The consequence of that is that the signal may
be intercepted in a wider geographic area around the targeted ground station (GB). This
geographic area, within the signal is theoretically accessible, can be calculated knowing
the altitude and the focal precision of the parabolic antenna but cannot be controlled in
any way by the satellite’s owners. Without encryption, anyone within range of the signal
with the knowledge and the equipment could receive the data. In this scenario, the only
solution left for the owner is to encrypt the downlink. The same issue happens for "Type
2" satellites since thousands of satellites are currently in Low Earth Orbits (LEO) and the
probability of the extraplanetary communication being intercepted by a random satellite
is high enough.
Figure 3: NASA’s RainCube nanosatellite (2017), the dish antenna oriented towards the
Earth was packed using Origami technique.
Encryption aims to provide a number of security services. These are defined below:
• Confidentiality: to keep the data accessible only to authorized individuals.
• Integrity: to make sure that the data is not tampered with, meaning not modified,
deleted or inserted with some other data by unauthorized individuals.
8|25
Cryptographic Algorithms in Satellite Communications
• Authentication: the sender of a message is known and can be retraced if needed.
• Non-repudiation: to prevent both the sender and the receiver from denying previous commitments or actions. Here, we can trace what the receiver or the sender
has transmitted.
• Access control: to define the level of authorization and access to the data for each
user.
The sensitivity of the information to be communicated must also be considered. Different organizations have different reasons for guaranteeing the security of satellitetransmitted messages. An individual may, for example, want their private phone calls
or bank account information secured. A company may also want to keep its confidential
information out of the hands of competitors, while the government may want to keep
its military communications and national security secrets from being intercepted or discovered by an adversary. The sensitivity of data conveyed by satellite, as with terrestrial
communications, must decide the extent to which that data is protected. Citizens, companies, and governments must be guaranteed that their sensitive data will not be exposed
to unacceptable danger if the growing global information society is to fully benefit from
satellite-based communications. With these factors in mind, satellite encryption will almost probably play a significant part in humanity’s future advancement.
9|25
Cryptographic Algorithms in Satellite Communications
3
GENERALITIES ON CRYPTOGRAPHIC ALGORITHMS
The application and study of mechanisms for secure communication in the face of malicious conduct is known as cryptography. Cryptography, in a broader sense, is the development and analysis of protocols that prohibit third parties or the general public from
accessing private messages.
3.1
Symmetric-key cryptography
Symmetric-key algorithms are cryptographic algorithms that employ the same cryptographic keys for both plaintext encryption and ciphertext decryption. The keys could be
the same or there could be a simple change between them. The keys, in theory, constitute
a shared secret between two or more entities that can be utilized to keep a confidential
information access. One of the primary weaknesses of symmetric encryption is that both
parties must have access to the secret key.
The Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are two
of the most widely used symmetric encryption standards. Following the release of AES,
DES was phased out and replaced by 3-DES. 3-DES works by repeating the DES algorithm three times instead of one. If a strong key is used, this prohibits additional bruteforce attacks. As previously indicated, symmetric keys are used in some Virtual Private
Networks (VPN).
There are two kinds of symmetric encryption algorithms. The first type is called a block
cipher, and the second a stream cipher. Block and stream ciphers make different assumptions about the environment in which they operate, making each more effective than the
other at different protocol layers (see table 1).
Table 1: 7-layers Open Systems Interconnection (OSI) model.
10|25
Cryptographic Algorithms in Satellite Communications
3.1.1
Block cipher
A block cipher is a deterministic technique in cryptography that employs groups of fixedlength bits known as blocks. A deterministic algorithm is one that, given a specific
input, always produces the same output. Deterministic algorithms are by far the most
well-known sort of algorithm. Fundamentally, a deterministic algorithm computes a
mathematical function: a function has a unique value for each input, and the algorithm
is the process that produces this value as an output.
Block ciphers are commonly used to achieve large-scale data encryption, including information exchange protocols. A safe block cipher can even encrypt a single block of
data at a time with a specific key. A variety of modes of operation have been developed
to enable their repeated usage in a safe manner while maintaining the security services
of confidentiality and authenticity. Block ciphers, on the other hand, may be utilized as
building blocks in other cryptographic protocols like universal hash functions and pseudorandom number generators.
A block cipher is composed of two algorithms: one for encryption E and the other for
decryption D. The encryption function can be mathematically defined as the following:
EK : {0, 1}k × {0, 1}n −→ {0, 1}n
P 7−→ EK (P ) = E(P , K)
(1)
Where,
• E: encryption function
• P : input block from the plaintext
• K: cryptographic key
• k: bit-length of the key K
• n: bit-length of the block P
The encryption function returns as an output the block of size n referred to as C for
ciphertext. The decryption D is then simply defined as the inverse function of the encryption. In other words,
DK : {0, 1}k × {0, 1}n −→ {0, 1}n
C 7−→ DK (C) = EK −1 (C)
(2)
Where,
• D: decryption function
• C: input block from the ciphertext
It will return the original variable P of size n, meaning the plaintext. One property
of block ciphers is that the bit-length of the plaintext and the ciphertext will always be
equal both for encryption and decryption. The key, which is algorithm based, is able to
select the permutation of its bijective mapping from 2n.
A block cipher mode of operation in cryptography outlines how a cipher’s single block
algorithm can be used repeatedly to safely transform data sets larger than one block. For
each encryption process, most modes require a unique binary sequence, known as an
initialization vector (IV). The IV must be non-repeating and, in some cases, random. The
IV is used to ensure that different ciphertexts are created even if the same plaintext is
11|25
Cryptographic Algorithms in Satellite Communications
encrypted with the same key numerous times independently. In other words, randomness is added in the encryption algorithm. This concept is often termed as probabilistic
encryption.
Numerous modes of operation have been developed to this day, but Cipher-Block Chaining (CBC), invented in 1976, is probably the most popular of them. The idea behind CBC
is quite simple: each block of plaintext is XORed (symbol ⊕) with the previous ciphertext
block before being encrypted. This way, each ciphertext block depends on all plaintext
blocks processed up to that point. As mentioned earlier, an initialization vector must be
used in the first block to make each message unique (see figure 4).
Figure 4: Working principle of Cipher-Block Chaining (CBC).
Moreover, CBC can be disassembled as round functions, where one round function corresponds to one block cipher encryption function EK . The total number of rounds is then
noted r. Mathematically speaking (see equation 3), the ciphertext (Ci )i∈[0,r] is a sequence
defined by recursion and initialized knowing that the first ciphertext is equal to the IV.
(
C0 = IV
(3)
Ci = EK (Pi ⊕ Ci−1 )
In an XOR operation, if the two inputs are different, the resultant is TRUE or 1. If the
two inputs are the same, the resultant value is FALSE or 0. In the example 1 presented
below, line 1 represents the plaintext and line 2 represents a random ciphertext, here the
IV. Line 3 is a ciphertext produced by a XOR operation between line 1 and 2. If, and only
if, just one of the items has a value of TRUE, the results of the XOR operation will be
TRUE.
1
2
3
Plaintext P: 1001110101101111
Initialization Vector IV: 1000110101001001
P ⊕ IV: 0001000000100100
Example 1: XOR operation between a plaintext and an IV random bits series.
3.1.2
Stream cipher
A stream cipher considers data to be a continuous stream and encrypts/decrypts it one
bit at a time. Stream ciphers are typically designed in such a way that each encrypted bit
is dependent on all previous encrypted bits. Only if all bits arrive in the correct order
can decryption be performed. The random access property is absent in the majority of
stream ciphers. This means that stream ciphers in network protocols can only be used in
conjunction with a trustworthy data transmission service, such as Transmission Control
Protocol (TCP). As a result, they only function properly below the transport layer when
12|25
Cryptographic Algorithms in Satellite Communications
used in conjunction with consistent data links (refer to table 1).
Stream ciphers are interesting for implementation because they may frequently achieve
substantially better throughputs (amount of processed data) than block ciphers. Rivest
Cipher 4 (RC4) is an example of a well-known stream cipher (see figure 6). Stream
ciphers do not normally use a mode of operation or an initialization vector, at least not
in the same way that a block cipher does. Instead, a random number generator is used
to generate a sequence of bits that appear random, known as a keystream, which is
then XORed one bit at a time with the plaintext data to produce ciphertext (see figure
5). The seed value serves as the cryptographic key for decryption, which is the same
operation because XOR is an idempotent1 operation: the same keystream is created and
XORed with the ciphertext to retrieve the plaintext. Because stream ciphers do not use
initialization vectors, Internet protocols that use stream ciphers rely on the sender and
receiver’s capacity to keep their keystream generators synced for each bit transferred.
Figure 5: Working principle of stream cipher encryption.
Stream ciphers are similar to the action of the one-time pad (OTP). A one-time pad generates the ciphertext by combining a keystream with the plaintext’s bits one at a time. In
1949, Claude Shannon2 demonstrated that this system was unbreakable. The keystream,
on the other hand, must be fully random, at least the same length as the plaintext, and
cannot be used more than once. As a result, with the exception of the most important
applications such as key generation, distribution and management, the OTP has not been
widely employed.
Figure 6: Schematic representation of RC4.
1 Idempotent: operation that has no additional effect if it is called more than once with the same input
parameters. In mathematics, it means that f f (x) = f (x).
2 Claude Elwood Shannon (1916-2001): American mathematician, electrical engineer, and cryptographer known as the founder of Information Theory (1948). C. Shannon contributed to the field of cryptanalysis for national defence during World War II.
13|25
Cryptographic Algorithms in Satellite Communications
The RC4 algorithm stayed the preferred option for stream cipher algorithms since its
creation in 1987 by Ron Rivest until 2015, when numerous vulnerabilities in the encryption algorithm have been found. This led the Internet Engineering Task Force (IETF) to
strongly prohibit the use of RC4 for the TLS protocol. The insecurity of RC4 relies on
the fact that a non-random keystream or a keystream that is not completely discarded
can lead to stream cipher attacks or related-key attacks3 . As a matter of fact, the Wired
Equivalent Privacy4 (WEP) standard has ended because of these types of attacks made
possible by the use of RC4. A simplified representation of the WEP encryption standard
is shown figure 7.
Figure 7: Working principle of WEP encryption.
3.2
Public-key cryptography
This section discusses asymmetric encryption, which uses a pair of keys rather than a
single key as in symmetric encryption. Because this single-key encryption between the
two entities requires each side to have its own secret key, the number of keys grows as the
number of entities grows. Each pair consists of a public key and a private key. Effective
security necessitates keeping the private key private, but the public key can be freely
distributed without jeopardizing security. The production of such key pairs is dependent
on cryptographic methods, which are based on mathematical problems known as oneway functions5 .
Figure 8: Encryption and decryption process for a message sent from Alice to Bob.
3 Related-key attack: type of attack where the attacker knows some mathematical relationship connecting the keys and is able to observe the operations of a cipher under different keys.
4 Wired Equivalent Privacy: security algorithm for IEEE 802.11 wireless networks. It was ratified as a
Wi-Fi security standard in 1999.
5 One-way function: function easy to compute on every input, but computationally complex to invert
given the image of a random input.
14|25
Cryptographic Algorithms in Satellite Communications
In asymmetric encryption, public keys can be shared with everyone in the system. Once
the sender Alice has the public key of the recipient Bob, she uses it to encrypt his message. The ciphertext can only be decrypted by using Bob’s private key (refer to figure 8).
The major issue with public-key cryptography is that as the number of entities grows,
the distribution of keys becomes unmanageable. Of course, using the same keys for a
long time makes it more vulnerable to attacks. As a result of these inherent issues, when
working with large amounts of data, symmetric encryption is seen to be more practical.
Digital signatures are the most notable use of public-key cryptography: the message
is signed with the sender’s private key and can be verified by anybody who has access
to the sender’s public key. This verification demonstrates that the sender had access to
the private key and is hence very likely to be the person connected with the public key.
This also means that the message has not been tampered with, because a signature is
mathematically related to the message from which it was created, and verification will
fail for almost any other message.
3.2.1
Key generation for public-key cryptography
The public and private keys are not technically speaking real keys, but rather extremely
big prime integers that are mathematically bounded to one another. Being correlated
in this context means that whatever the public key encrypts can only be decrypted by
the related private key. Knowing the public key does not allow one to guess the private key.There are several well-known mathematical algorithms that are used to produce
public and private keys:
• Rivest–Shamir–Adleman (RSA): oldest of the public-private key cryptography systems, it was first described in 1977.
• Digital Signature Standard (DSS): an information processing standard specifying
the algorithms that can be used to generate digital signatures used by the NIST.
• Elliptic curve cryptography (ECC): it relies on algebraic structure of elliptic curves
to generate keys. ECC allows smaller keys compared to non-EC cryptography to
provide equivalent security.
A Rivest–Shamir–Adleman (RSA) user generates and distributes a public key based on
two large prime numbers and an auxiliary value (see algorithm 1). The prime numbers
are not revealed. Messages can be encrypted by anyone using the public key, but only
those who know the prime numbers can decode them. RSA’s security is based on the
mathematical complexity of factoring the product of two large prime numbers6 . If a
large enough key is employed, there seem to be no ways of breaking the system.
Select p, q
Calculate n = p × q
Calculate φ(n) = (p − 1)(q − 1)
Select integer e
Calculate d
Public Key
Private key
p, q prime numbers
gcd φ(n), e = 1,
d = e−1 modφ(n)
P K = e, n
SK = d, n.
1 < e < φ(n)
Algorithm 1: RSA key generation algorithm.
6 Factoring problem: there is no efficient and non-quantum factorization algorithm capable to perform
prime factorization when the numbers are sufficiently large. However, it has not been demonstrated that
such algorithms does not exist.
15|25
Cryptographic Algorithms in Satellite Communications
4
ADVANCED ENCRYPTION STANDARD (RIJNDAEL ALGORITHM)
4.1
History
Following the rise of brute-force attacks on the Data Encryption Standard (DES), the
National Institute of Standards and Technology (NIST) challenged cryptographers to develop an alternative to the existing algorithms. The newest, more powerful encryption
method, according to the NIST, will be unclassified and must be "capable of protecting
sensitive government information well into the twenty-first century." It was designed to
be simple to implement in hardware and software while providing adequate defences
against diverse attack approaches.
The NIST chose five finalists from an initial short list of over 15 proposals to evaluate in
developing a new standard for the encryption of sensitive unclassified information. The
MARS, RC6, Serpent, and Twofish algorithms all offered strong arguments, but it was
the Rijndael encryption algorithm that was ultimately chosen as the standard symmetric
key encryption algorithm. Its selection was formalized in 2001.
The technique was developed by Belgian cryptologists Vincent Rijmen and Joan Daemen
of Kathlieke Universiteit Leuven and Proton World International respectively. Rijndael is
based on SQUARE7 , an encryption algorithm invented by the two cryptographers previously, although it was meant to be an improvement based on three guiding principles:
• Resistance to all known attacks.
• Speed and compactness of source code on a number of computing platforms.
• Simplicity of design.
4.2
Working principle
In this section, we will explain the principle of Substitution-Permutation Networks, on
which the AES is based. After that, the Rijndael algorithm will be investigated in order
to properly understand how it is operated to perform symmetric-key encryption.
4.2.1
Substitution–Permutation Network
AES is based on the Substitution–Permutation Network (SPN) design principle. A network of this type takes a plaintext block and the key as inputs and generates the ciphertext block using numerous alternating rounds or layers of substitution boxes (S-boxes)
and permutation boxes (P-boxes).
An S-box replaces a small block of bits with another block of bits. To ensure decryption,
this substitution should be a mathematical bijective function8 . One of the requirements
to make sure that the reverse operation is possible is that the input’s length should be
equal to output’s length. An S-box isn’t always just a permutation of bits. Instead, a good
S-box will have the property that changing one input bit will change roughly half of the
7 SQUARE: block cipher published in 1997, which is a forerunner to Rijndael adopted as the AES. Square
was introduced together with a new form of cryptanalysis discovered by Lars Knudsen, called the "Square
attack".
8 Bijection: function between the elements of two sets, where each element of one set is paired with
exactly one element of the other set, and each element of the other set is paired with exactly one element of
the first set.
16|25
Cryptographic Algorithms in Satellite Communications
output bits according to what is referred to as to the avalanche effect9 . It will also have
the feature that each output bit being dependent on each input bit.
A P-box is an all-bit permutation: it takes the outputs of all the S-boxes from one round,
permutes the bits, and feeds them into the S-boxes of the following round. A good P-box
has the property of distributing the output bits of any S-box to as many S-box inputs as
possible.
At each round, a new round key is obtained from the previous key with some simple
operations, for instance, using S-boxes and P-boxes. It then combined using typically the
XOR operation (see figure 9).
Figure 9: Representation of a 3 rounds SPN used to encrypt a 16 bits plaintext.
4.2.2
Rijndael algorithm
The Rijndael algorithm uses a fixed block size of 128 bits, and a key size of 128, 192,
or 256 bits. It operates on a 4 × 4 square matrix of bytes10 that is commonly referred to
as the state matrix. As for any SPN, the Rijndael algorithm requires a certain number
9 Avalanche effect: property of cryptographic algorithms, wherein if an input is changed slightly, the
output changes significantly.
10 Byte: unit of digital information that consists of eight bits.
17|25
Cryptographic Algorithms in Satellite Communications
of rounds to properly perform encryption. The number of rounds is deduced from the
cryptographic key length (see table 2).
Key length
Number of rounds
128-bits
10
192-bits
12
256-bits
14
Table 2: Number of rounds needed according to the chosen cryptographic key length.
The Rijndael algorithm works by following the steps detailed below and illustrated figure
10.
• Key expansion: the goal of this step is to expand the original cipher key into a
number of separate 128-bits round keys. The algorithm used to do so is called the
AES key schedule.
• Pre-round transformation:
1. AddRoundKey – each byte of the state matrix is XORed with a byte of the
round key.
• Rounds:
1. SubBytes – each byte is substituted with another according to a lookup table11 .
2. ShiftRows – the last 3 rows of the state matrix are shifted cyclically a certain
number of steps.
3. MixColumns – the 4 bytes in each column are combined through a linear operation.
4. AddRoundKey – each byte of the state matrix is XORed with a byte of the
round key.
• Last round:
1. SubBytes – each byte is substituted with another according to a lookup table.
2. ShiftRows – the last 3 rows of the state matrix are shifted cyclically a certain
number of steps.
3. AddRoundKey – each byte of the state matrix is XORed with a byte of the
round key.
As explained before the role of the Key Schedule Algorithm (KSA) of Rijndael is to produce the needed round keys from the initial key, which is the cryptographic key chosen
for the symmetric encryption. The KSA of AES is reported below (refer to algorithm 2).
The total number of rounds is marked as r, whereas RCON refers to the round constant,
which is allocated to a different binary value according to the round index. Nk corresponds to the key-length and the parameter K quite evidently refers to the value of the
key. RotWord and SubWord are two functions respectively defined as a one-byte left circular shift and a Rinjdael S-box. W is then the output of the algorithm, in other words it
is the extended keys.
11 Lookup table: pre-calculated table that replaces runtime computation with a simpler array indexing
operation.
18|25
Cryptographic Algorithms in Satellite Communications
for i = 0, ..., Nk − 1 do
W [i] = K[i];
end for
for i = Nk , ..., 4(Nr + 1) − 1 do
temp ← W [i − 1];
if i mod Nk == 0 then
temp ← SubW ord(RotW ord(temp)) ⊕ RCON [i/Nk ];
end if
if Nk = 8 and i mod 8 == 4 then
temp ← SubW ord(temp);
end if
W [i] ← W [i − Nk ] ⊕ temp;
end for
Algorithm 2: AES Key Schedule algorithm
Once round keys are generated, the Rinjdael goes through different rounds that are composed of 4 steps except for the pre-round transformation and the last round. In fact, before going through the first round, a AddRoundKey is operated and consists of XORing
the initial state matrix with the first round key. The first round starts with the SubBytes
operation, in which each byte bi,j in the state matrix is replaced with a sub-byte S(bi,j )
using an 8-bit S-box (see section 4.2.1). The Rijndael S-box is, to be more accurate, a
lookup table, meaning that its a simple indexing operation using a pre-defined table (table 3). Note that initially, the state matrix is simply filled with the input plaintext. This
operation provides the non-linearity in the cipher.
Figure 10: Schematic representation of encryption with Rijndael.
19|25
Cryptographic Algorithms in Satellite Communications
Table 3: Rijndael S-Box look-up table.
After the SubBytes operation comes ShiftRows. As the name implies, it cyclically shifts
the bytes in each row by a specified distance. The first row is left unaltered for AES.
Each byte in the second row is moved to the left by one. Similarly, the third and fourth
rows are shifted by two and three offsets, respectively, though this might vary greatly
depending on the variant of the Rijndael algorithm used. As a result, each column of the
ShiftRows operation’s output state matrix is constituted of bytes from each column of
the input state matrix. The significance of this step is that it prevents the columns from
being encrypted individually.
The following operation is called MixColumns: an invertible linear transformation is
used to combine the four bytes of each column of the state matrix. The MixColumns
operation accepts four bytes as input and returns four bytes, with each input byte affecting all four output bytes. Diffusion in the cipher is provided by MixColumns. The state
matrix is multiplied by a constant matrix, which can be expressed mathematically as the
polynomial:
c(z) = 0316 · z3 + 0116 · z2 + 0116 · z + 0216
(4)
The round is then finalized with the AddRoundKey operation, where The round key
generated by KSA is XORed to the state matrix.
4.3
Security
Using brute-force attacks, AES 256 is essentially unbreakable. While a 56-bit DES key
can be cracked in less than a day, with current computer capability, AES would take billions of years to crack. However, no encryption algorithm is completely safe. Researchers
that have studied AES have discovered a few possible entry points. They found a probable related-key attack in 2009. This method of cryptanalysis tries to crack a cipher
by watching how it works with different keys. Fortunately, the related-key attack only
threatening to AES systems that have been improperly designed.
20|25
Cryptographic Algorithms in Satellite Communications
The same year, a known-key distinguishing attack was launched against AES 128. The
attack made advantage of a known-key to decipher the encryption scheme. However,
because the attack only targeted an 8-round variant of AES 128 rather than the regular
10-round version, it would not pose a significant danger.
Because the AES encryption is so safe, the greatest threat is from side-channel attacks.
These do not attempt a brute-force attack, but rather aim to gather information from the
system’s leaks. To figure out how the security algorithms function, hackers can listen in
on noises, electromagnetic signals, time information, or power consumption.
Side-channel attacks can be avoided by deleting information leaks or disguising the exposed data (by creating additional electromagnetic signals or noises) so that it no longer
yields relevant information. Side-channel vulnerabilities can be avoided by carefully implementing AES. Moreover, even the most robust cryptographic systems may be breached
if a hacker has access to the key itself. As a result, using strong passwords and multifactor authentication is vital to the overall security.
AES 256 is one of the most safe encryption methods due to its open nature, in addition
to its advanced technology. AES is continuously being studied by researchers in order to
identify any potential flaws. When one is detected, users can take action to resolve the
problem.
21|25
Cryptographic Algorithms in Satellite Communications
5
SATELLITE ENCRYPTION
The goal of this section is to understand the different factors that enter into account in
the design of an encryption system for satellite communications.
5.1
Satellite encryption issues: Error Control
One issue that all types of satellite encryption face is signal deterioration. Satellite signals
are often sent over great distances using relatively low power transmissions, and they
must regularly cope with a wide range of interference, including terrestrial weather, solar
and cosmic radiations, and a variety of other electromagnetic noise. Such disruptions
might result in inaccuracies or gaps in the signal that transports a satellite transmission
from its origin to its destination. Depending on the encryption technique used, this
scenario might be particularly troubling for encrypted satellite communications, since
even a single-bit error12 can result in the entire encrypted message being irretrievably
unusable. To address this issue, Error Control can be employed, which entails both the
detection of bit errors (checksums or cryptographic hash functions) and their correction
using complex algorithms (automatic repeat request ARQ, forward error correction FEC).
However, error-correcting codes extend the length of the message and, therefore the time
necessary to transmit the message. As a result, a satellite’s real communications capacity
is frequently lower than its theoretical capability.
5.2
Uplink encryption
Protecting a transmission from a GB to a satellite necessitates an assessment of the value
of the data being conveyed. The goal of the communication must be considered while
deciding the encryption algorithm to utilize. There are two sorts of transmissions for the
uplink:
• Control commands: they instruct the satellite to do one or more specified tasks
(for instance, attitude control, use of the propulsion system etc.);
• Transmissions-in-transit: they are meant to be retransmitted to the GB or to another SC.
Control commands are not only valuable, but they are also not normally exposed to the
same low-latency requirements as transmissions-in-transit. Because the control of the
satellite might be lost if control commands are intercepted and hacked, control commands should always be highly encrypted.
What remains are transmissions-in-transit, which might be either of high- or low-value.
For low-value transmissions-in-transit, basic encryption may be sufficient. Adding an
overly complicated layer of encryption to such transmissions may raise the processing
workload on the satellite, which may delay message delivery and limit the satellite’s capacity to do other tasks concurrently. A strong encryption system should be used to
secure high-value transmissions-in-transit. The amount to which a heavily encrypted
transmission-in-transit would deplete a satellite’s available resources is determined by
whether the message needs to be processed before being retransmitted. If the message
is just sent through the satellite without further processing, the load on the satellite’s
resources may be minimal. However, if the satellite must decrypt, process, and then reencrypt a heavily encrypted message before retransmission, the impact on the satellite’s
resources may be significant.
12 Single-bit error: only one bit of given codeword has been changed from 1 to 0 or from 0 to 1.
22|25
Cryptographic Algorithms in Satellite Communications
5.3
Downlink encryption
The computing capabilities of the SC have a significant influence on the encryption level
that can be employed for downlink encryption. For instance, if an older communications
satellite lacks the necessary hardware or software to support a recently created downlink
encryption system, the system simply cannot be employed with the SC. Similarly, if using
a specific encryption technique reduces a SC’s efficiency to a given level, the operators
may decide to undermine downlink security. The precision with which a SC can target
a downlink signal may also influence the encryption method chosen: a widely spread
downlink signal can be intercepted across a larger geographical area than a signal transmitted with a narrow focus (see 2.2).
Unlike uplink signals, which can only come from the GB, communications sent through
a downlink channel can arrive from one of two places: a repeater spacecraft, used to
amplify the signal before reaching Earth or from the SC itself. The source of the message
to be transmitted to the GB is essential in establishing how that communication will be
protected.
• Satellite-Repeater Satellite-GB link: there are two possible scenarios. In the first
one, the repeater only retransmit the already encrypted message to the GB, without
performing any decoding. In the second scenario, the repeater satellite decrypts the
message encrypted for interplanetary transmission before re-encrypting it to make
it more suitable for downlink transmission. The above-mentioned scenario is often
used for robotic exploration SC that operates far in the solar system.
• Satellite-GB link: such data can be categorised as telemetry, which refers to the
satellite’s state, or as payload data obtained or created by the satellite while executing its assigned task. Telemetry linked to the satellite’s state should always be
well secured, since it may expose information about the satellite’s control systems if
intercepted. On the other hand, the importance of payload data sampled or created
by the satellite depends on the type of mission. Military intelligence, for example,
are held to much higher encryption standards.
5.4
Future of Satellite Encryption
Recent advances in quantum cryptography promise to increase the security of satellitebased encryption even more. The quantum state of photons may be selected in such
a way that the photons themselves can carry a synchronous cryptographic key. Because
eavesdropping on the key would induce visible quantum abnormalities into the photonic
transmission, the entities engaged in a secure connection may be confident that the cryptographic key has not been intercepted. The key exchange problem might be solved by
deploying a constellation of satellites in Low Earth Orbit to safely transfer synchronous
cryptographic keys through photons. The improvement and use of technologies such as
quantum cryptography will be critical for satellite encryption.
Such constellations of satellites placed in Low Earth Orbit are nowadays completely affordable and rapid to design thanks to the nano-satellite technology. An example of the
achievements of nano-technologies is the Starlink project owned and operated by SpaceX.
Starlink provides high-speed, low-latency internet access across the globe through a constellation that consists of over 1600 small satellites in Low Earth Orbit, which communicate with designated ground transceivers.
23|25
Cryptographic Algorithms in Satellite Communications
6
CONCLUSION
In this paper, we showed that world governments and corporations have become increasingly reliant on the satellite communications industry. Since satellites play a key role in
data exchange, the need for trustworthy encryption algorithms to secure these information we transmit through satellites has dramatically accelerated as well. The different
possibilities for cryptographic algorithms have been detailed during this study, because
they are of a particular interest to understand why the Rinjdael algorithm is considered
as the Advanced Encryption Standard (AES). As a matter of fact, the AES is broadly
accepted as the preferred option for encryption for terrestrial and satellite communications. Although Rinjdael allows relatively good performances, it can only be used on
satellites with sufficient computational resources. This paper also highlights that embedded encryption has a cost, which is some delays in the transmission due to longer
messages. Indeed, the limited resources on-board of a satellite make it a constant tradeoff between security services (i.e integrity, confidentiality) and communication efficiency.
For this reason, the operator has to correctly balance and define the requirements during
the Phase A of the mission. To learn more about the use of cryptographic algorithms
in space communications, I strongly recommand the Computer and Information Security
Handbook, 3rd edition. This book not only has a full section on satellite encryption, but
also provide clear explanations on cryptography and its use in different fields, such as
internet protocols. The reason why I chose to analyse more thoroughly satellite communications in particular is because of the future they will hold in the progress of encryption, as it has been stated with quantum cryptography. Satellites and space technologies
are a constant motor of scientific research and innovation. It was as well the opportunity
for me to understand exactly the working principle of the Rinjdael algorithm, which is,
as mentioned above, at the centre of most of our everyday-life secured transactions.
24|25
Cryptographic Algorithms in Satellite Communications
REFERENCES
[1] Yasmin R. Soliman Ajay Sadhu Keerthi Kata Atif Farid Mohammad, Pamela Almeida
and Jeremy Straub. Secure Satellite Database Transmission. Institute of Electrical and
Electronics Engineers (IEEE), March 2019. Corpus ID: 195223764.
[2] Pokhali Sayeda Roohi Banu. Satellite On-board Encryption. October 2007. Corpus
ID: 58738459.
[3] Iskandar Bahari Herman Isa and Muhammad Reza Z’aba. AES: Current Security
and Efficiency Analysis of its Alternatives. Cryptography Lab, Advanced Analysis and
Modeling, Kuala Lumpur, Malaysia, December 2012. ISSN 1554-1010.
[4] I. Ingemarsson and C. K. Wong. Encryption and Authentication in On-Board Processing Satellite Communication Systems. Institute of Electrical and Electronics Engineers
(IEEE), November 1981. 0090-6778/81/1100-1684.
[5] Moti Yung Kefei Chen, Dongdai Lin. Information Security and Cryptology, Lecture
Notes in Computer Science, vol 10143. Springer International Publishing, November
2017. ISBN 978-3-31-954705-3.
[6] Hung H. Nguyen and Peter S. Nguyen. Communication Subsystems for Satellite Design. July 2020. DOI: 10.5772/intechopen.93010.
[7] Roohi Banu Tanya Vladimirova and Martin N. Sweeting. On-Board Security Services
in Small Satellites. Surrey Space Centre School of Electronics and Physical Sciences
University of Surrey, Guildford, UK, Janvier 2005. GU2 7XH.
[8] John R. Vacca. Computer and Information Security Handbook, Third Edition. Morgan
Kaufman Publishers, 2017. ISBN 978-0-12-803843-7.
[9] Tanya Vladimirova and Roohi Banu. Fault-Tolerant Encryption for Space Applications.
Surrey Space Centre School of Electronics and Physical Sciences University of Surrey, Guildford, UK, April 2008. IEEE Log No. T-AES/45/1/932018.
[10] Nasreddine Taleb Youcef Bentoutou, E. Bensikaddour and Nacer Bounoua. An improved image encryption algorithm for satellite applications. Advances in Space Research, July 2020. Corpus ID: 204197616.
25|25