Hardware Security Subsystem for On-board Cybersecurity

Fuelled by the New Space economy, there is a critical demand for enhanced cybersecurity in satellites, a necessity that is increasingly recognised yet remains challenging to meet due to resource constraints, system complexity, and maintenance costs. Robust security implementations across individual satellite subsystems traditionally require specialised cryptographic expertise, costly maintenance of the cryptographic software stack, and complex key management.

To address these challenges, this work introduces a novel satellite component, the Hardware Security Subsystem (HSS), designed to centralise and simplify advanced onboard security. The HSS combines Commercial Off-The-Shelf (COTS) components with a hardware-based Trusted Platform Module (TPM) serving as a secure cryptographic anchor. The HSS provides a secure environment for cryptographic operations, ensuring that sensitive data, such as encryption keys and authentication credentials, are protected from unauthorised access. By integrating the HSS into the satellite architecture, critical operations such as command and control, data transmission, and software updates can be safeguarded against tampering and exploitation. In addition, integrated key management mechanisms ensure that cryptographic keys are securely generated, stored, and rotated, reducing the risk of key compromise and strengthening the overall security posture of the satellite. Distinctively, the HSS offers comprehensive cryptographic and security functionality over the CAN bus, optionally secured using TLS. Access to the HSS is provided through a high-level API, significantly simplifying subsystem integration and replacing the labour-intensive implementation and maintenance of cryptographic libraries on individual subsystems, thereby particularly alleviating this burden for smaller New Space suppliers.

A prototype implementation based on the Xilinx Zynq UltraScale+ MPSoC with an Infineon SLB9672 TPM demonstrates security primitives such as attestation, signing, and encryption, as well as highly relevant space use cases, including a TPM-backed SDLS implementation with practical performance characteristics.