Implement end to end message authentication for uplink commands and downlink telemetry using modern signatures and keyed hashes. Validate reject rates for malformed or replayed commands and publish a student friendly reference implementation.
Implement end to end message authentication for uplink commands and downlink telemetry using modern signatures and keyed hashes. Validate reject rates for malformed or replayed commands and publish a student friendly reference implementation.
This is a intermediate-level project with an estimated timeline of 10-14 months using a 0.5U form factor.
Most student-built satellites accept commands from anyone who can transmit on the correct frequency. There is no authentication, no verification, and no way to distinguish a legitimate command from a malicious or accidental one. Signed telemetry integrity addresses this by implementing cryptographic message authentication for both uplink commands and downlink telemetry. Every command sent from the ground station carries a digital signature that the satellite verifies before execution if the signature is missing or invalid, the command is rejected and logged. Every telemetry frame sent from the satellite carries a signature that the ground station verifies ensuring the data has not been tampered with in transit. The experiment measures how effectively this authentication layer filters malformed and replayed commands, characterizes the computational and power overhead of cryptographic operations, and validates that legitimate operations are never blocked by false rejections. The goal is to produce an open-source reference implementation that other student satellite teams can adopt, raising the security baseline across the university CubeSat community. This is increasingly relevant as spectrum congestion and cybersecurity awareness grow across the space industry.
ATECC608B crypto co-processor (~$7, SparkFun Qwiic breakout, I2C) provides hardware ECDSA signatures and SHA-256 HMAC. Implement end-to-end authenticated protocol: ground station signs uplink commands with ECDSA-P256, satellite verifies signature before execution. Satellite signs downlink telemetry frames with onboard private key, ground verifies. Log reject counts for malformed, replayed, and invalid-signature commands. Implement replay protection using monotonic counter or timestamp window. Publish student-friendly reference implementation (CircuitPython + Python ground station) as open-source.
Satellite command authentication is a growing concern several incidents of unauthorized commanding of amateur satellites documented. ATECC608B is the same chip used in project 13 (PQC testbed) shared hardware. CubeSat community lacks standardized authenticated command protocols a published open-source reference implementation would have significant community value. Note: amateur radio regulations require unencrypted transmissions, but authentication (signing) without encryption is permitted commands are readable but tamper-evident. Cost: $50-$200 for crypto chip + firmware development. Complexity: intermediate crypto concepts are well-documented but implementing secure protocols correctly requires careful design.
This project spans 2 disciplines, making it suitable for interdisciplinary student teams.
Ready to take on this project? Here's a general roadmap that applies to most CubeSat missions:
Connect with a Blackwing chapter for mentorship, platform access, and a path to orbit.