Authentication Features of the ESA AU
The ESA Telecommand Authentication Unit (AU) is an ESA extension to the CCSDS telecommand architecture. This page gives details of the features of the Authentication Unit. For diagrams and a general description, see the AU overview.
Our Authentication Unit Shell software package implements the ground and space ends of the AU. We provide support for the Authentication Unit as an option for our Telecommand Encoder Shell and for our Telecommand Decoder Shell.
Our AU software supports all the features described here. For the formal specifications, see the
Standards documents for Authentication Unit
ESA Packet Telecommand Standard
ESA-PSS-04-107 Issue 2 April 1992
ESA Telecommand Decoder Specification
ESA-PSS-04-151 Issue 1 September 1993
The length of the Authentication tail is 9 octets.
The first 4 octets contain the counter field. In the counter field, the first two bits identify the counter (LAC ID) and the remaining 30 bits contain the counter value (LAC COUNT).
The last 5 octets contain the authentication signature.
Logical Authentication Channel (LAC)
The Authentication Unit contains three counters, giving three Logical Authentication Channels (LACs). Two of the LACs (Principal LAC and Auxiliary LAC) are intended to support two independent, multiplexed streams of authenticated data. The third LAC is intended for recovery.
At the sending end, the LAC is chosen when the data block is passed to the AU. At the receiving end, the LAC ID field in the Authentication tail shows which LAC to use.
At the receiving end, the authentication system will only accept a block which has the
expected counter value. So, if a block is lost in transmission, the following blocks which use
the same counter will be rejected. Therefore, the underlying communications channel should have a
minimum risk of losing a block.
The Authentication Unit contains two encryption keys: a fixed key and a programmable key. Each key contains 2940 bits.
The keys must be kept secret, so the design of a system using authentication needs to provide suitable electronic and physical security for the keys.
Authentication Control Commands are available for selecting which key to use and for changing
the programmable key.
Authentication Control Commands
Authentication Control Commands are available for controlling the authentication behaviour.
The commands are encoded as telecommand data blocks, and are processed by the ground and space
Authentication Units, to maintain synchronised internal states. There are commands for setting the
programmable key, for selecting which key to use, and for setting the LAC counters.
Telecommand Segments in the ESA Authentication Unit
The ESA Packet Telecommand Standard defines an optional Authentication Sublayer in the Segmentation Layer of the Packet Telecommand architecture. The data block handled by the ESA Authentication Unit is a telecommand segment.
The Segmentation Layer supports the multiplexing of up to 64 independent streams of data. Each stream is labelled with a Multiplexer Access Point (MAP) identifier. The MAP ID is carried in the 1-octet segment header.
The AU can be set to apply authentication to some
MAPs and not to others. MAP 63 is reserved for Authentication Control Commands.
Multiple Virtual Channels can share a single physical uplink channel. Each Virtual Channel
has its own Authentication Unit and runs the authentication independently.
The on-board ESA Authentication Unit generates an AU Status Report, which is available for sending to the ground in the downlink telemetry. The report includes the current values of the counters.