Overview of ESA Authentication Unit (AU)
Telecommand Authentication can improve mission security by protecting a spacecraft against unauthorised commands sent by a hostile party. Our product range includes support for the ESA Telecommand Authentication Unit (AU), which is an ESA extension to the standard CCSDS Packet Telecommand Architecture.
An extra field, the authentication tail, is added to the end of each telecommand data block. The authentication tail contains a counter and a "signature" to guarantee that the command is genuine. The signature is a complex function of a secret key, the counter and the telecommand data.
The telecommand data itself is not encrypted.
The details of the signature, keys and counters are described in the AU features.
Support for the ESA Telecommand Authentication Unit
The Authentication Unit Shell package is a software component which implements all the features of the ground and space ends of the ESA AU. The Telecommand Encoder Shell and Telecommand Decoder Shell packages provide optional implementation of the ground or space end of the ESA AU.
Security alternatives to the ESA Telecommand Authentication Unit
As an alternative to the ESA AU, our product range includes the Segment Level Security Interface (SLSI), which is an interface in the Telecommand Encoder or Decoder Shell for external implementation of security features such as authentication.
The September 2015 issue of the TC Space Data Link Protocol standard (CCSDS 232.0-B-3) includes the specification of the interfaces between the TC protocol and the Space Data Link Security Protocol (SDLS). We are currently updating our Telecommand Encoder Shell and Telecommand Decoder Shell products to include optional interfaces to the SDLS protocol.