Segment Level Security Interface (SLSI)
The Segment Level Security Interface (SLSI) provides a flexible interface: for telecommand security. Our Telecommand Encoder Shell and Telecommand Decoder Shell packages provide optional support for SLSI.
SLSI permits user-written code to access each telecommand
segment as it passes through the Segmentation Sublayer. This user-written code
is referred to as the Security Processor.
SLSI in the Telecommand Encoder Shell
At the sending end, the Security Processor can implement whatever sort of segment level security function is required. Typically this will be telecommand authentication, where the Security Processor adds a security block to the end of the segment.
The Security Processor can make any desired changes to the contents of the segment. The increase in the segment length is a configuration parameter, and can be used flexibly. The only restrictions are:
- the Segment Header in the first octet of the segment should not be changed
- the segment must fit in a TC Transfer Frame.
SLSI in the Telecommand Decoder Shell
At the receiving end, the Security Processor actions depend on the security functions in use. Typically this will be telecommand authentication, where the Security Processor validates and removes the security block at the end of the segment. If the segment fails the security checks, the Security Processor can discard the complete segment.
The Security Processor can change the contents of the segment, but the Segment Header should not be changed.
Security alternatives to SLSI
As an alternative to SLSI, our telecommand product range includes support for the ESA Telecommand Authentication Unit (AU).
The September 2015 issue of the TC Space Data Link Protocol standard (CCSDS 232.0-B-3) includes the specification of the interfaces between the TC protocol and the Space Data Link Security Protocol (SDLS). We are currently updating our Telecommand Encoder Shell and Telecommand Decoder Shell products to include optional interfaces to the SDLS protocol.