A study of cryptography for satellite applications

1. By Rajesh Azmera Shakun Yawatkar atDigital Systems Group ISAC, Bangalore

2. Objectives Study of basics of cryptography and different cryptographic methods. Study of CCSDS security needs and recommendations Comparison of several cryptographic algorithms Finding the best cryptographic algorithm for satellite security( downlink in RS satellites)

3. Overview Aspects of Satellite Security and their Countermeasures Introduction to Cryptography Classification of Cryptography Attacks and their classification Various Cryptographic Algorithms and their comparison CCSDS Recommendations Comparison of Block and Stream Ciphers Conclusion

4. Aspects of Satellite Security Access Control: Process of granting access to the resources of a system only to authorized users, programs, processes. Enable only approved operators to access mission control systems Authentication: Ability to verify the identity of a user or device. Only authenticated telecommands are obeyed by the onboard systems. Availability: Assurance that a system will be usable when it has to be. Spread Spectrum and Frequency Hopping techniques can be used to prevent jamming.

5. Aspects of Satellite Security Continued Confidentiality: Ensures that data is disclosed only to the authorized systems. Prevents disclosure of sensitive information contained within space mission data system. Confidentiality of uplink and downlink data Prevents analysis of communication traffic by unauthorized system. CRYPTOGRAPHY COMES INTO PICTURE. Data Integrity: Ensuring that data transmitted from a source is not modified, altered or destroyed Mission data has not been manipulated in any way during Transmission. Appending Integrity Check Value (ICV) to the data structure A form of sequence numbering for stream of data. Accountability: Ensures that the system actions are logged with the identity of the entity initiating the action and the data and time the action occurred( Auditing)

6. Classes of Missions with respect to security High Security Missions: Government or Military section Protection of mission data from unauthorized access, Prevention from detection, interception, and exploitation Moderate Security Missions: Commercial Communications, Meteorological and Remote Sensing Missions Protection from unauthorized access, protect payload data Minimal Security Missions: Other space missions Confidentiality requirement for specific telemetry information

7. Introduction to Cryptography Need of Cryptography: Confidentiality, Authentication, Integrity and Non- repudiation are needed in various applications like Radio Communication, Telephonic Communication Network Communication Mobile Communication Internet

8. Cryptography Cryptography is the science of protecting data, which provides means and methods of converting data into unreadable form, so that The data cannot be accessed for unauthorized use. The content of the data frames is hidden. The authenticity of the data can be established. The undetected modification of the data is avoided. The originator of the message cannot disown the data.

9. Model for Network Security

10. Some Important Terms Plaintext: An original intelligible message or data that is fed into the algorithm as input. Ciphertext: The coded message is known as Ciphertext. It depends upon the plaintext and the secret key Encryption: The process of conversion of plaintext into ciphertext is known as Encryption Decryption: Restoring the plaintext from ciphertext is known as Decryption. Cryptanalysis: Techniques used for deciphering a message without any knowledge of enciphering details fall into the area of Cryptanalysis. Cryptology: The areas of cryptography and cryptanalysis together are called Cryptology.

11. Classification of Cryptographic Techniques Symmetric Key Cryptography also known as Secret Key Cryptography Problem: Process of transferring keys to the recipient is prone to risk. Includes a authorized third party.

12. Asymmetric (Public Key) Cryptography: This technique is very slow as compared to symmetric one.

13. Combined Technique

14. Cryptographic Algorithms in Symmetric KeyCryptography Data Encryption Standard (DES) Extensively studied since its publication and is the best known algorithm Developed by IBM in 1970 s. 64-bit block size and 56-bit key In multiuser environment, secure key distribution may be difficult Most recently DES cracking machine was used to recover 56-bit key in 22 hrs. Result: DES is not secure, Banned by U.S. Government.

15. Triple DES Minor Variation of DES, three times slower than DES More secure than DES EDE(Encrypt- Decrypt-Encrypt) Encrypts plaintext data with a 56-bit key. The ciphertext obtained is decrypted with different key giving garbage data. And this garbage data is again encrypted using the first key. Some other algorithms are IDEA, RC4, RC5, CAST 128

16. Advanced Encryption Standard (AES) National Institute of Standards and Technology (NIST) realized the need of new secure algorithm to replace DES. And arranged a competition. One of the criteria for the arranged competition was the ability to support 128-bit blocks of plaintext. The finalists of the competition were MARS: by IBM RC6: by Ron Rivest of RSA Labs Twofish: from Counterpane Internet Security (highly suitable for microprocessors and smart cards Serpent: by Ross Anderson, Eli Bihan and Lars Knudsen Rijndael: by Daemen and Rijmen Of all these, Rijndael was judged best and announced to be new AES.

17. Rijndael Algorithm Fixed Block Sixe of 128-bits and key size of 128, 192 or 256 bits. Operates on 4*4 matrix of bytes, termed the state. 8 or 10 or 12 rounds as per the respective key size. Each round consists of several processing steps.

18. High-level description of the algorithm: Key Expansion- round keys are derived from the cipher key using Rijndaels key schedule Initial Round Add Round Key- each byte of the state is combined with the round key using bitwise xor Rounds SubBytes- a non-linear substitution step where each byte is replaced with another according to a lookup table. ShiftRows- a transposition step where each row of the state is shifted cyclically a certain number of steps. MixColumns- a mixing operation which operates on the columns of the state, combining the four bytes in each column. AddRoundKey Final Round (no MixColumns) SubBytes ShiftRows AddRoundKey

19. Sub-bytes Step Shift-Row Step Add Round Key Step Mix Columns Step

20. Algorithms in Asymmetric Cryptography The most common algorithm is RSA. Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA system in 1977; RSA stands for the first letter in each of its inventors last names. Take two large primes, p and q, and compute their product n = pq: n is called the modulus. Choose a number e less than n and relatively prime to (p-1)(q-1), Which means e and (p - 1)(q - 1) have no common factors except 1. Find another number d such that (ed - 1) is divisible by (p - 1)(q - 1). The values e and d are called the public and private exponents/keys. The public key is the pair (n; e); the private key is (n; d). The factors p and q may be destroyed or kept with the private key.

21. It is currently difficult to obtain the private key d from the public key (n; e). However if one could factor n into p and q, then one could obtain the private key d. Thus the security of the RSA system is based on the assumption that factoring is difficult.

22. Symmetric encryption are further classified as Block ciphers It encrypts plain text and decipher the text blocks of a fixed length. Stream ciphers In this plain text bits are combined with a pseudorandom cipher bit stream by exclusive or operation. In this plain text bits are encrypted one at a time.

23. Different types of Block ciphers are:1. Electronic Code Book Mode(ECB).2. Cipher-Block Chaining Mode(CBC).3. Cipher Feed-Back Mode(CFB).4. Output Feed Back Mode(OFB).5. Counter Mode(CTR).

24. Electronic Code Book mode - Each plain text block is encrypted by the underlying algorithm Block Encryption, transmitted and decrypted . The last fragment of the message is suitably padded with zero to make it block size. Disadvantage Identical plain text block has identical cipher text block, where it does not provide serious message confidentiality.

25. Cipher Block Chaining Mode- Co is initialization vector which is used as the seed for the process.Initialization vector- A block of bits is used by several modes torandomize the encryption.

26. Cipher Feed back Mode-The cipher key stream is extracted from the outputs of the block cipherencryption whose inputs are taken as the feedback from the cipher textstream. Before the feedback is available , an initialization vector is used asa seed.

27. Out put Feed back Mode- This is almost similar to the CFB mode ,except that the block cipher encryption takes the feedback directly from its own outputs.

28. Counter Mode(CTR)-

29. Comparison of Block mode:

30. Stream classified into two types1. Synchronous stream Cipher- In this type of cipher the sender and receiver must be exactly in step/synchronized for decryption to be successful. If digits are added or removed from the message during transmission, synchronization is lost, however a single bit is lost and error doesnt propagate.2. Self-synchronous Stream cipher- In this type, if digits are added/removed during the transmission synchronization can be attained by the algorithm.In this stream ciphers padding is not required as in case of block ciphers.

31. Various types of attacks that are possible oncryptographic systemsThere are two types of basic attacks: Passive attack. Active attack.Passive attack: This type of attack is generally accomplished byeavesdropping and modification of data is not possible.A space system can be subjected to two principle types of passive attacks : Compromise of Data confidentiality- Disclosure of information flowing between ground and space systems Compromise of traffic flow confidentiality-Disclosure of information like volume, source and destination of the information. eg: traffic analysis.These are difficult to detect because they dont involve alteration of data.

32. Active attacks-Some of the possible types of attacks to be considered for space systemsare: Modification of messages- This kind of attack occurs when some amount of data is altered resulting in undesirable effects. Replay Attack- when a message or part of it is stored and repeated at later time to produce undesirable effect. Insider attack- Most of the computer crimes are the result of insider attack. Software threats- programs like viruses , worms etc.. to allow bypassing the usual security controls.

33. Attacks which are possible on stream ciphersPossible attacks on stream ciphers are: Known Cipher text attack. Known plain text attack. Chosen plain text attack. Chosen cipher text attack. Side channel attack. Bit flipping attack.Known Cipher text attack In this type of attack where the attackerassumed to have access to set of cipher texts. The attack is completelysuccessful if the plain text is deducted.Various techniques developed by the cryptographers are: Traffic analysis. Brute force attack.

34. Know plain text attack : the attacker has the samples of both thecipher text and plain text and use them to reveal the information.Chosen plain text attack- Here the attacker has the capability tochoose the plain text and obtain the corresponding cipher text. The goalof the attack to gain some further information which reduces the securityof the encryption scheme.Chosen cipher text attack- In this attacker gather the information atleast in part by part and obtaining its decryption under a unknown key.The aim is to deduce the key. Key recovery method- a method to recover the key.

35. Side channel attack- Side channel attacks are based on side channelinformation, side cannel information is retrieved from physicalimplementation instead of theoretical weakness. Here the attackerstudies the power consumption of a cryptographic device and uses itselectro magnetic radiation to find out the key.Bit flipping attack- in this type of attack, attacker can change the ciphertext in such a way that a predictable change in plain text is made.This type of attack can be avoided by using message authentication codes(MAC) to increase the likelihood that tampering will be detected.

36. Attacks that are possible on block ciphers: Brute force attack. Linear crypt analysis. Differential crypt analysis.Brute force attack- It involves symmetrically checking all the possiblekeys until the correct key is found. In the worst case, this would involvetraversing entire search space.Linear crypt analysis- In this attack it takes the advantage of linearrelationships between a the input and output of cipher keys. The usualapproach is to analyze the non linear components and approximate them.

37. Differential crypt analysis- In this type of attack it analyzes thedifferences in pair of plaintext on the difference of resultant cipher texts.These differences can be used to assign probabilities to the possible keysand locate the most possible key.

38. Comparison of various algorithms based datarate, throughput and hardware.Throughput- defined as the no.of bits encrypted and decrypted inunit of time.Through put per slice-which measures the hardwarecost, associated with the implementation resulting throughput.Latency- time necessary to encrypt and decrypt a single block ofplain text or cipher text.

39. Performance comparison of stream ciphers: Cipher Area (Slices) Frequency (MHz) Throughput (Mbps) Through/Area A5/1 32 188.3 188.3 5.88 W7 608 96 768 1.26 E0 895 189 189 0.21 Helix 418 32 1024 2.45 RC4 140 60.8 120.8 0.86Hardware used- Xilinx Virtex XC2v6000 1152-6 FPGA which contains33792 slices and 144 RAM blocks.Conclusion- A5/1 is considered as best.

40. Performance comparison of Block ciphersIt consists of two basic type of architectures-Basic Looping Architecture-

41. Full Looping Unrolling Architecture-

42. Architecture Area(CLBs) Frequency(MHz) Throughput(Mbps) Latency(us) TDES_BLA 431 86 115 0.56 TDES_FLUA 14240 108 6900 0.44 IDEA_BLA 1852 50 356 0.18 IDEA_FLUA 11700 47 3008 0.19 CAST-128_BLA 2600 55 220 0.29 CAST-128_FLUA 24200 53 3392 0.30 MISTY1_BLA 4820 30 213 0.26 MISTY1_FLUA 13080 26 3328 0.30 KHAZAD_BLA 2250 65 462 0.12 KHAZAD_FLUA 9277 70 4480 0.11Hardware -Using VHDL, with structural description logic, captured each oneof the block ciphers. The VHDL codes were synthesized for XILINX(VIRTEX) FPGA devices, using the Leonardo Spectrum tool, VIRTEX1600EBG560-6Conclusion- KHAZAD is considered as best.

43. Performance comparison between Block and Stream ciphers.

44. Conclusion obtained from above table : A5/1 is most efficient but is the weakest Helix appears to be efficient but requires software pre-computations which may not be practical. LILI-II is not competitive with modern block ciphers and its expensive synchronization limits its efficiency. SNOW2.0 considered to be best and comparable to ICEBERG Comparison between ICEBERG and AES shows that AES should be preferred for space application where through put is compromised.

45. CCSDS : The Consultative Committee for Space Data Systems, formed in 1982 by the major space agencies of the world. Since its establishment, actively developing recommendations for data and information systems. CCSDS standardization reduces the cost burden of missions by cost sharing between agencies and cost effective commercialization.CCSDS recommendations Proposed only block cipher for encryption than stream cipher because Block cipher are faster and different algorithms can be implemented without changing the hardware. Stream cipher can be susceptible to serious security problems if used incorrectly.

46. Algorithm selection by CCSDS AES,BLOWFISH,TEA,IDEA,SEED were considered but AES was recommended. BLOWFISH : It is the predecessor of the AES finalist TWOFISH which was not on CCSDSs list. Tiny Encryption Algorithm(TEA): It requires many rounds (64). So extreme high speed is not achieved with cryptographic weaknesses. IDEA: Strong but speed is not high. Also, IDEA is patented and licensed. SEED: Korean algorithm, performance was not outstanding and usage was limited to Korea. AES: Selected through lengthy, open , international competition. Available worldwide on a royalty free basis and not covered by any legal restrictions/patents. AES USING COUNTER MODE OPERATION IS RECOMMENDED BY CCSDS.

47. Advantages of counter mode: Counter mode is very efficient in operation. Padding is not required. Single bit error results in loss of single bit. Counter mode effectively converts block cipher to stream cipher so that advantages of both can be achieved. Parallel computation is possible.

48. Comparison between stream and block cipher:Stream cipher Block cipher1. It encrypts and decrypts one bit data at a time. It encrypts a block at a time of size M.2. Different algorithms cannot be implemented using the Using block cipher hardware architecture different types ofsame hardware. algorithm can be implemented without changing the hardware3. Applications where the speed is required it cannot It provides high speed though the encryption isprovide high speed providing more encryption which is not comparatively lower than that of stream ciphers.required by the application4. Transmission error can affect only single bit. Transmission error in one cipher text block has no effect on other blocks in counter mode.5. Padding is not required. Padding is required.6. Insertion and deletion of bits is not possible. Insertion and deletion of blocks is possible.7. Less susceptible for crypt analysis attack but if used More susceptible for crypt analysis attack as compared toincorrectly, can be susceptible to serious security problems. stream ciphers8. Through put is less than block ciphers. Through put is high.9. Hardware required is less. Hardware requirement is high.10. Difficult to implement in software basis. Easy to implement compared to stream ciphering.11. Cipher resynchronization is required when there is Resynchronization is not required.error in a bit.12. Synchronous stream cipher is periodic and key may No repetition is done because key is generated randomly.repeat after d characters.13. Parallel process of encryption can be done. Parallel process of encryption cannot be done.

49. Conclusion: Security of Remote sensing satellites fall under high or moderate levels. As the high resolution imaging payloads generate data, large in size. So higher data rate is required along with security. Stream ciphers cannot provide high speed, block cipher are preferred. Block cipher in counter mode is preferred so as to minimize BER. Considering the comparison between various algorithms and CCSDS recommendations AES with counter mode is preferred for satellite downlink data.

50. References : [1] RSA Laboratories, RSA Laboratories Frequently Asked Questions About Todays Cryptography, Version 4.1, RSA SecurityInc., 2000[2] Encryption algorithm Trade Survey, Report Concerning Space Data System Standards, CCSDS-350.2-G-1, GreenBook, Washington D.C.: CCSDS, March 2008.[3] Symmetric Encryption, Draft Recommendation for Space Data Practices, CCSDS 353.0-R-1, Red Book, WashingtonD.C., October 2008[4] Audia_S_Abd Al_R_Asedy, Ameer A.J Al_ Swidi, An advantages and disadvantages of Block and Stream Cipher, [5]Cryptography Basics[6] Advanced Encryption Standard, Federal Information Processing Standards Publications197, November 26, 2001[7] Mohammed Atiquzzaman and Md. Shohrab Hossain, Security Issues in Space Networks, [8] The Secret Satellite, www.apscc.or.kr | APSCC Yearbook 2007 [9]Michalis Galanis, Paris Kitsos, Giorgos Kostopoulos, Nicolas Sklavos, and Costas Goutis, Comparisonof the Hardware Implementation of the Stream Ciphers, The International Arab Journal of InformationTechnology, Vol. 2, No. 4, October 2005

51. Thank you

A study of cryptography for satellite applications

Technology

differential

linear crypt

brute force

side channel

crypt analysis

advanced encryption

synchronous

bit flipping