Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/12—Applying verification of the received information
  • H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
  • H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
  • H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W84/00—Network topologies
  • H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
  • H04W84/04—Large scale networks; Deep hierarchical networks
  • H04W84/06—Airborne or Satellite Networks

Definitions

• the present invention relates to a method for exchanging secure information between one or more satellites and a terrestrial transmission and / or reception station. It also relates to a system for the exchange of secure information between one or more satellites and a terrestrial transmission and / or reception station, implementing this method.
• a first level concerns authentication: the data must be sent with a signature which will allow the receiver to verify that the data has not been altered during transmission. The alteration could come from physical parasites but also from malicious people wanting to insert false data into a ground-space information exchange system.
• a second level concerns confidentiality: data must be encrypted so that if it is intercepted, it cannot be used. For example, the position of some satellites should not be disclosed.
• checksum integrity control technique makes it possible to add up all the words of the data to be transmitted. This solution is effective for detecting an error, but it does not ensure the integrity of the data if there are several errors which can give the same checksum value.
• CRC Cyclic Redundancy Check
• Data Encryption Standard (DES) [3] is an encryption algorithm using 56-bit keys, which is insufficient for sensitive data.
• the Advanced Encryption Standard (AES) [4] is an encryption standard, which is currently the most widely used and the most secure.
• the AES 128 standard works with 128-bit keys, which represents 3.4xl0 38 possible combinations, the AES192 standard represents 6.2xl0 57 , and the AES256 l.lx10 standard 77 .
• “Secret" level information can be encrypted with AES128.
• Top Secret level information must use 1AES192 or AES256.
• the aim of the present invention is therefore to provide a method and system for exchanging information between satellites and a terrestrial information processing site operating to provide data services of spatial origin, which can provide user clients of these spatial data a level of authentication and integrity higher than that which can currently be provided to them.
• This objective is achieved with a method for exchanging information between one or more satellites and a terrestrial transmitting and / or receiving station connected to an information processing site, this exchanged information being certified and encrypted before being transmitted. from the terrestrial transmission / reception station to one or more of said satellites, or from one or more of said satellites to the terrestrial transmission / reception station, said exchanged information comprising telemetry data transmitted from one or more satellites to a station terrestrial reception, and remote control data transmitted from a terrestrial transmission station to one or more satellites.
• a list of private keys is installed beforehand in said one or more satellites before its launch, this list of private keys comprising private encryption keys and private certification keys in equal quantity, and the exchange method information comprises, within said or more satellites: a step for creating a certificate associated with telemetry data collected from sensors onboard said satellite or satellites, using one of the private certification keys,
• this method further comprises the following steps:
• decryption of said received packet by means of the decryption key linked to the received index, to deliver a decrypted received packet, deconcatenation of said decrypted received packet to deliver decrypted received telemetry data and of the certificate received decrypted,
• the certificate can advantageously include:
• the certificate can advantageously include:
• a system for exchanging information between one or more satellites and a terrestrial transmission and / or reception station connected to an information processing site, implementing the method.
• the invention comprising means for certifying and for encrypting said information exchanged, means for transmitting said information thus certified and encrypted from said terrestrial transmission / reception station to one or more of said satellites or from one or more of said satellites to the terrestrial transmission / reception station, said exchanged information comprising telemetry data transmitted from one or more satellites to a terrestrial reception station, and remote control data transmitted from a terrestrial transmission station to one or more satellites.
• This system further comprises: means for creating a certificate associated with said telemetry data, using a private certification key, means for encrypting said telemetry data using a private encryption key, and means for transmitting to the transmitting station and / or terrestrial reception of an encrypted packet containing said encrypted telemetry data and said certificate associated with said telemetry data, said private certification key and said private encryption key belonging to a list of private certification and encryption keys in equal quantities previously installed in said one or more satellites before its launch, these keys being referenced by an index.
• the on-board certification and encryption means comprise: means for creating a certificate associated with telemetry data, using one of the private certification keys, means for concatenating said certificate and said telemetry data, means for encrypting said certificate and said concatenated telemetry data to obtain an encrypted packet, using one of the encryption private keys, this encrypted packet then being transmitted to a terrestrial receiving station with the 'index of the private encryption and certification keys used, and the information processing site may comprise: means for decrypting said received packet by means of the decryption key associated with the received index, so as to deliver a packet decrypted, means for deconcatenating, so as to deliver decrypted received telemetry data and a decrypted received certificate, means ns to verify the certificate-data pair thus decrypted and deconcatenated, using the certification key associated with the received index, so as to authenticate said received telemetry data, as well as provide validity information, and means for delivering said telemetry data thus authentic
• the on-board certification and encryption means comprise: means for creating a certificate associated with the telemetry data, using one of the private certification keys, means for encrypting said telemetry data using one of the private encryption keys, means for concatenating said certificate and said encrypted data into a packet, this packet then being sent to the station terrestrial transmission / reception with the index of the private encryption and certification keys used, and the information processing site comprises: means for deconcatenating the received packet, so as to deliver received encrypted telemetry data and a certificate received, means for decrypting said encrypted data received, means for verifying the certificate-data pair received, using certification key associated with the received index, so as to authenticate said telemetry data received, as well as providing a validity information, and means for delivering said telemetry data thus authenticated.
• the terrestrial certification and encryption means can advantageously comprise: means for creating a certificate associated with remote control data, using one of the private certification keys, means for concatenating said certificate and said remote control data, - means for encrypting said certificate and said concatenated data to obtain an encrypted packet, using one of the encryption keys, this encrypted packet then being sent to one or more satellites with the index of the private encryption and certification keys used and the satellite or satellites comprise: means for decrypting the received packet by means of the private decryption key associated with the received index, for delivering a decrypted packet, means for deconcatenating the decrypted received packet and providing decrypted received data and a decrypted received certificate, means for verifying the certificate-data pair thus decrypted, using the certification key associated with the index received, so as to authenticate said remote control data received, as well as supplying validity information, and means for delivering said remote control data thus authenticated.
• DESCRIPTION OF FIGURES DESCRIPTION OF FIGURES
• Figure 1 is a block diagram of an information exchange system according to the invention.
• Figure 2 illustrates the essential steps in implementing an information exchange method according to the invention to transmit secure telemetry data
• Figure 4 shows, in a first configuration, certification / encryption steps implemented in an information exchange process according to the invention
• Figure 5 shows, in this first configuration, decryption / verification steps implemented in an information exchange method according to the invention
• Figure 6 shows, in a second configuration, certification / encryption / concatenation steps implemented in an information exchange process according to the invention
• Figure 7 shows, in this second configuration, deconcatenation / decryption / verification steps implemented in an information exchange method according to the invention.
• Figure 8 shows an example of a list of private encryption and certification keys referenced by an index, implemented in an exemplary embodiment of the invention
• an information exchange system 1 comprises a transmitting / receiving terrestrial station 2 connected to a communication platform. processing of spatial data 3 acting as an information processing site and as a server.
• the transmitting / receiving earth station 2 exchanges information with a plurality of satellites 4, this information comprising on the one hand so-called downlink data, such as telemetry data transmitted from the satellites, and on the other hand so-called data.
• uplink such as remote control data sent to satellites.
• FIG. 2 In a first exemplary embodiment of the invention illustrated by FIG. 2, we will describe how telemetry data collected from sensors on board a satellite 4 are processed in order to be finally delivered by a processing and operating platform.
• spatial data 3 In a first exemplary embodiment of the invention illustrated by FIG. 2, we will describe how telemetry data collected from sensors on board a satellite 4 are processed in order to be finally delivered by a processing and operating platform.
• This telemetry data is first processed locally within satellite 4 by a certification and encryption unit 40, then transmitted as secure data in the form of packets. These packets are received by the earth transmission / reception station 2, then transmitted via an intermediate unit 20 to the platform 3 where they will be processed in a decryption and verification unit within a reception module 30 to deliver unencrypted data which will be offered, via a server (not shown) to clients interested in spatial data.
• the two phases of the method according to the invention can be an integral part of the same processing unit 10, as illustrated in FIG. 3.
• This processing unit 10, designated in hereinafter by the term CertiCrypt, includes a transmission module 40 receiving data in clear and generating certified and encrypted data packets, and a reception module 30 receiving certified and encrypted data packets and generating clear data.
• the processing unit 10 can be produced either in a fully executed software form, or in a hybrid form combining hardware components and software components, or in the form of an electronic card.
• clear data - which can be both telemetry data and remote control data - are injected into a certification / encryption module 40. are subjected to a certification algorithm 41 using a private certification key, to produce a certificate containing a set of related information in the context of the collection of this data. This certificate and these data are then concatenated 44 and subjected to an encryption algorithm 42 developed to generate packets 43 of secure and certified data intended to be transmitted.
• This reception module 30 comprises a decryption unit 31 receiving packets and a private decryption key as input and delivering, after deconcatenation 34, unencrypted data 33 and a certificate which are then processed by a verification unit 32 provided to issue a information on the validity of these data.
• a transmission module 50 implements an encryption algorithm 52 provided to encrypt data by means of a private encryption key and to generate encrypted data, and a certification algorithm 51 provided to produce a certificate from the data and a private certification key.
• the encrypted data and the certificate are then concatenated 53 to generate secure data packets 54 intended to be transmitted either to a satellite if it is remote control data, or to a terrestrial information processing site if it. This is telemetry data collected on a satellite.
• these secure data packets are received by a reception module 60, with reference to FIG. 7, they are first subjected to a deconcatenation algorithm 61 to deliver on the one hand encrypted data and on the other hand a certificate. .
• certified and encrypted data is used throughout the entire chain from acquisition to use.
• This system therefore applies to the spatial part but also to the terrestrial part.
• the data is certified thanks to a certificate containing a signature.
• the data is encrypted using an encryption algorithm.
• the use of this data is carried out on a platform which aggregates spatial data such as, for example, data relating to satellites in orbit, debris, or space weather.
• the data is then refined by algorithms mixing artificial intelligence, big data and physical models to become accessible to customers subscribed to services offered from a data server associated with the platform.
• Each data transmitter must use the CertiCrypt system to certify and encrypt the information.
• Each data receiver must also use the CertiCrypt system to decrypt the information and verify the certificate.
• Each intermediate element such as for example an earth station which is located in the chain between the satellite and the platform, must keep the certified and encrypted data as it has received them without modifying them, to ensure their integrity, by reference. .
• each pair [certification private key / encryption private key] is referenced by an index.
• the list of keys and the associated referencing indexes can for example be stored in one or more integrated circuits arranged within the satellite or else directly placed in one or more onboard CertiCrypt electronic components integrating all or part of the onboard certificate, encryption / functions. decryption, concatenation / deconcatenation, and transmission / reception. Numerous configurations of on-board electronic components implementing an information exchange system according to the invention can be envisaged.
• the satellite uses one of the key pairs and sends the index corresponding to the key pair used to the earth station, which thus knows from this index which pair of private certification and encryption keys has been used. It is understood that the earth station has a list of keys and the corresponding referencing indexes which is identical to that on board the satellite.
• the earth station can determine which private certification and encryption keys have been used in the satellite for the elaboration of the packet transmitted from the satellite, and thus activate the private decryption key corresponding to the private encryption key used and the certification key associated with the received index to perform a function of verifying the integrity and the origin of telemetry data received from the satellite.
• Numerous modes of selection of a pair of keys used from the list of available keys can be provided, for example a sequential selection mode or else a random selection mode of the pair of keys used for processing the remote measurement data. transmit to the earth station.
• certification and encryption key pairs can be predetermined and each referenced by an index.
• the invention is not limited to the examples which have just been described and many other embodiments can be envisaged without departing from the scope of the present invention.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Hardware Design (AREA)
• Computing Systems (AREA)
• General Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Radio Relay Systems (AREA)
• Data Exchanges In Wide-Area Networks (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=72801587

Family Applications (1)

Country Status (3)

Family Cites Families (3)

• 2020
  • 2020-06-04 FR FR2005842A patent/FR3111205B1/fr active Active
• 2021
  • 2021-06-04 WO PCT/FR2021/051013 patent/WO2021245364A1/fr unknown
  • 2021-06-04 EP EP21737708.4A patent/EP4162765A1/de active Pending

Also Published As

Similar Documents

Legal Events