Encryption in space can be tricky. Even if you do everything right, a cosmic ray might come along and flip a bit, sabotaging the whole secure protocol. So if you can’t radiation-harden the computer, what can you do? European Space Agency researchers are testing solutions right now in an experiment running on board the ISS.
Cosmic radiation flipping bits may sound like a rare occurrence, and in a way it is. But satellites and spacecraft are out there for a long time and it it only takes one such incident to potentially scuttle a whole mission. What can you do if you’re locked out of your own satellite? At that point it’s pretty much space junk. Just wait for it to burn up.
Larger, more expensive missions like GPS satellites and interplanetary craft use special hardened computers that are carefully proofed against cosmic rays and other things that go bump in the endless night out there. But these bespoke solutions are expensive and often bulky and heavy; if you’re trying to minimize costs and space to launch a constellation or student project, hardening isn’t always an option.
“We’re testing two related approaches to the encryption problem for non rad-hardened systems,” explained ESA’s Lukas Armborst in a news release. To keep costs down and hardware recognizable, the team is using a Raspberry Pi Zero board, one of the simplest and lowest-cost full-fledged computers you can buy these days. It’s mostly unmodified, just coated to meet ISS safety requirements.
It’s the heart of the Cryptography International Commercial Experiments Cube, or Cryptographic ICE Cube, or CryptIC. The first option they’re pursuing is a relatively traditional software one: hard-coded backup keys. If a bit gets flipped and the current encryption key is no longer valid, they can switch to one of those.
“This needs to be done in a secure and reliable way, to restore the secure link very quickly,” said Armborst. It relies on “a secondary fall-back base key, which is wired into the hardware so it cannot be compromised. However, this hardware solution can only be done for a limited number of keys, reducing flexibility.”
If you’re expecting one failure per year and a five year mission, you could put 20 keys and be done with it. But for longer missions or higher exposures, you might want something more robust. That’s the other option, an “experimental hardware reconfiguration approach.”
“A number of microprocessor cores are inside CryptIC as customizable, field-programmable gate arrays, rather than fixed computer chips,” Armborst explained. “These cores are redundant copies of the same functionality. Accordingly, if one core fails then another can step in, while the faulty core reloads its configuration, thereby repairing itself.”
In other words, the encryption software would be running in parallel with itself and one part would be ready to take over and serve as a template for repairs should another core fail due to radiation interference.
A CERN-developed radiation dosimeter is flying inside the enclosure as well, measuring the exposure the device has over the next year of operation. And a set of flash memory units are sitting inside to see which is the most reliable in orbital conditions. Like many experiments on the ISS, this one has many purposes. The encryption tests are set to begin shortly and we’ll know how the two methods fared next summer.