PAGE CONTENTS
Objectives
The ACES project aims to develop a lightweight and post-quantum, security-by-design framework to protect 5G/6G satellite networks. It ensures resilient, end-to-end secure communications and continuous security monitoring for satellites, ground systems, and 5G/6G devices including Internet of Things (IoT) constraint devices.
Key objectives include:
• Define, build, and validate a comprehensive post-quantum security suite for satellite systems that uses quantum-safe technology. It upgrades the security and resilience of satellite communication networks so they can withstand current and future cyber and quantum attacks.
• Develop the software libraries that combine post-quantum and lightweight cryptography. These libraries provide strong encryption and authentication for 5G/6G devices, satellites, and securing communications end-to-end.
• Protect critical communication scenarios such as end-to-end satellite 5G/6G links, satellite-to-ground station data links, and roaming interfaces between Mobile Network Operators (MNOs).
• Build the vulnerability analysis tool for device and satellite systems from design and monitoring them at runtime vulnerability detection, and a risk dashboard.
Benefits
ACES covers three products: (i) secure 5G NTN end-to-end communications, (ii) secure roaming interfaces, and (iii) secure satellite-to-ground communications.
• Unlike many competing systems, ACES combines PQC, lightweight encryption, and security-by-design monitoring, giving customers both protection and continuous risk visibility.
• ACES considers the security for IoT devices and 5G satellite environment from 3GPP, CCSDS and NIST standards, which improves interoperability and practical deployment.
• Compared with competitors such as Iridium, Skylo, SpaceX/Starlink, OneWeb, and Eutelsat, ACES design and implementation approach addresses a more security-driven and future-ready solution. Its advantage lies in combining strong cybersecurity with support for IoT, suitability for satellite environments, and the use of enhanced cryptographic protection, including post-quantum security measures that are not yet fully addressed by some competing systems.
ACES offers a scalable, compliant, and future-proof alternative to proprietary and less secure competitor systems.
Features
• Secure 5G NTN end-to-end communications data protection from the IoT device to the application server using encryption and authentication adapted to 5G NTN and constrained devices.
• Secure roaming interfaces helping to protect subscriber data and signalling between satellite and mobile operators.
• Secure satellite-to-ground communication links protects feeder links and payload data with suitable lightweight and Post-Quantum Cryptography (PQC) encryption.
• Standards-based design supports integration with 3GPP, CCSDS, and NIST-aligned approaches for practical deployment and interoperability.
Challenges
The project faces several key technical and operational challenges:
• Current encryption protocols are vulnerable to being broken by evolving quantum computers.
• Implementing robust security on small satellites and IoT devices requires minimising CPU, memory, and battery overhead.
• Maintaining secure end-to-end satellite links and delayed transmissions.
• Ensuring interoperability while complying with complex 3GPP, Consultative Committee for Space Data Systems (CCSDS), and National Institute of Standards and Technology (NIST) standards.
These challenges require a careful balance between high security, low resource use, reliable performance, and standards compliance.
System Architecture
In the system architecture, the first four modules are part of the cryptographic libraries and final one belongs to the vulnerability monitoring tool.
Module 1: Mobile network secure communication
• End-to-end secure communication between devices and application servers
• Secure roaming mechanisms
Module 2: PQC and lightweight for resource-constraint devices
• Compatibility with IoT devices, including sensors and edge devices across industries such as agriculture, logistics, and asset tracking
Module 3: PQC and lightweight encryption for satellites
• Satellite-side cryptographic library to secure satellite to ground communications links
• Encryption and key management in satellite environments
Module 4: PQC and lightweight encryption for application servers
• Compatibility with existing standards while supporting PQC and lightweight cryptographic libraries with application servers.
Module 5: Vulnerability monitoring
• Continuous vulnerability analysis and monitoring for both satellites and IoT devices.
• Identification of vulnerabilities to ensure long-term operational integrity.
• Enhancing threat detection capabilities
Plan
The ACES project follows a 24-month schedule, structured into two key phases:
• Definition Phase (Months 1-6): Focuses on performance and security requirements, high-level architecture, and test case definitions. A Mid-Term Review (MTR) is scheduled for month 3 and phase completion review will be at month 6 of this phase.
• Technology Phase (Months 7-24): Involves prototype development of the software libraries and vulnerability monitoring tool. Key milestones include the PDR at month 9, Critical Design Review (CDR) at month 11 and the Final Review (FR) at month 18 of this phase.
Current Status
The following is the status of the ongoing tasks within the Definition Phase (Months 1-6):
• Task 1.1: Regular team coordination is underway, and monthly progress reports (MPR) are being submitted to ESA PO.
• Task 1.2: Consortium discussed the initial security risk assessment plan to derive specific risk-acceptance thresholds.
• Task 2.1: Consortium is agreed to have the requirements (functional, non-functional, security, design) at the general, system and sub-system level.
• Task 2.2: Preliminary design of the 5G NTN system is being discussed to establish the technical baseline.
