PAGE CONTENTS
Objectives
The ACES project aims to develop a lightweight and post-quantum, security-by-design framework to protect satellite networks. It enables resilient and end-to-end secure communication security across satellites, ground systems, and devices.
Key objectives include:
• Define, develop, and validate a comprehensive post-quantum security for 5G/6G mobile networks that include satellite systems, enhancing resilience against current and future cyber and quantum threats.
• Develop software libraries that combine post-quantum and lightweight cryptography to provide encryption and authentication for devices, satellites, and end-to-end communications.
• Secure critical communication scenarios, including end-to-end satellite links, satellite-to-ground data links, and roaming interfaces.
• Develop a vulnerability analysis tool for satellite and devices, along with a risk management dashboard.
Benefits
The ACES project provides the following benefits:
• ACES combines post-quantum cryptography (PQC), lightweight encryption, and security-by-design monitoring.
• ACES incorporates security requirements for IoT devices and 5G satellite environments, aligning with 3rd Generation Partnership Project (3GPP), Consultative Committee for Space Data Systems (CCSDS) standards to ensure interoperability and practical deployment.
• ACES offers a security-focused and future-ready approach. It integrates advanced cybersecurity for satellite environments, including post-quantum protections not yet fully addressed by many competing systems.
Features
• Protects data from Internet of Things (IoT) devices to application servers using encryption and authentication tailored to 5G non-terrestrial networks (NTN) and devices.
• Protect signalling between satellite and network operators.
• Protect satellite links using lightweight and post-quantum encryption.
• Supports integration with 3GPP, CCSDS, and NIST standardisations
Challenges
The project faces several key technical and operational challenges:
• Existing encryption protocols are vulnerable to compromise by emerging quantum computing capabilities.
• Implementing robust security on small satellites and Internet of Things (IoT) devices requires minimising CPU, memory, and energy consumption.
• Maintaining secure end-to-end satellite links, particularly in scenarios involving delayed transmissions.
• Ensuring interoperability while complying with 3rd Generation Partnership Project (3GPP), Consultative Committee for Space Data Systems (CCSDS), and National Institute of Standards and Technology (NIST) standards.
System Architecture
The modules in the system architecture are as follows:
Module 1: Mobile Network Secure Communication
• Enable end-to-end secure communication between devices and application servers
• Support secure roaming mechanisms
Module 2: PQC and Lightweight for resource-constraint devices
• Ensure compatibility with IoT devices, including sensors and edge devices
Module 3: PQC and Lightweight encryption for satellites
• Provide a satellite-side cryptographic library to secure satellite-to-ground communication links
Module 4: PQC and Lightweight encryption for application servers
• Ensure compatibility with existing standards while supporting PQC and lightweight cryptographic libraries on application servers
Module 5: Vulnerability Monitoring
• Perform continuous vulnerability analysis and monitoring for satellites and IoT devices
Plan
The ACES project follows a 24-month schedule, structured into two phases:
• Definition Phase (Months 1-6): Focuses on performance and security requirements, high-level architecture, and test case definition. A Mid-Term Review (MTR) is scheduled for month 3, with the phase completion review in month 6.
• Technology Phase (Months 7-24): Involves the development of software library prototypes and the vulnerability monitoring tool. Key milestones include the Preliminary Design Review (PDR) in month 9, the Critical Design Review (CDR) in month 11, and the Final Review (FR) in month 18.
Current Status
The following is the status of the ongoing tasks within the Definition Phase (Months 1-6):
• Task 1.1: Regular team coordination is underway, and monthly progress reports (MPR) are being submitted to ESA PO.
• Task 1.2: Consortium discussed the initial security risk assessment plan to derive specific risk-acceptance thresholds.
• Task 2.1: Consortium is agreed to have the requirements (functional, non-functional, security, design) at the general, system and sub-system level.
• Task 2.2: Preliminary design of the 5G NTN system is being discussed to establish the technical baseline.
