CREAMPET Autonomous Collision Avoidance Systems for Ground Control Centres with Data Privacy Protection

  • Status
  • Status date
  • Activity Code

The objective of this activity is to develop and test a prototype of an autonomous collision avoidance system for ground control centres that guarantees data privacy to satisfy satellite operators’ data privacy requirements. In other words, a prototype should be created which performs collision assessment between objects by using privacy-protected (i.e. encrypted, obfuscated…) shared data of different satellite operators.

The kind of computations covered in this autonomous collision avoidance context includes:

  1. Collision Probability

  2. State uncertainty prediction

  3. Conjunction data fusion from multiple data sources

  4. Collision avoidance manoeuvre decisions

In order to provide these functionalities, some private data such as state-vectors, covariance or object characteristics shall be shared, either to improve the training of the models or to execute the trained models. This kind of data is usually sensible to be shared by some of the satellite operators, and therefore also the one that will require the application of these privacy preserving techniques. In that sense, the developed prototype including the privacy preserving layer will consider the functionalities implemented on the activities S2P-S1-CR-01 (CREAM#1), using machine learning methodologies for the prediction of the above-mentioned parameters (AutoCA), and S2P-S1-CR-03 (CREAM#3), considering a centralised collision avoidance coordination system (AutoSTM).


When working with data there is always a trade-off between the functionality provided by your service and the privacy of the data you are using to provide that service. The balance between what you want to do and what you can do (or what you are allowed to do) is not straightforward and for some advanced functionalities you must pay the price of the privacy and vice versa.



When combined with the existing tools and procedure the privacy enhancement techniques brings more trust and willingness to share information between the operators. It is expected the resulting prototype using the privacy preserving would encourage the satellite operators to share their data in order to increase the space safety overall, by improving the prediction models and the coordination of the collision avoidance manoeuvres, and therefore avoiding unnecessary manoeuvres.

The targeted improvement goal is defined through the assessment on the required manual intervention for the collision risk assessment and avoidance manoeuvre computation processes, considering a reduction at least of a 20-30% of the dedicated time for a flight dynamic engineer.


Based on the technical literature, papers, patents, publicly and commercially available libraries and tools, the privacy preserving techniques analysed will include, at least secure Multi-party Computation (MPC), Differential Privacy (DP), Federated Learning (FL) and Homomorphic Encryption (HE). The analysis will also include the suitability and applicability of these techniques to the collision avoidance related functionalities, such as the prediction of the probability of collision, state vectors, covariance, and other conjunction event statistics and metrics by identifying and justifying the choice of the critical parameters needed to quantify the feasibility of the proposed solutions.

System Architecture

An initial draft diagram of the data and dataflow of a system that combines Collision Assessment tools with Coordination Platform and Service Platform Provider obtaining a complex and complete structure that offers all the information required for a satellite operator, increasing todays operational cost and accuracy.

The diagram presents different types of systems, such as standalone ones – e.g. Support software – as well as centralised services – e.g. Coordination Platform or Service Platform Provider. Depending on the type of system, different strategies might be required to be applied. In case of a support system (standalone version installed at the operators’ premises) the exchange data and models are shared directly between the Satellite Operators. In order to ensure the correct data has been exchanged, within the direct sharing the operators need to select and filter the required data by themselves, before ensuring the privacy and providing it to other users.


CREAMPET is a project initially scheduled for 18 months and consists of the following milestones:

  • Kick Off Meeting (KOM) – milestone marking the start of the project.

  • Software Requirements Review (SRR) – milestone marking the acceptance of the target software requirements 

  • Preliminary Design Review (PDR) – milestone marking the initial design of the software

  • Detailed Design Review (DDR) – milestone marking the design process completion 

  • Qualifying Review (QR) – milestone marking the success of the testing campaign

  • Acceptance Review (AR) – milestone marking the acceptance of the project.

Current status

The activity has just started, the Kick-off meeting planned for the 15th of February 2024. 

Prime Contractor