Home   /   Portfolio   /  E2EQSS

E2EQSS

End-to-End Quantum-Safe Security for Satellite Data Links

Secure Satcom for Safety & Security (4S)
STATUS | Ongoing
STATUS DATE | 23/04/2025
ACTIVITY CODE | 3D.012
E2EQSS

PAGE CONTENTS

Objectives

The activity aims to produce a qualified commercial space system composed of space and ground components that offers end-to-end quantum-safe security for all satellite data. The final system provides two different setups that target two use cases:

  • Low-rate point-to-point communication links (<5Mbps) for low-power devices: This configuration targets primarily satellite monitoring and control links, typically in the UHF, S- and X-bands. The same setup can secure any point-to-point data link between two low-power devices. It is noted that in this setup, the key management and storage are purely software-based. This contrasts with the common practices in satellite systems that use ASICs.
  • High-rate point-to-point communication links (<10Gbps) for high-power devices: This configuration targets high-rate links for payload data transfer/downlink, typically in the X, K and optical bands.

The proposed system uses Post-Quantum Cryptography (PQC) and is built only on existing technology. It also does not require specialised hardware and optical communications. In addition to being post-quantum safe, the proposed solution departs from traditional approaches to secure space data links in another critical aspect: it uses asymmetric public-key cryptography.

Challenges

The main challenges include ensuring quantum-safe security using post-quantum cryptography while maintaining compatibility with existing technology and avoiding specialised hardware.

Balancing low-power requirements for control links with high-power for payload data links adds complexity. Using asymmetric cryptography for key exchange, unconventional for satellite links, poses computational efficiency, latency, and resilience challenges in space environments.

Integrating these elements to provide secure, end-to-end satellite communications without traditional hardware-based key management further complicates the implementation and testing processes, requiring innovative software solutions and rigorous validation.

System Architecture

The E2EQSS system architecture comprises multiple integrated components within a secure operational environment. The PKI manages the digital certificate lifecycle, including certificate authentication, issuance, validation, and revocation, while incorporating QRNGs to enhance the cryptographic strength of key generation.

The Mission Control System (MCS) enables spacecraft operations, integrates PQC for secure data management, configures encryption parameters and interfaces between the PKI and the satellite network. Ground stations provide the communication link between MCS and satellites, securing the bidirectional flow of telemetry, command, and control data. Satellites are equipped with an On-Board Computer (OBC) embedded with PQC capabilities and a QRNG, employing CCSDS protocols to secure inter-satellite and satellite-to-ground communication channels.

The architecture facilitates critical data exchanges, including secure data transmission to maintain satellite communication integrity and confidentiality, robust key management and certificate exchange governed by PKI, and MCS coordination to ensure authenticated and encrypted command and telemetry. This design provides the operational environment to maintain high security throughout all mission phases, adhering to cutting-edge post-quantum cryptographic standards and preparing for future challenges.

Plan

The project has two phases, each with important milestones.

Phase 1 starts with the Kick-Off and System Requirements Review (SRR), followed by the Preliminary Design Review (PDR).

Phase 2 includes the Critical Design Review (CDR) and progress assessments to ensure development stays on track.

The project concludes with the Qualification Review (QR), marking the final evaluation of the system’s readiness.

Each phase ensures systematic progress, while intermediate reviews provide checkpoints for aligning the project with its objectives and validating critical designs.

Current Status

The project has completed the Systems Requirements Review (SRR) milestone and is progressing toward the Preliminary Design Review (PDR). Key achievements include finalising a trade-off analysis and the key exchange protocol specifications integrating PQC and QRNGs into the PKI and OBC.

Currently, the team is working on the detailed design documentation and conducting de-risking activities. Upcoming tasks involve prototype development and testing to lay the groundwork for transitioning from the demonstration phase to functional readiness.

Companies

VisionSpace Technologies GmbH
VisionSpace Technologies GmbH
https://visionspace.com/
Germany
Ateleris GmbH
Ateleris GmbH
https://www.ateleris.ch
Switzerland
Fachhochschule Nordschweiz (FHNW)
Fachhochschule Nordschweiz (FHNW)
https://www.fhnw.ch
Switzerland
ID Quantique SA (IDQ)
ID Quantique SA (IDQ)
https://www.idquantique.com/
Switzerland