PAGE CONTENTS
Objectives
The objective of the HBSE project is to develop and commercialise a hardware-based security solution tailored for CubeSats. This solution ensures end-to-end data protection, robust authentication, and secure key management for satellite communication and payload operations. The system addresses the growing need for high-assurance data security in the rapidly expanding CubeSat market, especially for commercial Earth observation and Internet of Things (IoT) / Machine-to-Machine (M2M) constellations.
By providing a platform-independent security module, HBSE enables satellite operators, platform providers, and mission owners to safeguard valuable data, meet compliance requirements, and enhance trust in shared and multi-user satellite architectures. The project aims to deliver a ready-to-integrate product with flexible service models and easy compatibility with new and existing satellite platforms.
Challenges
Key challenges include integrating advanced security features into resource-constrained CubeSats and providing robust key management resistant to evolving cyber threats. The project must balance high security standards with cost-effectiveness and user-friendliness, while addressing industry concerns about performance, scalability, and long-term reliability in low Earth orbit (LEO).
System Architecture
The HBSE system architecture comprises three main elements: the satellite’s onboard security module (integrated with the on-board computer and intelligent payload controller), the ground-based key management authority, and the secure data dissemination platform. Onboard, the secure element handles all cryptographic operations and key storage, ensuring data is encrypted and authenticated at the source.
The ground segment manages certificate issuance, key lifecycle, and secure communication between the satellite, mission operations center, and end-users. The architecture supports role-based access, auditability, and modular integration with existing and future CubeSat platforms. Data flow is encrypted end-to-end, with flexible support for both platform-level and payload-level protection, ensuring confidentiality and integrity throughout the mission lifecycle.
Plan
The project advances through well-defined phases, beginning with a kick off to align objectives and schedule. Design and development are structured around the Preliminary Design Review (PDR) and Critical Design Review (CDR), ensuring technical readiness before integration.
System-level testing and qualification are confirmed at Test Readiness Review (TRR) and Telecommunications Regulatory Board (TRB). The project culminates with the Final Review, where the integrated solution is demonstrated in an operational scenario and prepared for commercial deployment.
Progress meetings and regular reporting ensure that all risks and milestones are continuously monitored and managed throughout the project.
Current Status
Key documents and software design packages have been prepared for the upcoming PDR. Core components – including the hardware security module and software architecture – have been developed and initial integration is underway. The security chip has been initialised and tested for key writing, diversification, and encryption/authentication. Software infrastructure elements, including certificate authority and identity management, have reached their first functional versions.
No critical issues have been identified. Next steps include the PDR data package delivery and further system integration and testing.
Companies
