Description

The objective of the activity is to study, design, develop and test a scalable and future proof Public Key Infrastructure (PKI) concept for a telecommunications system based on a large constellation including concept of interconnection with other space and terrestrial systems. The PKI shall allow the authentication of users (on ground and in space) by means of asymmetric cryptography (classical and post-quantum) as well as the definition of groups and hierarchy of users. A test bed shall be developed to fully evaluate thedeveloped concept for a large constellation. Targeted Improvements: Enabling independent authentication service as needed for secure communications based on large constellation not existing today. Description: In the traditional GEO communication satellites, the satellite is a relay between the user and the ground gateway. The security of communication between the user segment and the gatewaycan be managed by a pre-shared secret. With the increase of broadband users, the increase of on-board capabilities and the development of satellite-based services, a flexible way to manage the confidentiality and authentication between all actors is needed. Currently the connection in the World Wide Web is secured through a PKI. A similar solution, but with independent certification authorities, is needed for telecommunication systems with many actors, allowing the secure and authenticated exchanges with users and with other systems. In addition, the advent of Post Quantum Cryptography (PQC) requires a careful study in terms of protocols adaptations and certificates signing process, taking into account theconstraints of space systems.The activity targets the design of an independent PKI suitable for large constellation systems, allowing also the secure interconnection with other space and ground services and systems and capable to support "hybrid certificates" using classical cryptography and PQC. In particular, the PKI shall have a flexible and independent way to manage the key distribution using asymmetric cryptography, manage different multicast groups in a hierarchical manner and have synergy with other satellite-based services. Moreover, the activity shall evaluate different alternatives todigitally sign the certificates (e.g. using different schemes for different scenarios), considering the challenges of SATCOM environment (e.g. latency, limited power) and the state of the art of PQC. Such PKI will be validated with the development of a softwaretestbed. Such software testbed shall simulate a communication system including gateways, satellites and users. It shall emulate thebehaviour of the PKI, evaluating as a minimum key distribution latency, bandwidth overhead due to authentication and peak bandwidthduring specific operations such as key revocation. Moreover, it shall implement a proof of concept of a user and a server that authenticate the communication based on the designed PKI.The activity will start with a critical review of the requirements, taking into account the connections with other space systems, the synergy with different services (e.g. navigation, timing and situational awareness) and the management of different multicast groups in a hierarchical manner. Subsequently, there shall be an analysis and trade-off to design a secure, efficient and flexible PKI. The trade-off shall include different aspects such as flexibility, expandability, independency and optimisation with respect to space systems constraints. Moreover, it shall consider whether can be an advantage theuse of satellites in different orbits as part of the key infrastructure for key distribution in case of disaster recovery, ensuringbusiness continuity. A definition of Key Performance Indicators (KPI) to evaluate different solutions shall be provided. Finally, the activity will output a software testbed to validate the designed PKI and evaluate its performance based on the set of defined KPI.