Integration and verification of a keyed-hash message authentication scheme based on broadcast timestamps for NUTS
MetadataVis full innførsel
The NTNU Test Satellite (NUTS) is a small satellite developed by students of the Norwegian University of Science and Technology (NTNU). The satellite follows the CubeSat speciﬁcation and the development started in 2010, while a launch is planned for 2015. One goal of the NUTS project is to build the satellite entirely from scratch in terms of both hard- and software.Another objective is to provide an eﬀective security mechanism for the operational uplink. The traditional approach of using encryption on the satellite links in order to prevent a takeover is not realizable for NUTS and a variety of other CubeSat programs. The reason for this is that the satellite is operated via amateur radio frequencies which regulations are not allowing encrypted traﬃc. Thus, a demand for alternative solutions providing uplink security does exist.Previous work inside the NUTS project has pointed out, that an authentication scheme based on keyed-hash message authentication codes in combination with timestamps embodies an alternative to an encrypted uplink and a speciﬁc scheme has been proposed recently.This thesis speciﬁes the proposed scheme in detail in order to establish its correctness to a large extend with methods of formal veriﬁcation. Additionally, the scheme is implemented on hardware having similar computational restrictions compared to the NUTS satellite. This implementation is carried out in a way which guarantees an easy integration into the ﬁnalized satellite software. Accompanying to this, a conceptual integration to the hard- and software of NUTS is provided. The implemented authentication scheme is selected as security solution for the NUTS satellite in space. Therefore, an in-space evaluation of the scheme can be accomplished as soon as the satellite is launched. In preparation for this evaluation, a test suite is developed and presented in this thesis in order to verify the space suitability of the scheme by experimental results later on. Furthermore, the existence of minor ﬂaws in the authentication scheme could be shown and their impacts are discussed in order to demonstrate their negligibility.Summarized, this thesis demonstrates that an authentication scheme based on HMACs and broadcast timestamps provides is reasonable secure for the operational uplink of NUTS and elaborates a speciﬁc implementation of the scheme which is ready for an integration to the satellites software.