CSUM: A Novel Mechanism for Updating CubeSat while Preserving Authenticity and Integrity
Ankit Gangwal, Aashish Paliwal
TL;DR
CSUM targets secure in-orbit software updates for resource-constrained CubeSats by replacing heavy cryptographic operations with a hash-chain-based mechanism that provides authentication, integrity, and freshness. The approach binds each update to a one-time token $AT_{curr}$ via $TT \coloneqq AT_{curr} \oplus h(SUP \Vert AT_{prev})$, and authenticates updates through the relation $h(AT_{curr}) = AT_{prev}$, with $AT_{curr}$ advancing the chain. Empirical evaluation demonstrates that CSUM can validate up to $50{,}000$ updates in about $0.81$ seconds and that hash-based operations significantly outperform encryption/signature-based schemes by factors up to $>$61, while maintaining constant network overhead of $256$ bits. The work presents a practical mechanism for secure OTA updates in CubeSats, reducing computational and bandwidth demands and enabling robust update authenticity, integrity, and freshness in space environments. Future directions include scalable group updates for satellite clusters and optimized hash-chain reinitialization strategies to support larger constellations.
Abstract
The recent rise of CubeSat has revolutionized global space explorations, as it offers cost-effective solutions for low-orbit space applications (including climate monitoring, weather measurements, communications, and earth observation). A salient feature of CubeSat is that applications currently on-boarded can either be updated or entirely replaced by new applications via software updates, which allows reusing in-orbit hardware, reduces space debris, and saves cost as well as time. Securing software updates employing traditional methods (e.g., encryption) remains impractical mainly due to the low-resource capabilities of CubeSat. Therefore, the security of software updates for CubeSats remains a critical issue. In this paper, we propose CubeSat Update Mechanism (CSUM), a lightweight scheme to provide integrity, authentication, and data freshness guarantees for software update broadcasts to CubeSats using a hash chain. We empirically evaluate our proof of concept implementation to demonstrate the feasibility and effectiveness of our approach. CSUM can validate 50,000 consecutive updates successfully in less than a second. We also perform a comparative analysis of different cryptographic primitives. Our empirical evaluations show that the hash-based approach is at least 61$\times$ faster than the conventional mechanisms, even in resource-constrained environments. Finally, we discuss the limitations, challenges, and potential future research directions for CubeSat software update procedures.