Authenticated encryption for space telemetry
Andrew Savchenko
TL;DR
The paper tackles protecting emergency space telemetry under NASA-STD-1006A by designing a lightweight AEAD scheme based on AES-GCM with a fixed 448-bit frame. A 96-bit IV composed of a $32$-bit counter and a $64$-bit timestamp ensures nonce uniqueness while enabling replay protection, and a $16$-bit AAD with a $128$-bit authentication tag strengthens integrity and authenticity. The approach emphasizes operational simplicity, deterministic latency, and compatibility with CCSDS standards, trading off larger frame overhead for predictable performance on constrained hardware. A Python reference implementation and test vectors illustrate the scheme, and the discussion outlines practical deployment considerations, risk mitigations, and directions for future enhancements such as key hierarchies and RTC recovery. Overall, the work provides a practical, standards-aligned solution for secure, reliable space telemetry in emergency scenarios, with concrete framing and replay protections suitable for real-time mission control.
Abstract
We explore how command stack protection requirements outlined in NASA-STD-1006A can be satisfied within the context of emergency space telemetry. Proposed implementation of lightweight authenticated encryption offers strong security without sacrificing performance in resource-constrained environments. It produces fixed-length messages, maintaining compatibility with the underlying data transport protocols. By focusing on predictable properties and robust authentication, we create a scheme that protects the confidentiality, integrity and authenticity of telemetry data in emergency communications while balancing security requirements with the operational constraints.
