Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AegisSat: Securing AI-Enabled SoC FPGA Satellite Platforms

Huimin Li, Vusal Novruzov, Nikhilesh Singh, Lichao Wu, Mohamadreza Rostami, Ahmad-Reza Sadeghi

TL;DR

AegisSat addresses the critical security gap in AI-enabled SoC FPGA satellites by proposing a defense-in-depth framework that spans secure boot, runtime isolation, authenticated in-orbit updates, and robust rollback. The approach integrates hardware-rooted trust, TrustZone-based isolation, and cryptographically protected partial reconfiguration to safeguard both AI accelerators and reconfigurable logic. Experimental validation on contemporary SoC FPGA hardware demonstrates end-to-end secure reconfiguration and trusted operation under realistic threat models. The work also outlines a forward-looking research agenda covering PQC, autonomous attestation, energy-aware isolation, cross-domain co-design, and secure federated learning in satellite swarms, underscoring practical impact for space missions with long lifetimes and remote operation.

Abstract

The increasing adoption of System-on-Chip Field-Programmable Gate Arrays (SoC FPGAs) in AI-enabled satellite systems, valued for their reconfigurability and in-orbit update capabilities, introduces significant security challenges. Compromised updates can lead to performance degradation, service disruptions, or adversarial manipulation of mission outcomes. To address these risks, this paper proposes a comprehensive security framework, AegisSat. It ensures the integrity and resilience of satellite platforms by (i) integrating cryptographically-based secure boot mechanisms to establish a trusted computing base; (ii) enforcing strict runtime resource isolation; (iii) employing authenticated procedures for in-orbit reconfiguration and AI model updates to prevent unauthorized modifications; and (iv) providing robust rollback capabilities to recover from boot and update failures and maintain system stability. To further support our claims, we conducted experiments demonstrating the integration of these mechanisms on contemporary SoC FPGA devices. This defense-in-depth framework is crucial for space applications, where physical access is impossible and systems must operate reliably over extended periods, thereby enhancing the trustworthiness of SoC FPGA-based satellite systems and enabling secure and resilient AI operations in orbit.

AegisSat: Securing AI-Enabled SoC FPGA Satellite Platforms

TL;DR

AegisSat addresses the critical security gap in AI-enabled SoC FPGA satellites by proposing a defense-in-depth framework that spans secure boot, runtime isolation, authenticated in-orbit updates, and robust rollback. The approach integrates hardware-rooted trust, TrustZone-based isolation, and cryptographically protected partial reconfiguration to safeguard both AI accelerators and reconfigurable logic. Experimental validation on contemporary SoC FPGA hardware demonstrates end-to-end secure reconfiguration and trusted operation under realistic threat models. The work also outlines a forward-looking research agenda covering PQC, autonomous attestation, energy-aware isolation, cross-domain co-design, and secure federated learning in satellite swarms, underscoring practical impact for space missions with long lifetimes and remote operation.

Abstract

The increasing adoption of System-on-Chip Field-Programmable Gate Arrays (SoC FPGAs) in AI-enabled satellite systems, valued for their reconfigurability and in-orbit update capabilities, introduces significant security challenges. Compromised updates can lead to performance degradation, service disruptions, or adversarial manipulation of mission outcomes. To address these risks, this paper proposes a comprehensive security framework, AegisSat. It ensures the integrity and resilience of satellite platforms by (i) integrating cryptographically-based secure boot mechanisms to establish a trusted computing base; (ii) enforcing strict runtime resource isolation; (iii) employing authenticated procedures for in-orbit reconfiguration and AI model updates to prevent unauthorized modifications; and (iv) providing robust rollback capabilities to recover from boot and update failures and maintain system stability. To further support our claims, we conducted experiments demonstrating the integration of these mechanisms on contemporary SoC FPGA devices. This defense-in-depth framework is crucial for space applications, where physical access is impossible and systems must operate reliably over extended periods, thereby enhancing the trustworthiness of SoC FPGA-based satellite systems and enabling secure and resilient AI operations in orbit.
Paper Structure (35 sections, 3 figures, 2 tables)

This paper contains 35 sections, 3 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. AI Acceleration and Design Methodologies on SoC FPGAs
  4. AI in Space Applications on SoC FPGA
  5. Multi-Tenancy on SoC FPGA
  6. Security Challenges in Space-Based Systems
  7. Cross-Layer and Lifecycle Security Requirements
  8. Threat Model
  9. Security Framework
  10. Secure Boot and Root of Trust for SoC FPGA Satellites
  11. Boot Sequence and Chain of Trust
  12. Cryptographic Key Management
  13. Bitstream Authentication and Encryption
  14. Failure Handling and Recovery
  15. Trusted Execution and Hardware Isolation
  16. ...and 20 more sections

Figures (3)

  • Figure 1: Overview of Satellite System and Attack Vectors. The satellite system consists of space segment, the ground segment, and the user segment. Adversaries can target the ground infrastructure or attack satellites directly. Moreover, if a single satellite is compromised, the threat can propagate to other satellites through inter-satellite communication links, highlighting the systemic risks of federated constellations.
  • Figure 2: Multi-Tenancy on SoC FPGA. CLB: Configurable Logic Block; R: Configurable Routing Block; BRAM: Block Random Access Memory; DSP: Digital Signal Processing; I/O: Input/Output Interface.
  • Figure 3: Secure Reconfiguration Workflow.