Satellite AES Keys Latest New Update Here
AES is based on a design principle known as a Substitution-permutation network, the combination of both substitution and permutation, and is fast in both software and hardware. Unlike its predecessor DES, AES system does not use a Feistel network. AES Rijndael is a variant that has a fixed block size of 128 bits and a key size of 128, 192, and 256 bits. In contrast, the specification of the Rijndael block itself is specified and main dimensions, may be any multiple of the bit 32, so the minimum 128 and maximum 256 bits.
AES operates a system of order 4 by 4 bytes column-major.
Key size used for AES cipher specifies the number of repetitions of transformation rounds that convert the input plaintext called the final result, called ciphertext. The number of repeat cycles are as follows:
Fourteen cycles of repetition for 256 bit keys.
twelve cycles of repetition for 192-bit keys.
ten cycles of repetition for 128 bit keys.
Each round consists of several stages of processing, each round consists of four similar, but differing in one step depending on the encryption key itself. In one set of reverse rounds are applied to transform ciphertext back into plaintext then the original using the same encryption key.
TPS id 00 7C 00
|Channel Name||AES Keys|
|AES keys||TPS id 00 7C 00||0 71 0F 73 41 AC 77 A4 89|
|AES keys||TPS id 00 7C 00||0 dec 113 015 115 065 172 119 164 137|
|AES keys||TPS id 00 7C 00||1 06 2B 43 CA 4E D4 C1 BB|
|AES keys||TPS id 00 7C 00||1 dec 006 043 067 202 078 212 193 187|
Satellite AES Encryption Systems
As already mentioned in the introduction, there exists a wide diversity of AES encryption systems implemented
in the telecommunications satellite platforms currently available in the market.
Although at the core all these systems use the AES encryption algorithm, the encryption workflow includes other
processing steps that are specific to the particular implementation of each manufacturer. The first layer above the
core AES algorithm is the Block Cipher Mode of Operation. From the recommended modes of operation for the
AES encryption standard, the ones commonly used in the telecommunication satellites commercial platforms are the
1) Electronic Codebook Mode (ECB): this encryption mode uses the plain AES encryption algorithm in order to
generate an encrypted ciphertext from the plaintext input. In the ECB mode, under a given key, any given
plaintext always gets encrypted to the same ciphertext. For this reason, it is regarded as the least secure
2) Counter Mode (CTR): this encryption mode features the application of the AES algorithm to a set of input
blocks, called counters, to produce a sequence of output blocks that are XOR-ed with the plaintext to
produce the ciphertext. The sequence of counters must have the property that each block in the sequence is
different from every other block. This condition is not restricted to a single message: across all of the
messages that are encrypted under the given key, all of the counters must be distinct. This means that
ground counters (VCC counters) must be implemented and kept by the monitoring and control system so
they are never repeated for the same ground AES key.
3) Galois Counter Mode (GCM): this encryption mode is a variation of the Counter Mode of operation for AES
encryption. Apart from the encrypted ciphertext, GCM provides assurance of the authenticity of the
encrypted data using a universal hash function. GCM can also provide authentication assurance for
additional data that is not encrypted. Thus, the GCM algorithm generates the encrypted ciphertext and a
Message Authentication Code (MAC) associated with the input data of the algorithm: the cleartext and the
additional authentication information. On the decryption action, the GCM algorithm can then authenticate
the source of the message, providing an additional layer of security. For the monitoring and control system,
this algorithm also requires the support for VCC counters (as for the CTR mode, and for the same reasons),
which in this algorithm are included in data arrays called Initialization Vectors (IV). The monitoring and
control system needs therefore to provide support for managing the IVs for the GCM algorithm.
The next particularization layer in the implementation of AES encryption systems is the protocol layer in which
the encryption is applied. In terms of ESA PSS standards5,6, among the encryption systems supported by the hifly
product there are systems that apply telecommand encryption on the TC Segmentation Layer, while others apply it at
TC Packet Layer. For telemetry, some systems encrypt the full TM Frame, whereas others encrypt their telemetry at
TM Source Packet level.
Next, each AES encryption system provides its own AES Key Concept: the number of keys supported by the
onboard encryption units, the distribution of Fixed and Programmable keys, the usage (or the absence) of a double-
keyset system in which one key set is used for TM/TC encryption and another is used for the commanding of the
onboard encryption units.
Lastly, systems implementing CTR or GCM encryption modes have their specific requirements for the ground
counters, in the case of CTR systems, and the IVs, in the case of GCM systems. For the IVs used in GCM, each