I.B. + M.A. DE LANDE LONG
SOFTWARE + CONSULTANCY

Authentication Features

The ESA Telecommand Authentication Unit (AU) is an ESA extension to the standard CCSDS Packet Telecommand Architecture. This page describes some of the features of the Authentication Unit and of our Authentication Unit Shell software package. We also provide support for the Authentication Unit as an option for our Telecommand Encoder Shell and Telecommand Decoder Shell.

For the definition of the features described here, see the standards documents.

Standards documents for Authentication Unit

ESA Packet Telecommand Standard
ESA-PSS-04-107 Issue 2 April 1992

ESA Telecommand Decoder Specification
ESA-PSS-04-151 Issue 1 September 1993

Authentication Tail

The length of the Authentication tail is 9 octets.

The first 4 octets contain the counter field. In the counter field, the first two bits identify the counter (LAC ID) and the remaining 30 bits contain the counter value (LAC COUNT).

The last 5 octets contain the authentication signature.

Logical Authentication Channel (LAC)

The Authentication Unit contains three counters, which effectively provide three Logical Authentication Channels (LACs). Two of the LACs (Principal LAC and Auxiliary LAC) are intended to support two independent, multiplexed streams of authenticated data. The third LAC is intended for recovery.

At the sending end, the LAC is chosen when the data block is passed to the AU. At the receiving end, the LAC ID field in the Authentication tail shows which LAC to use.

At the receiving end, the authentication system will only accept a block which has the expected counter value. So, if a block is lost in transmission, the following blocks which use the same counter will be rejected. Therefore, the underlying communications channel should have a minimum risk of losing a block.

The Authentication Unit Shell supports all three Logical Authentication Channels.

Encryption Keys

The Authentication Unit contains two encryption keys: a fixed key and a programmable key. Each key contains 2940 bits.

The keys must be kept secret, so the design of a system using authentication needs to provide suitable electronic and physical security for the keys.

Authentication Control Commands are available for selecting which key to use and for changing the programmable key.

The Authentication Unit Shell supports the two encryption keys and the associated commands.

Authentication Control Commands

Authentication Control Commands are available for controlling the authentication behaviour.

The commands are encoded as telecommand data blocks, and are processed by the ground and space Authentication Units, to maintain synchronised internal states. There are commands for setting the programmable key, for selecting which key to use, and for setting the LAC counters.

The Authentication Unit Shell supports all the Authentication Control Commands.

Telecommand Segments in the ESA Authentication Unit

The ESA Packet Telecommand Standard defines an Authentication Sublayer as an optional extra in the Segmentation Layer of the ESA Packet Telecommand Architecture. The ESA architecture is otherwise the same as the CCSDS Packet Telecommand Architecture. The data block handled by the ESA Authentication Unit is a telecommand segment.

The Segmentation Layer supports the multiplexing of up to 64 independent streams of data. Each stream is labelled with a Multiplexer Access Point (MAP) identifier. The MAP ID is carried in the 1-octet segment header.

In a system using telecommand authentication, the AU can be set to apply authentication to some MAPs and not to others. MAP 63 is reserved for Authentication Control Commands.

The Authentication Unit Shell fully supports the use of MAPs and telecommand segments.

Virtual Channels

In packet telecommand, multiple Virtual Channels can share a single physical uplink channel. For example, a typical ESA spacecraft has two telecommand Virtual Channels.

If the spacecraft uses authentication, then each Virtual Channel has its own Authentication Unit.

An instance of the Authentication Unit Shell supports a single Authentication Unit, either in space or on the ground. An executable program may have multiple instances of the Shell. However, the licence conditions may limit the number of instances of the Shell that may be in use simultaneously.

Status Reports

The on-board ESA Authentication Unit generates an AU Status Report, which is available for sending to the ground in the downlink telemetry. The report includes the current values of the counters.

The Authentication Unit Shell supports the generation of the AU Status Report.

TC Authentication AU Shell TC Encoder Shell TC Decoder Shell