I.B. + M.A. DE LANDE LONG
SOFTWARE + CONSULTANCY

Authentication Features of the ESA AU

The ESA Telecommand Authentication Unit (AU) is an ESA extension to the CCSDS telecommand architecture. This page gives details of the features of the Authentication Unit. For diagrams and a general description, see the overview.

Our Authentication Unit Shell software package implements the ground and space ends of the AU. We provide support for the Authentication Unit as an option for our Telecommand Encoder Shell and for our Telecommand Decoder Shell.

Our AU software supports all the features described here. For the formal specifications, see the standards documents.

Standards documents for Authentication Unit

ESA Packet Telecommand Standard
ESA-PSS-04-107 Issue 2 April 1992

ESA Telecommand Decoder Specification
ESA-PSS-04-151 Issue 1 September 1993

Authentication Tail

The length of the Authentication tail is 9 octets.

The first 4 octets contain the counter field. In the counter field, the first two bits identify the counter (LAC ID) and the remaining 30 bits contain the counter value (LAC COUNT).

The last 5 octets contain the authentication signature.

Logical Authentication Channel (LAC)

The Authentication Unit contains three counters, which effectively provide three Logical Authentication Channels (LACs). Two of the LACs (Principal LAC and Auxiliary LAC) are intended to support two independent, multiplexed streams of authenticated data. The third LAC is intended for recovery.

At the sending end, the LAC is chosen when the data block is passed to the AU. At the receiving end, the LAC ID field in the Authentication tail shows which LAC to use.

At the receiving end, the authentication system will only accept a block which has the expected counter value. So, if a block is lost in transmission, the following blocks which use the same counter will be rejected. Therefore, the underlying communications channel should have a minimum risk of losing a block.

Encryption Keys

The Authentication Unit contains two encryption keys: a fixed key and a programmable key. Each key contains 2940 bits.

The keys must be kept secret, so the design of a system using authentication needs to provide suitable electronic and physical security for the keys.

Authentication Control Commands are available for selecting which key to use and for changing the programmable key.

Authentication Control Commands

Authentication Control Commands are available for controlling the authentication behaviour.

The commands are encoded as telecommand data blocks, and are processed by the ground and space Authentication Units, to maintain synchronised internal states. There are commands for setting the programmable key, for selecting which key to use, and for setting the LAC counters.

Telecommand Segments in the ESA Authentication Unit

The ESA Packet Telecommand Standard defines an Authentication Sublayer as an optional extra in the Segmentation Layer of the ESA Packet Telecommand Architecture. The ESA architecture is otherwise the same as the CCSDS telecommand architecture. The data block handled by the ESA Authentication Unit is a telecommand segment.

The Segmentation Layer supports the multiplexing of up to 64 independent streams of data. Each stream is labelled with a Multiplexer Access Point (MAP) identifier. The MAP ID is carried in the 1-octet segment header.

The AU can be set to apply authentication to some MAPs and not to others. MAP 63 is reserved for Authentication Control Commands.

Virtual Channels

Multiple Virtual Channels can share a single physical uplink channel. Each Virtual Channel has its own Authentication Unit and runs the authentication independently.

Status Reports

The on-board ESA Authentication Unit generates an AU Status Report, which is available for sending to the ground in the downlink telemetry. The report includes the current values of the counters.

AU Shell TC Encoder Shell TC Decoder Shell