Segment Level Security Interface (SLSI)

The Segment Level Security Interface (SLSI) provides a flexible interface:

• for security used by current missions
• for security that may be specified by CCSDS in the future

SLSI permits user-written code to access each telecommand segment as it passes through the Segmentation Sublayer.  This user-written code is referred to as the Security Processor.

SLSI in the Telecommand Encoder Shell

At the sending end, the Security Processor can implement whatever sort of segment level security function is required.  Typically this will be telecommand authentication, where the Security Processor adds a security block to the end of the segment.

The Security Processor can make any desired changes to the contents of the segment.  The increase in the segment length is a configuration parameter, and can be used flexibly.  The only restrictions are:

• the Segment Header in the first octet of the segment should not be changed
• the segment must fit in a TC Transfer Frame

SLSI in the Telecommand Decoder Shell

At the receiving end, the Security Processor actions depend on the security functions in use.  Typically this will be telecommand authentication, where the Security Processor validates and removes the security block at the end of the segment.  If the segment fails the security checks, the Security Processor can discard the complete segment.

The Security Processor can change the contents of the segment, but the Segment Header should not be changed.

SLSI support

The Telecommand Encoder Shell and Telecommand Decoder Shell packages provide optional support for SLSI.  As an alternative to SLSI, our product range includes the ESA Telecommand Authentication Unit (AU).

TC Encoder Shell     TC Decoder Shell     ESA AU