Segment Level Security Interface (SLSI)
Many missions use security features, such as authentication and encryption. For example, authentication can protect a spacecraft against unauthorised commands. CCSDS is developing standards for security and has published general recommendations on algorithms.
The Segment Level Security Interface (SLSI) provides a flexible interface:
- for security used by current missions
- for security that may be specified by CCSDS in the future.
SLSI permits user-written code to access each telecommand
segment as it passes through the Segmentation Sublayer. This user-written code
is referred to as the Security Processor.
SLSI in the Telecommand Encoder Shell
At the sending end, the Security Processor can implement whatever sort of segment level security function is required. Typically this will be telecommand authentication, where the Security Processor adds a security block to the end of the segment.
The Security Processor can make any desired changes to the contents of the segment. The increase in the segment length is a configuration parameter, and can be used flexibly. The only restrictions are:
- the Segment Header in the first octet of the segment should not be changed
- the segment must fit in a TC Transfer Frame.
SLSI in the Telecommand Decoder Shell
At the receiving end, the Security Processor actions depend on the security functions in use. Typically this will be telecommand authentication, where the Security Processor validates and removes the security block at the end of the segment. If the segment fails the security checks, the Security Processor can discard the complete segment.
The Security Processor can change the contents of the segment, but the Segment Header
should not be changed.
SLSI support
The Telecommand Encoder Shell and Telecommand Decoder Shell packages provide optional support for SLSI. As an alternative to SLSI, our product range includes support for the ESA Telecommand Authentication Unit (AU).