Democratizing Cybersecurity in SmallSats with the Teensy Encryption Device
Securing data communications between satellites and Earth using encryption is typically an expensive, heavy, power-hungry endeavor. While that works in billion-dollar military and communications satellites, it’s not feasible for much smaller satellites that are growing in popularity. But encryption for SmallSats might now be accomplished with a $20, off-the-shelf micro-controller and open-source software. The prototype was designed and developed by the Cal Poly Digital Transformation Hub (DxHub) powered by Amazon Web Services (AWS), and funded by a CASCADE Grant from the U.S. Department of Defense through the California Governor’s Office of Planning and Research.
Developers of SmallSats (defined by NASA here) often operate with lean teams and limited budgets in the $100,000-200,000 range. Data security via encryption is often a secondary consideration due to the technical and resource requirements and expense involved. Yet, a satellite’s core value proposition and monetary value is the data that it acquires and transmits. Without data encryption, the plain text data is vulnerable to interception by anyone with an inexpensive radio receiver, antenna, and desktop computer.
The number of these satellites in orbit and the amount of data transmitted will drastically increase as the global satellite data services market is projected to grow from $2.1 billion in 2020 to $7.1 billion in 2025 (reference). Data security has become a top priority since no one wants data intercepted by unintended recipients.
Enter ‘TED’, the Teensy Encryption Device, a $20 open-source encryption solution for SmallSats and CubeSats.
The DxHub team designed, prototyped, and demonstrated an ultra-low-cost encryption hardware and software package using open-source encryption libraries and off-the-shelf products.
Figure 1: Teensy Encryption Device. Data encryption takes place on the right microcontroller then transmitted via radio to the left microcontroller where it is decrypted. The system uses the NSA-approved AES 256 encryption algorithm.
The Teensy Encryption Device (TED) provides a secure method for encrypting and decrypting data communications sent through a satellite radio communications link between a satellite and ground station. The module sits between any flight computer and a communications radio.
Figure 2: Envisioned application of the Teensy Encryption Device: Data is collected from sensors by the flight computer, send to the TED for encryption, then forwarded to the radio for transmission. Raw data is never transmitted over the radio.
This device allows manufacturers of small satellites to quickly implement an inexpensive, open-source solution that complies with licensing encryption requirements. TED is optimized to be a low-power, small footprint device. The device is based on a commercially available ~$20 microcontroller featuring the ARM Cortex-M7 processor:
Figure 3: Top view of the Teensy 4.0, an incredibly powerful and flexible microcontroller with many data interfaces available to communicate with a wide variety of devices.
- Encryption speed: ~1.0 MB/second
- Power draw: < 0.4 watts
- Weight: ~3 grams
- Dimensions: 36 mm x 18 mm x 5 mm (without headers)
- AES 256 CBC & CTR encryption modes, additional modes possible
- UART (serial) interface, additional interfaces possible
For more information including access to the GitHub Repository, please see the supporting documents section below.
The DxHub innovation process based on Amazon’s Working Backwards methodology results in several artifacts that help inform and guide the result. Below is a description of each and their purpose in the process.
|Github Repository||The GitHub repository provides the code that was developed for the project.|
About the DxHub
Cal Poly’s Digital Transformation Hub (DxHub) was one of the earliest collaborations between Amazon Web Services (AWS) and an educational institution focused on innovation and digital transformation. While providing students with real-world learning experiences, the DxHub applies proven innovation methodologies in combination with the deep subject matter expertise of the public sector and the technical expertise of AWS to solve challenging problems in ways not contemplated before. For more information, visit www.dxhub.calpoly.edu.