CSUM: A Novel Mechanism for Updating CubeSat while Preserving Authenticity and Integrity

TL;DR

This paper introduces CSUM, a lightweight hash chain-based mechanism for secure, efficient software updates to resource-constrained CubeSats, ensuring integrity and authenticity while significantly outperforming traditional cryptographic methods.

Contribution

The paper presents CSUM, a novel hash chain-based scheme that provides secure software updates for CubeSats with high efficiency and low resource consumption, addressing a critical security challenge.

Findings

CSUM can validate 50,000 updates in less than a second.

Hash-based approach is at least 61 times faster than conventional cryptographic methods.

Empirical evaluation confirms feasibility and effectiveness in resource-constrained environments.

Abstract

The recent rise of CubeSat has revolutionized global space explorations, as it offers cost-effective solutions for low-orbit space applications (including climate monitoring, weather measurements, communications, and earth observation). A salient feature of CubeSat is that applications currently on-boarded can either be updated or entirely replaced by new applications via software updates, which allows reusing in-orbit hardware, reduces space debris, and saves cost as well as time. Securing software updates employing traditional methods (e.g., encryption) remains impractical mainly due to the low-resource capabilities of CubeSat. Therefore, the security of software updates for CubeSats remains a critical issue. In this paper, we propose CubeSat Update Mechanism (CSUM), a lightweight scheme to provide integrity, authentication, and data freshness guarantees for software update broadcasts to CubeSats using a hash chain. We empirically evaluate our proof of concept implementation to demonstrate the feasibility and effectiveness of our approach. CSUM can validate 50,000 consecutive updates successfully in less than a second. We also perform a comparative analysis of different cryptographic primitives. Our empirical evaluations show that the hash-based approach is at least 61$\times$ faster than the conventional mechanisms, even in resource-constrained environments. Finally, we discuss the limitations, challenges, and potential future research directions for CubeSat software update procedures.