GONZALEZ EVA (GB)
UNDERWOOD TED (GB)
| US5966224A | 1999-10-12 | |||
| US6748083B2 | 2004-06-08 | |||
| US4688250A | 1987-08-18 | |||
| US5293576A | 1994-03-08 |
SHENG-KAI LIAO ET AL: "Satellite-to-ground quantum key distribution", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 3 July 2017 (2017-07-03), XP081279476, DOI: 10.1038/NATURE23655
TUNICK A. ET AL.: "Review of Representative Free-Space Quantum Communications Experiments", SPIE, PO BOX 10 BELLINGHAM WA 98227-0010 USA, 2010, XP040528159
CARRASCO-CASADO ALBERTO ET AL: "LEO-to-ground optical communications using SOTA (Small Optical TrAnsponder) - Payload verification results and experiments on space quantum communications", ACTA ASTRONAUTICA, PERGAMON PRESS, ELMSFORD, GB, vol. 139, 21 July 2017 (2017-07-21), pages 377 - 384, XP085166143, ISSN: 0094-5765, DOI: 10.1016/J.ACTAASTRO.2017.07.030
| CLAIMS 1. A satellite telemetry, tracking & telecommand (TT&C) method, comprising: a. establishing a QKD link between a satellite and a satellite access station; b. sharing a cryptographic key over the QKD link by means of a QKD protocol; and c. sending and/or receiving TT&C commands and/or data, encrypted using the cryptographic key, to and/or from the satellite. 2. The method of claim 1, wherein the cryptographic key is output from the satellite over the QKD link. 3. The method of claim 1, wherein the cryptographic key is output to the satellite over the QKD link. 4. The method of any preceding claim, wherein the QKD protocol comprises a 'prepare and measure' protocol. 5. The method of any one of claims 1 to 3, wherein the QKD protocol comprises an entanglement protocol. 6. The method of any preceding claim, wherein the cryptographic key is generated randomly or pseudo-randomly. 7. The method of any preceding claim, wherein the step of sharing the key is initiated by a command from the satellite access station. 8. The method of any preceding claim, wherein the QKD link comprises an optical link. 9. The method of any preceding claim, wherein TT&C is performed with the satellite over an RF link. 10. The method of any preceding claim, wherein said cryptographic key is periodically or continuously updated over the QKD link. 11. The method of claim 10, wherein one or more additional cryptographic keys are shared over the QKD link and stored for subsequent use as said cryptographic key in the event that the current key cannot be updated. 12. The method of any preceding claim, wherein an initial key is at least partially set up between the satellite and the satellite access station prior to the establishment of the QKD link. 13. The method of claim 12, wherein the initial key is at least partially set up by means of a QKD protocol. 14. The method of claim 12 or 13, wherein the initial key is partially set up prior to the establishment of the QKD link, and is subsequently resolved over the QKD link. 15. The method of any preceding claim, wherein the satellite includes a hosted payload and a further cryptographic key is established for encrypted communication with the hosted payload. 16. The method of claim 15, wherein the further cryptographic key is shared over a discrete further QKD link set up with the satellite. 17. The method of claim 16, wherein the discrete further QKD link is set up with the satellite from a further satellite access station. 18. Apparatus arranged to perform the method of any preceding claim. 19. A satellite access station comprising the apparatus of claim 18. 20. A satellite telemetry, tracking and telecommand (TT&C) system, comprising: a. a satellite; and b. a satellite access station having a QKD link with the satellite; wherein the satellite and the satellite access station are arranged to share a cryptographic key over the QKD link by means of a QKD protocol; and wherein a terrestrial node is arranged perform TT&C, encrypted using the cryptographic key, with the satellite. 21. The system of claim 20, wherein the satellite includes a hosted payload and a further cryptographic key is established for communication with the hosted payload. 22. The system of claim 21, wherein the further cryptographic key is shared over a discrete further QKD link set up with the satellite. 23. The system of claim 22, wherein the discrete further QKD link is set up with the satellite from a further satellite access station. |
FIELD OF THE INVENTION
[0001] The present invention relates to a method and apparatus for satellite TT&C (telemetry, tracking and telecommand). BACKGROUND OF THE INVENTION
[0002] Satellite TT&C may involve one or more of:
• The sending of command signals in an uplink to a satellite from an earth station, in order to control the operation and configuration of the satellite and/or its payload.
• A downlink from the satellite to the earth station carrying mission status and command handling data, for example to confirm both that the command signals have been received and that the commands have been executed.
• An uplink and downlink communication between the satellite and an earth station used in order to establish the range/position of the satellite.
[0003] It is important that TT&C links are protected so that the satellite only responds to authorised commands and its data is only read by authorised parties. Operational satellite TT&C is usually performed via encrypted RF links between the satellite and satellite control centre (SCC), via a satellite access station (SAS). Generally, a series of encryption keys are pre- loaded on the satellite prior to launch. During operation, a key is selected and synchronised with the SCC to encrypt the TT&C link. The keys are cycled through the set during the lifetime of the satellite.
[0004] In order to serve customers who themselves control and command their own hosted payloads on the satellite, current procedure involves the transfer of a subset of the aforementioned keys to such customers allowing them direct encrypted satellite command generation, opaque to the primary satellite operators.
[0005] US-A-4688250 (General Electric) discloses a satellite telecommand method in which a key change command from an earth station causes a satellite authenticator to generate a new operating key based on a secret master key, a supplemental private code, and a publicly available initialization vector.
[0006] US-A-5293576 (Motorola) discloses a satellite telecommand method in which a satellite and a ground control station have identical one-time random pads that are used to encrypt and decrypt critical commands. The pads are generated by the satellite, encrypted by an asymmetric encryption process and sent to the ground control station. SUMMARY OF THE INVENTION
[0007] According to one aspect of the present invention, there is provided a satellite TT&C method using Quantum Key Distribution (QKD) for the encryption process of the TT&C link. Rather than pre-loading keys on the satellite, which is a security-intense and restrictive technique, keys are generated and exchanged between the SCC and satellite during in-orbit operation via QKD.
[0008] According to another aspect of the invention, there is provided apparatus arranged to perform the above method. The apparatus may be included within a satellite access station.
[0009] According to another aspect of the invention, there is provided a satellite TT&C system arranged to carry out the method.
BRIEF DESCRIPTION OF THE DRAWINGS
[0010] Specific embodiments of the present invention will now be described with reference to the accompanying drawings, in which:
Figure 1 is a schematic diagram of a satellite system according to an embodiment of the present invention; and
Figure 2 is a flowchart of a method of operation of the satellite system according to the embodiment.
DETAILED DESCRIPTION OF EMBODIMENTS
[0011] As shown in Figure 1, a satellite system in an embodiment of the invention comprises a satellite control centre (SCC) 1 connected (e.g. via a terrestrial link 5) to a satellite access station (SAS) 2. The SAS 2 interacts via a communication link 6 to the satellite 4, which may provide the telecommunications services to user terminals 3 via user links 7. The communication link 6 may be radio frequency (RF) or optical. The SAS 2 may be connected for communications via a ground telecommunications network (not shown). The satellite 4 may have additional links to either ground or space.
[0012] The SAS 2 also provides a wireless TT&C link 9 to the satellite 4, for providing satellite status and operational commands between the SCC 1 and the satellite 4. The TT&C link 9 may be bidirectional. Commands and other data carried over the TT&C link 9 are encrypted using an encryption key, to prevent unauthorised interception. The TT&C link 9 may use RF or optical frequencies.
[0013] Additionally, a QKD link 8 is provided between the satellite 4 and the SAS 2. The QKD link 8 may be an optical link, which may comprise an optical transmitter on the satellite 4 and a corresponding optical receiver at the SAS 2. The QKD link 8 is used for key exchange using QKD, as described in more detail in the method below, with reference to Figure 2.
[0014] First, an initial key is set up (step SI) for use in encryption of data over the TT&C link 9 prior to establishment of a quantum key exchange over the QKD link 8 (step S2). The initial key may be loaded on the satellite 4 prior to launch, and a corresponding initial key provided to the SCC 1 and/or the SAS 2. The corresponding initial key may be shared by a QKD process, for example via optical fibre or a wireless link, or by another secure process. The initial key is used to initiate the TT&C link 9 once the satellite 4 is launched.
[0015] Under normal satellite operations, the SCC 1 may command the satellite 4 to begin a new QKD process (i.e. key exchange) via the QKD link 8. The satellite 4 may generate a new key that is communicated to the SAS 2 via the QKD link 8 using a QKD process (step S3), for example by means of a 'prepare and measure' (e.g. BB84) or entanglement (e.g. E91) protocol. The new shared key is then used to encrypt data over the TT&C link 9 (step S4).
[0016] In the case of an entanglement protocol, one of the entangled photon pair may be withheld and measured onboard the satellite 4, to establish the key.
[0017] Under normal satellite operations, the key is periodically (e.g. dependent on weather conditions and power resources) or continuously regenerated (step S5) during the lifetime of the satellite 4 in order to ensure high level cryptographic protection for TT&C; the key here may be referred to as an 'evolving' key.
[0018] In a secondary procedure similar to and operating alternately/in parallel with the normal key generation process described above, one or more keys may be generated for storage over an extended period of time, to be employed in the event of interruption to the normal key generation process, for example if the QKD link 8 is not available; the process here may be referred to as failsafe key generation and the key(s) as 'fall back' key(s). This secondary procedure provides for secure and reliable TT&C operations in the event of interruptions to the QKD system.
[0019] The shared key may be communicated to the SCC 1 over the terrestrial link 5, and be used for end-to-end encryption and decryption of commands and data between the SCC 1 and the satellite 4. Alternatively, the commands and data may be received from the SCC 1 by the SAS 2 and encrypted by the SAS 2 using the shared key.
[0020] The shared keys may be generated randomly (e.g. via quantum random generators) or pseudo-randomly, or selected from a predetermined set of keys.
[0021] The satellite 4 may be a geostationary, geosynchronous or non-geosynchronous satellite.
ALTERNATIVE EMBODIMENTS
[0022] The QKD link 8 is described above as a unidirectional downlink from the satellite. Additionally or alternatively, an optical uplink (i.e. with the photon source on ground) could be used for the QKD protocol. Furthermore the QKD link 8 could be bidirectional and not distinct from the communication link 6.
[0023] For customers who control and command their hosted payloads on the satellite, the QKD protocol can be applied so that the customer establishes their own keys. This may be done for example via the customer's own QKD link with the satellite from the customer's satellite access station, bypassing the primary operator's SCC 1 and/or SAS 2, or from a separate secure facility within the primary operator's SAS 2. In this way, customers may securely command their hosted payloads on the satellite.
[0024] Alternatively to loading an initial key as described above, whilst the satellite 4 is on ground (e.g. during the Assembly, Integration and Testing (AIT) phase of manufacture) the key could be partially established, for example with the QKD protocol measurements made. The key may then be resolved via the post-process communications between the two parties (e.g. satellite 4 & SCC 1) over the QKD link 8. For example, in the case of a QKD entanglement protocol, the post-process communications may involve generating the key by comparing bases between the two parties. This will allow for the initial key to be secured as the measurements of both parties would need to be compromised to establish the initial key in contrast to the case where the key is stored on the satellite pre-launch.
[0025] The QKD link 8 is preferably an optical link but could use electromagnetic radiation of another frequency such as in the RF or microwave range.
[0026] Alternative embodiments of the invention may be envisaged, which may nevertheless fall within the scope of the accompanying claims.
Next Patent: COMPOSITION