KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Thank you also for inviting me here and yeah, today I will walk you through some of the aspects of securing endpoints and networking in space and on the, which is quite challenging. And let's, let me start just giving you like a framework to think about. So imagine of course you have a, a constellation of satellites one or more, and which you control and interact from the ground.
And then on the ground, of course you have also the, let's say data consumer, you know, corporate company users all around the globe that want to access the data coming from satellite, or they want to send some, some also control information there. And then we can also throw in the mix, let's say the low altitude UAV drones, or even high altitude CDO, satellite hubs. So we have really a nice sets of different elements to think about. Now we can just switch to a, sort of a more technical let's say, network layer. We can just picture them as a, as all end points connected in a network.
Basically it could be a large network which interconnects all these notes. And the game through this network, we have data coming from, let's say, ground space from satellites. It could be, you know, earth, observation, pictures, or, or any kind of, of data we can collect from, from this blind satellite.
And they, this data needs to be sent securely to the ground to maybe any end points or any user, which request those data. And then you have, of course also the, the, the hubs in the mix, which more or less behave in a similar way. And then we have also to send data, as I say, imagine common and control type of data that you need to issue to, to control and direct. Let's say your, your satellite. Now we have these two, two segments so that you want to, to control, and then you are sending data back and forth.
And one of the goal now of this let's say activity we are doing now is to try to think how to protect all these assets. Now, when, when it comes to protection, there are value aspect. One is you need to identify every single asset, every single endpoint, for example, we could do, you know, using digital certificate, you know, some technology which is widely used on, on earth, we could try to replicate and reuse actually for space application.
And then we have to protect the data itself in that transmission, which you can think of using some encryption, maybe end-to-end encryption, which includes also an aspect, which is very important and often a bit forgotten when people talk about cybersecurity is, is like distributing the encryption keys.
So when you, you do encryption, you also have also have to care very much about the way you are distributing and sharing this, this key to allow this encryption now in this kind of scenario and depicting, and the day, the idea we are, you know, applying and having and designing is to use hardware encryption. So imagine to use basically hardware security module, which would be attached to every endpoint and this, this ship would provide actual the crypto functionality and storing also, for example, the digital certificate, this is just to kind of give an extra level of security.
And for example, eliminating, you know, the, the, the typical application we have heard when we use software based encryption. So we could actually rely harder to increase the level of security. So if we apply now this concept to our little diagram, we can think to have a digital certificate shared on every single endpoint. Now this is basically deployment of the PKI, the same way we see on earth PKI deployment. This is in a similar way could be thought. So we have an niche Sam on every satellite.
And for example, most of satellite today, when the new ones coming up are using often software defined radio, which runs on a single FPGA chip. So we can actually take advantage of that chip and implement an security model in there.
Oh, we can have a separate chip on any kind to implement this functionality. So we have this digital certificate, which is stores securely in, in the chip. And then we can have the same on every asset and also on the ground. So every user actually have this, this digital certificate. Now we can start with very strong authentication, same way today. We authenticate web browser surfing on the internet. We can have similar technology.
So some, you know, technical people would be more familiar with the terms TLS. So a way of, you know, using this kind of technology to authenticate every asset. So we rely strongly on asymmetric, cryptography and digital certificate to authenticate in. And this is important because it can be done by direction. So not only we can authenticate from the ground and say, I'm talking with the certain satellite, but the other way around. So when the satellite is sending data can actually ensure he is digitally, let's say thanks to the digital certificate can ensure and authenticate.
He's sending the data to the proper ized operator. And this is actually today's kind Fisher, which is missing. I would say most operation, at least let's say not the ter one, which are for that reason secrets.
And, and then, so then we can transfer data. So we can actually take advantage of symmetric cryptography. We can secure the channel, distribute the keys, for example, using traditional algorithm as a D Hellman elliptic. And this is, let's say so-called traditional cryptography. So not considering at the moment, the quantum computing, which of course can also can also be taken care and will come back to this briefly later, and then having this kind of technology distributed, we can start to think also about implementing some, you know, protocol on various levels.
And for example, we have the CCSDS protocol, which is meant for space application and utilize also in some hubs applications and this kind of set of protocol we can use encryption from there. There is one called SDLs, which is used for symmetric encryption. We could implement it. So thanks to, again, this kind of technology we mentioned and protocol that definitely and standard that we are developing, and we should lets say, worldwide contribute to develop. This is a very important aspect because sometimes people consider a problem actually lack of the standard.
And so through this, we can also build layer of encryption. We can have, you know, level two encryption using, for example, this IDs protocol we can put on top of an application level encryption and have a so-called virtual channel and really create an end to end pipe from, let's say a satellite, sending a picture to a user or data consumer on the ground so that the data will travel from space to ground station from ground station through for example, internet to the designated end user, which thanks to his digital certificate and HSM will be the only one able tore the data.
So we can really create a very strong end to end virtual channel link and safely deliver the data. And now in this scenario, actually my company, so school has been heavily involved and heavily working. We have been developing ourself Harbor security model embedding a single FPGA chip. So as mentioned before, we can actually use existing any existing FPGA chip per sale, we can carry on using our own devices. Actually we have, I don't know if it's feasible, but we have, of course all the development done. So we have different P PCB with different F PPG chip with our technology in there.
So the important bits in this, which reconnect, the things I mentioned before is that this kind of device we build is actually building Europe. So one aspect this made in Europe, especially in Europe, should be very, very important, especially for mission critical application, such as, you know, space and drone. And then the other bits, which is extremely important for us is that this technology, the way we implement this completely verifiable by third party.
So if you buy an HSM today in the market, you might end up buying some product, you know, from us, China, Russia, mostly those are based on blind trust. So you take the chip, you blindly trust it does what it's supposed to do, but you don't have any way to verify for example, that there are not back doors. You can verify the encryption.
Yes, but you cannot verify there are no back doors. So our approach, especially using RPG technology allows, for example, to give this to third party independent like university or private company that would verify and certify that there are no better backdoor.
So you, you don't need to trust us. And this is entirely done hardware. So there is no software and operated system inside or, or, or anything pure bare metal we have of course, a set of crypto functionality, which if you remember before, those are all needed to implement and to encryption. So you can have AME cryptography, cryptography, you can handle certificate, you can generate certificate, sign and verify. So implement all, all the, all let's say, use all this crypto functionality directly from this hardware chip. And those are all implemented in basically single chip.
And that's the work we have done. And coming down to the application, which I listed before, we have been specifically working for space and, and drones. Now in space, we had an activity done with the European space agency. We just finished the past summer and we basically implemented more or less everything I was described to you, especially the, the, the CCSDS DLS part. So the symmetric and encryption between ground and supposedly helps.
So the, the, the end goal for the demo was to demonstrate on a air balloon flying at, in the limit to the stratosphere because of COVID. Unfortunately we had to cancel the, let's say the physical launch, but we have done the demonstration on the ground. Of course you, you can imagine encryption actually doesn't really care if it's done, you know, in air, in vertical or horizontally in a wireless or wild. So encryption works basically, you know, from, let's say at least this type of encryption from level to up so independently from the physical layer.
So we were able to demonstrate this to this and very important within this, this activity we, we use, as I mentioned, this SDLs protocol, which is used, you know, many times to, to encrypt data, but this protocol is actually including only symmetric encryption. So the concept I mentioned about as cryptography and digital certificate, it's completely non-existent in the standard. So what we have done is actually we modified the protocol. There is a way standard way to add your own functionality. They are called technically extended procedure EP.
So we developed, we design and implemented our own two function to actually add PKI public infrastructure and use of digital certificate to this SDLs symmetry protocol. So this basically combine what I was mentioned before and give you the possibility to have this bidirectional authentication space to ground in this case with the hubs. But of course it would work the same way on, on, on a satellite and then establish the secure data link and then start to send data encrypted.
And once you have this secure data link actually can also re-key the satellite as probably most of you know, but for those who don't know in many application, for example, using this kind of protocol, the satellite is built on the ground, and then you preload a bunch of symmetric keys for the encryption. So you send the satellite with these preload keys and then you start to use them once the satellite is in orbit.
And this of course has, has a problem because if you're, if the keys on the ground get compromised, for whatever reason, then your security is gone and there is no way to securely actually send keys on the SP in the, through this protocol, because actually there is no this strong authentication. So with this kind of technology, relying on strong digital certificate, for the indication, you can establish this secure link, and then you can even start to upload new key. If this is, you know, the way you want to implement.
So you can do the so-called re functionality and then moving in the next, you know, few months and a year, actually we are already negotiating a new contract again with a, is a, and we are gonna basically bring this entire technology on the satellite offset, which is owned by ISA connected to the Zo in DTRA in Germany. And we are gonna basically do exactly similar things we have done with this. We are supposed to do with a balloon we are gonna do on in space. So it's gonna be a real demonstration and validation of this technology.
And again, we will have a op a satellite, which has its own FPGA already on board. So we are uploading our FPGA very low, let's say software design. And from there on, we can then connect to the DTA and do this entire demonstration the way I described. And one important aspect.
Also, we touched before briefly about today, we are using mostly this traditional cryptography, but we are working, having an FPG. It's extremely, let's say easy to actually replace the, the building block. Let's say the, all the different traditional cryptography functionality with, for example, post quantum cryptography, so that there are already, you know, lots of activities ongoing. And so the quantum computer let's say technologies thought to be breaking basically certain mathematical problem, which are at the base, for example, of distributing the keys in, you know, D algorithms.
So all the mathematical problem, basically based on, on the, this great logarithmic or factorization of prime number, they're gonna be probably broken very easily by the quantum computing by the time it'll arrive. So they are now replacing that kind of problem with quantum resistance. So other mathematical problem, which are resistant to quantum computing, and then with the same approach, we can just basically switch those kind of modules and take advantage of this new cryptography. So this is also to give a kind of roadmap path moving forward, and then a similar technology as described.
We are basically applying to drone. So we have their picture of the drone. There is this little device which contained the chip, which is basically installed on the drone between the autopilot and the radio. And it does all the end to end encryption with the ground station on the floor, on the ground. So this is similarly on the way I described before it can easily applied actually to any link.
Now, those are the two major one we were, we were applying, but it can basically apply also on, you know, any kind of land on the ground or any kind of office connectivity. So this let's say conclude my, my short presentation introduction, hopefully, you know, was understood. And especially, probably some people might have some question or, or hopefully there will be some question otherwise I will be, of course, available. Anyone wants to contact and know more I've been going through, let's say quite quickly to some, some of those technology, but hopefully you got the general.
