ESA Open Invitation to Tender AO10247
Open Date: 11/03/2020
Closing Date: 29/04/2020 13:00:00

Status: ISSUED
Reference Nr.: 20.1ET.02
Prog. Ref.: Technology Developme
Budget Ref.: E/0901-01 – Technology Developme
Special Prov.: BE+DK+FR+DE+IT+NL+ES+SE+CH+GB+IE+AT+NO+FI+PT+GR+LU+CZ+RO+PL+EE+HU
Tender Type: C
Price Range: 200-500 KEURO
Products: Satellites & Probes / On-board Data Management / On Board Data Management ¿ BB / Other / Satellites & Probes / On-board SW / Other
Technology Domains: RF Systems, Payloads and Technologies / Telecommunication Systems/Subsystems / Telecom Security Techniques and Technologies
Establishment: ESTEC
Directorate: Directorate of Tech, Eng. & Quality
Department: Electrical Department
Contract Officer: Erkelens-Sickinger, Franziska
Industrial Policy Measure: N/A – Not apply
Last Update Date: 11/03/2020
Update Reason: Tender issue

Today, critical safety and security functions in spacecraft (S/C) avionics are implemented in ASIC or one-time programmable FPGAs. Neither allows an update to add functionality or correct implementation errors post-launch.The speed of security and safety-relevant technology development is expected to grow further, in the areas of- Mathematics: cryptography, coding theory- Electrical engineering: signal processing, growing scope for firmware-defined functions like Software Defined Radio- Computer Science: efficient algorithms, new computer architectures and even computing paradigms like the quantum computerThese trends make it more likely that critical S/C avionic functions will require an update over the course of the S/C mission: Cryptanalytic advances or a large-scale quantum computer may create the necessity to replace certain cryptographic algorithms during a mission lifetime. Similar arguments hold for updating TTC or payload waveforms, anti-jam function and communication codes. Also, increased functional complexities may increase likelihood post-launch implementation error correction or functional enhancement, also e.g. For the hardware reconfiguration module of an on-board computer.Certain Telecom missions today require the physical embedding of a non-european TTC security module. The technology to be developed under this activity can allow for reconfiguring an on-board security module to meet regulatory security requirements of different markets over S/C lifetime.In-flight hardware reprogramming as such has already been studied. New technology here is the novel cryptographic signature: Merkle-Tree digital signature, agreed by security experts worldwide to provide long-term security. For safety and security reasons, the update function itself is to be implemented by non-updatable hardware, hence a long-term secure cryptographic signature algorithm is required for the update process.This activity encompasses the following tasks:- develop functional concept for safely and securely conducting the re-programming of a device in the highly safety-critical path of SC telecommanding, including deactivation of the old and activation of the new functions following the actual reprogramming process;- trade-off different implementation technologies and architectures;- design and build a breadboard implementing the core building blocks of secure re-programmability of a cryptographic TTC security module.