Customer: ESA – Telespazio S.p.A.
Duration: March 2009 – June 2010
The Project
LockSat B deals with the application of LockSat (LOCal Key Synchronization and generation for data security in sATellite communications) concept to IPsec protocol. LockSat, as innovative key management system, allowing frequent security key renewals without requiring the exchange of keys and signaling on air (unsecure channel). It results particularly suited for satellite systems, since it can provide security services without wasting radio resources, which are scarce and expensive for a satellite connectivity link.
LockSat has been realized as a prototype in the frame of LockSat B project. The developed prototype integrates IPsec protocol with LockSat algoritm for local keys generation, instead of actual key management protocols such as IKEv1 and IKEv2, which require a continuous exchange of messages between the communication parties.
Moreover, LockSat algorithm has been applied in Zigbee Wireless Sensor Networks (WSNs). Despite of actual Zigbee security services, LockSat supports security services without wasting radio and power resources. That allows to drastically reduce the power consumption and thus to save the time-to-live parameter of each node within the WSN.
Radiolabs activities
RadioLabs has particularly contributed to the design of LockSat algorithm implementation both in the IP-subsystem, and in Zigbee WSN. For this purpose it has been designed ad-hoc subsystem architecture. For IP-subsystem it has been exploited functionalities of Linux 2.6 kernel while for sensor subsystem a new header at application level has been defined in order to perform end-to-end security connection from a remote control station to the sensor unit. The proposed solution makes particularly suitable the use of IPsec over satellite. In any case, security level is improved thanks to a renewal key time even lower than the propagation delay, and does not require any additional bandwidth.
Moreover, RadioLabs has driven the test phase of LockSat algorithm both in the IP-subsystem, and in Zigbee WSNs by defining proper tests also for hard propagation conditions. This allows to take into account for the following:
- Any delay due to propagation distance between source and destination;
- Any delay variability (or jitter) due to crossed routers or nodes in a TLC network or the congestion of the network;
- Any medium access technique considered in a wireless network;
- Any amount of traffic load and any number of users connected to the network.
Results have showed that a renewal key time (i.e. 0.3 s for IP-subsystem, and 10 s for sensor subsystem, respectively) lower than the actual security algorithms is allowed. This introduces two main advantages: (i) the use of a cryptographic simpler algorithm from a computational point of view, and (ii) a security level is improved thanks to a frequent renewal key time .
The Partners
The Partners of LockSat B are: