Satellites are used in a wide variety of applications. As a few examples, telecommunications satellites can provide television broadcast or other services such as telephone, video or radio communications, Earth observation satellites can provide detailed real-time imaging of the Earth's surface, and positioning satellites in a global navigation satellite system (GNSS) can enable the position of a receiver to be accurately calculated by triangulation.
For any type of satellite, the ability to communicate securely with the satellite is particularly important. Symmetric encryption is often used to prevent an unauthorised third party from receiving and decrypting transmissions from the satellite, and to prevent an aggressor from seizing control of the satellite by transmitting their own control signals to the satellite. A symmetric encryption scheme requires the same session key to be provided to any authorised devices in the satellite system, such as the satellite itself, a control station, and any end-users needing to receive transmissions from the satellite. Authorised devices in the system can communicate securely by encrypting a message with the session key and transmitting the encrypted message, and by decrypting and/or authenticating a received encrypted message using the same session key.
The security of this system would be compromised if an unauthorised party was able to obtain the session key. To guard against this, the session key is periodically expired and replaced with a new session key. In a conventional system, a complex key management infrastructure is required to distribute the new session key to devices within the satellite system. Each device must be pre-loaded with a root Key Encryption Key (KEK), and a key management system, which is a trusted third party, stores the root KEKs of all devices in the system. The key management system can then periodically distribute updated session keys to each device using the root KEK of that device.
The invention is made in this context.