Cryptography

Symmetric Encryption

A cryptographic method where the same secret key is used for both encryption and decryption (e.g., AES). It is computationally fast and highly efficient for bulk data transport, which is critical for high-throughput satellite downlinks.

Asymmetric Encryption (Public-Key Cryptography)

A cryptographic system using pairs of keys: a public key (distributed openly for encryption/verification) and a private key (kept secret for decryption/signing). Common examples include RSA and ECC (Elliptic Curve Cryptography).

Cryptographic Hash Function

A one-way deterministic function that maps input data of any size to a fixed-size bit string (e.g., SHA-256). It is computationally infeasible to invert (pre-image resistance) or find two distinct inputs that yield the same output (collision resistance).

Digital Signature

A cryptographic mechanism used to verify the authenticity and integrity of digital messages or software images. The sender signs a hash of the data using their private key, and anyone can verify it using the sender's corresponding public key. Provides non-repudiation.

AEAD (Authenticated Encryption with Associated Data)

A form of encryption (like AES-GCM or ChaCha20-Poly1305) that simultaneously provides confidentiality, integrity, and authenticity for data, while allowing unencrypted "associated data" (like packet headers) to be verified but not hidden.

Forward Secrecy (Perfect Forward Secrecy / PFS)

A property of key-agreement protocols ensuring that if a long-term private key is compromised in the future, the session keys derived from it past conversations remain secure. Crucial for protecting intercepted satellite traffic from retroactive decryption.

KDF (Key Derivation Function)

A cryptographic algorithm (like HKDF) that derives one or more cryptographically strong secret keys from a master secret or initial keying material (like a Diffie-Hellman shared secret).

Root of Trust (RoT)

The foundational, inherently trusted source in a system from which all security operations derive. It cannot verify its own integrity, so it must be secure by design (often implemented in hardware/read-only memory).

Hardware Root of Trust (HW-RoT)

A Root of Trust anchored directly in immutable hardware (such as a physical processor core, ROM, or an eFuse matrix) that cannot be altered by software exploits.

TPM (Trusted Platform Module)

A dedicated microchip designed to secure hardware by integrating cryptographic keys into devices. It offers secure key generation, cryptographic storage, and hardware-based remote attestation capabilities.

HSM (Hardware Security Module)

A robust, physical computing device that safeguards and manages digital keys, performs encryption/decryption, and handles strong authentication. In a factory or infrastructure setting, HSMs are used to safely sign firmware images and provision devices.

eFuses / OTP (One-Time Programmable) Memory

Microscopic fuses on a chip that can be blown permanently during manufacturing or provisioning. Once blown, their state cannot be reverted. They are used to store public key hashes, device IDs, and rollback counters securely.

Secure Boot

A boot sequence where each stage of software (ROM, bootloader, kernel, OS) verifies the digital signature of the next stage before executing it. If a signature check fails, the boot sequence halts, preventing unauthorized or modified code from running.

Authenticated Boot

A boot process similar to Secure Boot where signatures are verified, but instead of halting on a failure, the system may log the failure, boot into a restricted recovery state, or report the anomaly to a network service.

Measured Boot

A boot process where each stage measures (hashes) the next stage and logs that measurement into secure hardware registers (like TPM PCRs) before passing control. It doesn't block unsigned code from running, but creates an unforgeable audit trail of what exactly booted.

Chain of Trust

The continuous sequence of cryptographic verifications during startup. Hardware ROM verifies Bootloader Stage 1 $\rightarrow$ Stage 1 verifies Stage 2 $\rightarrow$ Stage 2 verifies the Kernel, and so on. If any link breaks, the entire chain is invalidated.

Anti-Rollback Protection (Downgrade Protection)

A security mechanism that prevents an attacker from flashing an older, legitimately signed version of firmware that contains known, patchable vulnerabilities. Usually enforced by comparing a version number in the firmware against a hardware counter (eFuse or secure NVRAM).

Remote Attestation

A process where a device securely proves its software state and hardware integrity to a remote server (e.g., a Starlink gateway proving to the network that its software hasn't been tampered with) using cryptographic measurements signed by its TPM/Hardware Root of Trust.

MAC (Message Authentication Code)

A short piece of information used to authenticate a message and confirm that it hasn't been altered. It relies on a secret symmetric key shared between the sender and receiver. Unlike a standard checksum (like CRC), an attacker cannot forge a valid MAC without knowing the secret key.

HMAC (Hash-based Message Authentication Code)

A specific and highly secure implementation of a MAC that combines a cryptographic hash function (like SHA-256) with a secret symmetric key. It utilizes a two-pass hashing design to protect against specific cryptographic vulnerabilities, such as length-extension attacks.