ESA
TECDirectorate of Technology, Engineering and Quality

Cybersecurity Laboratory

The ESA Cybersecurity Laboratory provides facilities for the testing, assessing and demonstrating of security technologies for space systems, including space, ground, and secure communication protocols.

It supports ESA programmes, industry and research partners by offering environments to analyse systems security, validate technologies and develop innovative approaches for securing future space missions.

Contact
For general enquires regarding this TEC location please refer to the assigned contacts:

Gabriele Durantini

Laboratory Manager
Email

Antonios Atlasis

Head of System Security Section
Email
For testing requests, access to lab facilities, training and consultancy services, please refer to:

THIRD PARTY ACTIVITIES

TPA Management system
Request
+
Operational testing of HW Security Bench. Credit: ESA-SJM Photography
+
Operational testing of HW Security Bench. Credit: ESA-SJM Photography
+
Operational testing of HW Security Bench. Credit: ESA-SJM Photography

The Cybersecurity Laboratory is equipped with testbeds, equipment and tools suitable to provide end-to-end security assessment across the full protocol stack, from the physical layer to the application layer.

It includes communication security infrastructures, hardware security benches, flat-sat environments, 5G testbeds, and specialised facilities for protocol fuzzing, cryptographic evaluation, and adversarial testing.

LAB FACILITIES
Prev Next

Communication Link Security

  • Physical layer (RF) security testing for antijamming techniques and methods in a controlled / isolated environment.
  • Secure space communication protocols (CCSDS, ECSS) assessment and testing, supported by tools developed specifically for this purpose.
  • Full-fledged, extensible and customisable SDLS/CCSDS toolkit featuring:
  • In-house implementation of the CCSDS protocol stack in Go.
  • Automatic packet generator and parser for ad-hoc library and implementation testing.
  • Custom, extensible black- and grey-box fuzzer for model-based differential fuzzing of SDLS implementations.
  • Triaging infrastructure capable of integrating multiple implementations, tailored to analyse CCSDS message traces produced during fuzzing campaigns.

Hardware Hacking & Space Segment Security

  • Hardware hacking testbed with side-channel attacks, electromagnetic fault injection and power analysis capabilities.
  • Space Segment Security: Evaluation of onboard subsystems, avionics, and mission-critical technologies (e.g. avionics busses, microprocessors, etc.).
  • Flatsat with Digital Forensics capabilities.
  • Application layer security assessment, including testing of space Operating Systems (FreeRTOS, RTEMS, and hypervisor technologies).

Security Monitoring, Adversary Emulation & Offensive Capabilities

  • Cyber Security offensive and defensive tools and capabilities (red/blue/purple team), suitable for use in an isolated environment for testing, training or demonstration purposes.
  • Security Monitoring & Adversary Emulation: Validation of secure monitoring solutions (SIEM, IDS configuration, etc.) and controlled adversarial scenarios, including automated adversary emulation.

+
Board-level testing for RTOS and space-grade software evaluation. ESA-SJM Photography
+
Board-level testing for RTOS and space-grade software evaluation. ESA-SJM Photography
LAB FACILITIES
Prev Next

5G Security Assessment

  • 5G Security assessment leveraging virtual environments:
    • OpenAirInterface and srsRAN virtual environments
    • Extensible and customisable toolkit featuring:
      • In-house implementation of high-level 5G protocols in Go (PDCP, RRC, NAS).
      • In-house ASN.1 encoder for UPER and APER.
      • Pluggable low-level protocol implementations (encoder/decoder) or high-level functions (e.g. PDCP channel handling sequence number).

SPACE PKI Simulator

  • Flexible environment for evaluating PKI solutions in large-scale satellite networks.
  • Supports configurable constellation geometry, satellite/ground station characteristics and data rates.
  • Possibility to import real constellation data (e.g. TLE) and real ground station networks.
  • Configurable security parameters such as revocation mechanisms (CRL, OSCP, Let’s Revoke, V’CER) and cryptographic primitives.
  • KPI visualisation: revocation latency, network overhead, handshake delay.

Network Performance Testing Framework

All your text preserved:

  • In-house developed framework for transport protocol and VPN performance testing.
  • Automated testing orchestration (browser load-time measurements, throughput tests, packet-loss scenarios).
  • Supported VPN technologies: QPEP, IPsec, WireGuard, OpenVPN.
  • Supported transport protocols: QUIC and TCP with multiple congestion control algorithms.
  • Fully extensible.

+
SpaceWire interface testing setup for onboard data-handling validation. ESA-SJM Photography
+
SpaceWire interface testing setup for onboard data-handling validation. ESA-SJM Photography
Related news
Prev Next
25.05.2022

Teach an Earth-observing Satellite to Know What it Sees

#news
More
14.04.2022

COMET upgrade for ESA’s mission design centre

#news
More
Discover other news