SANCTUARY, in collaboration with GMV, has been awarded a European Space Agency (ESA) tender to develop a “Trusted Platform Module for SmallSat Platforms.” This project aims to implement a subsystem that provides Trusted Platform Module (TPM) functionality as a service to other satellite subsystems, utilizing a cryptographic chip in a secure and accessible manner. The initiative not only demonstrates the feasibility of adopting commercial-off-the-shelf (COTS) components for space applications but also represents a significant advancement in enhancing spacecraft cybersecurity.
Satellites are inherently complex, distributed systems composed of multiple subsystems, each responsible for different functionalities such as communications, propulsion, and payload management. The interdependence and coordination among these subsystems are critical to a satellite’s overall performance and security. As cyber threats targeting space assets grow in sophistication, the need for robust, hardware-based security mechanisms has become more pronounced.
Hardware security solutions, such as Trusted Platform Modules, are commonly used to enhance system integrity and security in modern computing. TPMs provide a secure environment for cryptographic operations and are widely adopted across various sectors, including personal computing, where they are a prerequisite for running certain operating systems like Windows 11. However, integrating TPMs directly into individual satellite subsystems poses significant challenges. Modifying hardware specifications to incorporate a TPM into each subsystem would require extensive redesign efforts, resulting in increased complexity, higher costs, and extended development timelines.
To address these hurdles, SANCTUARY and GMV are implementing a novel approach that offers TPM capabilities as a shared service rather than embedding TPM functionality within each subsystem. This design leverages existing bus interfaces on the spacecraft, enabling different subsystems to access TPM services on demand without requiring significant hardware modifications. The centralized TPM service acts as a trusted anchor for cryptographic operations across the satellite, providing a flexible yet secure means to enhance the cybersecurity posture of the entire spacecraft.
The utilization of a TPM service approach underscores the potential benefits of adopting commercial-off-the-shelf components in space applications. COTS components are widely available, cost-effective, and have established reliability, making them attractive for space missions seeking to reduce development costs and time. By integrating a COTS cryptographic chip as the core of the TPM service, the project aligns with ESA’s goals of increasing the use of standardized, interoperable technologies in space.
Moreover, the TPM service approach represents a strategic advancement in the field of satellite cybersecurity. As satellites increasingly rely on software-driven operations and data exchange, the need for robust protection against cyber threats has never been greater. A TPM service can facilitate a range of security enhancements, such as key management, secure data storage, attestation of software integrity, and encrypted communication channels between subsystems. These capabilities ensure that any compromise of a subsystem can be quickly detected and mitigated, thereby bolstering the satellite’s resilience against cyberattacks.
Ultimately, the Trusted Platform Module for SmallSat Platforms project highlights the importance of innovation in addressing the unique cybersecurity challenges faced by the space industry. As the demand for secure and resilient space systems continues to grow, the project’s success will pave the way for more widespread adoption of COTS-based security solutions, setting new standards for protecting the next generation of space assets.
Interested in Public Key Infrastructures for space? Check out our other announcement post.
GMV GmbH is collaborating with SANCTUARY for this activity, which started in Mai 2024 and is expected to end in November 2025.