The recent rise of CubeSat has revolutionized global space explorations, as it offers cost-effective solutions for low-orbit space applications (including climate monitoring, weather measurements, communications, and earth observation). A salient feature of CubeSat is that applications currently on-boarded can either be updated or entirely replaced by new applications via software updates, which allows reusing in-orbit hardware, reduces space debris, and saves cost as well as time. Securing software updates employing traditional methods (e.g., encryption) remains impractical mainly due to the low-resource capabilities of CubeSat. Therefore, the security of software updates for CubeSats remains a critical issue. In this paper, we propose CubeSat Update Mechanism (CSUM), a lightweight scheme to provide integrity, authentication, and data freshness guarantees for software update broadcasts to CubeSats using a hash chain. We empirically evaluate our proof of concept implementation to demonstrate the feasibility and effectiveness of our approach. CSUM can validate 50,000 consecutive updates successfully in less than a second. We also perform a comparative analysis of different cryptographic primitives. Our empirical evaluations show that the hash-based approach is at least 61$\times$ faster than the conventional mechanisms, even in resource-constrained environments. Finally, we discuss the limitations, challenges, and potential future research directions for CubeSat software update procedures.

翻译：近年来，立方体卫星（CubeSat）的兴起彻底改变了全球空间探索格局，因其为低轨道空间应用（包括气候监测、气象测量、通信和地球观测）提供了高性价比的解决方案。立方体卫星的一个显著特点是，当前搭载的应用既可通过软件更新进行升级，也可被全新应用完全替换，这使得在轨硬件得以重复利用，减少了空间碎片，同时节省了成本与时间。由于立方体卫星资源受限的特性，采用传统方法（如加密）保障软件更新安全仍不切实际。因此，立方体卫星软件更新的安全性仍是关键问题。本文提出立方体卫星更新机制（CSUM），这是一种基于哈希链的轻量级方案，旨在为向立方体卫星广播的软件更新提供完整性、认证性和数据新鲜性保证。我们通过实证评估概念验证实现，证明了该方法的可行性与有效性。CSUM可在不到一秒内成功验证50,000次连续更新。我们还对不同密码原语进行了对比分析。实证评估表明，即使在资源受限环境中，基于哈希的方法也比传统机制快至少61倍。最后，我们探讨了立方体卫星软件更新流程的局限性、挑战及未来潜在研究方向。