Design and Implementation of a Secure Software Patching Mechanism for the Space Rider Avum Orbital Module

Historically, civilian space missions have employed limited security mechanisms. Telecommands, telemetry, and scientific payload data have often been transmitted over unencrypted and unauthenticated Radio Frequency (RF) channels. While this operational model was once considered acceptable, the growing threat landscape makes such an approach increasingly dangerous. In response to these evolving needs, this thesis focuses on the design and implementation of a secure software patching mechanism for the Avum Orbital Module (AOM), part of Space Rider, the European Space Agency’s reusable space transportation system. The project aims to enhance the spacecraft’s ability to safely receive and apply software updates, reinforcing both its resilience and mission reliability. The developed solution employs the AES-GCM algorithm to ensure the confidentiality, integrity, and authenticity of software patches. To maintain compliance with ESA standards, the mechanism extends the Packet Utilization Standard Service 6 (PUS6), which defines how spacecraft commands and telemetry packets are managed. By securing the patching process, the system effectively mitigates the risks associated with unauthorized or corrupted software patches. Additionally, an anti-replay mechanism was implemented, ensuring that even valid, intercepted ciphertexts cannot be fraudulently or repeatedly applied. This process effectively authenticates the patch payload, along with associated data (AAD), strengthening contextual integrity. A significant contribution of this work involved the validation of the cryptographic algorithm directly on the target spaceborne hardware. Since no prior verification was available on the specific hardware, this activity was crucial to confirm the correctness and robustness of the AES-GCM implementation under realistic operational conditions. Additionally, a codebase analysis was carried out to map potential weaknesses by correlating the MISRA C guidelines with the MITRE Common Weakness Enumeration (CWE) framework, with the goal of exploring their relationships and supporting the potential extension of the internal coding standard. Through these activities, the thesis contributes to introducing and strengthening cybersecurity capabilities and advancing the protection of critical spaceborne software systems, enabling a safer transition from traditionally unprotected space operations towards robust, security-aware mission architectures.