Saved in:
Bibliographic Details
Main Authors: Huang, Linan, Liu, Peilong, Chen, Xi, Lin, Zhiyuan, Yan, Jian, Kuang, Linling
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.24464
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914596223188992
author Huang, Linan
Liu, Peilong
Chen, Xi
Lin, Zhiyuan
Yan, Jian
Kuang, Linling
author_facet Huang, Linan
Liu, Peilong
Chen, Xi
Lin, Zhiyuan
Yan, Jian
Kuang, Linling
contents Satellite constellations equipped with Inter-Satellite Links and onboard packet switching enable real-time Operation and Management across globally distributed satellites, but also broaden the attack surface and introduce unprecedented cybersecurity threats. Existing efforts mainly focus on cryptography for single-satellite point-to-point links, without considering constellation-level security. To address this gap, this article extends security research in two directions: from individual satellites to constellation-wide architectures, and from isolated cryptography to system-level security incorporating efficiency, resilience, and reliability. These extensions raise three key questions: how to design efficient security mechanisms for dynamic constellation topologies with adaptive onboard routing; how a constellation O&M system can recover resiliently under worst-case failures of onboard security functions; and how to improve the reliability of onboard security functions under stringent resource constraints. To address these challenges, we first construct a constellation-wide hybrid security framework that protects semantically sensitive content fields using End-to-End encryption, while safeguarding routing-related fields through Moving Target Defense. Next, we introduce a ciphered-mode and safe-mode management mechanism with an M-delayed fallback that balances recovery timeliness and exploitability. Finally, we propose security-aware routers that manage plaintext/ciphered modes and coordinate access to a shared pool of onboard cipher modules, enabling redundancy sharing across multiple endpoints and extending secure operation duration in ciphered mode. These solutions comply with existing standards defined by organizations including DVB and the CCSDS, while translating conceptual security principles into practical system-level mechanisms.
format Preprint
id arxiv_https___arxiv_org_abs_2605_24464
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Toward Secure Operation and Management (O&M) of Satellite Constellations: Efficiency, Resilience, and Reliability in a Network Perspective
Huang, Linan
Liu, Peilong
Chen, Xi
Lin, Zhiyuan
Yan, Jian
Kuang, Linling
Computational Engineering, Finance, and Science
Emerging Technologies
Satellite constellations equipped with Inter-Satellite Links and onboard packet switching enable real-time Operation and Management across globally distributed satellites, but also broaden the attack surface and introduce unprecedented cybersecurity threats. Existing efforts mainly focus on cryptography for single-satellite point-to-point links, without considering constellation-level security. To address this gap, this article extends security research in two directions: from individual satellites to constellation-wide architectures, and from isolated cryptography to system-level security incorporating efficiency, resilience, and reliability. These extensions raise three key questions: how to design efficient security mechanisms for dynamic constellation topologies with adaptive onboard routing; how a constellation O&M system can recover resiliently under worst-case failures of onboard security functions; and how to improve the reliability of onboard security functions under stringent resource constraints. To address these challenges, we first construct a constellation-wide hybrid security framework that protects semantically sensitive content fields using End-to-End encryption, while safeguarding routing-related fields through Moving Target Defense. Next, we introduce a ciphered-mode and safe-mode management mechanism with an M-delayed fallback that balances recovery timeliness and exploitability. Finally, we propose security-aware routers that manage plaintext/ciphered modes and coordinate access to a shared pool of onboard cipher modules, enabling redundancy sharing across multiple endpoints and extending secure operation duration in ciphered mode. These solutions comply with existing standards defined by organizations including DVB and the CCSDS, while translating conceptual security principles into practical system-level mechanisms.
title Toward Secure Operation and Management (O&M) of Satellite Constellations: Efficiency, Resilience, and Reliability in a Network Perspective
topic Computational Engineering, Finance, and Science
Emerging Technologies
url https://arxiv.org/abs/2605.24464