1. Satellite Direct Readout Conference for the Americas, Miami, December 9-13, 2002 Page 1 THE EUMETSAT POLAR SYSTEM (EPS) Data Encryption Presented by: Ken ASHWORTH EUMETSAT Representative to NOAA EUMETSAT

2. Satellite Direct Readout Conference for the Americas, Miami, December 9-13, 2002 Page 2 Data set limited to the observation of the instantaneous sub satellite observation. Data source is the satellite for the user point of view. Possible means of controlling access: Encryption. Direct read-out services; HRPT and LRPT: EPS Direct Readout Services

3. Satellite Direct Readout Conference for the Americas, Miami, December 9-13, 2002 Page 3 EPS Data Encryption  Encryption allows the implementation of EUMETSAT's Polar System Data Policy and U.S. Requirements for Data Denial.  The encryption system is based on the Data Encryption Standard -3 (DES-3) encryption algorithm.  Data encryption and decryption are performed within the virtual channel access sub-layer of the Consultative Committee on Space Data Systems (CCSDS) standard.  U.S. data from instruments on Metop will be broadcast unencrypted via HRPT and LRPT, except during crisis or war, as requested by the United States.  The Metop satellite design does not allow the on-board stored global data to be encrypted.

4. Satellite Direct Readout Conference for the Americas, Miami, December 9-13, 2002 Page 4 EPS Data Encryption – Direct Broadcast  EUMETSAT has acquired a sound experience in the operational usage of encryption through the METEOSAT Programmes – we follow a standard already used for METEOSAT Operational Programme (MOP) data  The encryption scheme is selective on virtual channels and user stations for both HRPT and LRPT. HRPT and LRPT links are independently encrypted.  Encryption of the data, generation of Message Keys from the uplink of encrypted satellite Public Keys  The Message Key controls the encryption process. One Message Key is used for one encrypted Virtual Channel at a time. On board the satellite, the Message Key is generated, using a Satellite Public Key (uplinked by TeleCommand (TC)). On the ground, the Message Key is reconstructed from a secret Master Station Key and a Station Public Key is distributed via ground media.

5. Satellite Direct Readout Conference for the Americas, Miami, December 9-13, 2002 Page 5 EPS Data Encryption – Direct Broadcast  The EPS Encryption System provides control of the access to the LRPT/HRPT services by registered users; it comprises three components:  the Key Management Centre (C-KMC) which is in charge of the management of the EPS Encryption System, including the handling of keys.  the Satellite encryption equipment (part of the Metop satellite Data Handling System)  the local users decryption units located in the HRPT/LRPT stations.

6. Satellite Direct Readout Conference for the Americas, Miami, December 9-13, 2002 Page 6 EPS Data Encryption – Direct Broadcast  The encryption of HRPT/LRPT data is under the control of the C-KMC, functions of which will be shared with the METEOSAT Second Generation (MSG) Programme. The tasks of the C-KMC include:  User registration  Encryption scheduling  Generation of public satellite and user station keys,  Station Key Unit (SKU) distribution to the registered users  Distribution of satellite keys via TC and Public Station Keys via ground networks.  Implementation of Data Denial for U.S. instruments data as requested by the U.S. Government.

7. Satellite Direct Readout Conference for the Americas, Miami, December 9-13, 2002 Page 7 EPS Data Encryption – Direct Broadcast  The C-KMC coordinates its short, medium and long-term activities with the EPS/Metop Control Centre. These activities include, for example, the update of keys for certain group of users or the change of key parameters on board the Metop satellite.  "refresh" rate for the keys for the HRPT/LRPT encryption approximately every month (specified rate is TBD, yet easily modified).

8. Satellite Direct Readout Conference for the Americas, Miami, December 9-13, 2002 Page 8 Reference Station Design L-BAND HRPT SIGNALS: - VHF-BAND OUTPUT TO HRPT RECEIVER - VHF-BAND TEST FROM TEST UNIT - 10 MHz FROM GPS L-BAND HRPT ANTENNA SIGNALS: - POWER (PWR) FROM TRACKING UNIT - DRIVE SIGNALS (SIG) FROM TRACKING UNIT GPS SIGNAL TO GPS UNIT VHF LRPT SIGNALS: - VHF-BAND OUTPUT TO LRPT RECEIVER - VHF-BAND TEST FROM TEST UNIT OUTDOOR SIGNALS INDOOR SIGNALS GPS Antenna GPS signal GPS ANTENNA L-band feed, including LNA, D/C, U/C Azimuth motor Elevation motor Elevation Encoder Azimuth encoder Az limits El limits L-band output cable L-band test input cable 10 MHz Ref. cable Distribution Box Connectors: AZ-S, azimuth power AZ-P, azimuth signal EL-P, elevation power EL-S, elevation signal SIG, signal PWR, power RC, antenna local control EL-P EL-S AZ-P AZ-S PWR SIG L-BAND HRPT ANTENNA Personal Computer Tracking Unit HRPT Receiver LRPT Receiver GPS Receiver Test Unit PC Screen and Key Board INDOOR UNIT NTS VHF LRPT ANTENNA Note: This is an engineering implementation to monitor dissemination