SPICA Ground Commands

This is a potential way of doing ground commands to SPICA. These features may have to be disabled at IREC for safety reasons depending on regulation (although they are hopefully making the rocket more safe).


Ground Transceiver Authentication

In order to send a command to the rocket, ground transmitters will need to first pair with the rocket. The first transceiver will do this by sending a packet structured as follows:

[SPICA device ID | encryption key ]

The size of these parameters are not yet set. The device ID will need to be unique for each flight computer and the key needs to be generated by the ground side in order to cut down on computation.

The flight computer will then return a transmitter number that needs to be used to send further packets.

Although not secure since the unencrypted key is over the air, it's a way to guarantee only certain transmitters get to talk to the rocket.

Further transmitters can either be paired up to a certain limit, need to be paired by the first receiver generating another key and telling the rocket, or some other method. This is still TBD.

Flight Computer Decryption

The flight computer will look at the first byte of the RF packet to determine which transmitter it came from and then use the corresponding key to decrypt the rest of the packet. It will then carry out the command. If the decryption leads to the checksum failing, transmit an access denied error, if the checksum matches but the command is invalid transmit some other "invalid command" error message.


Why?

This allows multiple SPICA boards to operating at the same time (and they can share a ground transceiver if it keeps track of both keys).

The commands used would be to blow deployment charges - either for ground testing or for abort if something goes wrong (rocket sits on pad with active charges, goes ballistic, etc.).


Telemetry packets (and all packets) coming from the rocket will still be unencrypted, but commanding the rocket will require an authenticated transmitter to send an encrypted command (as to distinguish it from others)


Alternatively, the ground transmitters could all share a predetermined key and there is only one authentication in the pairing process (no more need to send transmitter number with packets, try to decrypt all with same key).