Abstract
CubeSats have become a popular platform for low-cost space missions, supporting application ranging from Earth observation to space exploration. Despite their growing adoption, CubeSats face significant challenges in supporting in-orbit software updates with strong authentication and integrity guarantees due to severe constraints on computation, power, and communication bandwidth. Existing approaches either impose unsustainable overhead (e.g., public key cryptography) or focus solely on ground station-to-CubeSat delivery. Prior work such as CSUM offers an efficient hash chain based protocol for broadcast authentication from ground stations. However, it does not address the dissemination of update within a CubeSat cluster, which limits scalability and increase transmission redundancy.
In this paper, we propose an enhancement to the CSUM protocol by replacing its custom hash concatenation mechanism with a standardized HMAC construction to achieve stronger resistance against cryptographic attacks, with minimal trade-off in efficiency. Building on this enhancement, we introduce CSUM-G, an extension of CSUM that enables authenticated software update propagation across a CubeSat cluster using inter-satellite links and shared secret cluster keys. In our implementation, CSUM-G achieves 100% update success with only 0.13-0.20 average retries per update, and propagates updates in as little as 0.04 seconds for 6 CubeSats and 3.68 seconds for 600 nodes.