Increase Clock Cycles/Timing

Use more clock cycles such that branching does not affect the execution time. Also, the memory access times should be standardized to be the same over all accesses. If timing is not mission critical and time is in abundance, the access times can be reduced by adding sufficient delay to normalize the access times. These countermeasures will result in increased power consumption which may not be conducive for low size, weight, and power missions.

Sources

https://www.cse.msu.edu/~alexliu/publications/SensorSideChannel/SensorSideChannel.pdf

NIST Rev5 Controls

D3FEND Techniques

D3FEND Artifacts

None

ISO 27001

NASA Best Practice Guide

ESA Space Shield Mitigation

None

Related MITRE EMB3D Mitigations

Related CSF 2.0

PR.DS-10

Related BSI Security Measures

No related BSI Security Measures

ID: CM0063

Tier: III

Onboard SV CM

Created: 2022/10/19

Last Modified: 2023/10/17

Techniques Addressed by Countermeasure

ID		Name	Description
EXF-0002		Side-Channel Exfiltration	Information is extracted not by reading files or decrypting frames but by observing physical or protocol byproducts of computation, power draw, electromagnetic emissions, timing, thermal signatures, or traffic patterns. Repeated measurements create distinctive fingerprints correlated with internal states (key use, table loads, parser branches, buffer occupancy). Matching those fingerprints to models or templates yields sensitive facts without direct access to the protected data. In space systems, vantage points span proximity assets (for EM/thermal), ground testing and ATLO (for direct probing), compromised on-board modules that can sample rails or sensors, and remote observation of link-layer timing behaviors.
	.04	Timing Attacks	Execution time varies with inputs and branches; precise measurement turns that variance into information. The attacker times acknowledgments, response latencies, or framing gaps to learn which code paths ran (e.g., MAC verified vs. failed, table entry present vs. absent) and to infer bits of secrets in timing-sensitive routines such as cryptographic checks. On resource-constrained processors and deterministic RTOSes, small differences persist across runs, making remote timing feasible over RF if clocks and propagation are accounted for. Combined with chosen inputs and statistics, these measurements leak internal state faster than brute-force cryptanalysis.

ID	Description
SV-CF-2	Eavesdropping (RF and proximity)
SV-AC-5	Proximity operations (i.e., grappling satellite)

Sample Requirements

SPARTA ID	Requirement	Rationale/Additional Guidance/Notes
SPR-37	The [spacecraft] shall protect system components, associated data communications, and communication buses in accordance with: (i) national emissions and TEMPEST policies and procedures, and (ii) the security category or sensitivity of the transmitted information, and shall demonstrate compliance via pre‑launch TEMPEST‑like evaluation for co‑located payload configurations.{SV-CF-2,SV-MA-2}{PE-14,PE-19,PE-19(1),RA-5(4),SA-8(18),SA-8(19),SC-8(1)}	The measures taken to protect against compromising emanations must be in accordance with DODD S-5200.19, or superseding requirements. The concerns addressed by this control during operation are emanations leakage between multiple payloads within a single space platform, and between payloads and the bus.
SPR-38	The [spacecraft] shall be designed so that it protects itself from information leakage due to electromagnetic signals emanations.{SV-CF-2,SV-MA-2}{PE-19,PE-19(1),RA-5(4),SA-8(19)}	This requirement applies if system components are being designed to address EMSEC and the measures taken to protect against compromising emanations must be in accordance with DODD S-5200.19, or superseding requirements.
SPR-115	The [organization] shall describe (a) the separation between RED and BLACK cables, (b) the filtering on RED power lines, (c) the grounding criteria for the RED safety grounds, (d) and the approach for dielectric separators on any potential fortuitous conductors, and shall provide quantitative separation distances, filter specifications, grounding resistance criteria, and dielectric separator material properties.{SV-CF-2,SV-MA-2}{PE-19,PE-19(1)}	Physical separation of classified (RED) and unclassified (BLACK) signal paths prevents compromising emanations. Defined separation distances, filtering, and grounding reduce leakage risk. Quantitative criteria ensure repeatable and verifiable implementation. This protects against unintended signal coupling and data leakage.