EOGuard, custody for earth observation data

The role of blockchain as a data security provider

The Responsible Organisation

The European Space Agency (hereafter ESA) is a European intergovernmental body with the mandate of promoting and conducting peaceful exploration of space. Its purpose is to enhance European space capabilities for the benefit of European citizens’ daily lives and for European businesses.

Guardtime is a deep-tech company, specialized in building cybersecurity and complex data-management solutions, leveraging distributed ledger technologies.

The problem

As a part of the ESA’s mission, Earth Observations (EO) play a fundamental role in its activities, allowing a better understanding of the state of health of the planet. EO activities provide relevant satellite data that are employed in several fields such as weather forecasting, prevention of natural disasters, logistics, energy management as well as citizens’ safety. As a result of EO activities, substantial volumes of data are generated and are accessed by a diverse ecosystem of actors who exchange data to provide EO-based service.

In view of their importance, the safety and reliability of satellite data is placed as a priority on the ESA’s agenda. These data are, therefore, digital assets and, as such, they must be authentic, untampered, and verifiable. The risks or corruption of satellite data are diverse and can have serious negative consequences. For instance, machine learning techniques can create counterfeit objects that may be used to manipulate satellite data with severe impacts on the safety of citizens and on the correct provision of EO-based services.

The solution and its implementation

To address these risks and ensure data authenticity, ESA has partnered with Guardtime and launched a security solution, namely the EOGuard, to ensure the data integrity and immutability of EO satellite database. EOGuard is a blockchain-based solution that employs KSI blockchain technology. Specifically, EOGuard verifies the authenticity of digital asset by testing and ensuring time, composition and provenance of the data. Via EOGuard, a technical link is generated between the original data produced by satellites and the KSI blockchain using a hash function. Particularly, the KSI blockchain is composed of core nodes enabled to respond to the validation request though binary feedback (“yes” or “no”). Additionally, EOGuard has the capacity to sign large volumes of data while maintaining a lightweight profile to prevent disruption of existing computationally intensive processes.

The synergy between ESA and Guardtime dates to 2019 followed by the publication of a Joint White Paper “Earth Observation Data Provenance with KSI Blockchain” intended to investigate the potential applications of blockchain technology in the space sector. KSI blockchain has proved to be a well-suited technology for managing large volumes of information.

Expected benefits

The integration of the KSI blockchain technology for managing and preserving satellite data has presented several advantages. The main benefits identified are the following:

EOGuard enables users to receive satellite-captured data that can be verified as unaltered. From the user’s perspective, this represents a substantial improvement for delivering services deeply dependent on data validation, e.g. rescue operations or agricultural sector law enforcement.
EOGuard enables efficient strategic planning of system response in the event of an alert and provides visibility to detect corrupted data. Therefore, EOGuard mitigates the need for expensive backup procedures.
The application EOGuard to the ESA’s archives has demonstrated the high security standard provided by the employment of blockchain technologies. This highlights the efficiency and the interoperability of blockchain solutions, as well as the possibility of replicating its implementation in other sectors.

Main challenges

Despite the benefits abovementioned, some challenges have also been identified regarding the EOGuard solution:

The first constraint regards the identification of the optimal phase within the EO data flow process for implementing the EOGuard. By placing EOGuard closer to the data capture point, potential data integrity issues would be minimised. However, due to cost-benefit ratio, the solution is applied at the ground station before data distribution initiates.
Another obstacle is represented by the differing understating of traceability among stakeholders. A unified understanding of the security requirements and starting points for data tracking among stakeholders (i.e. users, provider, the European Commission) would minimise the risk of security breaches before the EOGuard initiates its processes.
From a regulatory vacuum, there is an insufficient consideration and description of the necessity for a data traceability system for EO data. This lack of clarity hampers awareness of the importance of adopting such solutions.
An additional challenge arises from divergent procedures on which EO data is managed across various legacy systems (i.e., outdated software or computer systems that are still in use). Legacy systems present technical issues and may jeopardise the authentication process when the verified data does not correspond to the original. Additionally, legacy systems operate across different countries without a common registry. This would require significant coordination to align all the parties involved.
The last point is linked to the need for specific training for accessing ESA's long-term archives. While ESA users have demonstrated proficiency in operating this solution, third parties accessing ESA's long-term archives have required training to effectively install and utilise the system. This highlights the importance of providing adequate skills and education to external stakeholders for seamless integration and operation.