TL;DR

The Borealis project has successfully deployed a pure-OCaml CCSDS protocol stack on a satellite in low Earth orbit, marking a milestone in space security and safe software in space. The system uses end-to-end encryption, post-quantum key rotation, and runs entirely in OCaml, with plans to demonstrate in-orbit key rekeying.

On April 23, the Borealis project successfully deployed a pure-OCaml CCSDS protocol stack on a satellite in low Earth orbit, marking the first known in-orbit demonstration of a space communication protocol implemented entirely in OCaml with advanced security features.

The project, running inside DPhi Space’s ClusterGate-2 payload, uses a custom protocol stack covering all layers from radio framing to security extensions, implemented entirely in OCaml. The satellite communicates with ground via a filesystem-based delay-tolerant network, where bundles are encrypted and authenticated using BPSec with post-quantum keys, which can be rotated remotely via OTAR.

This deployment is significant because it demonstrates the feasibility of running safe, high-assurance software in space, reducing security risks associated with untrusted code and kernel vulnerabilities. The system is designed to operate without network connectivity, relying solely on filesystem exchanges, and supports long-term key management, including post-quantum cryptography.

Why It Matters

This achievement represents a major advancement in space cybersecurity and safe software practices. Running a secure, cryptographically protected protocol stack entirely in OCaml in orbit addresses concerns about kernel vulnerabilities and untrusted code execution in space hardware. It also paves the way for more secure, resilient satellite systems and demonstrates the practicality of advanced cryptographic techniques like post-quantum key rotation in space environments.

Real World OCaml: Functional Programming for the Masses

Real World OCaml: Functional Programming for the Masses

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background

Prior to this, space communication protocols have typically been implemented in C or other low-level languages, with security often relying on hardware or external encryption measures. The Borealis project builds on recent advances in OCaml, including its support for multi-threading and performance improvements in OCaml 5, and responds to increasing security standards mandated by agencies like NASA, which emphasize cryptographic protection and key management for long-duration missions.

The project took several months of development, with the first successful in-orbit operation occurring on April 23, 2026. It follows ongoing efforts to improve space cybersecurity and reduce reliance on insecure or legacy protocols.

“This is a proof of concept that safe, high-assurance software can run in space, with security features directly embedded in the protocol stack.”

— Virgile Robles

“OCaml 5’s features enable performance comparable to C or Rust while maintaining mathematical rigor and safety, making it ideal for space applications.”

— KC Sivaramakrishnan

Data Plane Development Kit (DPDK): A Software Optimization Guide to the User Space-Based Network Applications

Data Plane Development Kit (DPDK): A Software Optimization Guide to the User Space-Based Network Applications

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What Remains Unclear

It is not yet confirmed whether the in-orbit key rotation via OTAR will be successfully exercised during this pass. The full operational stability of the protocol stack over an extended period remains to be demonstrated, and further testing is planned.

Migration to Post-Quantum Cryptography: Cryptographic Discovery - Approach, Architecture, and Security Characteristics of Public Key Application Discovery Tools

Migration to Post-Quantum Cryptography: Cryptographic Discovery – Approach, Architecture, and Security Characteristics of Public Key Application Discovery Tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What’s Next

The team plans to perform the planned in-orbit key rekeying exercise in upcoming passes, testing the OTAR functionality and long-term stability. Additional validation of the system’s security and resilience will follow, including monitoring for any anomalies or vulnerabilities.

Full Stack Python Security: Cryptography, TLS, and attack resistance

Full Stack Python Security: Cryptography, TLS, and attack resistance

Full Stack Python Security: Cryptography, TLS, and attack resistance

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

What is the significance of using OCaml for space communication protocols?

OCaml offers strong safety guarantees, support for multi-threading, and performance features that make it suitable for secure, reliable space software, reducing risks associated with kernel vulnerabilities and untrusted code execution.

Will the project demonstrate in-orbit rekeying of cryptographic keys?

Yes, the team plans to exercise post-quantum OTAR (Over-The-Air Rekeying) during a future pass, which will be a first in-orbit demonstration of this capability.

How does the satellite communicate if it has no network connectivity?

The satellite uses a delay-tolerant filesystem-based protocol, where bundles are stored and forwarded via physical file exchanges, ensuring secure communication without a continuous network link.

What are the security advantages of this approach?

The system encrypts and authenticates all data at the protocol layer, with cryptographic key rotation capabilities, reducing risks from kernel exploits or malicious interference.

What are the broader implications of this development?

This demonstrates that secure, high-assurance software can be deployed in space, influencing future satellite security standards and encouraging adoption of safe programming languages like OCaml for space missions.

You May Also Like

How Mixed Reality Tools Are Changing Training and Design

By transforming how we visualize and interact with designs, mixed reality tools are revolutionizing training and design—discover how they can elevate your projects further.

Customer service + BPO. The operational-scale displacement.

Empirical evidence shows 8 million workers in India and Philippines face AI-driven displacement, shifting from cohort-bifurcation to operational-scale patterns.

The referral. How AI search severs the content-for-traffic contract that funded the open web.

A Thorsten Meyer AI analysis says AI Overviews are weakening the search referral model that funded online publishing.

Energy Harvesting Wearables: Power From Motion and Heat

Harness the power of your movements and heat with energy harvesting wearables—discover how they revolutionize sustainability in fashion and tech.