TL;DR
The Borealis project has successfully deployed a pure-OCaml CCSDS protocol stack on a satellite in low Earth orbit, marking a milestone in space security and safe software in space. The system uses end-to-end encryption, post-quantum key rotation, and runs entirely in OCaml, with plans to demonstrate in-orbit key rekeying.
On April 23, the Borealis project successfully deployed a pure-OCaml CCSDS protocol stack on a satellite in low Earth orbit, marking the first known in-orbit demonstration of a space communication protocol implemented entirely in OCaml with advanced security features.
The project, running inside DPhi Space’s ClusterGate-2 payload, uses a custom protocol stack covering all layers from radio framing to security extensions, implemented entirely in OCaml. The satellite communicates with ground via a filesystem-based delay-tolerant network, where bundles are encrypted and authenticated using BPSec with post-quantum keys, which can be rotated remotely via OTAR.
This deployment is significant because it demonstrates the feasibility of running safe, high-assurance software in space, reducing security risks associated with untrusted code and kernel vulnerabilities. The system is designed to operate without network connectivity, relying solely on filesystem exchanges, and supports long-term key management, including post-quantum cryptography.
Why It Matters
This achievement represents a major advancement in space cybersecurity and safe software practices. Running a secure, cryptographically protected protocol stack entirely in OCaml in orbit addresses concerns about kernel vulnerabilities and untrusted code execution in space hardware. It also paves the way for more secure, resilient satellite systems and demonstrates the practicality of advanced cryptographic techniques like post-quantum key rotation in space environments.
OCaml Programming: Functional Programming and Real-World Application Development with OCaml language
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Prior to this, space communication protocols have typically been implemented in C or other low-level languages, with security often relying on hardware or external encryption measures. The Borealis project builds on recent advances in OCaml, including its support for multi-threading and performance improvements in OCaml 5, and responds to increasing security standards mandated by agencies like NASA, which emphasize cryptographic protection and key management for long-duration missions.
The project took several months of development, with the first successful in-orbit operation occurring on April 23, 2026. It follows ongoing efforts to improve space cybersecurity and reduce reliance on insecure or legacy protocols.
“This is a proof of concept that safe, high-assurance software can run in space, with security features directly embedded in the protocol stack.”
— Virgile Robles
“OCaml 5’s features enable performance comparable to C or Rust while maintaining mathematical rigor and safety, making it ideal for space applications.”
— KC Sivaramakrishnan
Data Plane Development Kit (DPDK): A Software Optimization Guide to the User Space-Based Network Applications
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet confirmed whether the in-orbit key rotation via OTAR will be successfully exercised during this pass. The full operational stability of the protocol stack over an extended period remains to be demonstrated, and further testing is planned.
Migration to Post-Quantum Cryptography: Cryptographic Discovery – Approach, Architecture, and Security Characteristics of Public Key Application Discovery Tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
The team plans to perform the planned in-orbit key rekeying exercise in upcoming passes, testing the OTAR functionality and long-term stability. Additional validation of the system’s security and resilience will follow, including monitoring for any anomalies or vulnerabilities.
Cryptography and Network Security: Principles and Practice, Global Ed
Cryptography and Network Security: Principles and Practice, Global Ed
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is the significance of using OCaml for space communication protocols?
OCaml offers strong safety guarantees, support for multi-threading, and performance features that make it suitable for secure, reliable space software, reducing risks associated with kernel vulnerabilities and untrusted code execution.
Will the project demonstrate in-orbit rekeying of cryptographic keys?
Yes, the team plans to exercise post-quantum OTAR (Over-The-Air Rekeying) during a future pass, which will be a first in-orbit demonstration of this capability.
How does the satellite communicate if it has no network connectivity?
The satellite uses a delay-tolerant filesystem-based protocol, where bundles are stored and forwarded via physical file exchanges, ensuring secure communication without a continuous network link.
What are the security advantages of this approach?
The system encrypts and authenticates all data at the protocol layer, with cryptographic key rotation capabilities, reducing risks from kernel exploits or malicious interference.
What are the broader implications of this development?
This demonstrates that secure, high-assurance software can be deployed in space, influencing future satellite security standards and encouraging adoption of safe programming languages like OCaml for space missions.
