Satellite Security Services in Low Earth Orbit

Every secure computing system on Earth shares the same constraint: the hardware can be physically reached. Given enough time and access, terrestrial trusted execution environments, hardware security modules, and secure enclaves can be compromised. 

The TEE.Fail disclosure is an excellent example of demonstrated attestation key extraction from Intel SGX and AMD SEV enclaves using under $1,000 of equipment. This is a fundamental limitation of any security architecture that operates where an adversary can physically access the machine.

SpaceComputer removes that constraint entirely. We deliver satellite security services from low Earth orbit (LEO). Space compute moves the most sensitive parts of cryptographic infrastructure to orbit, where physical inaccessibility becomes a first-class security primitive. 

Our platform provides four core services: confidential compute, key management, a cosmic true random number generator (cTRNG), and randomness beacons, all with verifiable security architecture, and accessible through a single gateway called Orbitport. This post walks through what each service does, why it exists in orbit, and how teams can start building with orbital infrastructure today.

Space Fabric: The Trust Architecture

What makes SpaceComputer's security claims provable is Space Fabric, our technical research  on the satellite-native trust architecture underlying every service we operate.

Space Fabric delivers three guarantees that no terrestrial system can replicate. 

First, all cryptographic keys are generated on board after launch. No keys are generated during manufacturing, no human or organization holds a copy, removing the need to trust every step of the supply chain. 

Second, every proof is co-signed by two independent secure elements (SE) from different manufacturers, to remove reliance on one manufacturer, which is the case for most systems. Third, the Satellite Execution Assurance Protocol (SEAP) uses a distributed network of ground stations to independently verify satellite identity and produce a verifiable certificate that the compute workload is genuinely happening in orbit.

When a satellite reaches end of life and de-orbits, every key and hardware component is destroyed on atmospheric re-entry. 

Read the full technical architecture in the Space Fabric paper.

Confidential Compute

SpaceTEE is a trusted execution environment running on satellites in LEO. It allows organizations to run sensitive workloads inside hardware that is physically inaccessible to any adversary, including the infrastructure operator.

Terrestrial TEEs such as Intel SGX, AMD SEV, and ARM TrustZone all depend on the assumption that no one gains sustained physical access to the host machine. SpaceTEE eliminates the entire class of side-channel and physical access attacks by operating in orbit, not by patching firmware.

Space compute through SpaceTEE supports use cases including confidential AI inference, classified data processing with verifiable software integrity, and multi-party computation (MPC) where no single party controls the hardware. The Space Fabric attestation layer provides cryptographic proof that the workload executed inside verified hardware on a specific satellite, addressing a gap that terrestrial TEEs have never been able to close: proving what code ran, and where.

For organizations in financial services, healthcare, defense, or any sector where regulatory requirements demand proof of where and how data was processed, orbital confidential computing offers a verifiable answer that no terrestrial data center can match.

Learn more about confidential computing in the SpaceComputer documentation.

Key Management Service (KMS)

SpaceComputer KMS is designed to replace your HSM layer without replacing everything around it. The API is AWS KMS-compatible, accessible through OrbitPort. Your authentication, policy engine, wallet logic, and compliance reporting stay exactly where they are. Switching is as easy as changing an endpoint.

What changes is where the keys live and how they are protected.

SpaceComputer KMS splits key material using threshold cryptography. No single node holds enough material to sign or decrypt on its own. Today, the service operates as a TEE-secured KMS with hardware attestation from the ground. As the architecture matures, ground nodes will hold shares inside TEE-attested hardware while orbital nodes hold shares generated on board after launch, inside secure elements that never export private keys.

The result is a layered defense, where each layer independently raises the cost of compromise. To reconstruct a key, an attacker would need to break the threshold scheme, breach TEE hardware from more than one vendor, and physically reach a satellite in LEO. No single vulnerability can collapse the entire system.

On-orbit key generation is the foundation of this architecture. Once the first orbital node is live in Q4 2026, key shares (pieces of a secret key for encryption/decryption) are created inside the secure elements after the satellite is in orbit. They weren't manufactured on Earth, and never existed in an environment an adversary could access. This eliminates the trust assumption that every terrestrial KMS requires: that someone, somewhere, properly deleted their copy of your key.

For highly sensitive applications in digital asset custody, or post-quantum key infrastructure, using SpaceComputer KMS means the most critical shares in your signing threshold are protected by twofold.

For on-orbit service providers, there is an additional operational advantage. If your workloads already execute on orbital infrastructure, routing key operations down to Earth introduces unnecessary latency and re-exposes sensitive material to terrestrial systems. KMS running alongside your compute in orbit keeps the entire signing path on the same altitude, reducing round-trip delay and improving security.

Standard cryptography libraries run inside the TEE, so new computing and blockchain integrations can deploy in hours rather than the months typically required by proprietary HSM firmware. The dual secure element architecture targets FIPS 140-3 Level 3, a certification path that pure software MPC networks cannot pursue.

Dive deeper into SpaceComputer KMS here.

cTRNG and the Randomness Beacon

SpaceComputer's cosmic true random number generator (cTRNG) produces entropy from cosmic ray interactions with on-board sensors. This is not a PRNG, but rather a truly random entropy source only available from orbit, delivering randomness that cannot be predicted, replicated, or influenced from Earth.

The Randomness Beacon is the delivery mechanism for cTRNG output. It is available in two configurations. The Public Beacon is an open service providing verifiable, cryptographically signed randomness that any party can independently audit. The Private Beacon is a dedicated service for organizations requiring high-grade entropy over a private channel with guaranteed throughput and Service Level Agreement (SLA), where no one besides the beacon owner ever sees the values.

Use cases span fair transaction ordering and sequencer selection, provably fair lottery mechanisms, verifiable randomness for smart contract execution, and high-entropy seed material for cryptographic key generation.

Each stage of the randomness supply chain is verifiable. Cryptographic attestations provide provenance, allowing users to confirm where the randomness was generated, how it was handled, and that it remained unaltered from orbit to application. Statistical verification methods are also available through our library, so users can independently validate output quality against established test batteries.

Orbitport: One Gateway to Orbital Infrastructure

Interacting with a satellite is not usually a standard API call. Satellites in LEO complete an orbit every 90 to 180 minutes, creating narrow communication windows, dynamic connectivity, and energy constraints that must be managed in real time.

Orbitport abstracts all of the complexities of working with satellites. It actually is a single API for accessing every SpaceComputer service in orbit. Orbitport handles secure channel establishment, orbital communication routing, session management, and service orchestration across the constellation. For developers, integrating with orbital infrastructure works the same way as connecting to any cloud service.

As the Earth-to-orbit gateway, Orbitport supports communication across S-Band links for mission-critical data, high-throughput connections via LEO constellations like Iridium, and end-to-end automation of scheduling, packaging, and transmission of data packets. The platform coordinates consensus across Earth and orbit using an adapted version of the HotStuff algorithm, optimized for orbital latency.

The long-term architecture evolves Orbitport from a centralized gateway to a distributed model where many permissioned partners operate gateway nodes, removing single-operator trust assumptions entirely. Currently, we are testing Orbitport deployments to run inside confidential virtual machines, with more progress to come.

Explore the Orbitport documentation and start building.

Building with SpaceComputer

SpaceComputer is continuing to test, build, and develop state-of-the-art security infrastructure in  orbit. We are part of three active orbital missions with the Aptos network, with our own satellite launch planned for Q4 2026 and two additional launches scheduled through Q4 2027. Published research on the Blue Paper, SpaceTEE, and Space Fabric provides full technical insights into the system architectures.

Satellite security services represent a new tier of space infrastructure. We are not building to supplement terrestrial data centers, but rather to build for workloads that require removal of physical hardware access, minimize supply chain compromise, and need verifiable data handling. For organizations building highly sensitive solutions, operating critical infrastructure, or processing data under the strictest regulatory requirements, SpaceComputer provides security guarantees that are physically impossible to replicate on Earth.

The best way to start is through Orbitport, or to contact our team at services@spacecomputer.io. The cTRNG service is live today with verifiable cosmic randomness available through the API, and KMS is operational with integration partners. As we develop these services, we can offer fully confidential compute on SpaceTEE with Space Fabric architecture in our next orbital deployment with the upcoming satellite launches.

Explore the documentation, request early access, or contact us at services@spacecomputer.io.