Julian Rederlechner (CISPA Helmholtz Center for Information Security), Ulysse Planta (CISPA Helmholtz Center for Information Security), Ali Abbasi (CISPA Helmholtz Center for Information Security)
Over-the-Air (OTA) software updates are essential for satellite security and reliability, yet limited uplink bandwidth and communication windows make them challenging. To minimise data transfer, systems often use delta updates from binary diffing algorithms. While prior work has shown that the HDiffPatch algorithm outperforms many established diffing tools, update systems frequently rely on the bsdiff4 algorithm (e.g., through OSTree), and little is known about the suitability of its unpublished successors or their behaviour on spacerelevant software. In this work, we perform the first comparative analysis of bsdiff4, bsdiff6, bsdiff-ra, and HDiffPatch on a dataset representative of satellite software stacks and payload data. Our results show that bsdiff6 produces, on average, ≈4,8% smaller patches than bsdiff4, outperforming it in 18 of 19 test cases, while providing stronger memory safety through its Rust-based implementation. On the other hand, HDiffPatch provides better results for compressed data. To enable this evaluation, we reconstruct a bsdiff6 implementation from original design notes, providing the first published version. In addition, a detailed analysis of bsdiff6 identifies the combination step, which merges different alignment techniques, as the key factor enabling improved patch compactness. Finally, we discuss the integration of bsdiff6 with OSTree and Consultative Committee for Space Data Systems (CCSDS) communication protocols to enable secure, verifiable, and bandwidth-efficient OTA updates for future space missions. Additionally, we provide an outlook on how our findings can advance research in the field of delta coding.