Bridging the CubeSat reliability-cost gap with rad-hard anchor electronics devices

By Ross Bannatyne, VORAGO Technologies
There is a feel good factor about the healthy growth in CubeSat projects, although there is much discussion about improving the success rate of missions. CubeSats are being deployed in increasing numbers from academia, government agencies, and commercial enterprises. Evidence suggests that the success rate is related to the development budget of the project and one of the biggest discussion points among CubeSat developers is how to continue to improve reliability but maintain the project budget at a reasonable level.
Nov. 19, 2016
10 min read

By Ross Bannatyne, VORAGO Technologies

There is a feel good factor about the healthy growth in CubeSat projects, although there is much discussion about improving the success rate of missions. CubeSats are being deployed in increasing numbers from academia, government agencies, and commercial enterprises. Evidence suggests that the success rate is related to the development budget of the project and one of the biggest discussion points among CubeSat developers is how to continue to improve reliability but maintain the project budget at a reasonable level.

Many commercial off-the-shelf (COTS) components have been used and successfully flown in the recent past, although CubeSat designers would agree that this approach is not without risk. Using space-grade components across the entire bill of materials (BOM) is usually not an option on account of project budget.

To meet more demanding CubeSat specifications (e.g., flying further, for longer durations), a new approach is required to bridge the gap between reliability and cost. A solution that is growing in popularity is to include a radiation-hardened (rad-hard) “anchor” device that is cost-effective enough to be used within any CubeSat budget and can be relied-upon to operate in space. This can be used as a standalone command and data handling device or coupled with a more powerful field-programmable gate array (FPGA) as a safety monitor anchor. This keeps the budget balanced as a space-grade FPGA is usually too expensive for a CubeSat, but using a rad-hard anchor with a COTS FPGA is an attractive trade-off that bridges the reliability-cost gap.

Radiation-hardened microcontrollers
It is likely that all COTS devices will be affected by ionizing radiation strikes to some degree and there is a growing tide of opinion that a robust CubeSat design should contain at least one rad-hard anchor device that is latch-up immune and can be configured to monitor the operation of all CubeSat subsystems and reset them, if necessary.

The VA10820 microcontroller is a cost-effective, radiation-hardened microcontroller that can be used to implement a rad-hard anchor device at the heart of any CubeSat system and manage any radiation-induced malfunctions in COTS-based devices and subsystems.

The VA10820 can be used in many functions in a CubeSat. The most popular use is in the command and data handling (C & DH) module at the heart of monitoring and controlling the entire CubeSat system. Depending on the data throughput requirements of the system, the VA10820 can be used standalone to perform all the processing requirements of the system, or it could be used to load, monitor and reset an FPGA.

Some high-end CubeSat designs require a significant amount of processing and use a FPGA for the main flight controller device. These devices are able to reduce total system cost significantly by opting for a non-rad hard FPGA that is “anchored” by the rad-hard VA10820. In the event that the FPGA’s operation is corrupted by ionizing radiation strikes, this is detected by the VA10820 (which will not be affected by the radiation) and resets the FPGA to ensure that the CubeSat system remains in operation. A block diagram of a typical modular CubeSat system is shown in Figure 1.

Potentially any component in any part of the system can be rendered inoperable by radiation. The benefit of using the VA10820 in the command and data handling module is to observe that all the subsystems are operating normally and to reset them if required. Because the VA10820 is latch-up immune and has other radiation-mitigating features (error detection and correction, scrub engine, triple modular redundancy, optimized layout), it can be regarded as the radiation-resistant anchor of the CubeSat.


Figure 1: Typical modular CubeSat system

Depending on the requirements of the mission, the payload design will be different in every CubeSat, although the general modular implementation of power management board, communications module, command and data handling, and attitude determination and control system (ADCS) will be largely consistent.

Many off-the-shelf CubeSat boards can be acquired from commercial vendors. The payload module is the subsystem of the CubeSat that performs the mission function, experiment, or workload; for example, collecting data or images. This is likely to include sensors, actuators, and possibly another VA10820 for managing the science of the system. All the other modules apart from the payload are just there to keep it flying.

Pros and cons of using COTS in CubeSats
There are main three reasons that budget-constrained CubeSats have used COTS devices. The first reason is that radiation-hardened components are typically very expensive and would represent an unfeasibly high proportion of the overall project budget. Because the VA10820 is lower priced than existing programmable radiation-hardened components, it is possible to maintain a reasonably proportioned component budget but enable the electronics system with a radiation-hardened core.

The second reason why low budget CubeSats have used COTS microcontrollers is because the functionality (notwithstanding the inability to tolerate radiation) of an easy-to-use microcontroller is a very attractive solution. The VA10820 is based on a standard ARM Cortex-M0 core, with a familiar set of peripherals such as timers, on-chip memory, and serial communications interfaces, providing CubeSat designers the option of using a modern microcontroller unit (MCU) that is a good fit, easy to use, and designed to operate in a radiation environment.

The third reason that COTS devices have been used in CubeSats is that there is a feeling among some developers that radiation hardening is not really a must-have for short low-earth orbit (LEO) flights. This attitude is changing as CubeSats are evolving to have longer working lives in space and are being flown to more distant orbits.

COTS microcontrollers typically cannot survive a high accumulation of radiation, specified by Total Ionizing Dose (TID). The longer that the device is operating in space, the higher a dose will be accumulated. This dose will result in increased source-drain leakage as the oxide builds up an accumulated charge and also an expansion of the depletion region between PMOS and NMOS type devices (this becomes more of a problem in smaller geometry devices).

CubeSats do not have as much shielding as part of the mechanical structure as traditional larger satellites. Accumulation of TID results in increasing leakage current that will drain batteries faster and eventually the device will stop working as the supply voltage is pulled down. If the working lifetime is short enough that the designer is comfortable that the device will not cease to operate through TID accumulation, there are other failure mechanisms due to radiation that should also be considered.

It should be expected that all COTS components will sooner or later succumb to the effects of TID. The VA10820, which can withstand 300K rad (Si) of TID, can be used to determine whether a malfunctioning component has suffered from a single-event upset (SEU) or a TID build-up. (A component that latches-up can be RESET by the VA10820 and may restart normal operation.) If it is not possible to power-down and anneal a TID saturated device in-situ, the rad-hard anchor chip can play a vital role in space debris mitigation by managing a controlled end-of-life (EOL) event for the CubeSat.

Microcontroller radiation mitigation
Particle strikes that result in SEUs cause a different complementary metal-oxide semiconductor (CMOS) failure mechanism from TID. An SEU can flip a memory bit, switch the state of a logic circuit or cause latch-up. Each of these failure mechanisms is addressed on the VA10820.

To mitigate against an SEU that would flip a memory bit on a COTS device, an error detection and correction (EDAC) subsystem has been integrated. Error correcting code (ECC) memories have the ability to detect a flipped memory bit and correct it.

The VA1020 ARM Cortex-M0 microcontroller EDAC subsystem implements a Hamming Code based solution that detects two errors and corrects one per byte. This means that there can be four flipped bits per 32-bit word and the microcontroller will still operate normally. As words are fetched by the CPU, the EDAC automatically performs detection and correction on these words in the course of normal CPU operation.

There is still a risk, however, that particle strikes can flip bits on areas of the memory array that are not regularly being fetched by the CPU. This increases the likelihood that there will be more than a single bit error, creating an uncorrectable error. For this reason, a “scrub engine” has also been integrated into the VA10820.

The purpose of the scrub engine is to prevent accumulated errors and is an important part of the overall strategy to prevent uncorrectable bit flips due to radiation strikes. The scrub engine operates independently of the ECC system and will operate in the background of regular CPU activity to periodically examine the contents of each memory location and correct any bit-flip errors. This prevents the build-up of accumulated errors to reduce the possibility of a double-bit error that is uncorrectable.

The scrub engine frequency can be adjusted so that a full memory scrub can be implemented regularly enough to be effective based on the radiation conditions of the environment at any time. A recommended approach is to measure the number of errors that the EDAC system encounters and use that information to adjust the scrub rate to a reasonable level.

An ionizing particle strike on the silicon in a logic circuit area is as big a concern as a strike to a memory array. If an erroneous logic level is latched, it can be propagated through the circuits. To prevent this problem, triple modular redundancy is implemented for all internal registers on the VA10820 by replacing standard latches with dual interlocked cell (DICE) latches that have three voting cells.

When examining all the issues that can affect CMOS devices in a radiation environment other than just the accumulation of ionizing dose, the most serious is latch-up. Latch-up is considered the most serious because it can destroy the chip and even in the best case, needs a reset to recover.

Under conditions of radiation, parasitic transistors can be switched on by an ionizing radiation strike. All bulk CMOS wafers contain millions of parasitic structures that are spread across the wafer. Latch-up occurs when the parasitic structure is triggered.

The VA10820 is manufactured using a patented and proven process known as HARDSIL that immunizes the device against latch-up, significantly reduces the possibility of SEUs (to both memory and logic) and slows the build-up of TID.

A photo of the first generation VORAGO Technologies “stackable” CubeSat rad-hard processor module is shown in Figure 2. It incorporates a motherboard with a Pumpkin-compatible PC/104 interface with an ability to stack custom boards easily onto the rad-hard processor module.

Figure 2: First-generation VORAGO Technologies stackable rad-hard processor module

Conclusion
A new wave of CubeSat designs have taken the approach of anchoring a largely COTS-based bill-of-materials with a rad-hard core chip to safeguard the system. This has shown to be a good trade-off in optimizing cost while increasing the likelihood of mission success.

The CubeSat generation has a different set of expectations of component suppliers to provide products that are fit-for-purpose and affordable. This will ultimately lead to a more stellar success rate of CubeSat missions that are completed on-time and within budget.

Search the Aerospace & Defense Buyer's Guide


You might also like:

  • Avionics
  • Satellite and Space
  • Unmanned Aircraft Systems (UAS)
  • Air Traffic Control (ATC)
  • Engineering design, development, and test
  • Maintenance, repair, and overhaul
  • Subscribe today to receive all the latest aerospace technology and engineering news, delivered directly to your e-mail inbox twice a week (Tuesdays and Thursdays). Sign upfor your free subscription to the Intelligent Inbox e-newsletter at http://www.intelligent-aerospace.com/subscribe.html.

    Connect with Intelligent Aerospace on social media: Twitter (@IntelligentAero), LinkedIn,Google+, and Instagram.


    Intelligent Aerospace
    Global Aerospace Technology Network
    Intelligent Aerospace, the global aerospace technology network, reports on the latest tools, technologies, and trends of vital importance to aerospace professionals involved in air traffic control, airport operations, satellites and space, and commercial and military avionics on fixed-wing, rotor-wing, and unmanned aircraft throughout the world.
    Sign up for our eNewsletters
    Get the latest news and updates

    Voice Your Opinion!

    To join the conversation, and become an exclusive member of Military Aerospace, create an account today!