Monday, August 13, 2018

Stopping Satellite "Pwnage"

          By Brian Orlotti

A team of postgraduate researcher from Yale and Stanford Universities and the University of Colorado have urged the space industry to adopt a policy requiring the use of encryption on all cubesats and smallsats with onboard propulsion.

"From scytales in the year 700 BC to the first password, CAPTCHAs and literally unbreakable 258-bit encryption, take a walk with us through the history of encryption," says the introduction to this infographic. To see the complete infographic, simply click on this link. Graphic c/o Visually.

As outlined in the August 9th, 2018 Space News post, "'No encryption, no fly' rule proposed for smallsats," the team made their presentation at the recently concluded American Institute of Aeronautics and Astronautics (AIAA) Annual Smallsat Conference, which was held from August 4th - 9th, in Logan, UT.

Their request comes at a time when multiple independent groups have demonstrated the vulnerability of various mobile platforms (aircraft, spacecraft, automobiles and drones) to hacking---with potentially disastrous results.

As part of their presentation, the researchers modelled several different propulsion systems on a hypothetical 10 kg nanosatellite in a 300-kilometer Earth orbit with propulsion systems accounting for half of the spacecraft’s mass.

The results ranged from the satellite reaching medium Earth orbit altitudes within two hours when using chemical propulsion to passing geostationary orbit in about a year with an electric propulsion system.

Cubesat builders, who once had few options available for onboard propulsion, now seek to make use of more advanced chemical and electric propulsion systems. These systems can provide smallsats with big boosts in velocity, which can enable rapid orbital changes.

The researchers were troubled by potential scenarios where hackers can take control of and quickly redirect satelites with unencrypted command and control systems. These compromised satellites could then be used to attack other satellites.

Government satellites, as well as many commercial ones, strongly encrypt their command signals to make hacking unlikely.

However, many satellites run by academic institutions have no such security, often due to funding or technical limitations.

To prevent such incidents, the researchers recommended that the space industry adopt a policy  requiring the use of encrypted command systems on small satellites, called  ‘no encryption, no fly.’ This policy could be enforced by launch providers or via contract provisions from satellite propulsion manufacturers.

History has proven that any system that can be hacked will be hacked, given time. Satellite encryption will prove all the more critical in the coming decades as multiple commsat constellations come online, more space-based construction takes place and private crewed orbital and suborbital flights increase.

Recent signs show the dangers of inactivity in this area.

As shown in the August 9th, 2018 Forbes post, "This Guy Hacked Hundreds Of Planes From The Ground," cybersecrity researcher Ruben Santamarta demonstrated how he spied on hundreds of commercial passenger aircraft during November and December of 2017 due to vulnerabilities in satellite communications equipment, i.e. antennas and modems.

Santamarta could monitor data being sent to and from the aircraft and, had he wished, access their onboard WiFi systems and passengers’ connected devices.

Luckily, the aircraft’s safety systems were inaccessible due to the way modern aircraft’s onboard networks are segmented. Santamarta has shared his data with the relevant airlines, satellite equipment vendors and government agencies and most (though not all) have patched the vulnerabilities. Santamarta also presented his findings at the prestigious 2018 Black Hat USA Conference, which was held in Los Vegas NV from August 4th - 9th.

New frontiers always bring new dangers, and space is no exception. All stakeholders will need to do their part to prevent the space industry from being ‘pwned.’
Brian Orlotti.

Brian Orlotti is a network operator at the Ontario Research and Innovation Optical Network (ORION), a not-for-profit network service provider to the education and research sectors.

No comments:

Post a Comment

Support our Patreon Page