Hostile Takeover Of Satellites
-
Upload
meidad-pariente -
Category
Technology
-
view
401 -
download
1
description
Transcript of Hostile Takeover Of Satellites
Presentation Content
• Introduction
• Satellite command 101
• So you want to overtake a satellite…?
• Summary
From the Press
Presentation Purpose
• In the past year we heard a lot about hostile takeover
attempt of satellites, especially US satellites.
• The presentation will explain what are the building blocks
of satellites command channel, identifying the weak links
in the chain.
Since Satellites are very (very) far away, the only way to get
hold of one is via the remote command channel
• The presentation will address only command and control
channels and not hostile takeover of payload such as pirate
transmissions.
EUHR Ashton on Jamming by Iran and Lybia
What does a satellite Command System do ?
• Reconfigures satellite or subsystems in response to radio
signals from the ground.
• Different Command timing
– Immediate
– Delayed
– Priority driven (ASAP)
• Batched (sequenced) Commands
Very specific and predefined things!
Command Functions
• Power on/off subsystems
• Change subsystem operating modes
• Control spacecraft guidance and
attitude control
• Deploy booms, antennas, solar cell
arrays, protective covers
• Upload computer programs
Command System RF Performance
• Frequencies
– S-band (1.6 – 2.2 GHz)
– C-band (5.9 – 6.5 GHz)
– Ku-band (14.0 – 14.5 GHz)
• BER = 10-6
• Typical transmission power: 50-100 Watt (based on
large diameter antennas)
• Typical transmission rate: up to 8 Kbit/sec
You need professional equipment!
High speed tracking antennas are required
Command System Block Diagram - Ground
• GSE operator selects command mnemonic
• Software creates command message in appropriate format
and encodes it
• Sequence (Batch) commands/macros
• Signal Modulation: Pulse code modulation (PCM), Phase
shift keying (PSK), Frequency shift keying (FSK)
Very specific and predefined actions (in the SW)
Command System Block Diagram - Space
• Decoders reproduce command
messages and produce lock/enable
and clock signals.
• Command logic validates the
command
– Default is to reject if any uncertainty of
validity
– Drives appropriate interface circuitry
Not “launch and forget” simple system
Overall structure of a command
Data checked and packaged in “envelopes”
Command Messages Fields • Spacecraft address (unique identifier)
• Source ID
• Command type
– Relay commands
– Pulse commands
– Level commands
– Data commands
– Command select
• Error detection and correction
• Multiple commands
AMOS-3 Satellite, 4ºW
Geostationary Belt
MBT GCS
Command Logic Verification Process
• Receiver level Validation
– Encryption (commercial such as CARIBOU)
– Authentication
– Command destination
• Software level Validation
– Correct address
– EDAC
– Valid command
– Valid timing/Numbering
– Authenticated Several Data check Levels
Prerequisites
• RF Transmission equipment
• Knowledge of command frequencies.
• Knowledge of Encryption key(s)
• Knowledge of Authentication key(s)
• Knowledge of Satellite ID
• Knowledge of source (Ground Facility) ID
• Knowledge of commands dictionary
Is that it ? Not yet…
• RF receiving equipment
• Decoded Telemetry
– To generate correct addressing (destination) of the fake
command
– To generate correct timing (numbering) of the fake command
– To generate correct context of the fake command
Analyzing the risk – ESA approach
Few Observations
• Is it hard to jam or block a command channel ? Not really
– Simple hardware, relevantly low power
• Commercial Encryption is not good enough
– Is it ? What do banks use for transactions ? What do 7.5 Million
PayPal transaction every evening use ?
• It will be no problem to hack into GCS computers
– If you’re a smart operator, the GCS network is an isolated one
without connections to the outside world
• Easiest Method is…… Inside job !!