Hostile Takeover Of Satellites

22

description

So you think you can takeover a satellite ? well, it's not so easy as you (might) think...

Transcript of Hostile Takeover Of Satellites

Page 1: Hostile Takeover Of Satellites
Page 2: Hostile Takeover Of Satellites

Presentation Content

• Introduction

• Satellite command 101

• So you want to overtake a satellite…?

• Summary

Page 3: Hostile Takeover Of Satellites
Page 4: Hostile Takeover Of Satellites

From the Press

Page 5: Hostile Takeover Of Satellites

Presentation Purpose

• In the past year we heard a lot about hostile takeover

attempt of satellites, especially US satellites.

• The presentation will explain what are the building blocks

of satellites command channel, identifying the weak links

in the chain.

Since Satellites are very (very) far away, the only way to get

hold of one is via the remote command channel

• The presentation will address only command and control

channels and not hostile takeover of payload such as pirate

transmissions.

Page 6: Hostile Takeover Of Satellites

EUHR Ashton on Jamming by Iran and Lybia

Page 7: Hostile Takeover Of Satellites
Page 8: Hostile Takeover Of Satellites

What does a satellite Command System do ?

• Reconfigures satellite or subsystems in response to radio

signals from the ground.

• Different Command timing

– Immediate

– Delayed

– Priority driven (ASAP)

• Batched (sequenced) Commands

Very specific and predefined things!

Page 9: Hostile Takeover Of Satellites

Command Functions

• Power on/off subsystems

• Change subsystem operating modes

• Control spacecraft guidance and

attitude control

• Deploy booms, antennas, solar cell

arrays, protective covers

• Upload computer programs

Page 10: Hostile Takeover Of Satellites

Command System RF Performance

• Frequencies

– S-band (1.6 – 2.2 GHz)

– C-band (5.9 – 6.5 GHz)

– Ku-band (14.0 – 14.5 GHz)

• BER = 10-6

• Typical transmission power: 50-100 Watt (based on

large diameter antennas)

• Typical transmission rate: up to 8 Kbit/sec

You need professional equipment!

High speed tracking antennas are required

Page 11: Hostile Takeover Of Satellites

Command System Block Diagram - Ground

• GSE operator selects command mnemonic

• Software creates command message in appropriate format

and encodes it

• Sequence (Batch) commands/macros

• Signal Modulation: Pulse code modulation (PCM), Phase

shift keying (PSK), Frequency shift keying (FSK)

Very specific and predefined actions (in the SW)

Page 12: Hostile Takeover Of Satellites

Command System Block Diagram - Space

• Decoders reproduce command

messages and produce lock/enable

and clock signals.

• Command logic validates the

command

– Default is to reject if any uncertainty of

validity

– Drives appropriate interface circuitry

Not “launch and forget” simple system

Page 13: Hostile Takeover Of Satellites

Overall structure of a command

Data checked and packaged in “envelopes”

Page 14: Hostile Takeover Of Satellites

Command Messages Fields • Spacecraft address (unique identifier)

• Source ID

• Command type

– Relay commands

– Pulse commands

– Level commands

– Data commands

– Command select

• Error detection and correction

• Multiple commands

AMOS-3 Satellite, 4ºW

Geostationary Belt

MBT GCS

Page 15: Hostile Takeover Of Satellites

Command Logic Verification Process

• Receiver level Validation

– Encryption (commercial such as CARIBOU)

– Authentication

– Command destination

• Software level Validation

– Correct address

– EDAC

– Valid command

– Valid timing/Numbering

– Authenticated Several Data check Levels

Page 16: Hostile Takeover Of Satellites
Page 17: Hostile Takeover Of Satellites

Prerequisites

• RF Transmission equipment

• Knowledge of command frequencies.

• Knowledge of Encryption key(s)

• Knowledge of Authentication key(s)

• Knowledge of Satellite ID

• Knowledge of source (Ground Facility) ID

• Knowledge of commands dictionary

Page 18: Hostile Takeover Of Satellites

Is that it ? Not yet…

• RF receiving equipment

• Decoded Telemetry

– To generate correct addressing (destination) of the fake

command

– To generate correct timing (numbering) of the fake command

– To generate correct context of the fake command

Page 19: Hostile Takeover Of Satellites

Analyzing the risk – ESA approach

Page 20: Hostile Takeover Of Satellites
Page 21: Hostile Takeover Of Satellites

Few Observations

• Is it hard to jam or block a command channel ? Not really

– Simple hardware, relevantly low power

• Commercial Encryption is not good enough

– Is it ? What do banks use for transactions ? What do 7.5 Million

PayPal transaction every evening use ?

• It will be no problem to hack into GCS computers

– If you’re a smart operator, the GCS network is an isolated one

without connections to the outside world

• Easiest Method is…… Inside job !!

Page 22: Hostile Takeover Of Satellites