Security of Satellite Communication Links

In recent years, the costs of building and launching satellites have come down substantially due to the availability of cheaper commercial launch providers and due to an increased use of COTS components in satellite hardware. This has helped to make satellite systems more accessible to a growing user base and has thus led to a wide range of applications (such as navigation, communication and earth observation) now heavily relying on satellite systems. This increasingly common usage of these systems introduces novel security concerns. Hardware constraints or system operation considerations (eg open data sharing) may make cryptographic approaches infeasible. But even if cryptography can be used, challenges remain, as these systems need to be able to react to and recover from the compromise of individual satellites. Furthermore, the decrease in hardware costs has also made certain types of attacks more likely, as the availability of affordable software-defined radios has put signal capture, injection and interference attacks within reach of a wider group of attackers. These and other security issues need to be considered prior to launch as the high cost of replacement and long lifespan of satellites, together with the impracticality of post-launch modifications, mean that security issues identified in live systems may be there to stay for a considerable amount of time. This project proposal outlines two courses of work that will expand our knowledge of the types of attacks to which satellite systems are vulnerable, as well as ways to protect these systems. 

Demonstrating Signal Injection Attacks on Real-world Satellite Protocols  

Previous work has demonstrated how a large sub-class of satellites, which do not encrypt their transmitted data due to computational or operational constraints, are vulnerable to physical signal injection and overshadowing attacks. It has proven the feasibility of these types of attacks through thorough modelling and simulations. Furthermore, the previous work has shown the possible impact they can have on critical systems such as NASA’s Earth Observing system, which are relying on the integrity and validity of the data provided by these satellites. NASA’s Earth Observing system is used in a range of safety critical applications such as forest fire and storm detection, and it was able to demonstrate that it is possible for an attacker to spoof or mask natural disasters at will, thus endangering a life-saving service. 

This project will build on previous work by conducting extensive real-world experiments. For this purpose, a physical testbed that closely mirrors a real-world system will be set up. This testbed will enable practical validation of the theoretical signal overshadowing attack model, as well as an analysis of the physical factors influencing the chances of launching such an attack successfully.  

The project will extend the range of case studies of affected systems to include voice and data service providers (eg Iridium). In doing so, it will show the wide applicability of the proposed signal overshadowing attack and thus the need to properly secure affected systems. Finally, it will propose improvements to these systems, especially those already in use, to mitigate these issues without requiring cryptographic capabilities not supported by the currently deployed satellite hardware. 

Security Challenges of Satellite Constellation Key Management  

As satellite constellations become more common, it is vital to understand how well-established terrestrial networking concepts shift in this new context. This is particularly true in the case of federated constellations, where satellites and links may be operated by a range of parties, so not all nodes can be trusted. 

This project aims to address the problem of key management in satellite constellations, providing robust communication infrastructure that can adapt as satellites enter and leave constellations (particularly common in LEO constellations, in which satellites often have lifespans of 5-10 years), or as keys become compromised and need to be revoked and reissued. To this end, the project will investigate novel key management infrastructures to solve this problem, allowing key management updates to propagate through a network over inter-satellite links instead of checking a central certificate revocation list, as used with traditional SSL key management. This work will draw upon ideas used by existing key management systems, while taking into account the unique challenges that are present in the novel context of satellites needing to communicate securely with one another without constant access to revocation lists or the internet.