Intro
Software Defined Space Conference is currently one of the leading conferences that explore opportunities for solving current and future challenges related to protecting space assets. The conference focuses on software development and cyber security for the space domain with the aim of raising awareness of its commercialisation.
Together with my colleague, Lukasz Pieczonka, we had the opportunity to speak at the conference and share our own experiences in secure space communication testbed development for European Space Agency (ESA). SEC_Lab: A Secure Communications Testbed for Space Missions is a virtual
testbed which simulates a real space link based on ESA’s mission control (MICONYS) and test and
validation (TEVALIS) software infrastructure. Several use cases, tests and scenarios have been explored
and quantified test results provide insights and recommendations. The feasibility of utilising encapsulated
terrestrial networking technologies including encapsulated IP/IPSec over CCSDS protocols, Virtual Private
Networks (VPN), Software Defined Networking (SDN) and host fingerprinting is demonstrated.
Discussion
During the discussion, I had the pleasure to answer questions on the key challenges to protect the ground-to-space communications link. From my perspective securing ground-to-space communication is not just dependent on technical solutions. It should be remembered that without ensuring physical security (e.g., zoning, securing data centres), personnel security (e.g., security clearances, security checks, building trust among personnel), ensuring information protection (classified and unclassified data and parameters), and providing information assurance – we cannot talk about comprehensive link security. Technical security of the link is therefore one element. So what are the actual challenges facing ground-to-space communication links?
The key challenges for protecting G2S communication link:
Keeping communication secret
First and foremost is the preservation of secret communications. One of the elements that make this possible is to ensure security by introducing encryption keys, security association data, and logs that are entered into SDLS. The situation is even easier when we are dealing with unencrypted satellite broadband signals that can be intercepted across vast distances. This is where Network Security can come to the rescue, Delay Tolerant Networking, Physical-Layer Encryption.
Preserving the incoming message is from a trusted source.
Second, ensure that the message comes from a trusted source. Everyone is familiar with the term spoofing which refers to disguising a communication from an unknown source as being from a known one. One solution is to transmit the signal on the right frequencies and provide onboard verification of incoming signals. Today, several satellite systems transmit either unauthenticated messages or authenticated at the application layer, via either symmetric key (implicit authentication) or public key solutions.
Protecting infrastructure against falsification of the messages
False messages can be injected into legitimate transmission relays. Due to the fact satellites are resource-limited and lack the capability to cheaply verify incoming transmissions for the relay. One solution is to generate a private key that is assigned to the message.
Guarantee privacy of the communication and protection against eavesdropping
Eavesdropping is the interception of data over a communication channel. For satellite and ground systems, this channel is an RF signal sent over the air, meaning that all communications are susceptible to interception. Data sent over RF signals are sometimes not encrypted or use low-grade encryption which can be overcome to retrieve the cleartext information. An attacker with cheaply available hobbyist equipment may compromise the security and privacy of individuals in an area encompassing tens of millions of square kilometers. Moreover, satellite eavesdropping provides a potential route to harming many connected critical infrastructure systems such as power-generation facilities.
Protecting onboard system against DOS/DDOS attack
In spite of the fact, that even when a strong secure communication solution is deployed, it does not guarantee to avoid of mission loss due to other attack techniques. The communication solution shall be resistant to Denial Of Service (DOS) or Distributed Denial Of Service (DDOS) attack techniques. Otherwise, such kind of an attack can cause an onboard software error which may come to unforeseen aftermath, including loss of mission.
