Space Odyssey

An Experimental Security Analysis of Satellites

Johannes Willbold*,
Moritz Schloegel*‡, Manuel Vögele*, Maximilian Gerhardt*,
Thorsten Holz‡, Ali Abbasi‡

*Ruhr University Bochum, firstname.lastname@rub.de
‡CISPA Helmholtz Center for Information Security, lastname@cispa.de

v1.3

Distinguished Paper

Applications

Telecommunications

Research

Technology Testing

Global Positioning

Earth Obervation

Context

Space Segment

ISL

User Segment

Ground Segment

Space Protocol

Motivation

Ground Segment

Space Segment

Attackers

Approach

Firmware Analysis

Conclude Insights

Threat Taxonomy

Challenge Results

Developer Survey

Design Survey

Attack Goals

Denial of Service

Seizure of Control

Malicious Data Interaction

Bus / Payload

Payload

Bus

Bus / Payload

COM

Payload

CDHS

EPS

ADCS

Threats

COM

CDHS

Threats

COM

CDHS

Bus

Satellite

Arb. Code Execution
Control Data Interaction

Bus

Threats

COM

CDHS

Bus

Satellite

Arb. Code Execution
Control Data Interaction

Bus

PDHS

PLCOM

Payload

Denial of Service
Payload Data Interaction

Threats

COM

CDHS

Bus

Satellite

Arb. Code Execution
Control Data Interaction

Bus

PDHS

PLCOM

Payload

Denial of Service
Payload Data Interaction

Vulnerable TC
Dangerous TC
[ ... ]
[ ... ]

Bypass Access Control

[...]

[...]

Threats

COM

CDHS

Bus

Satellite

Arb. Code Execution
Control Data Interaction

Bus

PDHS

PLCOM

Payload

Denial of Service
Payload Data Interaction

Vulnerable TC
Dangerous TC
[ ... ]
[ ... ]

Bypass Access Control

[...]

[...]

Bus-Payload Link

Threats

COM

CDHS

Bus

Satellite

Vulnerable TC
Dangerous TC
TC Suppression
Control Data Leak

Arb. Code Execution
Control Data Interaction

Bus

PDHS

PLCOM

Payload

Denial of Service
Payload Data Interaction

Bus-Payload Link

COM Rx

PLCOM Rx

PD Fetcher

TC Fetcher

Bypass Access Control

[...]

[...]

More Threats

OPS-Sat

European Space Agency (ESA) Satellite

Actively Operated

Launched 2019

OPS-Sat

Bus

Payload

OPS-Sat

CDHS

Payload

Satellite

Bus

COM

S-Band COM

Bus-Pl. Link

COM

PDHS

All Potential Attack Path

Our Attack Paths

OPS-Sat

COM

CDHS

Satellite

Bypass Access Control
- Missing Access Control

Vulnerable TC
- Stack Buffer Overflow

Arbitrary Code Execution
- Missing OS Defenses

Bus

Mission accomplished: Control seized

Survey

Professionals

Space Agencies

Universities

Companies

Fully Anonymous

Satellites

10 x 1-50 kg

2 x 50-100 kg

5 x > 100 kg

TC Protection

Question: Are any measures deployed to prevent 3rd parties from controlling your satellite?

Unknown*:

Prefer not to say / Don't know

Yes

Unknown*

TC Obscurity

Question: What measures are deployed to prevent 3rd parties from controlling your satellite? (Multiple Answers)

Access Control

Encryption

*: Special knowledge about ....

Special permit needed

* ... Frequences, Modulation, etc.

* ... Protocols

Satellite Threat Taxonomy

Security Analysis of 3 Satellites

Survey amongst Professionals

Conclusion

Satellite Threat Taxonomy
- External Attacker → COM → CDHS → Seizure of Control
Security Analysis of 3 Satellites
- Successful exploitation of several vulnerabilities
- Missing state-of-the-art defenses
Survey amongst professionals
- Supports our results
- Security-by-obscurity prevails

Johannes Willbold - johannes.willbold@rub.de

@jwillbold

/jwillbold

@jwillbold

Space Odyssey

Applications

Context

Motivation

Approach

Attack Goals

Bus / Payload

Bus / Payload

Threats

Threats

Threats

Threats

Threats

Threats

More Threats

OPS-Sat

OPS-Sat

OPS-Sat

OPS-Sat

Survey

TC Protection

TC Obscurity

Conclusion

Thanks!