SlideShare a Scribd company logo

Hostile Takeover Of Satellites

Meidad Pariente
Meidad Pariente

So you think you can takeover a satellite ? well, it's not so easy as you (might) think...

TechnologyBusiness
1 of 22
Download to read offline
Presentation Content • Introduction • Satellite command 101 • So you want to overtake a satellite…? • Summary
From the Press
Presentation Purpose • In the past year we heard a lot about hostile takeover attempt of satellites, especially US satellites. • The presentation will explain what are the building blocks of satellites command channel, identifying the weak links in the chain. Since Satellites are very (very) far away, the only way to get hold of one is via the remote command channel • The presentation will address only command and control channels and not hostile takeover of payload such as pirate transmissions.
EUHR Ashton on Jamming by Iran and Lybia
What does a satellite Command System do ? Very specific and predefined things! • Reconfigures satellite or subsystems in response to radio signals from the ground. • Different Command timing – Immediate – Delayed – Priority driven (ASAP) • Batched (sequenced) Commands
Command Functions • Power on/off subsystems • Change subsystem operating modes • Control spacecraft guidance and attitude control • Deploy booms, antennas, solar cell arrays, protective covers • Upload computer programs
Command System RF Performance You need professional equipment! • Frequencies – S-band (1.6 – 2.2 GHz) – C-band (5.9 – 6.5 GHz) – Ku-band (14.0 – 14.5 GHz) • BER = 10-6 • Typical transmission power: 50-100 Watt (based on large diameter antennas) • Typical transmission rate: up to 8 Kbit/sec High speed tracking antennas are required
Command System Block Diagram - Ground Very specific and predefined actions (in the SW) • GSE operator selects command mnemonic • Software creates command message in appropriate format and encodes it • Sequence (Batch) commands/macros • Signal Modulation: Pulse code modulation (PCM), Phase shift keying (PSK), Frequency shift keying (FSK)
Command System Block Diagram - Space Not “launch and forget” simple system • Decoders reproduce command messages and produce lock/enable and clock signals. • Command logic validates the command – Default is to reject if any uncertainty of validity – Drives appropriate interface circuitry
Data checked and packaged in “envelopes” Overall structure of a command
Command Messages Fields • Spacecraft address (unique identifier) • Source ID • Command type – – – – – Relay commands Pulse commands Level commands Data commands Command select • Error detection and correction • Multiple commands MBT GCS AMOS-3 Satellite, 4ºW Geostationary Belt
Command Logic Verification Process • Receiver level Validation – Encryption (commercial such as CARIBOU) – Authentication – Command destination • Software level Validation – – – – – Correct address EDAC Valid command Valid timing/Numbering Authenticated Several Data check Levels
Prerequisites • • • • • • • RF Transmission equipment Knowledge of command frequencies. Knowledge of Encryption key(s) Knowledge of Authentication key(s) Knowledge of Satellite ID Knowledge of source (Ground Facility) ID Knowledge of commands dictionary
Is that it ? Not yet… • RF receiving equipment • Decoded Telemetry – To generate correct addressing (destination) of the fake command – To generate correct timing (numbering) of the fake command – To generate correct context of the fake command
Analyzing the risk – ESA approach
Few Observations • Is it hard to jam or block a command channel ? Not really – Simple hardware, relevantly low power • Commercial Encryption is not good enough – Is it ? What do banks use for transactions ? What do 7.5 Million PayPal transaction every evening use ? • It will be no problem to hack into GCS computers – If you’re a smart operator, the GCS network is an isolated one without connections to the outside world • Easiest Method is…… Inside job !!
Hostile Takeover Of Satellites

Recommended

Isro mcc
Isro mccIsro mcc
Isro mcchindujudaic
 
CArcMOOC 05.03 - Pipeline hazards
CArcMOOC 05.03 - Pipeline hazardsCArcMOOC 05.03 - Pipeline hazards
CArcMOOC 05.03 - Pipeline hazardsAlessandro Bogliolo
 
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMS
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMSEASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMS
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMSsoulstalker
 
CArcMOOC 06.03 - Multiple-issue processors
CArcMOOC 06.03 - Multiple-issue processorsCArcMOOC 06.03 - Multiple-issue processors
CArcMOOC 06.03 - Multiple-issue processorsAlessandro Bogliolo
 
Basic non pipelined cpu architecture
Basic non pipelined cpu architectureBasic non pipelined cpu architecture
Basic non pipelined cpu architecturekalyani yogeswaranathan
 
Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Gaditek
 
5e
5e5e
5esterrazas
 
ORBCOMM Satellite System
ORBCOMM Satellite SystemORBCOMM Satellite System
ORBCOMM Satellite SystemAkram Ahmed
 

Recommended

Isro mcc
Isro mccIsro mcc
Isro mcchindujudaic
 
CArcMOOC 05.03 - Pipeline hazards
CArcMOOC 05.03 - Pipeline hazardsCArcMOOC 05.03 - Pipeline hazards
CArcMOOC 05.03 - Pipeline hazardsAlessandro Bogliolo
 
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMS
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMSEASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMS
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMSsoulstalker
 
CArcMOOC 06.03 - Multiple-issue processors
CArcMOOC 06.03 - Multiple-issue processorsCArcMOOC 06.03 - Multiple-issue processors
CArcMOOC 06.03 - Multiple-issue processorsAlessandro Bogliolo
 
Basic non pipelined cpu architecture
Basic non pipelined cpu architectureBasic non pipelined cpu architecture
Basic non pipelined cpu architecturekalyani yogeswaranathan
 
Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Gaditek
 
5e
5e5e
5esterrazas
 
ORBCOMM Satellite System
ORBCOMM Satellite SystemORBCOMM Satellite System
ORBCOMM Satellite SystemAkram Ahmed
 
2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma ca2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma caJAIGANESH SEKAR
 
Drive test final
Drive test finalDrive test final
Drive test finalYaser Al-Abdali
 
Parameters for drive test
Parameters for drive testParameters for drive test
Parameters for drive testJakoba Fetindrainibe
 
CCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreCCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreTIB Academy
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdfcodearachnid_test
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdfcodearachnid_test
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdfcodearachnid_test
 
Drive Test Nemo
Drive Test NemoDrive Test Nemo
Drive Test Nemotoha ardi nugraha
 
Accurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksAccurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksDesign World
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification StoryDVClub
 
Computer networks unit ii
Computer networks unit iiComputer networks unit ii
Computer networks unit iiJAIGANESH SEKAR
 
Drive test
Drive testDrive test
Drive testMd Joynal Abaden
 
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Atollic
 
Introduction to ELINT Analyses
Introduction to ELINT AnalysesIntroduction to ELINT Analyses
Introduction to ELINT AnalysesJoseph Hennawy
 
Ess.robert
Ess.robertEss.robert
Ess.robertNASAPMC
 
Himss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaHimss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaFrank Meissner
 
Distance Measurement equipment (DME)
Distance Measurement equipment (DME)Distance Measurement equipment (DME)
Distance Measurement equipment (DME)Afghanistan civil aviation institute
 
In out system
In out systemIn out system
In out systemAgnas Jasmine
 
telemetry tracking and command systems
telemetry tracking and command systemstelemetry tracking and command systems
telemetry tracking and command systemsShaheem TM
 
datalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxdatalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxMeenaAnusha1
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

More Related Content

Similar to Hostile Takeover Of Satellites

2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma ca2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma caJAIGANESH SEKAR
 
CCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreCCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreTIB Academy
 
Accurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksAccurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksDesign World
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification StoryDVClub
 
Computer networks unit ii
Computer networks unit iiComputer networks unit ii
Computer networks unit iiJAIGANESH SEKAR
 
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Atollic
 
Introduction to ELINT Analyses
Introduction to ELINT AnalysesIntroduction to ELINT Analyses
Introduction to ELINT AnalysesJoseph Hennawy
 
Ess.robert
Ess.robertEss.robert
Ess.robertNASAPMC
 
Himss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaHimss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaFrank Meissner
 
telemetry tracking and command systems
telemetry tracking and command systemstelemetry tracking and command systems
telemetry tracking and command systemsShaheem TM
 
datalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxdatalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxMeenaAnusha1
 

Similar to Hostile Takeover Of Satellites (20)

2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma ca2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma ca
 
Drive test final
Drive test finalDrive test final
Drive test final
 
Parameters for drive test
Parameters for drive testParameters for drive test
Parameters for drive test
 
CCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreCCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in Bangalore
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdf
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdf
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdf
 
Drive Test Nemo
Drive Test NemoDrive Test Nemo
Drive Test Nemo
 
Accurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksAccurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed Clocks
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification Story
 
Computer networks unit ii
Computer networks unit iiComputer networks unit ii
Computer networks unit ii
 
Drive test
Drive testDrive test
Drive test
 
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
 
Introduction to ELINT Analyses
Introduction to ELINT AnalysesIntroduction to ELINT Analyses
Introduction to ELINT Analyses
 
Ess.robert
Ess.robertEss.robert
Ess.robert
 
Himss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaHimss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via dama
 
Distance Measurement equipment (DME)
Distance Measurement equipment (DME)Distance Measurement equipment (DME)
Distance Measurement equipment (DME)
 
In out system
In out systemIn out system
In out system
 
telemetry tracking and command systems
telemetry tracking and command systemstelemetry tracking and command systems
telemetry tracking and command systems
 
datalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxdatalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptx
 

Recently uploaded

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Hostile Takeover Of Satellites

  • 1.
  • 2. Presentation Content • Introduction • Satellite command 101 • So you want to overtake a satellite…? • Summary
  • 3.
  • 5. Presentation Purpose • In the past year we heard a lot about hostile takeover attempt of satellites, especially US satellites. • The presentation will explain what are the building blocks of satellites command channel, identifying the weak links in the chain. Since Satellites are very (very) far away, the only way to get hold of one is via the remote command channel • The presentation will address only command and control channels and not hostile takeover of payload such as pirate transmissions.
  • 6. EUHR Ashton on Jamming by Iran and Lybia
  • 7.
  • 8. What does a satellite Command System do ? Very specific and predefined things! • Reconfigures satellite or subsystems in response to radio signals from the ground. • Different Command timing – Immediate – Delayed – Priority driven (ASAP) • Batched (sequenced) Commands
  • 9. Command Functions • Power on/off subsystems • Change subsystem operating modes • Control spacecraft guidance and attitude control • Deploy booms, antennas, solar cell arrays, protective covers • Upload computer programs
  • 10. Command System RF Performance You need professional equipment! • Frequencies – S-band (1.6 – 2.2 GHz) – C-band (5.9 – 6.5 GHz) – Ku-band (14.0 – 14.5 GHz) • BER = 10-6 • Typical transmission power: 50-100 Watt (based on large diameter antennas) • Typical transmission rate: up to 8 Kbit/sec High speed tracking antennas are required
  • 11. Command System Block Diagram - Ground Very specific and predefined actions (in the SW) • GSE operator selects command mnemonic • Software creates command message in appropriate format and encodes it • Sequence (Batch) commands/macros • Signal Modulation: Pulse code modulation (PCM), Phase shift keying (PSK), Frequency shift keying (FSK)
  • 12. Command System Block Diagram - Space Not “launch and forget” simple system • Decoders reproduce command messages and produce lock/enable and clock signals. • Command logic validates the command – Default is to reject if any uncertainty of validity – Drives appropriate interface circuitry
  • 13. Data checked and packaged in “envelopes” Overall structure of a command
  • 14. Command Messages Fields • Spacecraft address (unique identifier) • Source ID • Command type – – – – – Relay commands Pulse commands Level commands Data commands Command select • Error detection and correction • Multiple commands MBT GCS AMOS-3 Satellite, 4ºW Geostationary Belt
  • 15. Command Logic Verification Process • Receiver level Validation – Encryption (commercial such as CARIBOU) – Authentication – Command destination • Software level Validation – – – – – Correct address EDAC Valid command Valid timing/Numbering Authenticated Several Data check Levels
  • 16.
  • 17. Prerequisites • • • • • • • RF Transmission equipment Knowledge of command frequencies. Knowledge of Encryption key(s) Knowledge of Authentication key(s) Knowledge of Satellite ID Knowledge of source (Ground Facility) ID Knowledge of commands dictionary
  • 18. Is that it ? Not yet… • RF receiving equipment • Decoded Telemetry – To generate correct addressing (destination) of the fake command – To generate correct timing (numbering) of the fake command – To generate correct context of the fake command
  • 19. Analyzing the risk – ESA approach
  • 20.
  • 21. Few Observations • Is it hard to jam or block a command channel ? Not really – Simple hardware, relevantly low power • Commercial Encryption is not good enough – Is it ? What do banks use for transactions ? What do 7.5 Million PayPal transaction every evening use ? • It will be no problem to hack into GCS computers – If you’re a smart operator, the GCS network is an isolated one without connections to the outside world • Easiest Method is…… Inside job !!