Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Satellite Command Security?

Cliff posted more than 12 years ago | from the preventing-orbital-hacking dept.

Security 426

teridon asks: "I work in the satellite control industry, and I've been asked to present mission safety with regards to command security. In other words, how do we ensure that 'unknowns' don't command the satellite. Military and commerical birds often employ encryption on both the uplink and the downlink. However, it seems that none of the science-oriented satellites my company operates do this. We rely on physical security (access to the control center), network security (we use closed networks), technology (most crackers don't have access to a huge radio antenna with which to transmit), and obscurity (each satellite has its own command structure, not publicly documented). Many satellites use CCSDS frames to uplink commands; only the command data is obscured by lack of public info." A common mantra heard from Slashdot is "obscurity is not security", and this is a lesson that teridon wants his company to learn, in addition to other steps they can take to improve the security of their system. What suggestions might you have when it comes to improving security on satellite systems, especially if you have experience from some of the mistakes that you may have seen in production?

"Three major issues concern me (I'm going to assume that our network security works (grin!):

  1. Can someone effectively execute a DOS attack by uplinking to the satellite with a powerful signal (the frequency would be easy to 'snoop' from our transmitting antenna), thus preventing us from commanding it? In general, how do receivers handle multiple command carriers (would there be too much noise to command)?
  2. How many of you think that you could decipher the structure of the command (given the motivation)?
  3. Standards being developed (like SCPS) intend to make satellites 'just another node on the Internet.' Take a look at the security protocol (which is based on IPSEC, et. al) and tell me if you think it is secure, or whether you'd want to crack it.
I'm not looking for the Slashdot population to do my research -- I mostly want opinions on whether cracking a science satellite would be worth the time."

Sorry! There are no comments related to the filter you selected.

It depends ... (-1, Offtopic)

mpak (247326) | more than 12 years ago | (#2773469)

Can your satellite zoom in on Natalie Portman's breasts?

Re:It depends ... (0)

Anonymous Coward | more than 12 years ago | (#2773504)

Sorry, no. You'd need optics much closer and more powerful, as in an electron microscope.

Given enough motivation (5, Insightful)

Tim Ward (514198) | more than 12 years ago | (#2773470)

How many of you think that you could decipher the structure of the command (given the motivation)?

Anything can be hacked given enough motivation. That's why different levels of security are applied to different perceived threats - you guess how much motivation the opposition are likely to muster and decide how much to invest in security accordingly.

Re:Given enough motivation (1)

Cirvam (216911) | more than 12 years ago | (#2773556)

yeah but if you accidently send the command that fires the jets and it burns up on reentry then your kinda screwed.

Re:Given enough motivation (5, Informative)

Theodore Logan (139352) | more than 12 years ago | (#2773636)

Anything can be hacked given enough motivation.

Why is this such a widespread belief? Has it been proven somehow? Has everything in the world that could possibly be hacked been hacked?

The deduction seems to me the following: everything that has been hacked is hackable => therefore everything is hackable. Where's the logic in that? We don't walk around saying that 10 miles high building cannot be built because we have never built one, do we?

I don't want to come off like a troll, but I'm getting a bit weary of the conclusion that just because noone have proved the existence of an unhackable system no such system can exist.

Re:Given enough motivation (3, Insightful)

liquidsin (398151) | more than 12 years ago | (#2773686)

it's along the same lines of 'anything that can be made can be unmade'. It's just one of those natural laws...there is no such thing as 'unhackable'. given enough time and resources, anything can be broken.

No. (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2773471)

Linux is, at best, a toy operating system. At worst it is the kind of subversive force in America that Stalin only dreamed of creating.

There are "cells" reporting to unknown leaders that only go by names like "L33t_Kernal_Hax0r" that cannot be located - after all, "living in my momma's basement cause I have no real world skills to speak of" is not a true street address.

There is the Marxist concept of "give what you can, take what you need." Only, none of these people can give anything, excepting the few heroes of the revolution that have their own roach filled apartments and must give blow jobs in parks monthly to meet their rent. Yet, they all feel the need to take, take, take. MP3s? "We must have them! It is about freedom for the artists!!" Software? "We must have it for free! It will be good then!!" Movies? "Yes, we must have them for free!!!" Of course, the dirty secret all of these "give it to me free!!!" people are trying to hide is that they have no resources to actually acquire anything legitimate, due to their pathetic skill set and the fact that society has no use for them.

Society, in fact, had no use for them even during their formative years. That's why their lunch money was stolen. Darwin's law was trying to assert itself, but overprotectively indulgent parenting prevented such a thing from happening.

Re:No. (0)

Anonymous Coward | more than 12 years ago | (#2773627)

HAHA!

In a related story: (2, Insightful)

GigsVT (208848) | more than 12 years ago | (#2773474)

I forgot to lock the vault at the bank I manage, and no one is there right now!

Limited time offer!

Re:In a related story: (0)

Anonymous Coward | more than 12 years ago | (#2773485)

Already stopped by. Thanks a bundle; now I can finally afford that Mac I've been wanting.

Re:In a related story: (0, Troll)

GigsVT (208848) | more than 12 years ago | (#2773575)

Offtopic, what the hell are you thinking crackhead moderator?

My post is very on-topic, and relevant to the topic in discussion. Maybe if you had half a brain you could figure out what an analogy is.

I loved the way that Cliff phrassed that (3, Insightful)

Bandman (86149) | more than 12 years ago | (#2773477)

Did the
"...this is a lesson that teridon wants his company to learn."
sound like a veiled threat to anyone else? :)

Maybe it's the pre-caffeine stage.

Re:I loved the way that Cliff phrassed that (2, Insightful)

Tha_Zanthrax (521419) | more than 12 years ago | (#2773522)

I really wonder really if this guy works for the company he says he works for. My guess is they just fired him...

Protect the satellites (1, Funny)

Anonymous Coward | more than 12 years ago | (#2773479)

You've better protect all satellites with high grade crypto.

Otherwise the aliens will be able to use the satellite network to coordinate their attack on the Earth.

Re:Protect the satellites (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2773506)

Aliens have already solved the NP problem, so you can forget securing anything against an attack by them.

Re:Protect the satellites (0)

Anonymous Coward | more than 12 years ago | (#2773523)

Really? Then why was their computer so easy to attack with a virus?

Re:Protect the satellites (0)

Anonymous Coward | more than 12 years ago | (#2773621)

what the hell are you talking about?

Re:Protect the satellites (2, Funny)

TheGreenLantern (537864) | more than 12 years ago | (#2773682)

No, it was clearly the stunning power of the Mac Powerbook and Jeff Goldblum's incredible intelligence that made this possible.

I assume the run of the mill reply to this is... (2, Troll)

cscx (541332) | more than 12 years ago | (#2773481)

"Make publicly available all the source code and documentation of the satellite's protocols. Then the entire Open Source community can have any and all bugs fixed in under 2 hours. Also, by making it Open Source, bugs in the code that would make it vulnerable to cracking can be found more quickly, and thus sealed up. The idea that all your protocols should be classified and confidential is ludicrous. Just look at Microsoft, they close their stuff up and look at all the holes in their software! You must release everything to the public."

too late (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2773483)

it's too late.... all your sats are belong to me!

erm (-1, Offtopic)

Cave Dweller (470644) | more than 12 years ago | (#2773484)

Why the SPAM icon?
WTF do satellites have to do with spam?

boggle..

Re:erm (1, Funny)

GigsVT (208848) | more than 12 years ago | (#2773503)

After the apocalypse, the only thing left will be satellites and spam.

I'm sorry... (0)

Anonymous Coward | more than 12 years ago | (#2773486)

but if you don't know the answers yourself, or can't find the answer from some other source than slashdot readers, we're all in big trouble.

here's an idea... (5, Funny)

turbine216 (458014) | more than 12 years ago | (#2773490)

...this might sound obvious to some, but maybe if you need to ask this type of question, you shouldn't be in charge of securing a satellite...

Just a thought.

Re:here's an idea... (5, Interesting)

Amarok.Org (514102) | more than 12 years ago | (#2773532)

That's probably a bit harsh. You're probably right, but...

He didn't say that he had no idea where to start, nor did he say that this was his only source of information on the issue.

Having done security work in the past, I'd often solicit the advice of other security experts (ok, so maybe Slashdot isn't the place to ask) to see what directions they'd go.

If I prefaced my questions with what *I* thought was important or the Right Way (tm), that could color the thought processes of my resource(s). By keeping my ideas to myself (at least early in the process), I could get their objective opinion, perhaps with ideas that I'd not previously considered.

Just my $.05 (inflation, you know).

- Dave

Re:here's an idea... (0)

Anonymous Coward | more than 12 years ago | (#2773533)

also if you know how the security of your satellite control works, then maybe you shouldn't describe how someone would breach your security. security through obscurity works if the people who know dont go telling everyone else the secrets.

Re:here's an idea... (0)

Anonymous Coward | more than 12 years ago | (#2773570)

If you don't have something nice to say, then maybe don't say it. :) The poor guy's just doing some research, and a poll is a part of that.

Re:here's an idea... (2, Insightful)

ruvreve (216004) | more than 12 years ago | (#2773589)

I don't think by asking this question he should be deemed unworthy of securing satellites, instead you should consider it going the extra mile by asking several million? nerds how they would approach the situation. Now if he relied on /. as his primary tool for the succesful completion of his job related duties then I think I want his job.

Re:here's an idea... (0)

Anonymous Coward | more than 12 years ago | (#2773619)

You should not be so quick to judge. I mean how many satellite security experts do you know? It seems obvious to me that he was saddled with a project outside his area of expertise, and most likely outside of his company's expertise. Since this does not seem to be a #1 priority to the company, it is reasonable that he is taking on the project, and reasonable for him to look for help, and ok for him to ask opinions. Im sure we have all been stuck on some project at some point, and needed to get some outside input.

Re:here's an idea... (0)

Anonymous Coward | more than 12 years ago | (#2773623)

> ...this might sound obvious to some, but maybe
> if you need to ask this type of question, you
> shouldn't be in charge of securing a
> satellite...

I'll take it one step further. If you are this
persons manager, and you hired this person, be
expecting a reprimand from your superiors
eminently...

Re:here's an idea... (2, Insightful)

lucifuge31337 (529072) | more than 12 years ago | (#2773650)

The biggest problem I have with this is that he asks whay multiple transmiters hitting the receiver of the satellite will do. No only is that obvious to those who know the RF design of that particular satellite, but it also follows that their engineers already know this information. The question is being asked in the the wrong place.

May have military use... (5, Interesting)

maroberts (15852) | more than 12 years ago | (#2773491)

..especially if the hacked science satellite had enough manoevering fuel to be used to crash into a GPS or military satellite.

Satellites are getting larger: if the satellite was sufficiently large to enable large lumps to reenter and you could predict reentry then you could attempt to use it as a missile, but this is obviously a very hit and miss affair.

In the light of September 11I don't think you should assume that civilian targets (or civilian satellites) will be left alone by a terrorist.

Re:May have military use... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2773536)

An excellent idea, my corrupt and decadent western friend, an excellent idea...

-Osama bin Laden

Re:May have military use... (2, Informative)

brocheck (59415) | more than 12 years ago | (#2773572)

The feasibility of retasking a hijacked satelitte onto a collision course with a target is small, but in the right circumstances possible. Keep in mind that the satellites have a very limited maeneverability and retasking in itself is very rare. Fuel is also very limited (which is why retasking is such a loathed task in the satellite industry, it costs hundreds of thousands of dollars.) It might be possible to create a new orbit where the sat 'runs into' another. But considering GPS and mil sats, there are tons of redundancy in these systems.


The availability of the large R/F transmitters would also be a large hurdle (it would not be possible to make an FM/AM radio station into the ranges). However, I'm just kinda startled that various security methods (encryption, basically) wasn't designed into the satellites. Satellites are HUGE investments. It boggles the mind how much they cost to produce and send into space. Kind quirky to leave it to closed protocols alone to protect such an investment.


Conclusion: highly unlikely, but possible.

Re:May have military use... (1)

con (149685) | more than 12 years ago | (#2773641)

What makes you think that only terroists would be interested ?

Is it not possible that rogue nations, spy agencies, or e-war ministries would see that accessing and taking control of one of these to either cause an "accident" by hitting other satellites or by being aimed at a relatively populated area would cause enough damage to scare people/governments as the current situation with jumbos ?

Do any/many science satellites use nuclear material ?
If they do then it may not even matter whether any material makes it intact into the environment, it may actually be an "advantage" to have it burn up and get blown around in the wind over a continent rather than trying to aim for a specific city.

Experts (2, Funny)

Anonymous Coward | more than 12 years ago | (#2773494)

Oohh boy, here's an article that's just begging for "expert" slashdot advice.

"While I've never actually worked on a satellite system, I did hack encryption into my walkie-talkies when I was 8..."

Just what would you do with it? (1, Funny)

ravenswood1000 (543817) | more than 12 years ago | (#2773498)

For the most part, what would you do with a satellite you just took over? Save on long distance?

My Guess on why or what to do ? (1)

da5idnetlimit.com (410908) | more than 12 years ago | (#2773588)

Think easy :

1 - Because I can.
Coolness Factor +10 8)

2 - Because I"ll have access to a HUGE bandwith (FXP is the term here) (Coolness +8)

3 - Because I can (Ditto 8)

4 - Fucking Race horse too boring, let's go Space Opera !!!

5 - C'aus if I take the right one, I will have access to ALL the Phone Network...(nice, Coolness +4)

6 - Caus I can hunt the ISS AND see the track the progression record on CNN Live 8)

7 - Caus the insurance company that just rejected my file IS responsible for the Sat...

8 - I WILL save on Long distance caus I have 16 000 phone lines available

9 - Caus I can

10 - If the only thing you ask is "Ok I have the Sat, no what" please go to the parlor and get a Perrier. Sparkling water Might be a little too much for your overexerted mind...

11 - (last idea) Caus I can have a 801.11 Network that is large as half the USA.

Re:Just what would you do with it? (1)

mclinc (87199) | more than 12 years ago | (#2773685)

Crash it into something and watch it burn!

(This isn't a real question right?)

EEP! The sky is falling! (2, Informative)

rmadmin (532701) | more than 12 years ago | (#2773502)

I don't like the idea of some big freaking satellite bombing down on my apartment, so heres my input.

I like the idea of encryption. It will turn away most of the little script kiddies, but then again so does obscurity for the most part.

most crackers don't have access to a huge radio antenna with which to transmit

Never Underestimate!!! I don't know much about RF communications with satellites, or how powerfull it has to be or whatnot, but I'm pretty sure if someone was determined enough, they could hack something togather. Or if they work at a radio station in a small town that goes off air at night. *shrugs* who knows.

Obscurity is a great thing in some cases, but I don't think it comes anywhere close to actuall good security. Then add confidentiality to it, and awesome physical security, and your in the right direction.
Just my small view on it.

Re:EEP! The sky is falling! (0)

Anonymous Coward | more than 12 years ago | (#2773647)

most crackers don't have access to a huge radio antenna with which to transmit

Perhaps easier to try to subvert the transmitter at "mission control" rather than try to control the satellite directly? That reduces the problem to one of (earthbound) network security, and IMHO, increases the threat.

Re:EEP! The sky is falling! (2)

Twylite (234238) | more than 12 years ago | (#2773660)

In my (limited) experience with crackers, the ones that are actually breaking protocols (rather than running scripts) tend to be older and with good resources ... typically high school or undergrad.

In either of these positions (but esp. undergrad in elec.eng or similar) such folk are likely to have access (or be able to access without too much trouble) school of university facilities. Certainly most of the universities here have some fairly powerful transmitters available.

Anyone listening in on the command streams and watching intently enough will be able to piece together the protocol in time ... by experimenting they risk damaging things but can speed up the process.

Re:EEP! The sky is falling! (0)

Anonymous Coward | more than 12 years ago | (#2773665)

Or if they work at a radio station in a small town that goes off air at night.

This was marked as informative?!? You people need to get a clue.

A couple of ideas (2, Interesting)

Neorej (398404) | more than 12 years ago | (#2773507)

Obscurity doesn't work. Internet seems to know everything, or know someone who does, it's strange but true.

Where I work we rely on a couple of things for security and they seem to work pretty well, I've been working here for nearly 5 years and I can't remember we ever got cracked.

1. SSH
2. Identity keys and passphrases along with 1.
3. IP filtering, you have to be on an IP in our network before you can reach any critical servers.

If you couple this with a private network I don't see any real threats to the network, unless some kid builds a nuclear powered high frequency mega super radio antenna thingy in his backyard to send the whole thing crashing down to Tora Bora.

Re:A couple of ideas (0)

Anonymous Coward | more than 12 years ago | (#2773557)

Obscurity doesn't work?

Yeah, right. Tell all the Osamas of the world about how to crash the satellite on the White House.

That's exactly the kind of slack attitude towards security that led into our nuclear secrets leaking to China (thank you, Mr. Clinton!) and September 11th.

Re:A couple of ideas (1)

Neorej (398404) | more than 12 years ago | (#2773610)

I'm not saying you should just go out and sell all your satellite information to the highest bidder -although that might make enough money to balance the budget- I'm just saying you should never rely *solely* on obscurity.

Re:A couple of ideas (2)

nomadic (141991) | more than 12 years ago | (#2773644)

Obscurity doesn't work.

It doesn't? Maybe it does work, but you just don't know about it.

The first step in shutting down a satellite via hacking is to submit a story on slashdot pointing out the security holes, thus planting the idea in a lot of peoples' heads. And no, the script kiddies aren't the only ones who do this sort of stuff. As much as people don't want to hear it, there are plenty of morally bankrupt but tech-savvy people who know what they're doing, and have the mentality of teenage vandals.

Re:A couple of ideas (0)

Anonymous Coward | more than 12 years ago | (#2773664)

As much as people don't want to hear it, there are plenty of morally bankrupt but tech-savvy people

What's so "morally bankrupt" about finding flaws in a product and showing it to all of the world? After all, that's the way the bugs get fixed.

Every time Microsoft attempts to keep a lid on the information about the bugs in their OS so that they could prepare a patch for it, the entire /. cries out how wrong that is. In the same sense, keeping the satellites out of the reach of hackers (who could point out the bugs) is wrong, isn't it?

Security through obscurity only works if... (0)

Anonymous Coward | more than 12 years ago | (#2773508)

... you do indeed have obscurity. Just telling the world that your system are hackeable in such fashion may be enough to spur enterprising crackers to go out, to look for more data and come up with something. You even provided some leads yourself, from where some enterprising young minds can work: park a van with a suitable receiver near your ground station (related to SOHO?) and start snooping the frequencies used, then the data, etc.

Questions about your own company's security are better not asked in public, especially if you suspect said security to be lacking...

Although in general real security is preferable over the appearance of security, the appearance of security can still serve the useful purpose of making would-be crackers believe that they'd be losing their time trying. Admitting security weaknesses in public will have the effect of getting a whole bunch of folks interested and motivated...

I have a satellite (-1, Offtopic)

Geoffd1 (466931) | more than 12 years ago | (#2773509)

...but it belongs to Audiogalaxy [audiogalaxy.com] .

Slashdot it !! (1)

Tha_Zanthrax (521419) | more than 12 years ago | (#2773511)

What if we just slashdotted the hell out of one those satellites. Just to show the that decent scurity isn't luxury.

Go with the new standard, worth hacking (5, Interesting)

f00zbll (526151) | more than 12 years ago | (#2773513)

If you want to know if hackers will find it interesting, the answer is yes. I grew up around hackers and crackers and both would be interested for several reasons. The biggest one is because they can and they have time. I know plenty of teenagers who know 4+ languages including assembly and know more at 13 than I did at 22. I'm not embarrased to admit it, since these kids are smart. Some are misguided, but most stop at 18. I have first hand experience with friends who hacked and got caught by the FBI and crackers are determined to get in.

Just to give you an idea, some crackers during the BB era in southern california were stealing credit cards to buy commercial software, then sold cracked versions to the largest BB in southern CA. They were eventually caught and the FBI took away all the computers. All of them were under-aged, so they didn't do any time. All of them were interested in science, so they would definitely be interested in what your satellite is sending. More interesting is getting control of your satellite.

Also, remember that crackers tend to have parents who have technical careers, but no time to watch their kids. Hackers and crackers have a lot of time, brains and energy to burn. With all the articles recently about amatuer and college programs building their own satellites, it will become a bigger concern. As kids get more technically advanced at a younger age, more systems will get compromised. It's a fact of life.

Nice Starband Hack (1)

codepunk (167897) | more than 12 years ago | (#2773516)

Yea nobody has a big antenna that can transmit a signal to satellite. Just how big of a attenna do you think you need. The one in my yard is not that big and with a little hacking probably would do the job nicely. Hell you reading this message means that I can already transmit a signal to a bird. Only obscurity for the command protocol, you must be kidding. Bo ha ha ha ha

PKI (2)

Hard_Code (49548) | more than 12 years ago | (#2773518)

The simplest system for ensuring that two entities are talking to each other, without a complex system involving third parties, seems to me to be PKI. Just embed a private key in hardware on the satellite (or perhaps several) and then use PKI as normal. This key never leaves the satellite so the risk of being "hacked" is equivalent to cracking PKI. This of course could be strengthened (or weakened??) by coupling with precise data only known through obscure methods involving lots of precise scientific hardware, e.g. stuff the crackers won't have.

Re:PKI (2)

Eimi Metamorphoumai (18738) | more than 12 years ago | (#2773618)

"If you think cryptography can solve your problem, then you don't understand your problem and you don't understand cryptography." -- Bruce Schneier
And that goes much stronger for PKI. Do you even know what Public Key Infrastructure means? In this case, just get a good, solid shared secret key. There's no reason for asymetric keys.

Re:PKI (5, Informative)

jmaslak (39422) | more than 12 years ago | (#2773663)

I do PKI for a living. Actually, in this case, it might not be the right choice.

Do you really mean PKI or simply Public Key Encryption? Do you actually picture a root certificate authority, subordinate certificate authorities, directories, certificate revocation lists, and authority revocation lists being used to secure a satellite's command & control?

PKI is a great choice when you have lots of parties that need to randomly communicate with each other. It provides a great key distribution. However, PKI seems like overkill when one (or, at most, two) ground stations will be talking to a satelite. In this case, distributing a shared secret really isn't that difficult - probably much easier then building a PKI network and keeping it secure! Of course it does depend on if you trust your internal computer systems to keep the key private. If you don't, then PKI might solve some of your problems.

I would suggest a very lightweight approach. Privacy of data is not required for this application, IMHO. Maybe I'm wrong, in which case, you should investigate other options. This sounds like a good case for a MAC (Message Authentication Code). You don't even need to use encryption - just hashing - to do this.

Basically, each end has a shared secret, "S".

You have a packet containing data, "D".

Each packet has a timestamp (to prevent replay attacks) "T".

All packets consist of: D+T+MD5(D+T+S)
Of course, you can use some sort of hash besides MD5. You can also program the satelite with a few thousand secrets, which expire every so often - if you give it 100 years of secrets at launch, you should be fine.

The satelite receives this packet, does the MD5 of D+T+S, and compares the numbers. It doesn't let you use a packet with an old T (T should be very close to the current time and T should be greater then the most recent T).

This code has the benefit of taking very little memory space compared to a PKI solution. It's also much easier on the uplink/downlink channels.

The most important thing to remember, though, is that this shared secret has to be kept secret. It should not be used by your normal programmers to write control software. Instead, it should be an external module that runs on a secure box (I.E. no remote administration capabilities, only allows connections via a secure interface, and adds on the MAC as the messages pass through it). If you can afford a satellite, you can afford one secure server! I would definately investigate commercial encryption devices which add on a MAC using a shared secret - at least on the ground-station end. They of course may function differently then the method I described above, but the basics remain the same.

Of course all of this has been solved before. ATMs and banks have long needed to authenticate the other end. (ATMs, BTW, do not use public key cryptography, but simply a split key pair - that is, a random string of numbers is one part of the pair and that string XORed with the real key is the other pair - each part is given to a different person who keys it into the ATM seperately from the other person - you might also incorporate this type of system). Since this has been solved before, I recommend that you hire some sort of encryption expert to help you (you are NOT looking for a computer security person - chances are you are not running a default install of W2K on your satellite!).

As for IP, I would think that you would want to ensure there was no way for someone outside the control room to use your equipment to send command and control messages to your satellites! At the very least, this means that the control room should probably have an air-gap between it and the rest of your network. Sure, a little inconvienient, but how much command and control data do you really have to share with people outside that room? Not much most likely - certainly not too much to retype.

Security Engineering (3, Interesting)

FullClip (139644) | more than 12 years ago | (#2773525)

I would recommend you to read the book Security Engineering [amazon.com] by Ross Anderson.
It gives you a perspective of security from a lot of different fields.
If you must secure stuff you have to think like an alien.
If people who were supposed to control the Defense satellites
in Britain had thought like an alien, none of their satellites
would have been hijacked [landfield.com] ,
but that story seems to be untrue :).
Anyway, secure your babies.

Forget reverse engineering -- who's quit lately? (5, Insightful)

pointym5 (128908) | more than 12 years ago | (#2773530)

Definitely assume that anybody you really don't want knowing your command structures will know them. Do you keep the documentation (or source code) in a locked vault with genuine security (not just "don't tell anybody where the vault is")? Do you have strong entry/exit security (can you take an 8mm tape home with nobody noticing)? Are your internal machines firewalled completely from the public Internet? Most importantly, how much do you trust the people who know how it works? Are you sure none of them wouldn't sell information for a few tens of thousands of dollars (or sex)?

Complete security (4, Informative)

ThePurpleBuffalo (111594) | more than 12 years ago | (#2773531)

Complete security is impossible. If someone wants access, they will eventually get it.

The most secure authentication scheme I've seen in a while is talked about in great detail here:
http://www.rsasecurity.com/products/securid/hard wa re_token.html

The idea is that if you need a physical token, and some knowledge to authenticate, you have added another level of security. These tokens are (from my understanding) REALLY hard to reverse engineer. They generate a number (that looks random, but isn't) every minute. On the other side of the connection, the same pseudo-random number is generated. If they match at authentication time, you get access, if they don't, try again.

The other thing you were wondering about was DOS attacks. Go read this article on GRC:
http://grc.com/dos/intro.htm
It boils down to this: if it's distributed there is little you can do.

On the flip side, since these signals would require massive antenae, you can triangulate the source in a matter of seconds, and send some guys (cops, navy, army, etc) over to shut them down.

Either way it goes, this is an interesting problem. Keep us posted with the results.

Beware TPB

Re:Complete security (2)

radish (98371) | more than 12 years ago | (#2773599)


My understanding is that this "problem" is primarily for communications between trusted computers - i.e. base station to bird, and making sure that neither (particularly the base station) could be impersonated. In this case SecureID isn't really appropriate - it's great for dialin (most big companies use it for this) and for authenticating _people_, but I don't imagine you want each controller to have to authenticate him/herself directly with the bird. There are plenty of hardware based heavy encryptionk devices around, I think IBM make some. Basically a custom chip and some eeprom encased in polymer, along with some tamper-detection sensors. Encrypt the whole stream (or just the commands themselves) with a shared-secret key algorithm (don't bother with public key) and bung one of these hardware units at each end. Voila ;-) Easily better security than the ATM networks, and no-one has (publicly) cracked those yet.

Oh and tale EVERYTHING you read at grc.com with a pinch of salt. Or better yet don't read anything at grc.com. Still, he is right when he says that anything internet based is liable to DOS, it's the way routing works. Until someone comes up with a clever way to fix it..

Re:Complete security (1)

lucifuge31337 (529072) | more than 12 years ago | (#2773668)

On the flip side, since these signals would require massive antenae, you can triangulate the source in a matter of seconds, and send some guys (cops, navy, army, etc) over to shut them down.

Sorry. Try again. It can be done with an antenna small enough to hide in an attic....no more than 4 feet long or so, depending on what frequency you are uplinking. And it would (have to be) highly directional, so there would be little to no chance of triangulating it from ground stations.
And it can be done with $5000 or less worth of radio equipment, and run off of a few car batteries.

Here comes trouble (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2773538)

From: Brian Valentine
Sent: Wed 12/26/2001 7:14 PM
To: WW Sales, Marketing & Services Group
Subject: Me again -- Linux updates

Microsoft Confidential -- Do not print, copy or forward this email and do not share this email with anyone out side the company. For internal use only!

Now that the whole world knows we are taking Linux seriously based on the leak of my last email... Wait -- stop there -- since when did they think we weren't taking them serious?!? Did they think we are not going to build the best products possible? Did they think we were going to just be fat, dumb and happy and not continue to win business? Did they think we were going to forget about taking care of our customers??? NO!

Who do they think we are? We have the best d*mn sales force in the world backed by the best engineers in the world -- of course we will take any non-Windows OS serious. The thing about the leak that made me mad was not that we would legitimize Linux, etc. it's good in some places, we are better, and it's not very good in other places and we are much better. but they are a competitor and we will compete. What made me mad was that my friends -- some of you and some of our customer's names where in that email and then available for all to see on the web. That made me mad. I want you selling and supporting our products -- not having to take random calls, emails, etc from the press and others and I know what out customers share with us is in confidence that we will keep it internal. I have no problem any random Linux person sending me hate mail, junk mail, adding my email address to every list server out there, you name it -- that comes with the job, but I don't want my friends to have to deal with the same junk.

Ok, Ok, enough of that. On to some new things we are doing for you around Linux.

Linux is out there in some of your accounts and you may not know it. The ground up nature of how Linux is introduced into our accounts means that we need to modify our traditional approaches of finding out about Linux in our customer base. We have to be more hands on and dig deeper in your accounts!

Many Linux projects in CAS and Depth accounts happen below the IT Manager/BDM level. It's crucial that you get out there with your TSP/SE/MCS folks and do actual walkthroughs in your accounts. Ask open ended questions; find out what they're evaluating for both key projects as well as smaller, more tactical projects. Ask about the 'connector' pieces -- you'll potentially find Linux in these areas. This is a great way to not only find out about Linux, but also other IT projects that may include Novell, Sun, Oracle, and other competitors! If you are struggling with how to do this, then do the simple exercise of walking through you accounts data centers and when you see a Sun or IBM machine, ask what it's used for, if you see some strange servers you don't what they are doing -- ask what is running on them and take notes. I would like to challenge each of you to have these conversations with your customer as soon as you can. Oh -- and you can bet anyplace IBM is talking to your accounts, they are saying Linux and switching to higher end non-pc systems. With the current economic times we are living in, just about every customer is looking into how they can get rid of those over-priced, legacy Unix systems and ride the PC economics wave. We need to be there when they are making these decisions and prove to them the Windows platform is the best platform for them across any aspect of their business.

I want you to know just how seriously we're taking Linux here in Redmond. We're investing major efforts in creating easier processes and resources for you.

I. To start, we have expanded the in-field Linux Competitive Champ program and renamed it "Linux Insiders". Like the other TSP Champs programs, it has been changed to use the new TSP role-based database and will be ready to roll out with its new name at the Envision event in January. It is up to each regional TSP manager to select or assign each member; therefore, anyone wishing to become an Insider should see their manager to be signed up. Much like the support "communities" that define the Linux experience, the FCS team will strive to build a community to cooperate in winning business against Linux. By building a virtual team of field staff and corporate resources, we will enable the field to have one place to go for communication and competitive information. The Linux Insiders will have access to a centralized web site where personnel can request help, route issues, and share best practices that the entire field can leverage. This site, a restricted sub-set of the http://infoweb/linux site, will be accessible by all "Insiders," for items such as SLT reviews, web-casts, notes from conference calls and other sensitive information. If you have questions about the Insiders program, please email Kelly File of the FCS
team at mailto:kellyfi.

II. Second, I'd like to announce the new Linux/UNIX escalation process that is being headed up by [MS Enterprise & Partner Group VP] Charles Stevens' organization. Here's how it works:

a. First, make sure you check out the latest additions to the Web sites: http://infoweb/linux and http://infoweb/sundown.

b. If you can't find what you need there, involve your local expert: the district Linux or Sun Insider (TSPs with Linux and/or Sun competitive responsibilities). These Insiders have the expertise and the resources to help you win. You can find your local Insider on the web sites.

c. If you still need help for Global, Strategic and Major accounts, the Linux/Sun Insiders (or your GM) can escalate the issue to the new corporate Linux/Unix Escalation Team. Let me emphasize that you need to work with your local Insider or your GM because they have direct access to this escalation team. The team is committed to provide an initial response within one working day. These guys have in-depth UNIX industry backgrounds and have been winning against UNIX and Linux. The product development organization will be working closely with this team to make sure you have all the resources you need.

III. Finally, we're working hard to debunk the myths around Linux. We're approaching this in waves.

a. The first wave will attack the perception that Linux is free. To that effect, we'll have an independent analysis commissioned by DH Brown looking at a very popular topic these days -- server consolidation. If you're not seeing this yet, you probably will. IBM is proposing to use Mainframes running many virtual instances of Linux as a low cost server consolidation scenario for file and print, messaging, and database activities. The DH Brown report will be customer ready and will help your customer understand just how competitive Microsoft is in this arena.

b. The second wave will be a full blown cost analysis comparison case study between Linux and Windows in a variety of usage scenarios (web, file and print, etc.) done independently by the analysts for us. ETA for this tool is in May and it will be a great tool to help you sell the value of Windows solutions over Linux. If you have any questions on this study, please email the mailto:lnxteam alias.

You can expect us to turn up the volume on winning against Linux, as well as IBM. There is some great cross team work between PMG, SMG, and CMG marketing groups to ensure we're addressing your needs and believe me, that feedback goes directly to me and the senior leadership team so we can build better products to help you win against Linux!

Thanks,

Brian

Microsoft Confidential -- Do not print, copy or forward this email and do not share this email with anyone out side the company. For internal use only!

PS: I used to run Exchange -- so if you think I am not tracking this message, think again. Don't forward it! And if you have forward rules that have forwarded this message, then perhaps you should think again about forwarding internal email with those rules. I want to give you folks all the information I can in a very open way. If we continue to have bad apples or careless people out there, I will not be able to help you by sending this kind of information!

Security or authentication? (2)

DaveHowe (51510) | more than 12 years ago | (#2773542)

Not sure what the requirements here are - but it seems you are more concerned with correctly authenticating a command to the satellite than concealing the content of the commands.

If that is the case, then you really only need to change the format slightly to include timestamped (or sequentially numbered), signed messages rather than unauthenticated ones (timestamps to prevent simple retransmission of commands as a "cut and paste" control system). There are plenty of PK signature solutions out there - but I assume uploading a new program may be a problem - debugging would be a nightmare ;)

Huoh, had to be said (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2773543)

Can you imagine a beowulf of these? There I said it.

Signatures? (2)

Waffle Iron (339739) | more than 12 years ago | (#2773548)

I'm assuming you're worried about satellites already in orbit. If their software can be modified by upload, how about at least adding a routine to check a digital signature appended to each command packet. That could help prevent some script kiddie with a hacked DSS dish from rooting your spacecraft.

As for new satellites under design, just encrypt the channel, stupid! Its not like its rocket science or anything.

the very fact that you told us how you already... (2, Insightful)

synchrostart (93516) | more than 12 years ago | (#2773554)

...secure your satellite systems is a huge security breach. You just told us you don't use encryption and that to attempt communication you need a radio antenna. Some people do have access to radio antennas. Heck they aren't that hard to build yourself anyhow, there are specific books and internet articles on them. Pick up most books on HAM radio antennas and they atleast mention it. So given some time and effort could someone exploit your satelittes and crash them into another one?

issue 1 (2)

nusuth (520833) | more than 12 years ago | (#2773559)

yes, they can prevent you from commanding the sat iff they can track and transmit to it from somewhere near your base. I'm not aware of any non-directed sat antennas, but then again I'm not an expert either.

In general case any single channel signal can be drowned with another signal at the same freq. and with a comparable power.

Sat Security (2, Interesting)

Mr. Buckaroo (75837) | more than 12 years ago | (#2773561)

General comments:
This type of question is probably best not asked here.

I highly suspect you are whom you say:
1) Why ask questions about such a sensative issue here in such a loose and public forum
2) If your company does indeed control multiple satellites, why do you not have answers to such simple questions as # 1? I would expect you would contact one of your own engineers.
3) This list could go on for quite a while.

I appologize if I'm wrong about the above, but I tend to suspect this is a dupe post by someone either interested in hacking a network or interested in getting people together to hack sat's.

Questions:
1) This would depend to some degree on the com hardware on the bird. Signal jamming is a quite known property of emf communications.

2) Yes. People have deciphered far harder things than a ordered (probably) control protocol.

3) I didn't look at the protocol yet. Yes, folks will want to hack it though. Sat's are l337 d00d.

The correct answers are: (1, Informative)

Anonymous Coward | more than 12 years ago | (#2773574)

1.Can someone effectively execute a DOS attack by
uplinking to the satellite with a powerful signal
(the frequency would be easy to 'snoop' from our
transmitting antenna), thus preventing us from
commanding it? In general, how do receivers handle
multiple command carriers (would there be too much
noise to command)?

No need to execute DOS attacks, an overpowering RF
signal would do the trick.

If the story is still around, and (iirc) look for
the story of UOSAT-18, how it was given up for
'dead', and how a ;-) strange blast of ? power
restored it

2.How many of you think that you could decipher
the structure of the command (given the
motivation)?

See # 1. Taking it out and gaining control are
two different things and (imo) gaining control is
useless.

3.Standards being developed (like SCPS) intend to
make satellites 'just another node on the
Internet.' Take a look at the security protocol
(which is based on IPSEC, et. al) and tell me if
you think it is secure, or whether you'd want to
crack it.

See # 1 and read up on "Project ALOHA"

Addendum:

Going above the RF problem, you might consider L.
Brett Glass's paper on bipolar quadrature
amplitude modulation (using a constellation
pattern) and using a form of FEC that gets the
header/etc. decoded locally.

dos (1)

bluelip (123578) | more than 12 years ago | (#2773576)

Hopefully the DOS attack you mention would be quickly thwarted. (If your satellite was worthy of gov't help that is) If the attacker was using extra power to block your signal, you could track the signal to it's transmitting atenna. This shouldn't take too long to find.

My penis! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2773580)

id
=
100%
>
bl
b
d
=
0
ce
pa

Remember HBO? (5, Informative)

millwood (542462) | more than 12 years ago | (#2773581)

Many years ago HBO's satellite was overtaken for a few hours by someone in the "northwest quadrant" of the continental US. My electronics teacher at the time told me that most satellites would lock into the strongest signal being transmitted to them, and that most control centers used the least amount of power to get a lock-in. So apparently this guy just used a stronger signal than they were using.

As for hacking the command set? You better believe it. Get four engineers and a large blackboard and you might be amazed at how useless "security through obscurity" really is.

My standard reply (0, Troll)

nochops (522181) | more than 12 years ago | (#2773584)

We should we tell you?

Isn't that why you get that *fat* satellite commander paycheck? I'm sure someone here could tell you, but really, if you're not competent to do your job, why should you have it?

These "I dunno how to do my job so I'll ask Slashdot" posts are getting really tired.

I'm tired of people making loads more money than me, when they really don't know squat about what they're doing.

Seroiusly, why should your company pay you to do a job if you don't know how to do it? Why don't they just fire your ass and "Ask Slashdot" themselves?

Re:My standard reply (0)

Anonymous Coward | more than 12 years ago | (#2773601)

Yeah, that's right.

A classical Linux zealot's advice: why should we help you, read the fucking manual.

Elitist twit.

Re:My standard reply (0)

Anonymous Coward | more than 12 years ago | (#2773661)

Why should we fucking help him? He's not going to open his source code at the end, so he can take a flying fuck at a rolling doughnut.

Yours is a typical closed-source cocksucker's answer: "I don't understand Linux, so I think everyone involved in it does everything for free."

Ignorant jackass.

Re:My standard reply (1)

nochops (522181) | more than 12 years ago | (#2773678)

Funny thing is, I'm not a Linux zealot by any means. I know very little about linux. BTW, if there is a manual to read on satellite security practices, I'd like to know where to find it.

I'm just saying: Why was it that the poster was selected to be the 'satellite commander' at his company? What is it that he has that the other candidates did not have? Evidently knowledge about security practices is not one of the requirements. Where do I apply?

Do yourself a favor and check out the satellite listings on monster.com and see how much those guys are pulling down per year. Then tell yourself that they shouldn't have to know what they're doing.

So if your into the whole open source open knowledge bullshit that telling him how to do his job would entail, then it just naturally follows that he should *NOT* be getting a paycheck, right? His salary should be distributed among those who gave him information, right? If that's the case, then yeah, *I'll* RTFM and get back to you on how to hack a satellite. You just get my check in the mail.

Requirements we had on small science satellite (5, Interesting)

braddock (78796) | more than 12 years ago | (#2773594)

Military and commerical birds often employ encryption on both the uplink and the downlink. However, it seems that none of the science-oriented satellites my company operates do this.

Wow, really? (imaging how many /.er are ebay bidding on dishes right now....)

As an undergraduate I worked on a small student-built scientific satellite, and even though the satellite barely had any need of an uplink, I seem to recall we still required strong command authentication, and that we also required the ability to be able to turn off the satellite transmitter and receiver in certain regions of the world, and that these requirements came straight from the DoD. My understanding is that we had to be prepared to respond to certain possible DoD advisories. In fact we probably would have done away with the uplink except for them.

The trasmitter turn-off requirement was apparently so that rogue states could not use the bird for navigation purposes or possible sensing.

Now the advising engineers on this project came from a lab (JHU APL) that does a TON of military birds, so it's very possible they were just imposing good practice on us. Maybe someone in the know could tell us more.

--Braddock Gaskill

Don't be naive... (1)

david_e_v (42652) | more than 12 years ago | (#2773596)

Do you really think that, in case there was any ultra-secure system, this information would be posted in /.?
Security through obscurity is not an option, but this doesn't mean that you have to publish in capital letters all your security measures. That would be simply silly (no flaming).

Troll satalite! (0)

Anonymous Coward | more than 12 years ago | (#2773603)

Giving goatses
Penis birds
First posts
and more to every one

Oh Great.... (2)

mlknowle (175506) | more than 12 years ago | (#2773604)

You have just unvielded a great new target for all the script kiddies out there...

"Hey man, lets go hack a satalight and use it to spy on GIRLS!"

"What, do you think I can access it with my 802.11 Airport?"

"We could crash it into the Whithouse like in that movie!"

Obscurity works very well if... (1, Insightful)

five dollar troll (541247) | more than 12 years ago | (#2773606)

...you avoid extending "challenges" like this to the hacker world. Obscurity is only effective when it is TOTAL obscurity. It doesn't work for Microsoft because everyone already knows that they will (after X number of attempts) find some type of hole in their software. For situations like this, however, there is no interest in targeting the satellite, because there is little or no knowledge of its existence. Therefore, it's not a challenge, and won't be considered such by hackers-at-large.

But now that the cat's out of the bag...look out...

Zap 'em a virus... (2)

karot (26201) | more than 12 years ago | (#2773612)

I saw Independence Day - I know just how easily "they" can upload a virus to an orbital device :-)

Physical security is the best anyway... (3, Informative)

MosesJones (55544) | more than 12 years ago | (#2773613)


Military Sats use encryption for two reasons, one to make sure they can't be cracked, two to make sure they can't be listened two. The second is the more important. As long as the command sequence to the sat is tied to a physical device (which I'd hope at the very least) then your fine as long as you don't get invaded.

The easiest way to secure these systems is to ensure that there is a closed VPN which is tied to two devices, one on the sat, one on the ground. Redundant nodes come into play but its again only the physical that matters.

It takes a hell of a rich hacker to set up the transmission equipment to crack a satellite, and then the sat should just be saying "who are you ?" standard H/W ident stuff should block them off.

Physical rules, if you aren't using H/W paired security then its very worrying as its very simple to do and very standard (I assume it is as anyone with half a brain is going to do that) from then on its just a matter of how important is the information and does it need to be encrypted as listening is miles easier than transmitting.

pointing at the sat? (1)

Niksie3 (222515) | more than 12 years ago | (#2773615)

I'm no expert but I assume that in order to give commands to the bird you would want to know where it is located in the sky, if you could keep that info secret I think ppl will have quite a hard time to find it.

PS: this ofcourse would only work if it doesn't communicate with joe average. If it would you could probally use multiple dishes to figure out where it is located

Big antenna: easy (0)

Anonymous Coward | more than 12 years ago | (#2773628)

Back in my university days they had an "antenna farm" out the back of the electronics department. Now one of these arials consisted of dozens of dipoles strung end to end over a length of about 200 meters. This "string" sat above a V shaped wire mesh. This thing was used to listen to satellites as they passed through it narrow beam width. Well if it can recieve it can also transmit effectively. My point is that if one has a large garden and a few rolls of checken wire then a large arial is not out of the question.

My thoughts (1)

Mercenary (4036) | more than 12 years ago | (#2773635)

Reverse engineering the protocol certainly isn't impossible, and whether anyone is going to attempt it is hard to predict. You only have to capture the imagination of one cracker for them to have a go. So, clearly, you should NEVER assume that, "Well, no-one will care... it's only a satellite".

And, let's face it, this is the sort of thing that some geeks would consider the ultimate war-drive. ;-)

However, opening up the source completely here could be problematic in one way: You may not get a second chance. Someone may find a major flaw, exploit it, and ... ooops - your satellite has landed in the North Atlantic. It's a bit late to fix it though!

This is one reason why you don't let hackers work on air-traffic control systems. ;-) (troll)

Huge arrays NOT required. (2, Insightful)

Cwaig (152883) | more than 12 years ago | (#2773639)

I used to work for BAe Space Systems, and once a year we used to teach part of a course at one of the UK's Universitys (cann't remember which). Part of the course was a practical project building a groundstation from scratch using off the shelf kit and making the dish from scrap parts. It's not cheap, but it's within reach of a lot ot western tech heads (but ok, not your average script kidde). I've still got the course notes + designs in my attic....

It's easy really (0, Offtopic)

Merkins (224523) | more than 12 years ago | (#2773642)

You just need to take all the I.P. addresses offline while your goons chase Ryan Phillipe around the building.

Is deciphering necessary? (2)

Erasmus Darwin (183180) | more than 12 years ago | (#2773655)

"2. How many of you think that you could decipher the structure of the command (given the motivation)?"

Depending on how the protocol's set up, this may not even be necessary. If replaying a previous set of movement commands causes the satellite to move some more, you've already lost that battle. The net result is that an attacker can drive the satellite off course and deplete its fuel reserves, making it a floating piece of junk.

Of course it may be that there's a sequence number in the commands that needs to be updated (most likely to prevent inadvertent duplicates due to transmission problems). In that case, it'd actually require some deciphering effort. Still, remember that you lose as soon as someone figures out enough of your protocol to move the satellite around. An attacker doesn't need to figure out every little detail.

Finally, there's always the social engineering approach. If the attacker can get the protocol by creatively lying to people at your organization (or just by getting a job there), then not only do you lose, but the attacker would have enough information to theoretically do something really fun (like trying to get the satellite to reenter the atmosphere in such a way that the attacker can watch the light show). That further cranks up the attacker's motivation to carry out the plan.

Throwing down the gauntlet? (1)

TheGreenLantern (537864) | more than 12 years ago | (#2773656)

How many of you think that you could decipher the structure of the command (given the motivation)?

Man, isn't that a little like asking a bunch of high-school/college jocks if they think they could go one-on-one with MJ?

"Uh....yeah, I could do that! I mean, I'm a little out of practice and all, but shoot, I used to be able to hang with the best of them in my prime. I'm sure I could manage, if I was motivated enough!"

Hacking a freaking satellite with no knowledge of the command structure would seem to me to be one of those uber-hacks, on scale with bringing down Ma Bell for a few hours, or finally tracking down the true identity of Signal11. In other words, it's probably possible, but you're not likely to find anyone around here that could do it, regardless of what they might tell you.

Security analysis (5, Interesting)

Proaxiom (544639) | more than 12 years ago | (#2773658)

I'm not looking for the Slashdot population to do my research -- I mostly want opinions on whether cracking a science satellite would be worth the time.

I'm not going to analyze the up-link protocol or try to brainstorm motivations for cracking your system, but as a security professional let me try to clarify the issue a bit.

You are on the right track with your questions. You are trying to figure out: a) how badly does somebody want to crack it, and b) how difficult is it for him to do so.

These two factors are precisely what define security risk. If the cost of breaking a system is greater than the reward for doing so, your security is adequate.

The first question cannot be answered by the Slashdot crowd. There are too many variables. Who are your competitors, and how much to they have to gain by sabotaging you? Could the satellite possibly be used for anything other than its intended purpose if control was usurped? How valuable is the satellite to people other than you if it is only being used for its intended purpose?

Perhaps people here could try to figure out the 'cracker bragging-rights' factor, but I suspect that would not be sufficient motivation to go to the lengths required to break your system (any glaring security holes notwithstanding).

From what it sounds like, the second question can't be answered by anybody. The rule of the day is 'provable security', which is why security by obscurity is frowned upon. It's not that it doesn't work, because sufficient obscurity is indeed security, it's that you can never be sure how well it works. This was the problem with the German Enigma machine in WWII, which ultimately provided the greatest incentive to proving lower bounds on security.

Encryption provides easily quantifiable security, demonstrated by mathematical proof (with the minor caveat being most of these proofs rely on P not equalling NP). The techniques you describe do not sound like they lend themselves to provable security. (Although physical security is usually considered pretty sound, provided it is comprehensive; this includes isolated networks and site protection, as you describe)

How difficult is it to gain access to a powerful radio-antenna? That's a key question. If the satellite is owned by a company in an industry with cutthroat competitors who also have satellites, it might not be difficult at all.

Has it already be done? (2)

thogard (43403) | more than 12 years ago | (#2773667)

If you look at the GPS sats you will find they transmit a an encrypted signal for military use. If you have the crypt code you can decode the stream and figure out where the 1st bit is which signals the start of a frame. Inside that frame you get enough info to tell how far away you are from it. Someone (at Trimble?) figured out that the last bit of the frame is truncated so the timing packet always starts a the right time. Now the survey grade GPS recivers just look for a bit that is jsut a bit wrong and use that. They pick up the other timing signals from the other frequency and store the data. You can compare that later and do some high precision work (some claim sub mm).

Another thing is the GPS sats used to shift their packets a bit to throw off the Russians (who had a better system). Someone (claiming to be Russian) posted polynomial to usenet describing it. That was a major part of its security. (and I'll have to dig up that post now that google has stuff from the dark ages)

The last secure by obscurity one way hash I cracked took me about 3 days. It wasn't nearly as good as they would have liked.

Based on some of the things I've seen...
give some of my friends a good reason and enough to play with your toys and you might see a cool reentry.

If what your playing with can be a weapon, call your local spooks and explain the situation to them. Its in their best interest not to have your bird go down. The NSA does have a group that may provide some very useful to your company -- they were providing some good ideas on one project I was involved with for a while for a well known company.

NASA Memo explaining COMSEC requirements (2, Interesting)

braddock (78796) | more than 12 years ago | (#2773669)

Here is a memo that explains the National Policy on Application of Communication Security to U.S. Civil and Commercial Space Systems, NTISSP No. 1.

http://www.tscm.com/communsec.html [tscm.com]

Some excerpts:

The need for and means to protect the command/control uplink associated with civil satellite systems, intended exclusively for unclassified missions, will be determined by the organization responsible for the satellite system in coordination with the National Security Agency....

...Approved techniques as they pertain to space COMSEC equate to National Security Agency (NSA) endorsed encryption and authentication systems....

..Government or Government contractor use of ... commercial satellites ... shall be limited to space systems using accepted techniques necessary to protect the command/control uplink.

Basically, if your group is doing as little as what you say they're doing, they may be in violation of law.

--Braddock Gaskill

Not Encrypted? (1)

wafath (91271) | more than 12 years ago | (#2773672)

0) It's not encrypted???? All satellites I have worked with are encrypted at least on the uplink, including science ones. (even deep space science satellites that require big dishes to talk to it.)

1) It might be more useful to look at this scenario from the electronic warfare point of view, not an internet point of view. However, unlike the internet, you need large, dedicated, expensive equipment to uplink. The equipment is not outside the reach of many hackers, but very very few have them.

You need a license to do the kinds of broadcasts needed to command or jam a satellite. because this is a rare event, your best bet is to handle this through FCC and like organizations. (unlike internet hackers, the FCC will take this seriously.)

2) Yes. Especially if you base your spacecraft on a standard bus. If you do, most of the syntax may already be public. And if I have your telemetry database and a decent history of commands and telemetry, I could figure it out. It isn't easy, and it isn't quick, but it could be done.

Besides, chances are, I don't need to send a good command to destroy your satellite. Just turning on one of the rockets and putting it into an uncontrolled spin will do it. There is a non-zero chance that if I get your spacecraft to accept any command that I could destroy it, even if I have no clue what the command did.

3) Most of the protocols are to use internet protocol to form an intranet between the ground control centers and the spacecrafts. This is mostly floated around as a method of constellation management, because CCSDS is just silly with a solid-state spacecraft. No one in their right mine would make a functioning satellite pintable from any moron on the internet.

W

Another Randal Schwartz? (1)

Gid1 (23642) | more than 12 years ago | (#2773677)

This sounds like another one of those ill-conceived "My boss isn't listening to me, maybe I should prove I'm right" crusades, like the one that got Randal Schwartz in trouble.

My advice: Don't rock the boat, especially in the current economic climate.

Instead, when you get that "management are morons" feeling, just imagine a taxi meter above your desk and calculate how much money you make taking a dump on the company's time.

satellite topsite (1)

cmckay (25124) | more than 12 years ago | (#2773681)

Well, if the satellite has a few GB of storage...

Given the recent shakeout of the warez scene, I can see many benefits to running a topsite on a hacked satellite. (Assuming, of course, it were possible to conceal the transmitter/receiver antennae required to interface with it).

Or you could just install the latest distro of Slackware on it and post a link to slashdot. Then we could have the first ever slashdotting of a LEO device!

Muwahahaha... er... nevermind.

Obscurity and Security (4, Insightful)

rknop (240417) | more than 12 years ago | (#2773684)

Obscurity really is security, if it is true Obscurity. For instance, if you've written a custom server with a set of commands, and you run it on a single computer somewhere on some random port, chances are it's not going to be hacked unless somebody smart and dedicated specifically targets you. Yes, you'd be more secure if you wrote the thing to encrypt its communications and made damn sure that it was robost-- but saying "probably nobody will notice me" has something to it if really nobody likely will notice you.

The problem with companies like Microsoft arguing that obscurity is security is that they don't have real obscurity. Their operating system is absolutely all over the place, both physically and in terms of network connectivity. As such, there is both ample opportunity and ample motive to find out hidden facts about it. While those facts may be hidden, the OS is not, so there's no real obscurity, just a thin veil of obfuscation.

If you're building one new high-tech stealth bomber, and you do it in a hidden valley in some very remote site, and completely underground, chances are it's not going to be seen. On the other hand, if you build several prototypes in downtown parking lots of major cities, and just drape a cloth over them with a sign "no plane here", that's just the illusion of obscurity (and hence the illusion of security). Major OSes that are widely distributed but which hide their source code are much more in the latter category.

As for Satellites-- their obscurity probably is worth something. It's only one link, and the need to have the broadcasting station is a huge barrier. On the other hand, they can be highly visible targets, and I'd suspect that they aren't as obscure as one would really like to be to think it grants you some security. They probably ought to start using, as a matter of course, real secure protocols.

-Rob

Why is this in the spam category? (0)

Geoffd1 (466931) | more than 12 years ago | (#2773689)

Seriously. Is it really spam-related?

security (1)

Eon78 (19599) | more than 12 years ago | (#2773692)

As most of the people who will read this, I have no hands-on experience with satellites. So basically I don't think you ask your question to the right audience. Then again, you only want opinions, and that I can give you :)

Question 1. I think you can do a DOS attack, provided that you have a strong transmitter. I have no idea what they cost, but I think you must be pretty badly want to do this, since these kind of transmitters probably won't come cheap.
Probably a weaker tranmitter can do the trick if the distance from the receiver is small. If the receiver is standing at large site, and that site is well secured than this probably won't be a problem.

Question 2. Deciphering the command structure will probably not be that difficult. Especially not if you know what you are looking for (kind of data). As you said before, it is not encrypted.
I figure that if you can afford a receiver/transmitter to sniff the connection, or to do a DOS attack, that deciphering the command structure will be peanuts.

Question 3. If you (or your company) is concerned with illegal access than hooking it up directly to the Internet will probably not be a good idea. Furthermore, it would be wise to implement your own level of encryption over IPSec so that you can easly implement stronger encryption when needed.

Most importantly: is it worth it? I think not. Transmitters/receivers are specialised equipment (thus also probably very expensive). When you succeed to hack/crack a satallite then what? You have access to gigabytes of mostly useless data...

This goes for Joe Hacker. If you're talking corporate-espionage that's a completly different story... But I also don't think it is really worth the trouble for them...

True story (1, Interesting)

Anonymous Coward | more than 12 years ago | (#2773694)

Scientific satellites usually don't have much security. I wrote a script in tcl/tk once that created a set of satellite commands. The commands were transfered by ftp (perl) to an ftp-site where it got placed on the command queue.

You don't get much cpu-power in scientific satellites because they have to use CPUs certified for use in space. I might be wrong, but I think we used some Texas Instrument CPU från 1976 (they built the satellite in 1997). That means that ssh or ipsec would be useless.

We lost contact with the satellite after 5 months in space.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?