DPhil the Future: Satellite hacking - researching cyber space
Posted: 4th June 2021
DPhil student in cyber security and Rhodes Scholar James Pavur looks at identifying security gaps that have evolved in modern space missions.
The number of satellites in orbit is expected to increase by an order of magnitude over the next decade. From weather and geolocation to communications and research, these distant information systems provide critical services that impact billions of lives. Here, at the beginning of a new era in space technology, it is more important than ever to ensure that these platforms are secure.
At Oxford University’s Systems Security Lab, led by Professor Ivan Martinovic, we are working to study the unique cyber security threats and requirements relevant to space technologies. The intention is to identify security gaps that have evolved in modern space missions, determine the underlying causes of these shortcomings, and invent solutions that satellite operators can incorporate to better secure their missions.
Studying SATCOMs
One particularly exciting topic has been our research into the security of modern satellite broadband communications. Satellite-based internet services are a key growth area in the space industry, with companies like SpaceX, Inmarsat, Amazon, and OneWeb betting on satellite constellations as the best way to bring the next billion internet users online.
Even today, satellite internet services support millions of customers and businesses. Understanding the security properties and requirements of status quo services can help guide our efforts to design and defend the next generation of satellite broadband.
We began with a series of passive surveys, listening to the radio emissions of 18 satellites in geostationary orbit (GEO). These GEO satellites are located about 30,000 km above the equator. The specific platforms involved in these studies serve customers on five continents, with a combined footprint area exceeding 80 million square kilometres.
Eavesdropping signals intelligence on a hobbyist budget
In exploring these signals, we found that a cyber-attacker could reliably eavesdrop on broadband traffic from dozens of different providers. To make matters worse, they could do so using about £250 worth of widely available home television equipment.
As many satellite internet service providers were not employing over-the-air encryption, this meant attackers could directly observe the internet traffic of satellite broadband customers. Additionally, due to the nature of satellite communications, this attack was virtually untraceable and could be executed over distances of thousands of kilometres. DPhil student in cyber security James PavurLooking closer at the contents of these signals confirmed the severity of these findings. We encountered a wide range of data which was inadequately protected. This included consumer traffic, such as SMS text messages from passengers using in-flight Wi-Fi services over the Atlantic. It also included data from governments and some of the world’s largest businesses, such as navigational charts destined for cargo vessels in the Mediterranean or login credentials for wind turbines in continental Europe.
When we encounter issues like this in our research, we follow a standard practice known as ‘responsible disclosure’ prior to publication. In our case, this involved reaching out directly to both satellite internet service providers and larger industrial customers to inform them of our findings and make them aware of previously overlooked risks impacting their businesses.
How does this happen?
During our responsible disclosure conversations, we learned that many in the industry were notionally aware of the risk of unencrypted wireless communications but had decided to accept it. In part, this was because they assumed equipment to execute these attacks was far more expensive than we found in our own research. However, there were also substantial performance costs to standard encryption approaches – such as the use of end-to-end virtual private networks (VPNs).
After reviewing some related research, we learned that the physical properties of satellites were causing VPN encryption tools to perform poorly in modern networks. Specifically, because satellites are thousands of kilometres away from the customers who are using them to communicate, the speed of light acts as a cap on how quickly messages can be sent in these networks. Because of this, certain protocols such as the TCP protocol used by most websites, require special performance optimisations from satellite internet service providers using applications called Performance Enhancing Proxies (PEPs).
These optimisation tools required the internet service provider to have full visibility into the traffic of their customers so they could determine which packets to optimise. Customers who decided to use a VPN would end up blocking this visibility and would find their connections slow to a crawl.
Building an open and actionable solution
Rather than attempt to convince internet service providers to update their systems to support encryption – a liability which they seemed reluctant to adopt – we worked to invent an approach which would allow customers to encrypt their traffic independently according to their specific needs. Critically, the system had to be comparably performant to unencrypted traffic sent via a traditional PEP.
The ultimate result of this effort was the creation of a hybrid VPN-PEP called QPEP which combines the performance properties of satellite PEPs with a VPN-like encrypted tunnelling mechanism. QPEP leverages a modern encrypted transport protocol, known as QUIC, which ensures reliability and reasonable bandwidth exploitation – even in high latency satellite environments.
In testbed simulations, we found that QPEP not only outperforms traditional VPNs, but its design achieves faster page load times than even unencrypted PEPs. Across the Amazon’s Alexa Top 20 list of popular websites, QPEP roughly halves page load times compared to an unencrypted PEP and loads pages over 70% faster than VPN-encrypted connections in the same network. DPhil student in cyber security James Pavur
Today, QPEP is freely available as an open-source tool which anyone can download and modify. One advantage to doing this sort of research at Oxford is that we can share information about our solutions freely, without pressure to commercialise or maintain proprietary secrets. This means other researchers can verify and improve on our ideas, paving the way to more secure satellite broadband for everyone. In an industry where encryption solutions are typically closed source and unverifiable ‘black boxes’, we hope that our open approach can rejuvenate innovation around a vital security topic.
Going forward
Our own work on QPEP is continuing as we move towards testing the tool in real-world satellite networks and optimising its design for use in large networks. We are also considering related topics in securing other satellite communications applications, such as inter-satellite links in Low Earth Orbit (LEO) constellations.
Beyond satellite broadband, there are many other security topics of relevance to the space community. For example, we are conducting research into the security properties of space situational awareness (SSA) data which is used to help satellites avoid on-orbit collisions with each other and with pieces of space debris. We’ve also exploring a variety of other topics, ranging from small satellite platform security, to the interaction between cyber security and range safety for rocket launches.