SlideShare a Scribd company logo

Hostile Takeover Of Satellites

Meidad Pariente
Meidad Pariente

So you think you can takeover a satellite ? well, it's not so easy as you (might) think...

TechnologyBusiness
1 of 22
Download to read offline
Presentation Content • Introduction • Satellite command 101 • So you want to overtake a satellite…? • Summary
From the Press
Presentation Purpose • In the past year we heard a lot about hostile takeover attempt of satellites, especially US satellites. • The presentation will explain what are the building blocks of satellites command channel, identifying the weak links in the chain. Since Satellites are very (very) far away, the only way to get hold of one is via the remote command channel • The presentation will address only command and control channels and not hostile takeover of payload such as pirate transmissions.
EUHR Ashton on Jamming by Iran and Lybia
What does a satellite Command System do ? Very specific and predefined things! • Reconfigures satellite or subsystems in response to radio signals from the ground. • Different Command timing – Immediate – Delayed – Priority driven (ASAP) • Batched (sequenced) Commands
Command Functions • Power on/off subsystems • Change subsystem operating modes • Control spacecraft guidance and attitude control • Deploy booms, antennas, solar cell arrays, protective covers • Upload computer programs
Command System RF Performance You need professional equipment! • Frequencies – S-band (1.6 – 2.2 GHz) – C-band (5.9 – 6.5 GHz) – Ku-band (14.0 – 14.5 GHz) • BER = 10-6 • Typical transmission power: 50-100 Watt (based on large diameter antennas) • Typical transmission rate: up to 8 Kbit/sec High speed tracking antennas are required
Command System Block Diagram - Ground Very specific and predefined actions (in the SW) • GSE operator selects command mnemonic • Software creates command message in appropriate format and encodes it • Sequence (Batch) commands/macros • Signal Modulation: Pulse code modulation (PCM), Phase shift keying (PSK), Frequency shift keying (FSK)
Command System Block Diagram - Space Not “launch and forget” simple system • Decoders reproduce command messages and produce lock/enable and clock signals. • Command logic validates the command – Default is to reject if any uncertainty of validity – Drives appropriate interface circuitry
Data checked and packaged in “envelopes” Overall structure of a command
Command Messages Fields • Spacecraft address (unique identifier) • Source ID • Command type – – – – – Relay commands Pulse commands Level commands Data commands Command select • Error detection and correction • Multiple commands MBT GCS AMOS-3 Satellite, 4ºW Geostationary Belt
Command Logic Verification Process • Receiver level Validation – Encryption (commercial such as CARIBOU) – Authentication – Command destination • Software level Validation – – – – – Correct address EDAC Valid command Valid timing/Numbering Authenticated Several Data check Levels
Prerequisites • • • • • • • RF Transmission equipment Knowledge of command frequencies. Knowledge of Encryption key(s) Knowledge of Authentication key(s) Knowledge of Satellite ID Knowledge of source (Ground Facility) ID Knowledge of commands dictionary
Is that it ? Not yet… • RF receiving equipment • Decoded Telemetry – To generate correct addressing (destination) of the fake command – To generate correct timing (numbering) of the fake command – To generate correct context of the fake command
Analyzing the risk – ESA approach
Few Observations • Is it hard to jam or block a command channel ? Not really – Simple hardware, relevantly low power • Commercial Encryption is not good enough – Is it ? What do banks use for transactions ? What do 7.5 Million PayPal transaction every evening use ? • It will be no problem to hack into GCS computers – If you’re a smart operator, the GCS network is an isolated one without connections to the outside world • Easiest Method is…… Inside job !!
Hostile Takeover Of Satellites

Recommended

Isro mcc
Isro mccIsro mcc
Isro mcchindujudaic
 
CArcMOOC 05.03 - Pipeline hazards
CArcMOOC 05.03 - Pipeline hazardsCArcMOOC 05.03 - Pipeline hazards
CArcMOOC 05.03 - Pipeline hazardsAlessandro Bogliolo
 
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMS
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMSEASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMS
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMSsoulstalker
 
CArcMOOC 06.03 - Multiple-issue processors
CArcMOOC 06.03 - Multiple-issue processorsCArcMOOC 06.03 - Multiple-issue processors
CArcMOOC 06.03 - Multiple-issue processorsAlessandro Bogliolo
 
Basic non pipelined cpu architecture
Basic non pipelined cpu architectureBasic non pipelined cpu architecture
Basic non pipelined cpu architecturekalyani yogeswaranathan
 
Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Gaditek
 
5e
5e5e
5esterrazas
 
ORBCOMM Satellite System
ORBCOMM Satellite SystemORBCOMM Satellite System
ORBCOMM Satellite SystemAkram Ahmed
 

Recommended

Isro mcc
Isro mccIsro mcc
Isro mcchindujudaic
 
CArcMOOC 05.03 - Pipeline hazards
CArcMOOC 05.03 - Pipeline hazardsCArcMOOC 05.03 - Pipeline hazards
CArcMOOC 05.03 - Pipeline hazardsAlessandro Bogliolo
 
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMS
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMSEASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMS
EASA PART-66 MODULE 5.15 : TYPICAL AIRCRAFT INSTRUMENT SYSTEMSsoulstalker
 
CArcMOOC 06.03 - Multiple-issue processors
CArcMOOC 06.03 - Multiple-issue processorsCArcMOOC 06.03 - Multiple-issue processors
CArcMOOC 06.03 - Multiple-issue processorsAlessandro Bogliolo
 
Basic non pipelined cpu architecture
Basic non pipelined cpu architectureBasic non pipelined cpu architecture
Basic non pipelined cpu architecturekalyani yogeswaranathan
 
Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Gaditek
 
5e
5e5e
5esterrazas
 
ORBCOMM Satellite System
ORBCOMM Satellite SystemORBCOMM Satellite System
ORBCOMM Satellite SystemAkram Ahmed
 
2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma ca2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma caJAIGANESH SEKAR
 
Drive test final
Drive test finalDrive test final
Drive test finalYaser Al-Abdali
 
Parameters for drive test
Parameters for drive testParameters for drive test
Parameters for drive testJakoba Fetindrainibe
 
CCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreCCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreTIB Academy
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdfcodearachnid_test
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdfcodearachnid_test
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdfcodearachnid_test
 
Drive Test Nemo
Drive Test NemoDrive Test Nemo
Drive Test Nemotoha ardi nugraha
 
Accurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksAccurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksDesign World
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification StoryDVClub
 
Computer networks unit ii
Computer networks unit iiComputer networks unit ii
Computer networks unit iiJAIGANESH SEKAR
 
Drive test
Drive testDrive test
Drive testMd Joynal Abaden
 
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Atollic
 
Introduction to ELINT Analyses
Introduction to ELINT AnalysesIntroduction to ELINT Analyses
Introduction to ELINT AnalysesJoseph Hennawy
 
Ess.robert
Ess.robertEss.robert
Ess.robertNASAPMC
 
Himss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaHimss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaFrank Meissner
 
Distance Measurement equipment (DME)
Distance Measurement equipment (DME)Distance Measurement equipment (DME)
Distance Measurement equipment (DME)Afghanistan civil aviation institute
 
In out system
In out systemIn out system
In out systemAgnas Jasmine
 
telemetry tracking and command systems
telemetry tracking and command systemstelemetry tracking and command systems
telemetry tracking and command systemsShaheem TM
 
datalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxdatalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxMeenaAnusha1
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

More Related Content

Similar to Hostile Takeover Of Satellites

2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma ca2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma caJAIGANESH SEKAR
 
CCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreCCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreTIB Academy
 
Accurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksAccurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksDesign World
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification StoryDVClub
 
Computer networks unit ii
Computer networks unit iiComputer networks unit ii
Computer networks unit iiJAIGANESH SEKAR
 
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Atollic
 
Introduction to ELINT Analyses
Introduction to ELINT AnalysesIntroduction to ELINT Analyses
Introduction to ELINT AnalysesJoseph Hennawy
 
Ess.robert
Ess.robertEss.robert
Ess.robertNASAPMC
 
Himss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaHimss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaFrank Meissner
 
telemetry tracking and command systems
telemetry tracking and command systemstelemetry tracking and command systems
telemetry tracking and command systemsShaheem TM
 
datalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxdatalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxMeenaAnusha1
 

Similar to Hostile Takeover Of Satellites (20)

2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma ca2.3b access control random access methods - part 3 - csma ca
2.3b access control random access methods - part 3 - csma ca
 
Drive test final
Drive test finalDrive test final
Drive test final
 
Parameters for drive test
Parameters for drive testParameters for drive test
Parameters for drive test
 
CCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in BangaloreCCNA Training in Bangalore | Best Networking course in Bangalore
CCNA Training in Bangalore | Best Networking course in Bangalore
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdf
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdf
 
l20_satellitettc.pdf
l20_satellitettc.pdfl20_satellitettc.pdf
l20_satellitettc.pdf
 
Drive Test Nemo
Drive Test NemoDrive Test Nemo
Drive Test Nemo
 
Accurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed ClocksAccurate Synchronization of EtherCAT Systems Using Distributed Clocks
Accurate Synchronization of EtherCAT Systems Using Distributed Clocks
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification Story
 
Computer networks unit ii
Computer networks unit iiComputer networks unit ii
Computer networks unit ii
 
Drive test
Drive testDrive test
Drive test
 
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
Advanced debugging on ARM Cortex devices such as STM32, Kinetis, LPC, etc.
 
Introduction to ELINT Analyses
Introduction to ELINT AnalysesIntroduction to ELINT Analyses
Introduction to ELINT Analyses
 
Ess.robert
Ess.robertEss.robert
Ess.robert
 
Himss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via damaHimss 2000 talk satellitetelecom via dama
Himss 2000 talk satellitetelecom via dama
 
Distance Measurement equipment (DME)
Distance Measurement equipment (DME)Distance Measurement equipment (DME)
Distance Measurement equipment (DME)
 
In out system
In out systemIn out system
In out system
 
telemetry tracking and command systems
telemetry tracking and command systemstelemetry tracking and command systems
telemetry tracking and command systems
 
datalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptxdatalinklayer-200201062315 (1).pptx
datalinklayer-200201062315 (1).pptx
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

Hostile Takeover Of Satellites

  • 1.
  • 2. Presentation Content • Introduction • Satellite command 101 • So you want to overtake a satellite…? • Summary
  • 3.
  • 5. Presentation Purpose • In the past year we heard a lot about hostile takeover attempt of satellites, especially US satellites. • The presentation will explain what are the building blocks of satellites command channel, identifying the weak links in the chain. Since Satellites are very (very) far away, the only way to get hold of one is via the remote command channel • The presentation will address only command and control channels and not hostile takeover of payload such as pirate transmissions.
  • 6. EUHR Ashton on Jamming by Iran and Lybia
  • 7.
  • 8. What does a satellite Command System do ? Very specific and predefined things! • Reconfigures satellite or subsystems in response to radio signals from the ground. • Different Command timing – Immediate – Delayed – Priority driven (ASAP) • Batched (sequenced) Commands
  • 9. Command Functions • Power on/off subsystems • Change subsystem operating modes • Control spacecraft guidance and attitude control • Deploy booms, antennas, solar cell arrays, protective covers • Upload computer programs
  • 10. Command System RF Performance You need professional equipment! • Frequencies – S-band (1.6 – 2.2 GHz) – C-band (5.9 – 6.5 GHz) – Ku-band (14.0 – 14.5 GHz) • BER = 10-6 • Typical transmission power: 50-100 Watt (based on large diameter antennas) • Typical transmission rate: up to 8 Kbit/sec High speed tracking antennas are required
  • 11. Command System Block Diagram - Ground Very specific and predefined actions (in the SW) • GSE operator selects command mnemonic • Software creates command message in appropriate format and encodes it • Sequence (Batch) commands/macros • Signal Modulation: Pulse code modulation (PCM), Phase shift keying (PSK), Frequency shift keying (FSK)
  • 12. Command System Block Diagram - Space Not “launch and forget” simple system • Decoders reproduce command messages and produce lock/enable and clock signals. • Command logic validates the command – Default is to reject if any uncertainty of validity – Drives appropriate interface circuitry
  • 13. Data checked and packaged in “envelopes” Overall structure of a command
  • 14. Command Messages Fields • Spacecraft address (unique identifier) • Source ID • Command type – – – – – Relay commands Pulse commands Level commands Data commands Command select • Error detection and correction • Multiple commands MBT GCS AMOS-3 Satellite, 4ºW Geostationary Belt
  • 15. Command Logic Verification Process • Receiver level Validation – Encryption (commercial such as CARIBOU) – Authentication – Command destination • Software level Validation – – – – – Correct address EDAC Valid command Valid timing/Numbering Authenticated Several Data check Levels
  • 16.
  • 17. Prerequisites • • • • • • • RF Transmission equipment Knowledge of command frequencies. Knowledge of Encryption key(s) Knowledge of Authentication key(s) Knowledge of Satellite ID Knowledge of source (Ground Facility) ID Knowledge of commands dictionary
  • 18. Is that it ? Not yet… • RF receiving equipment • Decoded Telemetry – To generate correct addressing (destination) of the fake command – To generate correct timing (numbering) of the fake command – To generate correct context of the fake command
  • 19. Analyzing the risk – ESA approach
  • 20.
  • 21. Few Observations • Is it hard to jam or block a command channel ? Not really – Simple hardware, relevantly low power • Commercial Encryption is not good enough – Is it ? What do banks use for transactions ? What do 7.5 Million PayPal transaction every evening use ? • It will be no problem to hack into GCS computers – If you’re a smart operator, the GCS network is an isolated one without connections to the outside world • Easiest Method is…… Inside job !!