Space and Satellites Security Conferences at DEF CON 32 (and a little bit Aviation Security)

0
148

The videos from the Def Con 32 conference held in Las Vegas from August 8th to 11th are now online. Perfect for keeping busy during the long winter evenings ahead.

I have made a small selection of hashtag#cybersecurity topics on Space and Satellites.

Enjoy watching!

Small Satellite Modeling and Defender Software – Kyle Murbach

Abstract : This talk is meant to inform the next generation in aerospace cybersecurity by discussing our major research milestones, relevant findings, lessons learned, and areas of concern relating to the overall cybersecurity posture of small satellite systems.

Breaking the Beam:Exploiting VSAT Modems from Earth – Lenders, Willbold, Bisping

Abstract : Our presentation at DEF CON is part of a project that has three parts.

  • In the first part, we focus on the inherent security issues in current VSAT system practices. This work will be appear in May at ACM WiSec 2024.
  • The second part deals with the systematic evaluation of wireless signal injection attacks using a software-defined radio. This work will appear in August at Usenix Security 2024.
  • The third part of the project deals with reverse-engineering of the software and network stack of satellite modems and the development of exploits that can be injected over the air through the antenna dish of a VSAT terminal from the ground. This part shall be presented at DEF CON this year.

Analyzing the Security of Satellite Based Air Traffic Control -Martin Strohmeier

Abstract : Automatic Dependent Surveillance – Contract (ADS-C) is a satellite-based aviation datalink application used to monitor aircraft in remote regions. It is a crucial method for air traffic control to track aircraft where other protocols such as ADS-B lack connectivity. Even though it has been conceived more than 30 years ago, and other legacy communication protocols in aviation have shown to be vulnerable, ADS-C’s security has not been investigated so far in the literature. We conduct a first investigation to close this gap.

Bridging Space and Medicine – Fernando De La Peña Llaca

Abstract : In the vast expanse of space, holographic teleportation—a futuristic blend of holography and teleportation—has revolutionized astronaut communication. Imagine beaming a lifelike 3D image of yourself across light-years. Now, consider its potential in medicine: remote surgeries, expert consultations, and training—where distance dissolves, and expertise transcends borders. Buckle up; holoconnect is our cosmic ticket to healing!

Ground Control to Major Threat Hacking the Space Link Extension Protocol – Andrzej Olch

Abstract : Space missions have increasingly been the subject in the context of security breaches and satellite hacks. The majority of discussions revolve around direct communication and access to spacecraft through means such as Software Defined Radio. However, the reality is that this approach isn’t practical for most adversaries, as it requires substantial resources and is easily detectable due to the power and radio frequencies required to command a spacecraft. Instead, adversaries might shift their focus away from the Space Segment and opt for a more practical approach, such as accessing and exploiting the Ground Segment vulnerabilities and flaws in order to gain control over spacecraft.

From Theory to Reality Demonstrating the Simplicity of SPARTA Techniques – Randi Tinney

Abstract : Demonstrating the transition from theorized space cyber attacks to practical proof of concepts. The presentation will utilize a simple yet effective attack, a man-in-the-middle attack, on the ground infrastructure to demonstrate how many SPARTA techniques and sub-techniques can be performed against a spacecraft from the ground infrastructure. By illustrating the significant impact of this simplified concept, we aim to emphasize the urgent need for enhanced cybersecurity measures throughout the entire lifecycle of space missions and break the inherit trust between the ground and spacecraft.

GPS spoofing it’s about time, not just position – Ken Munro

Abstract : Talking to pilots and operators, an important aspect of GPS spoofing and jamming is being missed from the narrative in the media. We know about position spoofing, that’s a given. What doesn’t appear to be getting much attention is the effect of time spoofing.

Below are not space but aviation security talks

How I Developed a Low Cost Raspberry Pi Based Device for ADS B Spoof – Angelina Tsuboi

The device receives ADS-B information from the antenna and the software-defined radio, which is then passed into a Convolutional Neural Network written with Python to detect whether or not the aircraft is spoofed. I trained the neural network on a dataset of valid ADS-B signals as well as a generated spoofed set of aircraft signals, to teach Fly Catcher how to detect and flag any suspicious ADS-B signals. It does this by checking for discrepancies in the signal’s characteristics, such as its location, velocity, and identification.

The Interplay between Safety and Security in Aviation Systems – Lillian Ash Baker

Abstract : Safety has been at the forefront of Civil Aviation since the formalization of DO-178, Software Considerations in Airborne Systems and Equipment Certification, in 1981. However, times have changed since then and we live in a world with seemingly limitless connectivity. DO-356A, Airworthiness Security Methods and Considerations, forms the cybersecurity bedrock in which aviation systems are designed and implemented. In this talk, participants will learn about how Safety and Security is applied to system design and how they interact with one another. Design Assurance Levels (DAL) and Security Assurance Levels (SAL) concepts are presented and explained what their purpose is. This talk is designed to appeal to the general cybersecurity community by introducing fundamentals of Safety analyses and discussing how Safety and Security interact with one another.

RF Attacks on Aviation’s Defense Against Mid-Air Collisions – G. Longo, V. Lenders

Abstract : Aviation’s Traffic Collision Avoidance System (TCAS) II has been touted as a foolproof safety net since its introduction in the 1980s. But what if we told you that this supposedly impenetrable system can be compromised? For years, attacks on TCAS have been mere theoretical exercises, foiled by an (accidental) built in security feature. That is, until now. In this presentation, we’ll reveal the first working RF attacks on TCAS II, demonstrating how to hijack collision avoidance displays and create fake Traffic Advisories (TAs) and Resolution Advisories (RAs). We’ll walk you through the technical challenges of building the necessary tooling using commercial off-the-shelf hardware.

Navigating the Turbulent Skies of Aviation Cyber Regulation – M. Weigand, S. Wagner

Abstract : This combination presentation and panel discussion will surface the policy and technical challenges associated with securing civil aviation, bringing together perspectives from government, industry, and aviation cybersecurity companies. Given the continued growth in civil aviation and impending regulation in the United States of America and Europe, this talk will describe the key technical challenges and the resulting policy challenges that should be addressed to keep civil aviation secure.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.