[ISN] Satellite Command Security?

From: InfoSec News (isnat_private)
Date: Wed Jan 02 2002 - 22:11:30 PST

  • Next message: InfoSec News: "[ISN] Security hole in AOL Instant Messenger leaves computers vulnerable to remote takeover"

    Posted by Cliff on Wednesday January 02, @09:53AM
    from the preventing-orbital-hacking dept.
    teridon asks: "I work in the satellite control industry, and I've been
    asked to present mission safety with regards to command security. In
    other words, how do we ensure that 'unknowns' don't command the
    satellite. Military and commerical birds often employ encryption on
    both the uplink and the downlink. However, it seems that none of the
    science-oriented satellites my company operates do this. We rely on
    physical security (access to the control center), network security (we
    use closed networks), technology (most crackers don't have access to a
    huge radio antenna with which to transmit), and obscurity (each
    satellite has its own command structure, not publicly documented).  
    Many satellites use CCSDS frames to uplink commands; only the command
    data is obscured by lack of public info." A common mantra heard from
    Slashdot is "obscurity is not security", and this is a lesson that
    teridon wants his company to learn, in addition to other steps they
    can take to improve the security of their system. What suggestions
    might you have when it comes to improving security on satellite
    systems, especially if you have experience from some of the mistakes
    that you may have seen in production?
    "Three major issues concern me (I'm going to assume that our network 
    security works : 
    1. Can someone effectively execute a DOS attack by uplinking to the
    satellite with a powerful signal (the frequency would be easy to
    'snoop' from our transmitting antenna), thus preventing us from
    commanding it? In general, how do receivers handle multiple command
    carriers (would there be too much noise to command)?
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 09:05:50 PST