Firefly: Spoofing Earth Observation Satellite Data through Radio Overshadowing

Salkield, Edd; Köhler, Sebastian; Birnbach, Simon; Baker, Richard; Strohmeier, Martin; Martinovic, Ivan

doi:10.14722/spacesec.2023.231879

Cited by 3 publications

(1 citation statement)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are also avenues for abuse even of authenticated uplinks without violating cryptographic operations; the attacker can exercise control over the chosen data rate by selective jamming of the uplink, or behaving as a legitimate party in a multi-user system. This also weakens the downlink to jamming, alongside other attacks such as overshadowing [15].…”

Section: Motivationmentioning

confidence: 99%

Security Risks of Adaptive Coding and Modulation in Space Systems

Salkield,

Köhler,

Birnbach

et al. 2024

2024 Security for Space Systems (3S)

Self Cite

View full text Add to dashboard Cite

Adaptive Coding and Modulation (ACM) space protocols are currently being implemented and standardised to maximise data throughput on satellite links in the presence of signal fading and radio interference. These systems use an uplink feedback channel, allowing the ground segment to influence the selection of modulation and coding parameters to suit the current channel conditions. However, no current academic work considers the security implications of physical-layer attackers targeting this uplink channel.In this paper, we introduce the uplink-assisted attacker which hijacks the currently unauthenticated ACM feedback mechanisms, using only cheaply available equipment, to select illsuited communication parameters and prevent the channel from responding to radio interference attacks on the downlink. Our results show the high impact of this attack class: an uplink-assisted noise jammer can cause a 50% frame error rate at 11.5 dB less average power than a noise jammer alone, and up to 16.9 dB if higher modulation and coding parameters are supported. Uplinkassisted spoofing and bandwidth restricting attackers are also shown to be more effective than their counterparts which attack the downlink alone.Unfortunately, these issues cannot be resolved by cryptographic authentication alone, especially where an attacker can pose as one of multiple terminals reporting channel quality. We therefore conclude with a discussion of countermeasures to prevent and detect this form of attack, and draw out lessons learned for secure ACM design.

show abstract

Section: Motivationmentioning

confidence: 99%