Christoph Bader (Airbus Defence & Space GmbH)

Recent reports on the state of satellite security reveal that many satellite systems that are operational today do not implement sufficient protection against cyber-attacks. Most notably is the fact that many systems lack of cryptographic protection on their TT&C link. If COMSEC protection on the TT&C link is missing an attacker with access to the RF link can eavesdrop on the communication and, even worse, could be able to inject specially crafted messages that would be processed by the satellite.

In this paper, we analyze needs and establish high level requirements for concepts aiming to secure TT&C link communication (with respect to confidentiality and authentication). The requirements cover key aspects of security and operations. We assess existing standards (SDLS and SDLS EP) against our requirements and determine that SDLS is suitable for traffic protection while SDLS EP does not meet all security requirements for key management (namely, it does not meet post compromise security). Finally, we discuss alternative key management approaches such as stateless authenticated key agreement and stateful authenticated key agreement (or key evolution protocols) and how they meet our requirements.

View More Papers

Towards generic backward-compatible software upgrades for COSPAS-SARSAT EPIRB 406...

Ahsan Saleem (University of Jyväskylä, Finland), Andrei Costin (University of Jyväskylä, Finland), Hannu Turtiainen (University of Jyväskylä, Finland), Timo Hämäläinen (University of Jyväskylä, Finland)

Read More

BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the...

Chuhan Wang (Tsinghua University), Yasuhiro Kuranaga (Tsinghua University), Yihang Wang (Tsinghua University), Mingming Zhang (Zhongguancun Laboratory), Linkai Zheng (Tsinghua University), Xiang Li (Tsinghua University), Jianjun Chen (Tsinghua University; Zhongguancun Laboratory), Haixin Duan (Tsinghua University; Quan Cheng Lab; Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd)

Read More

PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the...

Man Zhou (Huazhong University of Science and Technology), Shuao Su (Huazhong University of Science and Technology), Qian Wang (Wuhan University), Qi Li (Tsinghua University), Yuting Zhou (Huazhong University of Science and Technology), Xiaojing Ma (Huazhong University of Science and Technology), Zhengxiong Li (University of Colorado Denver)

Read More