Schneier on Security

Clive Robinson • August 2, 2021 8:38 AM

@ Bruce, ALL,

Of course this is hackable:

Nearly all satellites launched this century are software “hackable by design” in oh so many ways you realy would not believe…

However the article you link to is not talking about “software reprograming” as such but “antenna footprint reprograming” and other communications sysytems componentsamoungst other things. It’s about 3.5 thousand kg platform with eight fully definable beams that can be updated in near real time and in theory has the capability to track an individual ship or aircraft.

Yes it is a flexible software-defined satellite, but “software-defined” is a “term of art” and used as in “software-defined radio”. That is the traditional physical parts of the radio systems have been replaced with “Digital Signal Processing”(DSP) and phased array systems. DSP is rather different to conventional programing, and does not require a Turing Compatible Processor, a simplified “state machine will frequently do”.

You have to think of DSP “filtering data” rather than “processing data”. That is it uses the likes of the MAD instruction to “scale and offset” by predefined non data dependent “filter values”, and in no way acts upon “data dependent” values, thus can not be “hacked” that way.

Further the satelite is very loosely like a 5G base station and it’s stearable antennas using phase array techniques can point at singular targets, small areas and large areas of complex coverage patterns.

The contract for this satellite was “inked” back in 2015 after half a decade of wrangling. It was developed in the UK that has been the worlds leading Satellite BUS and Payload developer, with Martin Sweeting’s Surrey Satellite being lead developer[1].

Quantum is likely to be the last such system due to Brexit, and what can be said is extreanly limited. Put simply the ESA’s rules as laid down by the European Commission preclude any further involvment of the UK or UK personnel in EU Space development other than in a very very minor capacity.

It’s why Airbus’s name is now prominant although missing at the original inking.

As for UK space development, there is a story going around that UK Prime Minister Boris Johnson is going to sell it all at a massive loss to one or two companies that are in effect owned by the Chinese, who want the technology that EU politicians would rather be used against them in weapons of war by an actively hostile power rather than buy it from the UK and politicaly have it stick in their craw…

In another more interesting “security” area for the EU,

https://www.hpcwire.com/off-the-wire/all-member-states-now-committed-to-building-an-eu-quantum-communication-infrastructure/

[1] https://www.surrey.ac.uk/people/martin-sweeting

Clive Robinson • August 2, 2021 1:18 PM

@ Chelloveck,

Sure, we can assume strong encryption, and good key management… but why would we?

It’s a fair question, and the answer is one few like…

Which is,

“You have to asume a root of trust somewhere.”

Clive Robinson • August 3, 2021 6:30 AM

@ SpaceLifeForm, JonKnowsNothing, MarkH, Winter, ALL

With regards “Global Navigation Satellite Systems”(GNSS) the way they work is actually very very simple, but… With great simplicity inherently great complexity is close on it’s heals.

Imagine if you will a one pulse per second highly time stable generator at exactly the center of an exactly spherical earth with satelites in exactly circular orbits and lots of people standing around with receivers at very close to sea level on the perfectly circular earth that is not in any way influenced by the Moon, Sun, gas giants or even the effects of sunlight on wind etc…

It’s not difficult to realise from this perfect model that the position of every receivers antenna is a simple triangle with regards the center of the earth, a satellite in a perfectly circular orbit and a point on the surface of a pefectly spherical earth where the person stands and back to the center of the earth.

If you know two lengths and two points the other length and point are actually quite easily calculated. Most high school kids with a nice diagram on the board and a simple equation,

C2 = B2 + A2

Writen beside it and given two distances from the centee of the eaeth to the orbit hight and the earths surface hight can work out the rest fairlt quickly.

Now as the speed of light C is allegedly a very precise constant measuring distance by time can be as accurate as you like… And again the high school kids can do this…

The problem starts with the fact the earth spins, and is thus not a perfect sphere but an oblate spheroid, the actual shape of which is dependent not just on the position of all the planets and major masses in the solar system but such apparent inconsequentials as if there are clouds over land masses etc. Satellite orbits are effected not just by the fun of “Space Weather” but “Earth Weather” as well and rhe tome be it day light or night light below it… Also the surface of the earth moves around not just like an ice cube in a drink but in hight as well.

Thus there is a great deal of unpredictability in things…

Now the Galileo ideal is it is supposed to be able to tell a distance appart of ~8inches / 20cm or the length of your hand in any orientation…. Compare that with the earths average radius of 6,371,000 meter or 31,855,000 times the length of your hand… Your average “floating point” package is not going to hack it at all.

But… Whilst it is not possible to work out so many “random variables” and perform the required vector addition you can cheat and outrageously so without much loss in accuracy. The reason being those triangles are realy determind by the harmonic functions of each circular function that contributes to the orbital path.

Thus a large Discreet Fourier Transform (DFT) will enable you to very accurately predict the points and lengths of those triangles in the fairly short term and you can compare the prediction with the integration of the previous N known points.

In essence that is all your GNSS receiver is doing. Using a prediction to make a measurment that fairly accurately predicts your position. However rather than your receiver doing the “heavy lift” this is done by software at the control center that generates fake satellite etc hights and positions (ephemeris) and takes into account relativity etc and sends it to your receiver.

If that is accurate your position is accurate, if not you are “all at sea”.

From what has been said the software that generates the ephemeris got derailed.

Now ask yourself a question, for something so important, why would the design alow a single individual to SNAFU it?

The answer is no way on Gods little Green Apple. Thus the story coming out of the EU is lets just say “highly improbable” and smacks of “Political ass wallpapering”. It’s fairly well known that Galileo only exists because of the efforts of almost a bunch of students at Surrey University in Guildford Surrey UK. Further all along Galileo’s history it all keeps comming back to the team in Surrey… However all the real provlems with Galileo started when EU politicians stuck their “camels nose” in due to power politics and Brexit…

Will the EU get Galileo right? Given time everything is possible, but will it be credible when that happens? Probably not…

But hey politicians always know better than every one else including domain experts…

My advice unless cyan is your favourite colour don’t hold your breath.

Clive Robinson • August 3, 2021 12:39 PM

@ echo,

Politics and bureaucracy is the game of MEP’s and the Commission.

Along with major fraud, it’s certainly the game of the largely non democratic Commission. Who try to stop the MEP’s actually having any influence or real control over them.

However like project managers should take note of domain experts so should the members of the Commission but they do not.

With regards,

It’s not as easy as it looks and more than one “domain expert” has come unstuck poking their noses into these areas which they may not have experience with.

The reason it’s “not as easy” is that it is a deliberate policy to make things as dificult as possible to not just detect the fraud, but stop it. Even true domain experts in the likes of accountancy have found themselves first victimized then attacked both at work and in their homes by those working on behalf of commission members like the Kinnocks who were upto their necks in fraud, be it financial, political and electoral.

Which brings us onto,

not everything is a straight line path.

Again deliberately so, so that financial, polirical and electoral fraud may florish in the commission.

It’s time the “You don’t understand XXXican politics” nonsense stopped and fraud legislation applied vigourously.

Because you have to ask the question just how many deaths in the EU arr down to the fraud and corruption behind the COVID vaccine procurement policy the EU Commission President Ursula von der Leyen was doing very nicely by till it all blew up and the real truth about the nasty little games they play started to leak out.

As for,

I also think you have forgotten the UK is a relatively modest economy with enough of its own problems…

All “nations” have “modest economies” in one way or another, that is the nature of state expenditure per capita. However even quite small nations can be the “leading edge” of the entire world, look at the Dutch and the manufwcture of high end semiconductor fabrication equipment for instance which nobody including China, the US or any other nation comes even close to.

The UK had a number of world leading specialities ARM chips being one, ceryain power mosfets being another and Space Bus and payloads being yet another, VTOL technology and much more besides. The UK was punching well well above it’s weight in quite a few areas.

However UK politicians especially the current encumbrants are morally and fiscally bankrupt thus open to all forms of fraud. Which is why we keep having “fire sales of fire sales” where IP is given away for free with infrastructure “friends of friends” are not even paying 1 cent on the dollar for…

But hey that’s the price you, I and most other UK citizens pay to keep an oaf in power who will sell your teeth and body organs just to make a few bob for his “American and Chinese Chums”.

Clive Robinson • August 4, 2021 6:11 AM

@ MikeD,

<

blockquote>I’d be surprised if they’re using DSPs for their software radio work.

<

blockquote>

You’ld be surprised at “who?”

Have a look at the futuren and games behind “space qualified parts”, noe that realy might surprise you.

But even though,

DSPs underperformed FPGAs in that role all the way back in 2009 when I did a grad class project on it.

When you say “underperformed” you are being very very non specific. And yes before you ask, there are ways DSP chips outperform FPGA’s

Way to many make assumptions about what is important in specifications and it often goes down hill from there on in…

For instance look up the 1802 processor and why it’s still regarded by some as the way to go.

Clive Robinson • August 4, 2021 11:47 AM

@ Winter,

volume, power consumption, and durability, and very little else. Would FPGA’s measure up here?

There is another thing, amd it’s not much talked about…

If you are spending tens if not hundreds of millions getting a payload into space, you tend to be quite conservative in outlook.

One aspect of which is you are not going to be “first into space” wirh new technology as it’s got no upside in it for most people…

When they talk about “space qualified” what they realy mean is,

“Have atleast ten satellite designs before me had it functioning in space for half a decade or more?”

If no then it’s a “no fly” no matter how it’s been ground qualified…

This is causing real issues with the likes of “rechargable batteries” where the battery manufacturer sees no point in manufacturing such batteries any more, and in some cases due to legislation for environmental issues they can not even be legaly manufactured any more…

What some people do not realise is sometimes you can get “free rides”. Put simply it’s safer to put a full load of fuel in even if the satellite is only half the lift mass.

Thus the prime has two choices to “make mass” one put in “old iron” as some call it or find other satellites to make up the required mass.

When Surrey Satellites was “independent” they used to make “Technology Demonstrators” often with the likes of technology you could “buy off of the High St” like high end consumer electronics such as digital cameras. That they would put in one or three nano-micro sats / cube sats. As it was known they were doing it for “the good of all” they could frequently find a prime who had a bit of spare space. Thus new low cost technology would get a toe on the space qualified ladder. It’s one of the le

Since Air-Bus got their boots in the door many primes are now suspicious that future flights will not be for the “good of all” especially with the idiotic way EU Commission Politicians are behaving. Especially with the nonsense we have seen going on with Galileo etc.

I guess we will just have to wait and see… But for what it’s worth, every time Europe/Britain get an indipendent capabiliry that is world leading political snouts get under the tent flap and that’s the end of “independent” and shortly there after the end of “world leading” and the next thing you know all the IP gets given to some Chinese/US company for less than nothing…

It’s one of the reasons what was ESA is getting so bl**dy paranoid. They’ve had independence now the EU Commission are “re-aranging the deck chairs” with a new agency. ESA will be required to hand over all their IP etc, to the new agency which will be a financial mismanagment of epic proportions, so a case can be easily made to “sell it off” and oh look all ESA’s IP goes with it for free…

Yes I know people are going to say I’m paranoid or imagining it, or don’t understand complex politics or some other guff. But then they realy need to stick their face in a mirror and ask the reflection “Who am I realy kidding?”…

Clive Robinson • August 5, 2021 2:49 AM

@ Ruminant Subhuman Creature,

This stuff is truly medieval. The chain mail and the portcullis, a dungeon in the basement of the castle, ball and chains, shackles, manacles, neck irons, compressed air powered jail cell doors, whatnot.

Not sure what it is you are ingesting but I suspect it’s not legaly prescribed…

@ ALL,

It was called “Castle-v-Prison” in a similar way to “Cathedral and the Bazarre”[1]. In his essay Eric S Raymond contrasted two Open Sorce development models. On effectively a demi-god and appointed high priests (Cathedral model) the other much more Open and in theory where anyone can contribute a part no matter how small (the Bazaar). Which gave rise to Eric’s “many eyes” idea.

What I was pointing out was the issue of a single CISC CPU (Castle) model championed by the likes of Intel which was obviously “the past” even back last century. Where the security perimiter was pushed “outwards” as far as possible, thus by default all code loaded in common “core” memory was “trusted”, “massive”, “complex” and given “free run of the system” thus made not just vulnarabilities but their exploit an absolute certainty.

I contrasted this against against a considerably more modern view point where not only was there “perimeter security” but also no task inside the computer was trusted thus was run in it’s own small “cell” CPU as a tasklet and was closely monitored by a security hierarchy of hardwqre state machines and hypervisors. The cells were multiple CPU’s issolayed from each other and external refrences running in parallel configuration that in effect formed a “Prison”.

The advantage of the Prison model over the Castle model are very many and I’m not going to list them here as they are already up on this blog, and you should be able to find them fairly easily (assuming they have not been taken down by our @host).

[1] Eric Raymonds 1997 essey and later book,

https://en.m.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar

Clive Robinson • August 9, 2021 1:23 AM

@ SpaceLifeForm, ALL,

From the end of the “Hack-a-sat” article,

“The set up enabled visitors to try “controlling” the flat sat — sending commands to it from a ground control terminal using Cosmos — a software platform used to control real satellites.”

Yes “Cosmos” is the way some operators communicate with Sats but it’s realy not the way to “Hack-Sats”…

It’s like having to use the preconfigured SCADA interface software to hack an ICS, when sitting on the network and getting in at the real communications level gives you so much more scope.

Engineers are by and large “conservative” one part of this is “human readable communications protocols”. That is for years you could use just telnet to talk to a port, becaise that was the way engineers got things up and running.

Whilst Sat-Comms is more complicated the same basic principles apply. Those comms ports are designed not just to be accessable and reliable but simply so.

It’s why there is a very active community of “listners” that not just find satellites by their downlink comms systems, they fairly quickly learn to “break out” signals from the “multiplex” etc and work out what the data is and can be used for.

As for flat-sats, as I’ve mentioned I’ve one on my test bench that gets more changes than a super model at a fashion show. The hard part of working with the comms is getting it to behave like it’s in actual orbit…