2 min Security

Researchers break security guarantees of networking in spacecraft

Researchers break security guarantees of networking in spacecraft

A group of researchers found holes in the security of Time-Triggered Ethernet applications in spacecraft.

The Orion spacecraft and SLS rocket, which have been in development for 15 years and are anticipated to usher into a new era of space exploration, will undergo their first integrated test on Wednesday, when NASA is scheduled to launch the Artemis I mission.

The Time-Triggered Ethernet (TTE) network standard will also be flown into space for the first time on a crewless mission following the orbital test flight of Orion in 2014. (TTE) is a mixed-criticality network, which is built to route traffic with differing levels of timing and fault tolerance over the same set of hardware. 

Until now, spacecraft have mostly relied on single networks to send mission-critical or safety signals alongside segregated networks transporting video conferencing data and other less critical information. Orion is the first spacecraft to rely on a TTE network to route mixed-criticality traffic.

Attack on TTE

Researchers recently published findings that break TTE’s isolation guarantees. The attack is called PCspooF, a method that lets a single non-critical device linked to a single plane to disrupt communication between TTE devices on all planes.

The attack makes use of a weakness in the protocols of TTE. “Our appraisal demonstrates that the attacks are feasible within seconds with that every successful attack causing TTE devices to drop synchronization for a second and transmit tens of TT messages – leading to the shortfall of crucial systems”, the researchers wrote.

Through a simulated spaceflight mission, the researchers demonstrated how PCspooF results in uncontrolled motions that endanger mission success and safety.

Evaluation

The attack can’t succeed if all critical devices in a network have static MAC and IP mappings and ignore ARP requests. However, the researchers discovered that even when ARP was deactivated and the TTE network was set to use static mappings and ignore ARP requests, commercial routers and other typical network devices frequently replied to ARP requests.

“Our results show that PCspooF threatens the safety of critical TTE systems, like spacecraft and aircraft”, the researchers wrote. “We hope the description of our attack, as well as the mitigations we identified, will influence the deployment of current TTE systems, as well as the designs of future mixed-criticality network technologies.”

Tip: US certifies AMD Versal SoC for satellite applications