[Date Prev][Date Next][Thread Prev][Thread Next] - [Date Index][Thread Index][Author Index]

Re: Satellite Command System es Crypto.....

>To have crypto security as you suggest would also require RF Link security 
>as well, and that I have a sense is not available at this generation of 

Hi Larry,

You are quite correct that we face two distinct problems: preventing
unauthorized commanding of the satellite even if someone manages to
intercept a command station's transmission, and protecting the command
uplinks from jamming -- what we in the computer security biz call a
"denial of service attack".

These are distinct threats with distinct solutions. The discussion so
far has focused on the first problem for two reasons: it is the easier
one to solve, and it could actually be implemented on a spacecraft
already in orbit, provided that it has a computer that can be
reprogrammed from the ground.

But I'm not as pessimistic as you about the second problem, as I see
an entirely viable approach. It requires hardware so it obviously
cannot be implemented on a satellite already in orbit.  But it would
be entirely practical on a new amateur satellite.

Imagine a command receiver with a frequency synthesizer. Instead of
listening on a fixed frequency, the IHU can periodically retune it to
any frequency in the amateur satellite band. And only the authorized
command stations know the current command frequency.

How do the command stations know which frequency to use? The IHU could
randomly generate each frequency and explicitly transmit it in
telemetry, encrypted in a key known only to the command stations. Or
the IHU could derive the command frequency by encrypting the current
time of day as broadcast in telemetry, again with a key known only to
the satellite and the command stations. The command stations
synchronize their clocks to that of the satellite and generate the
same frequency hopping sequence.

To assist the command stations with synchronization, the frequency
hops could coincide with the start of a new telemetry frame. And with
reasonable FEC and interleaving on the uplink format, the short
glitches caused by synthesizer settling times or small timing errors
in hop synchronization need not disrupt the uplink data stream.

This is nothing more than the famous slow frequency hopping spread
spectrum scheme patented by Hedy Lamarr during WW II. Her intended
application was different -- protecting radio guided torpedoes from
being jammed by the Germans -- but the idea is exactly the same.

Without knowledge of the current command frequency, a jammer would
have no choice but to jam every possible command channel all the time.
This is still doable, but it is obviously a lot harder. (Jamming, say,
the entire 435-438 MHz band would also jam a spacecraft with a fixed
command channel somewhere in that range, so at least we're no worse
off with hopping.)

If the hop rate is short compared to the FEC interleaving depth, this
scheme could provide error-free uplink data at the spacecraft even
when it occasionally lands on a jammer. The jammed hop would look much
like a deep fade to the coding, and we certainly know how to use FEC
to handle deep fading.

And a scheme that's effective against intentional jamming will also
work well against non-malicious QRM like that frequently encountered
on the amateur satellite bands.

We're still vulnerable in one way, however.  If a jammer can get close
enough to a command station to hear his uplink, then he can jam that
same frequency. This is the "follow and jam" technique. The usual
countermeasure in military anti-jam systems is to hop so fast that by
the time your signal propagates to the jammer, you've already hopped
to the next channel. Fast hopping is considerably more difficult to
implement than slow hopping, especially if the jammer can get
arbitrarily close to the command station such that the speed-of-light
delay is very short. It requires direct digital synthesizers and
precise synchronization, tends to make the modulation less efficient,
and may not be worth the added complexity. Other techniques, such as
using low transmit power and high gain antennas with minimal
sidelobes may be more practical.


Via the amsat-bb mailing list at AMSAT.ORG courtesy of AMSAT-NA.
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org