Cyber-risk mitigation for satellites
The CORAC delivers an end-to-end solution that is acting as a safeguard against data interception, spoofing and other malicious activities that has been targeting space infrastructure and
ground-stations with high intensity.
End-to-end protection for satellites
Cyber-attacks are part of today’s world. Not only in other industries but in space as well. Especially since 2022, the number of attacks skyrocketed and there is an unprecedented need for strong and reliable defense.
The solutions are based on the CORAC KeyMaster HW appliance deployed in a terrestrial data center and CORAC EPU cryptographic payload installed onboard a satellite.
Together, this implements a strong and reliable encryption process for securing uplink/downlink data communications as well as people and assets on the ground and in space.
The solution includes:
-
1x multi-functional HW appliance CORAC KeyMaster
-
1x onboard HW payload CORAC EPU (flight ready)
-
30x MD (man-days) of maintenance to support your mission
In-orbit SW updates protection
Cyber-criminals can intercept or modify SW updates and inject malicious code. That may lead to serious consequences such as system malfunctions or even complete loss of control. Without proper security measures, eavesdropping, spoofing, and other types of attacks can easily compromise the integrity of critical systems. This applies to space and terrestrial IT alike. In the case of space business, stakes are higher, and disruption of operations is way more costly.
How we help:
Software that is not digitally signed or is signed by an untrusted entity, can not be considered safe. Based on DevOps best practices, developers should be digitally signing commits, tags, entire containers, and whole SW packages distributed as SW updates. The same practice applies to the SW development process of space businesses.
CORAC solution offers both signing and verification capabilities on Earth as well as in space. Developers integrate CORAC KeyMaster crypto API to sign their SW updates and CORAC EPU crypto payload verifies SW updates after being transferred onboard a satellite.
How in-orbit SW updates protection works:
Users write code in their favorite IDE and push it to a CI/CD pipeline. One step of the pipeline automatically sent the hash value of pushed code to the CORAC KeyMaster API:
POST /signing/sign_hash
CORAC KeyMaster invokes a process for code signing and signs supplied hash with a code signing certificate linked to an identity of a certain user. Once signed, the code can be sent over an uplink to your satellite along with the corresponding public key. Onboard CORAC EPU payload then verifies the integrity of the received SW update and verifies the authenticity of the signature. As a result, the update can be installed because there is cryptographic proof that it was not modified by a malicious actor
Uplink command protection
Radio communication between satellites and ground stations can be intercepted and various flaws in communication protocols can be exploited by cyber-criminals or state-sponsored adversarial groups in order to cause mission failure.
How we help:
CORAC solutions provide authenticity, integrity and protection against replay attacks focused on the uplink command channel. After an interception of uplink traffic, adversaries may resend intercepted commands and cause unpredictable damage to satellites (even though the command channel is encrypted).
It is also crucial to ensure the authenticity of commands received by your satellite and ensure that it accepts only commands created and sent by legitimate users and ground stations. The same degree of importance is given to the capability to prevent unauthorized processes or users to modify sent commands while in transit.
How it works:
CORAC KeyMaster allows the user to send the intended command “string” to its API endpoint for hash based MAC (HMAC) signing.
POST /signing/sigh_HMAC
POST /signing/verify_HMAC
KeyMaster concatenates provided command string, shared secret, and command sequence number in order to feed CCSDS recommended SHA-256 (or SHA-3) hash function. As a result KeyMaster produced a signed HMAC sent alongside with the original command.
Once received by a satellite radio, onboard CORAC EPU payload uses a shared secret pre-burned to the EPU read-only memory and verification function that confirms that command was not modified during the transfer, was created by a legitimate user, and was not reused by an adversary in order to conduct a replay attack.
Key lifecycle management
Cyber adversaries follow various malicious strategies in order to get to sensitive data. Typically, some approaches count on gathering possibly interesting encrypted traffic for future brute-force “decryption” by a quantum computer. Others do not seek to brute-force their way into encrypted traffic since on today's commodity HW such a task is too expensive. Rather than that, cyber-criminals target poorly secured encryption key storage and simply decrypt harvested data.
How key lifecycle management help:
Key lifecycle management is a cornerstone of a responsible, resilient, and sustainable encryption strategy. Being successful in maintaining confidentiality, integrity, and availability is not just about “the strongest” encryption algorithm. It is about an entire process starting with the way encryption keys are generated, stored, handled, and distributed. Key lifecycle management implements vital processes allowing companies to safely maintain encryption of data at rest in ground stations (and satellite payloads) or in motion while being transferred.
How it works:
Various ground-station services access CORAC KeyMaster REST API to request cryptographic services while encryption keys (the most important part of the encryption process) are safely stored in dedicated storage with strong access controls. Examples of endpoints are as follows:
GET /keys/get_secret
GET /keys/get_key_pair
POST /keys/upload_pub_key
CORAC KeyMaster crypto API offers multiple services such as key generation, digital signing, HMAC signing, data encryption, and many more.
Data encryption
Even today, quite a high percentage of satellite traffic is unencrypted and therefore vulnerable to eavesdropping and spoofing. CCSDS documentation strongly recommends implementing means to ensure the confidentiality of data. It is important to ensure the confidentiality of uplink commands as well as downlink channels transferring images and other valuable and sensitive data. Also, it is important to encrypt data stored in ground-station storages as well as payload data on satellites.
How data encryption help:
In today's interconnected world, data confidentiality is vital in order to protect intellectual property and maintain technological superiority. For resilient data encryption, it is important to choose the right encryption algorithms for the right tasks.
For instance, different cryptographic methods are used for maintaining the confidentiality of data while other methods are suitable for ensuring integrity and authenticity.
How it works:
CORAC KeyMaster API endpoints contain the capability to generate symmetric and asymmetric encryption keys as well as directly encrypt data anywhere on the ground station. Examples of encryption/decryption endpoints are as follows:
POST /encrypt/aes256
POST /decrypt/aes256
CORAC EPU, as a satellite HW crypto payload, completes CORAC KeyMaster in encrypting and decrypting protected data when received on a satellite.
Protect your business, it's better to be prepared before it's too late.