Fig 2 - uploaded by Martin Strohmeier
Content may be subject to copyright.
The typical flow of data through a maritime VSAT network. The attacker in the diagram can eavesdrop on traffic from step 6 but has limited visibility into traffic at all other stages.
Source publication
![Fig. 1: A typical marine VSAT system [14].](profile/Martin-Strohmeier-3/publication/339974272/figure/fig1/AS:870015494529025@1584439266428/A-typical-marine-VSAT-system-14_Q320.jpg)
Very Small Aperture Terminals (VSAT) have revolutionized maritime operations. However, the security dimensions of maritime VSAT services are not well understood. Historically, high equipment costs have acted as a barrier to entry for both researchers and attackers. In this paper we demonstrate a substantial change in threat model, proving practical...
Contexts in source publication
Context 1
... maritime VSAT network is not significantly different from other satellite networking environments with respect to its basic architecture. As outlined in Figure 2, the customer sends web requests up to their provider's satellite which then relays those requests on a different frequency to a large ground-station. This ground-station then forwards customer requests across the open internet, receives the responses, and relays those responses back up to the satellite which then forwards those same responses back down to the customer. ...
Context 2
... unique aspect of eavesdropping in satellite networks that does not hold for most other wireless networks is that the geographic location of an attacker within the coverage area can have significant impacts on their ability to observe certain signals. For example, the attacker depicted in Figure 2 can easily observe responses from the satellite internet service provider (ISP) to the customer but would have a much more difficult time intercepting the focused uplink requests transmitted by the customer. This means in our experimental analysis, the recorded traffic generally only contained "forward-link" packets received by satellite customers but not the "reverselink" packets sent by customers to their ISPs. ...
Context 3
... appendix is thus intended to provide technical insight into the techniques employed which may be of academic interest without releasing a fully featured attack tool to the general public. A simplified overview of the entire GSExtract data extraction process can be found in Figure 22 at the end of this section. ...
Context 4
... are the lowest-level logical encapsulation layer inside a demodulated DVB-S2 stream. Each BBFrame begins with a 10-byte BBHEADER as defined by ETSI EN 302 307 and summarized in Figure 20 [17]. The most important portion of this header for our purposes is the two byte Data Field Length (DFL) value which indicates the overall size of the data-field which follows the BBHEADER and the location in the stream where the next BBFrame begins. ...
Citations
... The computer security communities have developed valuable insights that have not yet been applied to space systems. For instance, work by Pavur et al. [5] and Willbold et al. [6] on satellite communication vulnerabilities highlights the need for further exploration and mitigation of risks in satellite systems. Although the viability of certain attacks on satellite systems and, more specifically, against the space segment of a satellite mission has been shown in previous research, they often assume well-informed attacker models with detailed insights into a system. ...
... Security and privacy in satellite networks have recently enjoyed a renaissance in the academic computer security community. This was sparked by Pavur et al. in 2020, who outlined the ease of eavesdropping on the downlink contents of unencrypted legacy geostationary satellite systems [5]. It illustrated that it is feasible to identify and analyse the traffic of a large number of users in the same satellite footprint. ...
... However, it lacks authentication, encryption, security, or personal information verification, making all devices vulnerable to attacks at the implementation level. Attackers could send false signals or malicious codes to disable or compromise the system, potentially endangering the safe navigation of the vessel [39]. • It is common for the system to be run on old computers without security updates. ...
The rise of the Internet of Things (IoT) has opened up exciting possibilities for new applications. One such novel application is the modernization of maritime communications. Effective maritime communication is vital for ensuring the safety of crew members, vessels, and cargo. The maritime industry is responsible for the transportation of a significant portion of global trade, and as such, the efficient and secure transfer of information is essential to maintain the flow of goods and services. With the increasing complexity of maritime operations, technological advancements such as unmanned aerial vehicles (UAVs), autonomous underwater vehicles (AUVs), and the Internet of Ships (IoS) have been introduced to enhance communication and operational efficiency. However, these technologies also bring new challenges in terms of security and network management. Compromised IT systems, with escalated privileges, can potentially enable easy and ready access to operational technology (OT) systems and networks with the same privileges, with an increased risk of zero-day attacks. In this paper, we first provide a review of the current state and modalities of maritime communications. We then review the current adoption of software-defined radios (SDRs) and software-defined networks (SDNs) in the maritime industry and evaluate their impact as maritime IoT enablers. Finally, as a key contribution of this paper, we propose a unified SDN–SDR-driven cross-layer communications framework that leverages the existing SATCOM communications infrastructure, for improved and resilient maritime communications in highly dynamic and resource-constrained environments.
... However, it lacks authentication, encryption, security, or personal information verification, making all devices vulnerable to attacks at the implementation level. Attackers could send false signals or malicious codes to disable or compromise the system, potentially endangering the safe navigation of the vessel [39]. • It is common for the system to be run on old computers without security updates. ...
The rise of the Internet of Things (IoT) has opened up exciting possibilities for new applications. One such novel application is the modernization of maritime communications. Effective maritime communication is vital for ensuring the safety of crew members, vessels, and cargo. The maritime industry is responsible for the transportation of a significant portion of global trade, and as such, the efficient and secure transfer of information is essential to maintain the flow of goods and services. With the increasing complexity of maritime operations, technological advancements such as unmanned aerial vehicles (UAVs), autonomous underwater vehicles (AUVs), and the Internet of Ships (IoS) have been introduced to enhance communication and operational efficiency. However, these technologies also bring new challenges in terms of security and network management. Compromised IT systems, with escalated privileges, can potentially enable easy and ready access to operational technology (OT) systems and networks with the same privileges, with an increased risk of zero-day attacks. In this paper, we first provide a review of the current state and modalities of maritime communications. We then review the current adoption of Software-Defined Radios (SDRs) and Software-Defined Networks (SDNs) in the maritime industry and evaluate their impact, as IoT enablers, on the future of maritime industry operations, safety, and security.
... There are studies on analyzing space-related incidents [3]- [5], [18], [20], [21]. For example, [3] considers incidents in terms of the payload, signal, and ground aspects; [4] provides narrative descriptions concerning NASA, jamming, hijacking, and control attack categories; [5] analyzes 1,847 space-related incidents according to their risk taxonomy for space. ...
Cybersecurity of space systems is an emerging topic, but there is no single dataset that documents cyber attacks against space systems that have occurred in the past. These incidents are often scattered in media reports while missing many details, which we dub the missing-data problem. Nevertheless, even "low-quality" datasets containing such reports would be extremely valuable because of the dearth of space cybersecurity data and the sensitivity of space systems which are often restricted from disclosure by governments. This prompts a research question: How can we characterize real-world cyber attacks against space systems? In this paper, we address the problem by proposing a framework, including metrics, while also addressing the missing-data problem, by "extrapolating" the missing data in a principled fashion. To show the usefulness of the framework, we extract data for 72 cyber attacks against space systems and show how to extrapolate this "low-quality" dataset to derive 4,076 attack technique kill chains. Our findings include: cyber attacks against space systems are getting increasingly sophisticated; and, successful protection against on-path and social engineering attacks could have prevented 80% of the attacks.
... Furthermore, the software processing this data has not been designed to be secure against arbitrary, unstructured input data, leading to denial of service vulnerabilities [8]. It was also demonstrated in 2020 that confidential maritime communications are regularly transmitted by DVB-S satellite broadband in the clear, raising concerns about TCP session hijacking [9,10]. ...
... While satellite communication devices improve user experience, quality of living, and operations, when integrated into a cyber-physical system-of-systems, a single vulnerable device may unwittingly extend the attack surface of the overall CPS [5]. When these systems are connected, maritime networks are no longer air-gapped and are more vulnerable to external cyber-attacks. ...
The notion that ships, marine vessels and offshore structures are digitally isolated is quickly disappearing. Affordable and accessible wireless communication technologies (e.g., short-range radio, long-range satellite) are quickly removing any air-gaps these entities have. Commercial, defence, and personal ships have a wide range of communication systems to choose from, yet some can weaken the overall ship security. One of the most significant information technologies (IT) being used today is satellite-based communications. While the backbone of this technology is often secure, third-party devices may introduce vulnerabilities. Within maritime industries, the market for satellite communication devices has also grown significantly, with a wide range of products available. With these devices and services, marine cyber-physical systems are now more interconnected than ever. However, some of these off-the-shelf products can be more insecure than others and, as shown here, can decrease the security of the overall maritime network and other connected devices. This paper examines the vulnerability of an existing, off-the-shelf product, how a novel attack-chain can compromise the device, how that introduces vulnerabilities to the wider network, and then proposes solutions to the found vulnerabilities.
... Lastly, ship-to-shore communication has also to deal with cybersecurity issues. In particular, a ship and ROC must communicate over insecure networks [16] without any malicious actor being able to eavesdrop or impersonate any of the parties. ...
p>This paper uses data processing techniques to reduce the required transmission bandwidth in ship-to-shore communications. The proposed framework (ONline Efficient Sources Transmission Optimizer - ONESTO) leverages state-of-the-art technologies and novel algorithms to automatically optimize transmissions under structural (e.g., available bandwidth, fixed packet overhead) and user-defined (e.g., maximum latency) constraints. In addition, ONESTO authenticates and encrypts the communication between the ship and the shore via mainstream free and open-source software components. Initially, we present the abstract mathematical formulation of the problem, with its assumptions, goal function, constraints, and significant quantities. Then, we introduce the architecture of a system capable of continuously estimating the compressibility, processing and transmission time of streaming data. Such estimations allow ONESTO to calculate and apply optimal parameters for achieving the best compression ratio. Lastly, using a prototypical implementation, we evaluate the system performance with a Class B ship simulator on two realistic use cases. Our experiments show an excellent compression ratio with maritime protocols (more than 40:1) and a limited latency impact, demonstrating the approach’s viability.</p
... Spoofing attacks have also been shown against the uplink, through both telecommand hijacking and broadcast intrusion [62], [68]. Spoofing satellite internet has also been outlined as a potential issue [44]. However, no current work explores the effect, on either the ground station or the downstream users, of spoofing attacks against Earth Observation satellites. ...
... Whilst government regulations, academic work, and recent reports by organizations such as GOES have drawn attention to space data link security more generally, these focus on securing the telecommand or internal bus rather than the Payload Data Downlink (PDD) [11], [64], [45]. To the best of our knowledge only one academic paper considers satellite systems spoofing outside of GNSS, and this only in a theoretical scenario of internet hijacking [44]. As a result, there are open questions on the effects of successful spoofing attacks against EO satellites, both at the ground station and downstream systems which depend on the data. ...
... Recent satellite systems security work has raised concerns about the security of the data link, with a surprising number of satellites communicating unencrypted [21], [44], [43]. For example, it was demonstrated in 2020 that confidential maritime VSAT satellite communications can be received and decoded by SDR-equipped attackers from a great distance away (covering a total area of tens of millions of square kilometers), thanks to the satellites' wide beam width and unencrypted payload [44]. ...
... A prior work [16] demonstrates this threat by eavesdropping on maritime VSAT communications in the North Atlantic. The stream decoder GSExtract developed in this work can extract between 40-60% of the GSE PDUs contained within the targeted streams. ...
... Four Factors Causing Stream Corruption. Given a complete DVB/GSE packet, it is straightforward to decode it using a traditional FSM-based approach (e.g., GSExtract [16]) which decodes layer by layer according to information in headers (e.g., data field length). The innermost PDUs (i.e., IP packets) extracted in this approach can be further analyzed by tools like Wireshark. ...
... Considering that sensitive information could be included in the stream, we followed ethical principles proposed by the prior work [16], not storing any data longer than necessary. Even for the learning model trained using the eavesdropped data, we deleted it immediately after completing the evaluation to prevent adversary data generation from the model (e.g., GAN [9]). ...
... Also, Papastergiou et al [51] referred to the possibility of gaining access to maritime infrastructure through compromising the supply chain. Additionally, Pavur et al [52] demonstrated the feasibility of VSAT TCP session hijacking for reaching and controlling maritime VSAT communication. Moreover, Tam and Jones [58] argued that users can be tricked into downloading and executing malicious software or guided into malicious websites. ...
... Jo et al [43] categorized vulnerability scanning of ship systems, eavesdropping on Voice over Internet Protocol (VoIP), and Wi-Fi communication in the discovery stage of cyber attacks. Pavur et al [52] demonstrated the ability to collect credit card information, visa, passport, ship manifest, and non-encrypted REST API credentials communicated through eavesdropping on VSAT connections. ...
The maritime domain is among the critical sectors of our way of life. It is undergoing a major digital transformation introducing changes to its operations and technology. The International Maritime Organization urged the maritime community to introduce cyber risk management into their systems. This includes the continuous identification and analysis of the threat landscape. This paper investigates a novel threat against the maritime infrastructure that utilizes a prominent maritime system that is the Automatic Identification System (AIS) for establishing covert channels. We provide empirical evidence regarding its feasibility and applicability to existing and future maritime systems as well as discuss mitigation measures against it. Additionally, we demonstrate the utility of the covert channels by introducing two realistic cyber attacks against an Autonomous Passenger Ship (APS) emulated in a testing environment. Our findings confirm that AIS can be utilized for establishing covert channels for communicating Command & Control (C &C) messages and transferring small files for updating the cyber arsenal without internet access. Also, the establishment and utilization of the covert channels have been found to be possible using existing attack vectors and technologies related to a wide range of maritime systems. We hope that our findings further motivate the maritime community to increase their efforts for integrating cyber security practices into their systems.KeywordsMaritimeCybersecurityAutomatic Identification System (AIS)Cover channel
\( ATT \& CK\)
