 Hi everybody, Frank Pound here from AstroSec. Today I'm going to talk to you a little bit about this topic called space resilience as it relates to the hack-a-sat hacking competition that was started by the Air Force and Space Force nearly two years ago. I've been involved with that project for quite some time and the recurring theme obviously is how to make more secure space architectures and with the hack-a-sat program we used a small satellite model and a ground station as sort of the centerpiece of the competition to try to showcase you know what could be done by an adversary but also showcase what could be done by defenders to make for a more resilient space architecture. So what does it mean to be resilient in space? Well first let's think back to 30 years ago and the organizations that were involved in space operations launching satellites into space. Everybody thinks of a satellite as this you know sort of big square with solar panels sticking out the sides and big antennas sitting up in space and providing some sort of service. Some of those services could be communications you know facilitating the watching of live live sports like the Olympics which are going on right now. There's lots of satellites involved in relaying those communications from Japan to ground stations across the globe and distributing that video for everyone to see. So communication satellites historically have been you know one of the primary things people think about when they think about objects in space that are performing some sort of service. We also have spy satellites up there that take pictures of certain places on earth and we have other sensors that are part of scientific missions that NASA and the European Space Agency and others have launched for deep space exploration. Specifically what I'm going to talk about though is not so much about satellites that are performing those functions of communications or spy satellites or things like that. What I want to focus on though is this new space economy and the new space economy is enabled by the democratization of a lot of technologies that are now within reach of just about anyone with a little bit of a budget and some imagination. It's come time today where if you have an idea that involves collecting data from space it's not so hard to realize that idea. Build your own spacecraft pay a moderate sum of money to get that spacecraft launched alongside dozens of others through economy of scale sort of pioneered by SpaceX and others and get your platform in orbit to collect that data. A lot of people are thinking about monetizing that data you know swipe your credit card and get pictures of your backyard things like that. So how does resilience relate to that? Well the thing is if you think back there's a parallel to this and the parallel is the origin of the internet. The internet was created back in the 60s and 70s for the purpose of resilient communications. However one of the issues with the creation of the internet is folks only thought of it as a capability to recover from a catastrophic nuclear war and people didn't really think about the fact that well the internet itself could be attacked or used for malice. And so for many many years in the 70s and 80s and early 90s the internet sort of grew up in this sort of protected club like atmosphere only used by governments and universities and it was never really exposed to sort of the general malice of the global community. And the same thing potentially could happen in the new space economy as folks are starting to create these great ideas and and great monetization platforms for space. Well what follows is the criminal syndicates and the other you know maybe not so friendly nation states who want to sort of take advantage of those of those new resources that are being you know funded and paid for by their adversaries. And so we must be resilient to that sort of thing so how are we going to be more resilient. Well we can look back again to the to the creation of the internet and we can start to think about how can we design insecurity from day one. How can we think about more resilient designs from day one. Part of that comes with thinking like the adversary. Thinking like the adversary means you know if you're a hacker what would you do to try to break in to your your competitors systems. And so so that means looking at the ground stations looking at the software that goes into the ground stations looking at the communication links that connect the ground stations together looking at the antenna segments that receive the data that goes into the ground station and then looking at the the protocols that are used to communicate to the satellites in space. Looking at the satellites themselves. And so we did all this in the hack-a-sat project. The engineers who built the competition framework group called Cromulance actually built a real world model of a flat set to enable us to act like adversaries and actually run to ground some of these potential vulnerabilities that we saw or that were that were perceiving. And it was so successful they're they're going to do it again with hack-a-sat 2.0. So in summary you know resilience really means understanding you know thinking about the vulnerabilities that exist and thinking about ways to mitigate those vulnerabilities with practical application of good engineering thought and good engineering designs. We need more security researchers in the industry we need the existing security researchers that that are out there to connect with the space an aerospace community and it is enough to have them come in after the fact and to do a security assessment at the end. We need the researchers to be a part of the development team and include them in the entire life cycle of the system. Welcome to Space Security Challenge 2020 hack-a-sat the final event as the democratization of space opens up a new frontier for exploration and innovation we see new cybersecurity vulnerabilities emerging the space security challenge is designed to inspire the world's top cybersecurity talent to develop the skills necessary to secure this last frontier of cybersecurity space. Every federally funded lab is charted with the mission of technology transfer technology transfer is all about taking government-owned intellectual property and transferring it to the public domain the Air Force research lab and our charter to perform tech transfer put us in the best position to lead this effort but first we had to overcome the monumental task of convincing people that hacking a satellite was actually a good thing to do in the name of improving space security but we persevered and our mission fueled the creation of what we called the space security challenge 2020 hack-a-sat. At the heart of it we needed to create a community where one didn't currently exist and we wanted to leverage the challenge model because we've learned a lot from DARPA and they've been very successful at creating communities through challenges and so DARPA created this challenge back in like 2004 bringing together the AI industry the sensor industry or community and also the automotive industry to formulate a challenge to improve the security of the automotive industry leveraging AI now you fast forward 15 years we have a fully functioning industry of autonomous vehicles and that's ultimately where we're going with space security challenge hack-a-sat we want to build trust and security into our space systems so we needed to get the attention of the hacker community and we're not typically as the air force and now space force we're not trying to do outreach to the hacker community so we had a new unique challenge on our hands we also needed to get the attention of policymakers and the general public and industry we needed people to care about this because it affects all of us and then the pandemic hit and all of our plans to run the finals at DEF CON it builds an audience of tens of thousands of DEF CON tracks shattered so we pivoted so we needed to figure out a way to hold finals virtually and still achieve our goal of cultivating a research community and it became apparent that this pivot to virtual was actually more of an opportunity it was an opportunity to reach people who wouldn't have normally been able to travel to DEF CON but there were huge challenges associated with this for both the competitors and the spectators so in July we shipped each team leader a flat set which came with an air bearing and what the teams could do is they could put their flats out on top of the air bearings and then they could use the attitude control system in the flat set to be able to rotate the flat set to kind of emulate what it would be like if they were in space but with COVID what we didn't anticipate were the global shipping timelines two of our teams didn't get their flat sets until later in fact the third place team flux repeat rocket didn't even receive their flat set until the morning of the competition on august 7th that was a real nail biter then there were the spectators after all the world is watching now we needed to be able to give people all over the world a way to feel like they were part of the action so we built this fully immersive 3d environment for spectators to explore and watch the competition we did our best to give it a defcon feel so that people really felt like they were still part of that environment that we work so hard to be part of and so as part of this environment we created this extensive library of content and videos and so all of the content that we created on hackasat as well as all the videos that were created are available on our github page and our youtube channel and where you can access that information and continue to learn about hacking cyber and space the scenario was based around a mock stolen satellite so once the teams are on the satellite the remaining challenge is had to do with removing the presence of the malicious actor that was on that satellite orient it so that they could then use the imager to take a photo of the moon that we had set up inside of the facility where the flat sets were all located the other part of the challenge teams were tasked with coming up with a command set that would point an actual satellite at the actual moon teams were given a very limited amount of time to accomplish that goal and one of them was able to successfully take a photo of the moon using that command set we're going to answer the question as to which team had their code sent into space tonight congrats to team poland can into space for submitting not only the best solution overall throughout the whole evaluation period but the solution that is going to space we expect the moonshot to happen in a couple of hours at 6 30 pacific and that picture will be sent down to earth at about 1 a.m pacific there will be people who are hacking satellites and so by having the federal government structure this in a nice organized and safe way we can do it without getting in any trouble and they can get the results and the understanding that they need from an attacker's perspective having the ability to approach something with the mindset of you know how could i break this always helps you understand how a system works better it's something we all as a community have to be thinking about and the security the security community wants to be a part of that they would like to be involved with these systems would like to secure these systems would like to learn more about these systems so so openness and transparency um and and getting access to more of these systems going forward and we need this space community the aerospace community to be open and available and receptive to that um and that's what we were trying to accomplish with hackathat put on a game that that brought those two communities together and raised that awareness and i i think we did a good job of that uh now we hand the ball off uh maybe to to the aerospace community to take that forward last thing thanks for joining us the future of space security depends on the work we're doing together based on experiences with hackathat one most of us expected hackathat two to be pretty challenging qualifiers which took place back in june did not disappoint hello i'm vita and we're going to talk about the challenges fidel and john karson and cotton igeo when you connect to the server for fidel and john karson it gives you a position vector a velocity vector and the current time and then prompts you for some orbit parameters from some quick internet searches i figured out that the challenge is asking you to convert the cartesian position and velocity vectors into keplerian orbital parameters i haven't really done any orbital mechanics in over a decade and that was all you know two dimensional so we're going to have to learn how to do this together cartesian coordinates tell you where you are and how you're moving in a space of right angles the international celestial reference frame or icrf from this challenge differs from latitude and longitude in some very important ways so a problem with latitude and longitude is that the distance in kilometers per degree of travel changes as you move around for example moving south like i am right now you get more meters per degree the closer you get to the equator similarly the farther away i move from sea level like whenever i climb these stairs up here that also means there are more meters per degree of travel down here you know at sea level it's not super significant but it when you're orbiting and moving really really fast really really high it's another matter entirely icrf coordinates are in a three-dimensional grid one coordinate goes roughly north south through the center of the earth and the others are at right angles to that and also each other they're keyed to a bunch of quasars and that kind of thing super far outside our galaxy so that as we move through the solar system and the solar system moves through the universe the coordinates don't change too much however the six numbers three position three velocity don't actually tell us very much about the orbit we'd like to know what altitudes it ranges through where do you have to point a dish or antenna to see it and that kind of thing to do that it's useful to convert them into keplerian orbital parameters which describe the shape of the orbit where it goes and where the satellite is on it right now that's the quick version i found this website to be really useful to understand what all these different parameters mean so how do you actually solve this challenge let's see how the team single event upset did it they started with the orbital pi python module which also produces really nice plots i'm recreating these in a jupyter notebook simply because it makes the plots easy to see and also export their code to solve fiddling john karson is pretty simple they use an orbital pi function to turn an icrf state vector which is the position and velocity into most of the keplerian elements then they calculate the degrees for the true anomaly because orbital pi likes to work in radians and print that out too next let's talk about the sequel to fiddling john karson cotton igeo like any sequel it starts for the previous one ends the spacecraft is still in orbit but now we have to provide a delta v or change in velocity vector and time to execute that change in velocity to put us into a brand new orbit getting from one orbit to another is done by changing your velocity at a specific time increasing your forward velocity at the highest point in your orbit increases your altitude at the lowest point decreasing your velocity at the lowest point in your orbit decreases your altitude at the highest point since we're in an elliptic orbit already which means we vary through a wide range of altitudes and the challenge wants us to get into a low eccentricity or more circular orbit we have to burn at our highest point which is also called the apocenter the single event upset solution begins with their fiddling john karson solution from there they propagate the orbit until the satellite set the apocenter that's the highest point this means simulating the orbit from the current true anomaly or where the spacecraft is until the true anomaly is at 180 degrees this is a relatively cheap simulation it's a few trigonometry and other math operations without any time stepping where errors can creep in once we're at our apocenter we create a maneuver to change the altitude at our lowest point or parry center we can calculate a first guess the challenge wants us to set the semi-major axis to about you know approximately 42,164 kilometers with a basically circular eccentricity we subtract 6371 kilometers for the earth's radius and tell orbital to make a maneuver to set our parry center altitude to 35,793 kilometers that makes a bunch of scary looking warnings and the orbital source code kind of suggests that it's having trouble calculating our eccentricity vectors from that going a kilometer lower avoids the warnings but we're still too high some more trial and error gets us to a parry center altitude of 35,762 kilometers which avoids the warnings and meets our eccentricity goals once we've taken our delta v vector and keyed it into the challenge we get a flag back and that's it thanks for joining me while solving fiddler john karson and cotton igeo of the hacka set technical team we are the developers and organizers of the hacka set quals and finals competition for hacka set 2020 the top eight teams from quals competed in the finals over the DEFCON weekend and a head-to-head race to solve a series of challenges the challenges involved anomaly analysis and resolution satellite operations reverse engineering and of course exploitation on an engineering model satellite or flat set the flat set ran a real flight software framework called cfs that was created by nasa and was commanded with the cosmos command and control software from ball airspace to help us wrestle a little bit teams were also required to complete the honor of a challenge developing a command plan for a live satellite to orient itself to take a picture of the moon while simultaneously continuing to perform in the main hacking competition for 2021 we're going to take it up a notch finalists still had to win their spot by proving their knowledge and skill in the qualifier but instead of finals being a race to the finish it is going to be a classic attack and defend ctf but on a space system platform similar to last year's teams will score points by attacking vulnerabilities in the other team systems teams must protect their own system by patching or otherwise mitigating those same vulnerabilities teams will get sl8 points by keeping their system operating nominally but this is a space system and keeping it in the required state might be just a little more involved in ensuring all of its services are running with their intended functionality the skills the teams need aren't much different or any different at all than last year's teams will need to understand architectures and technologies that are using space systems they will need to understand operating a system that is orbiting the earth they will need to understand communication systems they will need to be able to reverse engineer at both the system level and also binary applications they of course will need to be able to patch binaries and craft exploits what is new for this year is they will need to be able to understand the strategy and tactics for playing an attack and defend ctf the game type is not the only upgrade for 2021 the flat set from last year is being almost completely rebuilt with new hardware and processor architectures to provide a diverse platform for hosting challenges the system will include an upgraded command and data hammer or cdh and all new attitude determination and control system or adcs a power distribution board and a special payload module the payloads hardware for a very unique ctf challenge or two teams are going to get the opportunity to familiarize themselves with the new flight software ahead of the competition with a digital twin the digital twin is a system of systems simulation of the actual flight software it runs in a qmu based simulator called hog hog extends qmu by providing a rich plug-in api that allows for custom hardware and interface simulations without having to add them to the qmu baseline itself for example it's a hog plug-in that emulates the satellite bus used for subsystem communications allowing multiple hog instances running on emulations of various flat-set components to communicate over the plug-in without knowing they aren't using the actual hardware bus using this digital twin technology allows for distributing copies of the game software to teams wherever they are hog also provides a gdb interface allowing teams to use introspection into the running emulation which might prove useful when developing patches and exploits before using them live in the game since the finals competition is virtual again this year teams and spectators both will need access to game information to understand what is going on in addition to a traditional ctf scoreboard flat-set specific telemetry for each team will be visible in real time via instances of nasa's open mission control technologies the open mct dashboard is viewable from our web browser and will display key state of health data so spectators can keep track of their favorite team's efforts to operate their satellites while defending it from the attacks of the other teams satellites will also be progressing through simulated real-time orbits around the earth spectators will be able to see visualizations of these orbits produced by the cesium 3d geospatial tool not only will cesium display where a satellite is in its orbit but it will accurately display a satellite's attitude and orientation a satellite tumbling in its orbit is probably not in healthy condition and has probably been attacked we are excited about the evolution of this year's competition they look forward to seeing the skill creativity and tenacity teams will demonstrate to become the hackasat 2 champion for 2021 i'm erin boland one of the space force leads for hackasat if you follow along into hackasat saga you know that now more than ever it's imperative to get space system security design right you may have also heard about our special project called which is a first of its kind satellite aimed at doing just that think a cyber sandbox in space moonlighter will allow cyber professionals like you to take your skills learn through hackasat events and apply them to a live operational satellite there is a general accepted theory within space vehicle design to bake in cyber with moonlighter we're going to bring you along on the ride and put that to the test by presenting intentionally designed challenges based on all the data and feedback from previous hackasat events moonlighter will represent the best of ideas and operational concepts we believe that moonlighter will be an education accelerator and idea generator for events like defcon in the near future never before has there been an opportunity to develop design and launch a satellite like moonlighter we are so thrilled to be able to bring this technology to play in 2023 please be sure to follow along with everything pertaining to moonlighter at hackasat.com thank you so much for being with us today stay safe and happy hacking space country thanks for tuning in lose and gathered all the pieces of this disk you must be one of the best security researchers in the galaxy and I guess you believe that rumor about the legendary hacker hidden in space working to design the ultimate cyber security key well you're right call me fox you've proved yourself worthy to know my location you're welcome to stop by anytime but once you're here you'll have to help me train the best minds on the planet to become even better I'm looking for the elite fear with the skills and knowledge to hack in space to be the first to experience project moonlighter