EphemeriShield -- defence against cyber-antisatellite weapons

TL;DR

The paper proposes a distributed, blockchain-based system to secure satellite ephemeris data against spoofing and man-in-the-middle attacks, enhancing the resilience of space infrastructure.

Contribution

It introduces a novel distributed approach using permissioned ledgers to prevent central points of failure in satellite data dissemination.

Findings

Distributed ledger system prevents single points of failure.

Ensures data integrity and redundancy for satellite ephemerides.

Enhances security against spoofing and tampering attacks.

Abstract

Satellites, are both crucial and, despite common misbelieve, very fragile parts our civilian and military critical infrastructure. While, many efforts are focused on securing ground and space segments, especially when national security or large businesses interests are affected, the small-sat, newspace revolution democratizes access to, and exploitation of the near earth orbits. This brings new players to the market, typically in the form of small to medium sized companies, offering new or more affordable services. Despite the necessity and inevitability of this process, it also opens potential new venues for targeted attacks against space-related infrastructure. Since sources of satellite ephemerides are very often centralized, they are subject to classical Man-in-the-Middle attacks which open venues for TLE spoofing attack, which may result in unnecessary collision avoidance maneuvers, in best case and orchestrated crashes, in worst case. In this work, we propose a countermeasure to the presented problem that include distributed solution, which will have no central authority responsible for storing and disseminating TLE information. Instead, each of the peers participating to the system, have full access to all of the records stored in the system, and distribute the data in a consensual manner,ensuring information replication at each peer node. This way, single point of failure syndromes of classic systems, which currently exist due to the direct ephemerids distribution mechanism, are removed. Our proposed solution is to build data dissemination systems using permissioned, private ledgers where peers have strong and verifiable identities, which allow also for redundancy in SST data sourcing.