Methods for Securing Spacecraft Tasking and Control via an Enterprise Ethereum Blockchain
Download as PPTX, PDF0 likes188 views
The document discusses the use of enterprise Ethereum blockchains for enhancing the security of spacecraft communications, highlighting the need for improved satellite security due to rising cyber threats. It reviews various blockchain properties and consensus algorithms suitable for such applications and proposes specific information architectures for integrating spacecraft into secure 5G networks. The authors suggest implementing multi-factor authentication and multi-party authorization through smart contracts on a blockchain to bolster security against potential cyber attacks.
![Agenda
■ The Need for Improved Satellite ComSec
■ Blockchains as a proposed solution space
■ Possible information architectures
■ Multi-factor authentication & multi-
party authorisation
Advanced EHF orion satellite image courtesy USAF (Los Angeles AFB) -
http://www.losangeles.af.mil/art/media_search.asp?q=aehf&btnG.x=0&btnG.y=0 [1], Public Domain,
https://commons.wikimedia.org/w/index.php?curid=3352085](https://image.slidesharecdn.com/icssc2019methodsforsecuringspacecrafttaskingandcontrolviaanenterpriseethereumblockchain-191025034145/85/Methods-for-Securing-Spacecraft-Tasking-and-Control-via-an-Enterprise-Ethereum-Blockchain-4-320.jpg)
Methods for Securing Spacecraft Tasking and Control via an Enterprise Ethereum Blockchain
- 1. Methods for Securing Spacecraft Tasking and Control via an Enterprise Ethereum Blockchain David Hyland-Wood, Peter Robinson, Roberto Saltini, Sandra Johnson, Christopher Hare
- 3. Abstract We discuss the applicability of enterprise Ethereum blockchains to the problem of spacecraft communication security, analyse the properties of blockchain consensus algorithms suitable for use with spacecraft, and suggest information architectures to allow secure spacecraft integration into 5G networks.
- 4. Agenda ■ The Need for Improved Satellite ComSec ■ Blockchains as a proposed solution space ■ Possible information architectures ■ Multi-factor authentication & multi- party authorisation Advanced EHF orion satellite image courtesy USAF (Los Angeles AFB) - http://www.losangeles.af.mil/art/media_search.asp?q=aehf&btnG.x=0&btnG.y=0 [1], Public Domain, https://commons.wikimedia.org/w/index.php?curid=3352085
- 5. The Need for Improved Satellite Security
- 6. Spotty ComSec Spacecraft and ground-based systems that control them are at risk of both active hacking and denial-of-service attacks. Although few spacecraft operators publicly acknowledge cybersecurity incidents, governmental transparency regulations in the United States have allowed evidence of some incidents to be acknowledged: ● attacks that led to unauthorised access to “networks that control spacecraft” at NASA JPL (NASA, June 2019) ● acknowledgement that U.S. Air Force satellites are “jammed by commercial equipment easily acquired by state and nonstate actors” (Air Force Research Institute, November 2011)
- 7. Blockchains in Space Researchers in several countries have proposed future uses of blockchains in space including: ● use as a property registry (Beldavs 2019) ● for identity management, especially for protection against cyber attacks (Cheng, Gao, Li, Du and Du et al 2019; Xu, Yu, Blasch and Chen 2019) ● to “facilitate on-orbit satellite communication data integrity and security” (Molesky, Cameron, Jones, Esposito, Cohen et al 2018) ● to reduce “manual intervention in monitoring and control” (Jennath, Adarsh and Anoop 2019) ● in “tracking various components of vehicles” (Jennath, Adarsh and Anoop 2019) ● as a component of “smart services for space traffic management” (Skobelev and Lakhin 2018) ● as a means to coordinate the fulfillment of a desired operation carried out by many individual spacecraft (Mandl 2017)
- 8. Blockchains as a proposed solution space
- 9. Blockchain in 2 minutes Start with a bunch of computers
- 10. Blockchain in 2 minutes Connect them via a network
- 11. Blockchain in 2 minutes We represent the computers as dots and the connections as lines
- 12. Blockchain in 2 minutes If new data is created or added to one computer...
- 13. Blockchain in 2 minutes It gets copied to all the computers
- 15. Blockchain in 2 minutes It would be better if the computers did not naively trust someone writing data. Data should get copied to all the computers…but only if most agree.
- 16. Blockchain in 2 minutes The computers communicate with each other until they come to consensus
- 17. Blockchain in 2 minutes Some consensus algorithms can work even if some nodes fail or are bad actors. X X
- 18. Blockchain in 2 minutes Data are stored in “blocks”, each block holding many transactions. Blocks are linked using the hash of the preceding block in the chain ○ A hash is a unique 256-bit (32-byte) digest of any amount of data ○ If you change the data, you get a new and unique hash Block 27 Some data... Hash: c09b8b9cbc724e4… Hash of preceding block: 2e22cd3a721566a… Block 28 Some data... Hash: 12db748199ce9ec… Hash of preceding block: c09b8b9cbc724e4… Block 29 Some data... Hash: be5d93a02dbd56b… Hash of preceding block: 12db748199ce9ec…
- 19. Credit: Wüst and Gervais, 2017
- 20. Credit: Wüst and Gervais, 2017
- 21. Proof of Authority Consensus Algorithms with Immediate Finality Algorithm Message traffic to/from satellite Change needed to onboard software Byzantine Fault Tolerant Resilience to lost messages Honey Badger O(n2) O(b) Yes No Tendermint O(n2) O(b) Yes No DBFT O(n2) O(b) Yes No Algorand1 O(n2) O(b) Not always No IBFT O(n2) O(b) Not always No IBFT 2.0 O(n2) O(b) Yes Yes n: number of nodes b: block size1 finality not guaranteed
- 23. (a) Satellite as a regular blockchain node. (b) Satellite as a mining (validator) blockchain node. (c) Satellite may read from the blockchain. (d) Satellite requests transactions to be written to the blockchain.
- 24. Comparison of blockchain-satellite relationships Architecture Message traffic to/from satellite Change needed to existing onboard software Regular node High High Mining node High High Read-only Low Low to Medium Write request Low Medium
- 25. Multi-factor authentication & multi-party authorisation
- 26. a command is executed only if validatedA command is executed Using multi-factor authentication or multi-party authorisation: In common usage: a command is sent a command is sent command is validated via a blockchain read
- 29. (a) An operator proposes a command to be sent to a spacecraft. (b) Some number of automated processes (zero or more) confirm command syntax and perhaps applicability in the operational context. (c) Some number of humans (zero or more) confirm the command should proceed. (d) The smart contract sets the entry of the command approval table associated with the hash of the command to the Boolean value True. (e) The operator sends the command to the spacecraft. (f) The spacecraft hashes the command and verifies that the entry of the approval table associated with the hash is set to True. (g) The spacecraft executes the command if and only if the command verification was successful. NB: The blockchain nodes come to consensus after each write to any copy of the smart contract.
- 30. Results ● We analysed how existing satellite systems may improve their communication security by using terrestrial blockchains for multi-factor authentication and/or multi-party authorisation. ● We then suggested specific blockchain properties to choose: ○ an enterprise Ethereum blockchain to implement multi-factor authentication, multi-party authorisation or both ○ via a smart contract ○ on a private or consortium network ○ with user permissions ○ and an IBFT 2.0 consensus algorithm.
- 31. Results ● We contend that such systems may be used in the presence of partially compromised IT networks.
- 32. Methods for Securing Spacecraft Tasking and Control via an Enterprise Ethereum Blockchain David Hyland-Wood, Peter Robinson, Roberto Saltini, Sandra Johnson, Christopher Hare
Editor's Notes
- #7: Others are vulnerable, and reportedly experiencing problems (via private conversations)
- #9: Blockchains are really quite complicated. This leads to significant confusion. So, I’m going to try to tell you what a blockchain is in two minutes.
- #15: At this point, we can use this distributed computing system to implement a so-called “distributed ledger”. We can record a bunch of transactions and ensure they are copied to a bunch of other computers to keep them safe. We could compare the copies if we want to audit the ledger. But there are many problems with this, especially trust.
- #17: The mechanism of agreement is called a consensus algorithm. There are many kinds of consensus algorithms, and they all have different properties. They have two things in common: All (honest) computers will eventually decide, and they will decide on the same thing. This comes with a lot more complication. There is a lot of communication and more processing.
- #19: Consensus formation on blockchains mean the computers are deciding on the order the data gets written. This feature gives blockchains their name: They are chains of blocks. It also ensures data integrity: Every node can easily determine if their copy is correct. This is why blockchains are immutable by design. Data may be added, not (generally) removed.
- #20: What kind of blockchain do we want? Many people have provided guidance. This is one of the first, and easiest.
- #21: The availability of a trusted third party that is always online: Although extant spacecraft are indeed controlled by third parties (their owners and operators), and blockchains make sense “when multiple mutually mistrusting entities want to interact and change the state of a system” [28], we contend that the controlling authorities should not, in fact, be trusted due to poorly controlled information technology environments. The removal of inappropriate trust is exactly the problem we are attempting to solve.
- #22: We analysed a variety of blockchain consensus algorithms and recommended one for our purposes. Of the 100 or consensus algorithms, we looked specifically at those matching our needs. For space operations, we want to use a special class of consensus algorithms: Proof of Authority (we know and control which nodes participate in forming consensus) Immediate Finality (data written stays written) Byzantine Fault Tolerant (can tolerate up to one third bad actors) Resilience to lost messages (because space communication is intermittent)