Softpedia interviewed the Nicholas Lemonias regarding the vulnerabilities on Satellite Communication. By the Way Nicholas Lemonias is an information security expert with Advanced Information Security Corporation and information security scientist at University of Derby, has been researching satellite communication security.
Question : How did you come up with the idea to research the security of satellite communications?
Nicholas Lemonias: The motivation of this thesis is technological evolution, and specifically the evolution of information systems, the rapid growth of threats of the threat landscape.
This thesis relates to the solving of the issue of in-adequate security and the co-factor of Quality of service that should be equilibrated with security, and thus not be hindered as also put forward by subject matter literature, referring to (Roy-Chowdhury et al., 2005).
The use of incompatible security mechanisms for the provision of satisfactory security in satellite networks, evident Bit Error transmission rates (BER), latency problems and Quality of Service (QoS) degradation problems. As a result, security becomes obsolete, and an inconsiderable option, even for satellite operators.
Common security solutions envisage the use of standard End-to-End security protocols, over the Internet Protocol Suite, and consequently constitute of an equilibrium trade-off between security and Quality of Service (QoS)
Thus the accumulation of end-to-end security protocols offer fragmentary security, at some parts of the satellite communication mediums, are however also a primary reason for service degradation.
My interest in Hacking and Information Security have inspired me to write this Thesis.
This thesis study is also based on previous subject literature which indicates that researchers of the University of Ruhr-Bochum have discovered in a real experiment that the security of satellite systems is inadequate because it is in clear-text as elaborated by subject matter literature.
The motivation of this research is also based on various arguments that allege that security flaws exist because of inherent vulnerabilities which at this stage's believed to be a main barrier to adequate security (Saltzer et. al , 1975). Satellite communications rely on Internet protocols for security, however this doesn’t solve the inherent security issues.
The European Union has invested huge amounts of funds for solving security problems in satellite communication and have made calls for research in this field, however these problems have not been solved, and therefore the rapid growth of security threats have also reached the satellite space sector.
In the past few years news headlines and reports from government departments, such as the USCC (Congression) stated that two satellites systems belonging to the U.S government (LandSat-7 and Terra-AM1) were compromised in 2007-2008. The hackers are said to have taken full control of the systems and this is also another proof of the existent vulnerabilities in systems of Critical Infrastructure.
Governments are reliant on private companies for the provision of satellite services, either for scientific or military purposes. Therefore for this reasons the thesis motivates for research in the field, with the overall aim of the practical implementation of Security Confidentiality, Integrity and Availability which are essential security services.
Researching satellite communications security
Question : : What tools have you used in your work?
Nicholas Lemonias: In our research we have used Wire Shark for capturing and analyzing data streams, but we have also used standard scientific methodologies such as ANOVA (Analysis of Variance) and ARC SIN Data Transformations to present our evidences. For the graphs we have used Excel and SPSS for some calculations.
Question : : What have you found? What types of vulnerabilities are there?
Nicholas Lemonias: A key issue with satellite communications is that security creates network congestions and therefore cannot co-exist effectively with Performance Enhancement Proxies or other accelerating agents, and thus consequently are contradictory in scope and function.
Therefore in our research Thesis we address this problem with the invention of an original and incisive technology that does not hinder the interoperation of accelerating agents and makes this inter-operation more subtle.
This new scientific prototype makes use of the latest state of the art Cryptography, namely Advanced Encryption Standard (AES). The results from the experiments demonstrated interoperable levels of function, with little delay.
Question : : What types of satellites are impacted by the vulnerabilities you've uncovered?
Nicholas Lemonias: This new technology solves a pragmatic problem of non-interoperability between security co-existence with Performance Enhancement Proxies (PEP's). This vulnerability is present - due to inherent flaws in the security architecture of satellite systems.
This is a long existing vulnerability that the security researcher community has not addressed previously. Therefore this new technology provides a fully functional solution that addresses this gap fully and effectively.
Question : : What are the risks?
Nicholas Lemonias: The aforementioned vulnerabilities have long been existent and the security community has mourned the lack of adequate technologies to address the issue. Other technologies such as ML-IPSEC and MML-IPsec do exist and offer similar solutions, however they also create plethora of other problems, and the configuration is not so easy.
Question : : What must be done to address the security issues?
Nicholas Lemonias: The issues arise due to inherent vulnerabilities in the architectural design of Satellite systems; namely subject matter literature by (Saltzer et. al, 1975) provided a fundamental basis on how security and computational systems should be designed, in terms of security, however this is currently lacking in present designs.
Current satellite security designs are far from the principles of Information Security, and therefore lack fundamental security properties. The application of Cryptography may provide additional layers of security provision, such as Confidentiality and Integrity, but that happens without addressing the inherent security vulnerabilities - right at the core of the problem.
Researching satellite communications security
Question : : How difficult would it be to implement the changes you are proposing?
Nicholas Lemonias: The prototype presented uses the Advanced Encryption Standard, and the way it works through an alternative medium of communication, it is relatively easy and very configurable in terms of adding additional encryption methods.
Question : : Have you tried contacting the impacted parties (satellite makers or other entities) to see what they have to say about your work?
Nicholas Lemonias: This vulnerability has long been existing, but we haven't seen any other technology either from The National Aeronautics and Space Administration, the agency of the United States Government, or in academia. Some solutions are existent however those do not actually address the inherent flaws right to the core of the problem, as far as I know, and according to what is also published on the Internet.
Question : : In your opinion, why haven’t NASA or satellite companies come up with a solution to addressing this long existing vulnerability?
Nicholas Lemonias: I really cannot speak for them, but someone who understands the problem fully, can see that inheritance of such vulnerabilities relate to causal effect created by the security composure of the systems. The application of Standard Security Protocols bridges the gap, but doesn't patch it at the core of the problem.
Question : : When do you plan on publishing the research paper?
Nicholas Lemonias: This Thesis has already been submitted to academia in fulfilment of my award, of Master of Science in Information Security. However there will also follow a publication as a book, and submitted to academic portals in the near future.
Question : How did you come up with the idea to research the security of satellite communications?
Nicholas Lemonias: The motivation of this thesis is technological evolution, and specifically the evolution of information systems, the rapid growth of threats of the threat landscape.
This thesis relates to the solving of the issue of in-adequate security and the co-factor of Quality of service that should be equilibrated with security, and thus not be hindered as also put forward by subject matter literature, referring to (Roy-Chowdhury et al., 2005).
The use of incompatible security mechanisms for the provision of satisfactory security in satellite networks, evident Bit Error transmission rates (BER), latency problems and Quality of Service (QoS) degradation problems. As a result, security becomes obsolete, and an inconsiderable option, even for satellite operators.
Common security solutions envisage the use of standard End-to-End security protocols, over the Internet Protocol Suite, and consequently constitute of an equilibrium trade-off between security and Quality of Service (QoS)
Thus the accumulation of end-to-end security protocols offer fragmentary security, at some parts of the satellite communication mediums, are however also a primary reason for service degradation.
My interest in Hacking and Information Security have inspired me to write this Thesis.
This thesis study is also based on previous subject literature which indicates that researchers of the University of Ruhr-Bochum have discovered in a real experiment that the security of satellite systems is inadequate because it is in clear-text as elaborated by subject matter literature.
The motivation of this research is also based on various arguments that allege that security flaws exist because of inherent vulnerabilities which at this stage's believed to be a main barrier to adequate security (Saltzer et. al , 1975). Satellite communications rely on Internet protocols for security, however this doesn’t solve the inherent security issues.
The European Union has invested huge amounts of funds for solving security problems in satellite communication and have made calls for research in this field, however these problems have not been solved, and therefore the rapid growth of security threats have also reached the satellite space sector.
In the past few years news headlines and reports from government departments, such as the USCC (Congression) stated that two satellites systems belonging to the U.S government (LandSat-7 and Terra-AM1) were compromised in 2007-2008. The hackers are said to have taken full control of the systems and this is also another proof of the existent vulnerabilities in systems of Critical Infrastructure.
Governments are reliant on private companies for the provision of satellite services, either for scientific or military purposes. Therefore for this reasons the thesis motivates for research in the field, with the overall aim of the practical implementation of Security Confidentiality, Integrity and Availability which are essential security services.
Researching satellite communications security
Question : : What tools have you used in your work?
Nicholas Lemonias: In our research we have used Wire Shark for capturing and analyzing data streams, but we have also used standard scientific methodologies such as ANOVA (Analysis of Variance) and ARC SIN Data Transformations to present our evidences. For the graphs we have used Excel and SPSS for some calculations.
Question : : What have you found? What types of vulnerabilities are there?
Nicholas Lemonias: A key issue with satellite communications is that security creates network congestions and therefore cannot co-exist effectively with Performance Enhancement Proxies or other accelerating agents, and thus consequently are contradictory in scope and function.
Therefore in our research Thesis we address this problem with the invention of an original and incisive technology that does not hinder the interoperation of accelerating agents and makes this inter-operation more subtle.
This new scientific prototype makes use of the latest state of the art Cryptography, namely Advanced Encryption Standard (AES). The results from the experiments demonstrated interoperable levels of function, with little delay.
Question : : What types of satellites are impacted by the vulnerabilities you've uncovered?
Nicholas Lemonias: This new technology solves a pragmatic problem of non-interoperability between security co-existence with Performance Enhancement Proxies (PEP's). This vulnerability is present - due to inherent flaws in the security architecture of satellite systems.
This is a long existing vulnerability that the security researcher community has not addressed previously. Therefore this new technology provides a fully functional solution that addresses this gap fully and effectively.
Question : : What are the risks?
Nicholas Lemonias: The aforementioned vulnerabilities have long been existent and the security community has mourned the lack of adequate technologies to address the issue. Other technologies such as ML-IPSEC and MML-IPsec do exist and offer similar solutions, however they also create plethora of other problems, and the configuration is not so easy.
Question : : What must be done to address the security issues?
Nicholas Lemonias: The issues arise due to inherent vulnerabilities in the architectural design of Satellite systems; namely subject matter literature by (Saltzer et. al, 1975) provided a fundamental basis on how security and computational systems should be designed, in terms of security, however this is currently lacking in present designs.
Current satellite security designs are far from the principles of Information Security, and therefore lack fundamental security properties. The application of Cryptography may provide additional layers of security provision, such as Confidentiality and Integrity, but that happens without addressing the inherent security vulnerabilities - right at the core of the problem.
Researching satellite communications security
Question : : How difficult would it be to implement the changes you are proposing?
Nicholas Lemonias: The prototype presented uses the Advanced Encryption Standard, and the way it works through an alternative medium of communication, it is relatively easy and very configurable in terms of adding additional encryption methods.
Question : : Have you tried contacting the impacted parties (satellite makers or other entities) to see what they have to say about your work?
Nicholas Lemonias: This vulnerability has long been existing, but we haven't seen any other technology either from The National Aeronautics and Space Administration, the agency of the United States Government, or in academia. Some solutions are existent however those do not actually address the inherent flaws right to the core of the problem, as far as I know, and according to what is also published on the Internet.
Question : : In your opinion, why haven’t NASA or satellite companies come up with a solution to addressing this long existing vulnerability?
Nicholas Lemonias: I really cannot speak for them, but someone who understands the problem fully, can see that inheritance of such vulnerabilities relate to causal effect created by the security composure of the systems. The application of Standard Security Protocols bridges the gap, but doesn't patch it at the core of the problem.
Question : : When do you plan on publishing the research paper?
Nicholas Lemonias: This Thesis has already been submitted to academia in fulfilment of my award, of Master of Science in Information Security. However there will also follow a publication as a book, and submitted to academic portals in the near future.
No comments:
Post a Comment