Watch this space: securing satellite communication through resilient transmitter fingerprinting

Conference item

Due to an increase in the availability of cheap off-the-shelf radio hardware, signal spoofing and replay attacks on satellite ground systems have become more accessible than ever. This is particularly a problem for legacy systems, many of which do not offer cryptographic security and cannot be patched to support novel security measures. Therefore, in this paper we explore radio transmitter fingerprinting in the context of satellite systems. We introduce the SatIQ system, proposing novel techniques for authenticating transmissions using characteristics of the transmitter hardware expressed as impairments on the downlinked radio signal. We look in particular at high sample rate fingerprinting, making device fingerprints difficult to forge without similarly high sample rate transmitting hardware, thus raising the required budget for spoofing and replay attacks. We also examine the difficulty of this approach with high levels of atmospheric noise and multipath scattering, and analyze potential solutions to this problem. We focus on the Iridium satellite constellation, for which we collected 1 705 202 messages at a sample rate of 25 MS/s. We use this data to train a fingerprinting model consisting of an autoencoder combined with a Siamese neural network, enabling the model to learn an efficient encoding of the message headers that preserves identifying information. We demonstrate the fingerprinting system’s robustness under attack by replaying messages using a Software-Defined Radio, achieving an Equal Error Rate of 0.120, and ROC AUC of 0.946. Finally, we analyze its stability over time by introducing a time gap between training and testing data, and its extensibility by introducing new transmitters which have not been seen before. We conclude that our techniques are useful for building fingerprinting systems that are stable over time, can be used immediately with new transmitters without retraining, and provide robustness against spoofing and replay attacks by raising the required budget for attacks.

Authors: Smailes, J; Köhler, S; Birnbach, S; Strohmeier, M; Martinovic, I

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Association for Computing Machinery
• Host title: Proceedings of the ACM Conference on Computer and Communications Security (CCS 2023)
• Journal: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
• Pages: 608–621
• Publication date: 2023-11-21
• Acceptance date: 2023-09-02
• Event title: ACM Conference on Computer and Communications Security (CCS 2023)
• Event location: Copenhagen, Denmark
• Event website: https://www.sigsac.org/ccs/CCS2023/
• Event start date: 2023-11-26
• Event end date: 2023-11-30
• DOI: 10.1145/3576915.3623135
• ISBN: 9798400700507
• Language: English
• Keywords: FFR