SlideShare uma empresa Scribd logo

Satellite Telephony Security

Jim Geovedi
Jim Geovedi

This talk will provide an in-depth treatment of satellite telephony networks from a security perspective. The overall system seems secure, but in reality, it cannot be expected to be fully reliable. We will briefly cover the satellite mobile system architecture, then discuss GMR (GEO-Mobile Radio) system elements, e.g. GSS (Gateway Station Subsystem), MES (Mobile Earth Station), AOC (Advanced Operation Center), and TCS (Traffic Control Subsystem) for GMR-1 systems and NCC (Network Control Center), GW (Gateway), SCF (Satellite Control Facility) and CMIS (Customer Management Information System) for GMR-2 systems. From there, we will discuss the security issues of GMR system as it shares similar vulnerabilities with GSM–GMR is derived from the terrestrial digital cellular standard GSM and support access to GSM core networks, along with some interesting demos. Time permitting, a question and answer session at the end of the presentation will allow participants to cover any additional issues in satellite telephony system they’d like to discuss.

TecnologiaNegócios
1 de 47
Baixar para ler offline
Satellite Telephony Security
DON’T PANIC
“ WHEN TERRESTRIAL COMMUNICATION FAIL, WE PREVAIL! ” Arthur C. Clarke 1917-2008
Satellite Communications Broadcast Video to Cable Headends Local ISPs Direct Broadcast TV Video Last-mile Broadband Contribution Corporate Data Networks Teleport PSTN (Interactive & Multicast) End Users Teleport Internet End Users
Dan Veeneman Low Earth Orbit Satellites Dan Veeneman Future & Existing Satellite Systems Warezzman DVB Satellite Hacking Jim Geovedi, Raditya Iryandi, Hacking a Bird in the Sky: Hijacking VSAT Connection Jim Geovedi, Raditya Iryandi, Anthony Zboralski Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Adam Laurie $atellite Hacking for Fun & Pr0fit! Leonardo Nve Egea, Christian Martorella Playing in a Satellite Environment 1.2 Jim Geovedi, Raditya Iryandi Hacking Satellite: A New Universe to Discover Jim Geovedi, Raditya Iryandi, Raoul Chiesa Hacking a Bird in the Sky: The Revenge of Angry Birds Jim Geovedi Satellite Telephony Security: What Is and What Will Never Be 1996 1998 2004 2006 2008 2009 2011
Satellite Phone
Satellite Phone Network
Satellite Orbits average distance to moon: 384,400 km Medium Earth Orbit Altitude: 8,000-20,000 km EARTH Low Earth Orbit Altitude: 500-2,000 km Geostationary Orbit Altitude: 35,786 km Highly Elliptical Orbit Altitude: >35,786 km
GEO (Geostationary Earth Orbit) Satellite Operators ACeS, ICO, Inmarsat, SkyTerra, TerreStar, Thuraya LEO (Low Earth Orbit) Satellite Operators Globalstar, Iridium
LEO Communication Satellite Constellation System Return Link Forward Link LEO LEO Satellite i Satellite i+1 Intersatellite Link (ISL) Orbital Altitude Feeder Feeder Terminal Terminal Downlink Uplink Downlink Uplink Gateway End User Terminal PSTN Cellular
Frequency Band Designations
TDMA (Time Division Multiple Access) f1 Transponder f1 f1 f1 f1
Timeframe Structure and Timeslots 1 hyperframe = 4,896 superframes = 19,584 multiframes = 313,344 TDMA frames (3h 28mn 53s 760ms) 0 1 2 3 4892 4893 4894 4895 1 superframe = 4 multiframes = 64 TDMA frames (2.56s) 0 1 2 3 1 multiframe = 16 TDMA frames (640 ms) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1 TDMA frame = 24 timeslots (40ms) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 timeslot = 78 bit durations (5/3ms) 1 bit duration = 5/234ms
CDMA (Code Division Multiple Access) ++++++++++++++++++++++++++++++++++++++++++ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx oooooooooooooooooooooooooooooooooooooooooo ------------------------------------------ Transponder f1 f1 f1 f1
Coverage: Iridium
Coverage: Inmarsat
Coverage: Thuraya
Spotbeams: Regional Coverage E F D A L G C B K H J E E E E E I F D F D F D F D F D A L A L A L A L A L G C G C G C G C G C B K B K B K B K B K H J H J H J H J H J E I E I E I E I E I E F D F D F D F D F D F D E A L A L A L A L A L A L D G C G C G C G C G C G C A L B K B K B K B K B K B K C H J H J H J H J H H J J B K I E I E I E I E I E I J F D F D F D F D F D I E A L A L A L A L A L F D G C G C G C G C G C A L B K B K B K B K B K G C H J H J H J H J H J B K I I E I E I E I H J E F D F D F D I F D A L A L A L A L G C G C G C G C B K B K B K B K H J H J H J H J E I E I E E I E I F D F D F D F D F D A L A L A L A L A L E G C G C G C G C G C F D B K B K B K B K B K A L H J H J H J H J H J G C I I I E I E I B K E E F D F D F D F D H J A L A L A L A L I G C G C G C G C B K B K B K B K H J H J H J H J I I
GMR (GEO-Mobile Radio Interface)
GSM GMR Release 1 Extension to Satellite GPRS GMR Release 2 Evolution Path 3GPP GMR Release 3
GMR-1
GMR-1 System Elements Space segment Feeder links Gateway Station Spotbeam coverage at L-Band GS SOC PSTN Mobile Earth Stations Gateway Stations
GMR-1 Protocol Architecture Satellite MES GSC + GTS + GSM MSC TCS GMR-1 Um-Interface CM CM GSM SIM MM MM RR RR BSSMAP BSSMAP GPS RECEIVER DLL DLL SCCP SCCP PHYS PHYS MTP MTP PHYS PHYS Spotbeams Feeder Link GSM/A-Interface L-Band Ku or C-Band (CCS7)
GMR-1 Logical Channel Mapping onto Physical Channel DOWNLINK LOGICAL PHYSICAL PHYSICAL CONTROL ENTITIES CHANNELS CHANNELS RESOURCE USER CHANNELS MAPPING TCH Timeslot Frequency Traffic Number (RF Channels) TDMA Frame Sequence CCH Time Control and RF Channel (Timeslots) Signalling UPLINK MOBILE EARTH STATION SATELLITE
GMR-1 (GSM-based) Services • Standard GSM-based services (Phase 2) • Roaming • Single number routing • Numbers and addressing • Authentication and privacy
GMR-1 Extended Services • Single-hopped terminal-to-terminal calls • Optimal routing • High penetration alerting • Position based services
GMR-2
GMR-2 System Elements Traffic GEO Satellite Signalling C-Band L-Band Gateway 1 C-Band C-Band C-Band PSTN User Terminals PN Gateway 2 PLMN Satellite Control Facility PSTN Gateway 3 PN Network Control Centre PLMN PSTN PN Customer Management Information System PLMN
C-band Regional Coverage for Signalling & Communication C-Band Traffic Signalling
L-band Spotbeams for MSS Users E F D A L G C B K H J E E E E E I F D F D F D F D F D A L A L A L A L A L G C G C G C G C G C B K B K B K B K B K H J H J H J H J H J E I E I E I E I E I E F D F D F D F D F D F D E A L A L A L A L A L A L D G C G C G C G C G C G C A L B K B K B K B K B K B K C H J H J H J H J H H J J B K I E I E I E I E I E I J F D F D F D F D F D I E A L A L A L A L A L F D G C G C G C G C G C A L B K B K B K B K B K G C H J H J H J H J H J B K I I E I E I E I H J E F D F D F D I F D A L A L A L A L G C G C G C G C B K B K B K B K H J H J H J H J E I E I E E I E I F D F D F D F D F D A L A L A L A L A L E G C G C G C G C G C F D B K B K B K B K B K A L H J H J H J H J H J G C I I I E I E I B K E E F D F D F D F D H J Traffic A L A L A L A L I G C G C G C G C Signalling B K B K B K B K H J H J H J H J I I
GMR-2 Gateway Internal Structure Databases HLR & VLR GA RF/IF TCE GSC MSC PSTN GA Gateway Antenna TCE Traffic Channel Equipment PN GSC Gateway Station Controller MSC Mobile Switching Center GSM
GMR Satellite Monitoring System Intercept ing
Satellite Phone Interception • Law-enforcements require tapping • Test equipment • Limited use of encryption • Modifiable phone equipment
Tactical Interception Receives L-band from satellite and line-of- sight from handset Strategic Interception Receives L-band from satellite and C-band from satellite
Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz UP 3.5 GHz MES DOWN Gateway
Tactical Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz 1.5 GHz UP DOWN 3.5 GHz MES DOWN 1.6 GHz RADIO LINE-OF-SIGHT Gateway Monitoring Agent
Tactical Satellite Interception Operation Satellite antenna Downconverter IF Channel 1 Channel 2 Uplink antenna
Call Analysis • Spotbeam IDs, GPS co- • TMSI called by MES. ordinates, operating frequency. • Mobile or Fixed Originated Call (Voice, Fax, Data or SMS). • Date, time and duration of call. • Terminal type. • MES IMSI. • Ciphering key sequence • GPS co-ordinates of MES. number. • Random Reference Number • RAND and SRES. (CallerID). • Encryption Algorithm
Strategic Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz 1.5 GHz UP DOWN 3.5 GHz MES DOWN 3.5 GHz DOWN Gateway Monitoring Centre
FAQ
What’s next?
@geovedi http://www.slideshare.net/geovedi/presentations

Recomendados

satellite communication system
satellite communication systemsatellite communication system
satellite communication system
Amjad Khan
 
Satellite link design
Satellite link designSatellite link design
Satellite link design
International Islamic University Chittagong
 
Satellite Communication Theory
Satellite Communication TheorySatellite Communication Theory
Satellite Communication Theory
Naveen Jakhar, I.T.S
 
Satellite Communication
Satellite CommunicationSatellite Communication
Satellite Communication
Sir Syed University
 
Satellite communication Basics
Satellite communication BasicsSatellite communication Basics
Satellite communication Basics
Niranjan Poojary
 
Satellite communication
Satellite communicationSatellite communication
Satellite communication
Sasank Chaitanya
 
Satellite communications
Satellite communicationsSatellite communications
Satellite communications
keerthisri19
 
Satellite Phones
Satellite PhonesSatellite Phones
Satellite Phones
prasadpawaskar
 

Recomendados

satellite communication system
satellite communication systemsatellite communication system
satellite communication system
Amjad Khan
 
Satellite link design
Satellite link designSatellite link design
Satellite link design
International Islamic University Chittagong
 
Satellite Communication Theory
Satellite Communication TheorySatellite Communication Theory
Satellite Communication Theory
Naveen Jakhar, I.T.S
 
Satellite Communication
Satellite CommunicationSatellite Communication
Satellite Communication
Sir Syed University
 
Satellite communication Basics
Satellite communication BasicsSatellite communication Basics
Satellite communication Basics
Niranjan Poojary
 
Satellite communication
Satellite communicationSatellite communication
Satellite communication
Sasank Chaitanya
 
Satellite communications
Satellite communicationsSatellite communications
Satellite communications
keerthisri19
 
Satellite Phones
Satellite PhonesSatellite Phones
Satellite Phones
prasadpawaskar
 
Cubesat satellite
Cubesat satelliteCubesat satellite
Cubesat satellite
sanjay kushwaha
 
Space segment
Space segmentSpace segment
Space segment
Ameya
 
Introduction to Satellite Communication System
Introduction to Satellite Communication SystemIntroduction to Satellite Communication System
Introduction to Satellite Communication System
Islamic University, Kushtia, Bangladesh
 
Satellite phones
Satellite phonesSatellite phones
Satellite phones
Deevena Dayaal
 
Optical Fibre & Introduction to TDM & DWDM
Optical Fibre & Introduction to TDM & DWDMOptical Fibre & Introduction to TDM & DWDM
Optical Fibre & Introduction to TDM & DWDM
Hasna Heng
 
One Web overview for Future Sat Africa
One Web overview for Future Sat AfricaOne Web overview for Future Sat Africa
One Web overview for Future Sat Africa
Myles Freedman
 
Satellite communication
Satellite communicationSatellite communication
Satellite communication
Shruthi Suresh
 
Basic of Satellite Communication
Basic of Satellite CommunicationBasic of Satellite Communication
Basic of Satellite Communication
ABHINAV GUPTA
 
Satellite communications
Satellite communicationsSatellite communications
Satellite communications
SARITHA REDDY
 
Satellite communication
Satellite communicationSatellite communication
Satellite communication
Satyajit Das
 
Timing and synchronization for 5G over optical networks
Timing and synchronization for 5G over optical networksTiming and synchronization for 5G over optical networks
Timing and synchronization for 5G over optical networks
ADVA
 
WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)
Sajid Marwat
 
Generations of Cellular Network
Generations of Cellular NetworkGenerations of Cellular Network
Generations of Cellular Network
Muhammad Ahmed
 
Satellite communication
Satellite communicationSatellite communication
Satellite communication
Er.Dipak kumar Jha
 
Satellite Bands
Satellite BandsSatellite Bands
Satellite Bands
Waqas !!!!
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor network
deawoo Kim
 
Cubesats applications
Cubesats applicationsCubesats applications
Cubesats applications
ParthSomkuwar
 
Introduction to satellite communication
Introduction to satellite communicationIntroduction to satellite communication
Introduction to satellite communication
RAVIKIRAN ANANDE
 
Vsat
VsatVsat
Vsat
Amit Pandey
 
Wireless communication
Wireless communicationWireless communication
Wireless communication
Mukesh Chinta
 
Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
Jim Geovedi
 
Asegúr@IT 7: Playing with Satellites 1.2
Asegúr@IT 7: Playing with Satellites 1.2Asegúr@IT 7: Playing with Satellites 1.2
Asegúr@IT 7: Playing with Satellites 1.2
Chema Alonso
 

Mais conteúdo relacionado

Mais procurados

Optical Fibre & Introduction to TDM & DWDM
Optical Fibre & Introduction to TDM & DWDMOptical Fibre & Introduction to TDM & DWDM
Optical Fibre & Introduction to TDM & DWDM
Hasna Heng
 
WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)
Sajid Marwat
 
Generations of Cellular Network
Generations of Cellular NetworkGenerations of Cellular Network
Generations of Cellular Network
Muhammad Ahmed
 

Mais procurados (20)

Cubesat satellite
Cubesat satelliteCubesat satellite
Cubesat satellite
 
Space segment
Space segmentSpace segment
Space segment
 
Introduction to Satellite Communication System
Introduction to Satellite Communication SystemIntroduction to Satellite Communication System
Introduction to Satellite Communication System
 
Satellite phones
Satellite phonesSatellite phones
Satellite phones
 
Optical Fibre & Introduction to TDM & DWDM
Optical Fibre & Introduction to TDM & DWDMOptical Fibre & Introduction to TDM & DWDM
Optical Fibre & Introduction to TDM & DWDM
 
One Web overview for Future Sat Africa
One Web overview for Future Sat AfricaOne Web overview for Future Sat Africa
One Web overview for Future Sat Africa
 
Satellite communication
Satellite communicationSatellite communication
Satellite communication
 
Basic of Satellite Communication
Basic of Satellite CommunicationBasic of Satellite Communication
Basic of Satellite Communication
 
Satellite communications
Satellite communicationsSatellite communications
Satellite communications
 
Satellite communication
Satellite communicationSatellite communication
Satellite communication
 
Timing and synchronization for 5G over optical networks
Timing and synchronization for 5G over optical networksTiming and synchronization for 5G over optical networks
Timing and synchronization for 5G over optical networks
 
WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)WiMAX (IEEE 802.16)
WiMAX (IEEE 802.16)
 
Generations of Cellular Network
Generations of Cellular NetworkGenerations of Cellular Network
Generations of Cellular Network
 
Satellite communication
Satellite communicationSatellite communication
Satellite communication
 
Satellite Bands
Satellite BandsSatellite Bands
Satellite Bands
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor network
 
Cubesats applications
Cubesats applicationsCubesats applications
Cubesats applications
 
Introduction to satellite communication
Introduction to satellite communicationIntroduction to satellite communication
Introduction to satellite communication
 
Vsat
VsatVsat
Vsat
 
Wireless communication
Wireless communicationWireless communication
Wireless communication
 

Semelhante a Satellite Telephony Security

Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
Jim Geovedi
 
เทคโนโลยีอวกาศ
เทคโนโลยีอวกาศเทคโนโลยีอวกาศ
เทคโนโลยีอวกาศ
trongjaitt
 
เทคโนโลยีอวกาศ
เทคโนโลยีอวกาศเทคโนโลยีอวกาศ
เทคโนโลยีอวกาศ
trongjaitt
 
เทคโนโลยีอวกาศ
เทคโนโลยีอวกาศเทคโนโลยีอวกาศ
เทคโนโลยีอวกาศ
trongjaitt
 
บทที่4 หลักการแนวคิดในการสื่อสาร
บทที่4 หลักการแนวคิดในการสื่อสารบทที่4 หลักการแนวคิดในการสื่อสาร
บทที่4 หลักการแนวคิดในการสื่อสาร
Beauso English
 
Bc2419681971
Bc2419681971Bc2419681971
Bc2419681971
IJMER
 
Transmission Line Basics
Transmission Line BasicsTransmission Line Basics
Transmission Line Basics
John Williams
 
Class06 transmission line_basics
Class06 transmission line_basicsClass06 transmission line_basics
Class06 transmission line_basics
bhaavan22
 

Semelhante a Satellite Telephony Security (20)

Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
 
Asegúr@IT 7: Playing with Satellites 1.2
Asegúr@IT 7: Playing with Satellites 1.2Asegúr@IT 7: Playing with Satellites 1.2
Asegúr@IT 7: Playing with Satellites 1.2
 
Telecommunications Concentration
Telecommunications ConcentrationTelecommunications Concentration
Telecommunications Concentration
 
Overview of Photonics Research at Calit2: Scaling from Nanometers to the Earth
Overview of Photonics Research at Calit2: Scaling from Nanometers to the EarthOverview of Photonics Research at Calit2: Scaling from Nanometers to the Earth
Overview of Photonics Research at Calit2: Scaling from Nanometers to the Earth
 
IMULet: A Cloudlet for Inertial Tracking
IMULet: A Cloudlet for Inertial TrackingIMULet: A Cloudlet for Inertial Tracking
IMULet: A Cloudlet for Inertial Tracking
 
AJAL ASC Chap2 revIew
AJAL ASC Chap2 revIewAJAL ASC Chap2 revIew
AJAL ASC Chap2 revIew
 
Playing in a Satellite environment
Playing in a Satellite environmentPlaying in a Satellite environment
Playing in a Satellite environment
 
Making substation clocks and private LTE/5G networks robust against GPS/GNSS ...
Making substation clocks and private LTE/5G networks robust against GPS/GNSS ...Making substation clocks and private LTE/5G networks robust against GPS/GNSS ...
Making substation clocks and private LTE/5G networks robust against GPS/GNSS ...
 
เทคโนโลยีอวกาศ
เทคโนโลยีอวกาศเทคโนโลยีอวกาศ
เทคโนโลยีอวกาศ
 
เทคโนโลยีอวกาศ
เทคโนโลยีอวกาศเทคโนโลยีอวกาศ
เทคโนโลยีอวกาศ
 
เทคโนโลยีอวกาศ
เทคโนโลยีอวกาศเทคโนโลยีอวกาศ
เทคโนโลยีอวกาศ
 
2012 ASPRS Track, Satellite Image Geometry, Gene Dial
2012 ASPRS Track, Satellite Image Geometry, Gene Dial2012 ASPRS Track, Satellite Image Geometry, Gene Dial
2012 ASPRS Track, Satellite Image Geometry, Gene Dial
 
บทที่4 หลักการแนวคิดในการสื่อสาร
บทที่4 หลักการแนวคิดในการสื่อสารบทที่4 หลักการแนวคิดในการสื่อสาร
บทที่4 หลักการแนวคิดในการสื่อสาร
 
Bc2419681971
Bc2419681971Bc2419681971
Bc2419681971
 
2011 06 17
2011 06 172011 06 17
2011 06 17
 
Fundamentals of Intelligent Compaction
Fundamentals of Intelligent CompactionFundamentals of Intelligent Compaction
Fundamentals of Intelligent Compaction
 
Transmission Line Basics
Transmission Line BasicsTransmission Line Basics
Transmission Line Basics
 
Ch3
Ch3Ch3
Ch3
 
Class06 transmission line_basics
Class06 transmission line_basicsClass06 transmission line_basics
Class06 transmission line_basics
 
Satellite RF Communications and Onboard Processing Course Sampler
Satellite RF Communications and Onboard Processing Course SamplerSatellite RF Communications and Onboard Processing Course Sampler
Satellite RF Communications and Onboard Processing Course Sampler
 

Mais de Jim Geovedi

Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social Media
Jim Geovedi
 
Perbandingan distribusi frekuensi kata bahasa Indonesia di Kompas, Wikipedia,...
Perbandingan distribusi frekuensi kata bahasa Indonesia di Kompas, Wikipedia,...Perbandingan distribusi frekuensi kata bahasa Indonesia di Kompas, Wikipedia,...
Perbandingan distribusi frekuensi kata bahasa Indonesia di Kompas, Wikipedia,...
Jim Geovedi
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour rule
Jim Geovedi
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite Hacking
Jim Geovedi
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Jim Geovedi
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Jim Geovedi
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
Jim Geovedi
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Jim Geovedi
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT Connection
Jim Geovedi
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008
Jim Geovedi
 
Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
Jim Geovedi
 

Mais de Jim Geovedi (20)

Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social Media
 
Perbandingan distribusi frekuensi kata bahasa Indonesia di Kompas, Wikipedia,...
Perbandingan distribusi frekuensi kata bahasa Indonesia di Kompas, Wikipedia,...Perbandingan distribusi frekuensi kata bahasa Indonesia di Kompas, Wikipedia,...
Perbandingan distribusi frekuensi kata bahasa Indonesia di Kompas, Wikipedia,...
 
Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)
 
Internet Worms
Internet WormsInternet Worms
Internet Worms
 
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksHITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour rule
 
Professional Hackers
Professional HackersProfessional Hackers
Professional Hackers
 
AI & NLP pada @begobet
AI & NLP pada @begobetAI & NLP pada @begobet
AI & NLP pada @begobet
 
IDS & Log Management
IDS & Log ManagementIDS & Log Management
IDS & Log Management
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite Hacking
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?
 
The 21st Century Bank Job
The 21st Century Bank JobThe 21st Century Bank Job
The 21st Century Bank Job
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT Connection
 
Hacking Cracking 2008
Hacking Cracking 2008Hacking Cracking 2008
Hacking Cracking 2008
 
Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Satellite Telephony Security

  • 3. “ WHEN TERRESTRIAL COMMUNICATION FAIL, WE PREVAIL! ” Arthur C. Clarke 1917-2008
  • 4. Satellite Communications Broadcast Video to Cable Headends Local ISPs Direct Broadcast TV Video Last-mile Broadband Contribution Corporate Data Networks Teleport PSTN (Interactive & Multicast) End Users Teleport Internet End Users
  • 5. Dan Veeneman Low Earth Orbit Satellites Dan Veeneman Future & Existing Satellite Systems Warezzman DVB Satellite Hacking Jim Geovedi, Raditya Iryandi, Hacking a Bird in the Sky: Hijacking VSAT Connection Jim Geovedi, Raditya Iryandi, Anthony Zboralski Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship Adam Laurie $atellite Hacking for Fun & Pr0fit! Leonardo Nve Egea, Christian Martorella Playing in a Satellite Environment 1.2 Jim Geovedi, Raditya Iryandi Hacking Satellite: A New Universe to Discover Jim Geovedi, Raditya Iryandi, Raoul Chiesa Hacking a Bird in the Sky: The Revenge of Angry Birds Jim Geovedi Satellite Telephony Security: What Is and What Will Never Be 1996 1998 2004 2006 2008 2009 2011
  • 7.
  • 8.
  • 9.
  • 11. Satellite Orbits average distance to moon: 384,400 km Medium Earth Orbit Altitude: 8,000-20,000 km EARTH Low Earth Orbit Altitude: 500-2,000 km Geostationary Orbit Altitude: 35,786 km Highly Elliptical Orbit Altitude: >35,786 km
  • 12. GEO (Geostationary Earth Orbit) Satellite Operators ACeS, ICO, Inmarsat, SkyTerra, TerreStar, Thuraya LEO (Low Earth Orbit) Satellite Operators Globalstar, Iridium
  • 13. LEO Communication Satellite Constellation System Return Link Forward Link LEO LEO Satellite i Satellite i+1 Intersatellite Link (ISL) Orbital Altitude Feeder Feeder Terminal Terminal Downlink Uplink Downlink Uplink Gateway End User Terminal PSTN Cellular
  • 15. TDMA (Time Division Multiple Access) f1 Transponder f1 f1 f1 f1
  • 16. Timeframe Structure and Timeslots 1 hyperframe = 4,896 superframes = 19,584 multiframes = 313,344 TDMA frames (3h 28mn 53s 760ms) 0 1 2 3 4892 4893 4894 4895 1 superframe = 4 multiframes = 64 TDMA frames (2.56s) 0 1 2 3 1 multiframe = 16 TDMA frames (640 ms) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1 TDMA frame = 24 timeslots (40ms) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 timeslot = 78 bit durations (5/3ms) 1 bit duration = 5/234ms
  • 17. CDMA (Code Division Multiple Access) ++++++++++++++++++++++++++++++++++++++++++ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx oooooooooooooooooooooooooooooooooooooooooo ------------------------------------------ Transponder f1 f1 f1 f1
  • 21. Spotbeams: Regional Coverage E F D A L G C B K H J E E E E E I F D F D F D F D F D A L A L A L A L A L G C G C G C G C G C B K B K B K B K B K H J H J H J H J H J E I E I E I E I E I E F D F D F D F D F D F D E A L A L A L A L A L A L D G C G C G C G C G C G C A L B K B K B K B K B K B K C H J H J H J H J H H J J B K I E I E I E I E I E I J F D F D F D F D F D I E A L A L A L A L A L F D G C G C G C G C G C A L B K B K B K B K B K G C H J H J H J H J H J B K I I E I E I E I H J E F D F D F D I F D A L A L A L A L G C G C G C G C B K B K B K B K H J H J H J H J E I E I E E I E I F D F D F D F D F D A L A L A L A L A L E G C G C G C G C G C F D B K B K B K B K B K A L H J H J H J H J H J G C I I I E I E I B K E E F D F D F D F D H J A L A L A L A L I G C G C G C G C B K B K B K B K H J H J H J H J I I
  • 22. GMR (GEO-Mobile Radio Interface)
  • 23. GSM GMR Release 1 Extension to Satellite GPRS GMR Release 2 Evolution Path 3GPP GMR Release 3
  • 24. GMR-1
  • 25. GMR-1 System Elements Space segment Feeder links Gateway Station Spotbeam coverage at L-Band GS SOC PSTN Mobile Earth Stations Gateway Stations
  • 26. GMR-1 Protocol Architecture Satellite MES GSC + GTS + GSM MSC TCS GMR-1 Um-Interface CM CM GSM SIM MM MM RR RR BSSMAP BSSMAP GPS RECEIVER DLL DLL SCCP SCCP PHYS PHYS MTP MTP PHYS PHYS Spotbeams Feeder Link GSM/A-Interface L-Band Ku or C-Band (CCS7)
  • 27. GMR-1 Logical Channel Mapping onto Physical Channel DOWNLINK LOGICAL PHYSICAL PHYSICAL CONTROL ENTITIES CHANNELS CHANNELS RESOURCE USER CHANNELS MAPPING TCH Timeslot Frequency Traffic Number (RF Channels) TDMA Frame Sequence CCH Time Control and RF Channel (Timeslots) Signalling UPLINK MOBILE EARTH STATION SATELLITE
  • 28. GMR-1 (GSM-based) Services • Standard GSM-based services (Phase 2) • Roaming • Single number routing • Numbers and addressing • Authentication and privacy
  • 29. GMR-1 Extended Services • Single-hopped terminal-to-terminal calls • Optimal routing • High penetration alerting • Position based services
  • 30. GMR-2
  • 31. GMR-2 System Elements Traffic GEO Satellite Signalling C-Band L-Band Gateway 1 C-Band C-Band C-Band PSTN User Terminals PN Gateway 2 PLMN Satellite Control Facility PSTN Gateway 3 PN Network Control Centre PLMN PSTN PN Customer Management Information System PLMN
  • 32. C-band Regional Coverage for Signalling & Communication C-Band Traffic Signalling
  • 33. L-band Spotbeams for MSS Users E F D A L G C B K H J E E E E E I F D F D F D F D F D A L A L A L A L A L G C G C G C G C G C B K B K B K B K B K H J H J H J H J H J E I E I E I E I E I E F D F D F D F D F D F D E A L A L A L A L A L A L D G C G C G C G C G C G C A L B K B K B K B K B K B K C H J H J H J H J H H J J B K I E I E I E I E I E I J F D F D F D F D F D I E A L A L A L A L A L F D G C G C G C G C G C A L B K B K B K B K B K G C H J H J H J H J H J B K I I E I E I E I H J E F D F D F D I F D A L A L A L A L G C G C G C G C B K B K B K B K H J H J H J H J E I E I E E I E I F D F D F D F D F D A L A L A L A L A L E G C G C G C G C G C F D B K B K B K B K B K A L H J H J H J H J H J G C I I I E I E I B K E E F D F D F D F D H J Traffic A L A L A L A L I G C G C G C G C Signalling B K B K B K B K H J H J H J H J I I
  • 34. GMR-2 Gateway Internal Structure Databases HLR & VLR GA RF/IF TCE GSC MSC PSTN GA Gateway Antenna TCE Traffic Channel Equipment PN GSC Gateway Station Controller MSC Mobile Switching Center GSM
  • 35. GMR Satellite Monitoring System Intercept ing
  • 36. Satellite Phone Interception • Law-enforcements require tapping • Test equipment • Limited use of encryption • Modifiable phone equipment
  • 37. Tactical Interception Receives L-band from satellite and line-of- sight from handset Strategic Interception Receives L-band from satellite and C-band from satellite
  • 38. Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz UP 3.5 GHz MES DOWN Gateway
  • 39. Tactical Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz 1.5 GHz UP DOWN 3.5 GHz MES DOWN 1.6 GHz RADIO LINE-OF-SIGHT Gateway Monitoring Agent
  • 40. Tactical Satellite Interception Operation Satellite antenna Downconverter IF Channel 1 Channel 2 Uplink antenna
  • 41. Call Analysis • Spotbeam IDs, GPS co- • TMSI called by MES. ordinates, operating frequency. • Mobile or Fixed Originated Call (Voice, Fax, Data or SMS). • Date, time and duration of call. • Terminal type. • MES IMSI. • Ciphering key sequence • GPS co-ordinates of MES. number. • Random Reference Number • RAND and SRES. (CallerID). • Encryption Algorithm
  • 42. Strategic Satellite Interception Operation 1.5 GHz DOWN 1.6 GHz UP 6 GHz 1.5 GHz UP DOWN 3.5 GHz MES DOWN 3.5 GHz DOWN Gateway Monitoring Centre
  • 43. FAQ
  • 45.
  • 46.