According to the researchers, vulnerabilities in networking technology widely used in space and aircraft, if successfully exploited, could have catastrophic effects on these vital systems, including disrupting NASA missions.
a study Researchers from the University of Michigan and NASA published a description of the attack, which they dubbed “PCspooF,” and simulated it using NASA software and hardware components. Asteroid deflection test The Orion capsule is in the process of docking with a robotic spacecraft.
Spoiler alert: PCspooF causes Orion to drift, lose dock completely, and float through (simulated) space.
There is a glitch in the technology Ethernet runtime (TTE), which the study authors describe as the “backbone of the network” for spacecraft including NASA’s Orion capsule, the Lunar Gateway space station and ESA’s Ariane 6 launcher. TTE is also used in aircraft and power generation systems, and is seen as a “leading competitor” to replace the Standard Control Area Network and FlexRay communication protocols.
TTE allows time-critical (TT) network traffic — devices that send tightly synchronized scheduled messages on a predetermined schedule — to share the same keys with non-critical traffic, such as passenger Wi-Fi on airplanes.
In addition, TTE is compatible with the Ethernet standard, which is commonly used by these complex systems. TTE isolates time-sensitive traffic from “best effort” traffic: non-critical systems send their messages about traffic at critical times. This type of design connects devices to a single network, allowing mission-critical systems to run on low-cost networking hardware while preventing the two types of traffic from interfering with each other.
Breaking the barrier of isolation
PCspooF was, according to the researchers, the first attack to break this isolation.
At the highest level, the attack works by disabling a synchronization system called the Control Framework (PCF) protocol. These are the messages that enable devices at a common table and ensure that they communicate quickly.
The researchers determined that complex machines that don’t make a best effort can infer unique information about the time-inducing part of the network. The devices can then be used to generate malicious sync messages.
Then, the better compromised voltage device may conduct electromagnetic interference at the transformer, sending spurious sync messages to other TTE devices.
“Normally, no device other than a network switch would be allowed to transmit this message, so we did electromagnetic interference with an ethernet cable to make the switch send our malicious message.” description Andrew Lovelace is a PhD candidate in computer science and a subject matter expert at the NASA Johnson Space Center.
“Once the attack ends, the TTE devices will periodically lose sync and start reconnecting,” Lovelace said.
A successful attack could cause TTE devices to lose synchronization for up to a second, causing “dozens” of messages triggered over time to fail to forward and critical systems to fail. “In the worst case, PCspooF causes these effects to all TTE devices in the network simultaneously,” the researchers wrote.
After successfully testing the attack, the researchers exposed the vulnerabilities to organizations that use TTE, including NASA, ESA, Northrop Grumman Space Systems, and Airbus Defense and Space. Building on the research, NASA is also rethinking how it experiments and validates off-the-shelf commercial hardware. ®