It is a given that reliability and continuity of data transmission services are the main requirements for satellite communications systems. Their greatest advantage lies in their ability to quickly provide communication services in locations where there is no telecommunications infrastructure. These can be remote and inaccessible regions, deserted areas or areas where technogenic or natural disasters have occurred. However, in the modern world there is another even more important criterion for evaluating communication systems, and this is related to its reliability and resistance to external influence.
In this blog post, we would like to analyze the operations of the Starlink Global Satellite System deployed by SpaceX in terms of security and resilience. Does this system have weaknesses and shortcomings that could be used to disrupt its operations?
In order to identify and describe possible vulnerabilities, we analyzed the architecture of this system. It is well known that it consists of three main elements:
- constellations of small satellites in low Earth orbit,
- networks of ground stations, and
- user terminals.
At the beginning of October 2022, about 3,500 satellites were launched into low Earth orbit with an orbital height of about 550 kilometers (342 miles). Most of the Starlink satellites are just repeater stations, with signals fed to them from ground stations and then redirected to user terminals. The orbital height and network delay values allow for the calculation of the communication radius of the ground stations. For a round-trip delay of 20 to 80 milliseconds, the communication radius of a ground station is limited to 1,000 kilometers.
To increase the communication radius, the network is supposed to use self-organizing (ad hoc) network technologies. The introduction of this technology allows users to transfer data between satellites and build longer routes. One of the constellation satellites receives a signal from a ground station, then the data is transmitted throughout the series of satellites until it reaches the one that provides communications to the ground user terminal. Such routing technologies are well developed, but they have several significant drawbacks.
The first disadvantage concerns power consumption, which is very limited for a small satellite. This is due to the fact that to transmit the same amount of data over a self-organizing satellite network, much more energy is required than when relayed using a single satellite. Therefore, the overall performance of the entire satellite constellation is greatly reduced.
The second drawback is the significant deterioration in the quality of communications over self-organized channels. This applies to both the available bandwidth and the values concerning delay, jitter, and packet loss. This is a consequence of the Shannon-Hartley theorem. That is, the use of self-organization technologies allows for the solving of the problem of communication radius for ground stations when new technical difficulties arise.
Due to the large number of satellites, the constant replenishment of the constellation, and the complexity of influencing each of the elements, the satellite component is the most stable part of the Starlink satellite system. The network of user terminals is no less reliable due to their abundance and mobility, but there are difficulties in determining their exact locations (although, with some effort, it is possible to determine a terminal's coordinates). Regardless, the number of terminals greatly increases the reliability of the entire system.
Finally, we analyzed the reliability of the ground stations. These are the most complex, expensive, and key elements of the Starlink satellite system, since they must simultaneously interact with hundreds of satellites and process data streams at gigabit and terabit speeds. These stations are also used to manage the satellite constellation itself: they collect telemetry, command the movement of the satellites, and control data transmission. Ground stations are also used as gateways to the global Internet and to other special-purpose networks.
The role of the ground stations can therefore hardly be overestimated, but the number of these stations is small compared to the number of satellites in the constellation. The estimation of the communication radius of one ground station has led to the conclusion that one to five ground stations are required in most countries to provide stable connections. Therefore, ground stations are the weakest link in the Starlink satellite system.
In our opinion, there is a low degree of possibility in organizing a total attack on the global satellite system, causing the incapacitation of most ground stations around the world. However, disruptions to the system through the shutdown of several (five to 10) ground stations is quite plausible. Thus, connectivity may be disrupted in several large countries located near the outage.
From the attacker's point of view, it would be necessary to start collecting data to find the exact geographical coordinates of the stations. Furthermore, it would be useful to discover the schemes under which communications are organized: through which links and operators the Internet is accessed; what the gateways to special networks are; what are the specific routing features and IP addresses of the system, etc. Radio engineering and telemetry information is no less important: the design and specific function of the antennas, the operating frequencies, the signal modulation methods, the maximum viewing angle and maximum distance to the satellite, etc. Such information would be enough to develop an attack scenario to disable the global satellite system in a certain area and for a substantial period of time.
The main attack vectors against ground stations can be classified as follows:
- Attempts to physically damage ground stations in a region.
- Cyber attacks on telecommunications infrastructure.
- Radio-based attacks.
In this post, we have no wish to discuss ways to physically damage ground stations, but the participation of the Starlink satellite system in hostilities, confirmed by the company's management, does not increase the reliability of the system. Residents in the areas surrounding ground stations should be aware that the ground stations of the Starlink satellite system are dangerous sites that risk potential military attack. Therefore, it is better not to settle or live near these stations, so as not to suffer innocently.
Various types of network attacks and means of hijacking systems are the essence of cyber-attacks, but in our opinion Starlink's defense mechanisms are quite well-developed. An exception in terms of security may be gateways to third-party networks, which may not be administered as they should be. Attacks through electronic means show promise for attackers, and there is room for such activities. Imaginative attackers are everywhere, so you can expect them to be creative.
We know that when jamming a ground station, the device used by the interferer must be above the station. Most likely, it can be placed in a low, even suborbital orbit, but the effect of such interference will be limited time-wise. When jamming communications at the satellite level, the goal will be to disrupt the self-organizing routing system. This can be done easily by jamming both from the ground and from space at the same time.
A superficial threat analysis of the Starlink satellite system has shown that the most vulnerable part is the system of ground stations that provide communications in a limited area on the ground. If they become disabled, there will be interruptions in communication in the given area, and possibly wider.
We share Elon Musk's concerns about the sustainability of the global Starlink satellite system.
Andrei Sukhov is a senior member of ACM. He may be reached via [email protected] Independent expert Evgeny Sagatov can be reached via [email protected] Independent expert Dmitry Filimonov can be reached via [email protected]