Andrei Costin, Hannu Turtiainen, Syed Khandkher and Timo Hamalainen (Faculty of Information Technology, University of Jyvaskyla, Finland)

Presenter: Andrei Costin

COSPAS-SARSAT is an International programme for “Search and Rescue” (SAR) missions based on the “Satellite Aided Tracking” system (SARSAT). It is designed to provide accurate, timely, and reliable distress alert and location data to help SAR authorities of participating countries to assist persons and vessels in distress. Two types of satellite constellations serve COSPAS-SARSAT, low earth orbit search and rescue (LEOSAR) and geostationary orbiting search and rescue (GEOSAR). Despite its nearly-global deployment and critical importance, unfortunately enough, we found that COSPAS-SARSAT protocols and standard 406 MHz transmissions lack essential means of cybersecurity.

In this paper, we investigate the cybersecurity aspects of COSPAS-SARSAT space-/satellite-based systems. In particular, we practically and successfully implement and demonstrate the first (to our knowledge) attacks on COSPAS-SARSAT 406 MHz protocols, namely replay, spoofing, and protocol fuzzing on EPIRB protocols. We also identify a set of core research challenges preventing more effective cybersecurity research in the field and outline the main cybersecurity weaknesses and possible mitigations to increase the system’s cybersecurity level.

View More Papers

Private Certifier Intersection

Bishakh Chandra Ghosh (Indian Institute of Technology Kharagpur), Sikhar Patranabis (IBM Research - India), Dhinakaran Vinayagamurthy (IBM Research - India), Venkatraman Ramakrishna (IBM Research - India), Krishnasuri Narayanam (IBM Research - India), Sandip Chakraborty (Indian Institute of Technology Kharagpur)

Read More

Breaking and Fixing Virtual Channels: Domino Attack and Donner

Lukas Aumayr (TU Wien), Pedro Moreno-Sanchez (IMDEA Software Institute), Aniket Kate (Purdue University / Supra), Matteo Maffei (Christian Doppler Laboratory Blockchain Technologies for the Internet of Things / TU Wien)

Read More

Cryptographic Oracle-based Conditional Payments

Varun Madathil (North Carolina State University), Sri Aravinda Krishnan Thyagarajan (NTT Research), Dimitrios Vasilopoulos (IMDEA Software Institute), Lloyd Fournier (None), Giulio Malavolta (Max Planck Institute for Security and Privacy), Pedro Moreno-Sanchez (IMDEA Software Institute)

Read More

Do Privacy Labels Answer Users' Privacy Questions?

Shikun Zhang, Norman Sadeh (Carnegie Mellon University)

Read More