Monday, 15 October 2012

Cubesat packet authentication with HMAC

Cubesats typically transmit telemetry and scientific measurements back to Earth without any security mechanisms. While this has been ok so far, it is fundamentally insecure. There is nothing to stop an adversary from fabricating packets that appear to be from the spacecraft but actually contain incorrect data. Incorrect data may cause confusion or even undermine the mission.

Luckily, there is a simple method to protect against this called Hash-based Message Authentication Code (HMAC). HMAC is widely used on the internet today as part of TLS (HTTPS) and IPsec. There are many open-source implementations available (some are listed at the end of this post).

HMAC works using a cryptographic hash function and a secret key known only to the spacecraft and its operator. For each data packet, the hash function is computed over a concatenation of the data and the secret key. The result is appended to the packet when it is transmitted. When the packet is received by the operator, they can run the same hash procedure again to verify that the sender knew the secret key. It's impossible for an adversary to fabricate a packet since they don't know the secret key (and they can't infer it because we used a cryptographic hash function).


Naturally, the Carpcomm Ground Station Network is compatible with HMAC packets. Since the network processes raw packets regardless of their contents, satellite operators can easily include HMAC. Furthermore, our telemetry decoding system is flexible enough to include HMAC authentication of packets if desired.

Example. Suppose that
key = "secret" = 73 65 63 72 65 74,
data = "packetid:42" = 70 61 63 6b 65 74 69 64 3a 34 32,
hash function = SHA-256.
Then the HMAC is
1b cb 5c ad 3c 9b 2b c4 58 81 ec 54 2b 21 58 0c
c6 85 d9 f3 60 b7 0e 99 a8 5e 1c a2 4f 8c c0 4d.
Since this is quite long, it can be truncated e.g. by taking the leftmost 8 bytes.
Truncated HMAC = 1b cb 5c ad 3c 9b 2b c4
These bytes would then be appended to the packet when it is transmitted.

The Consultative Committee for Space Data Systems (CCSDS) recommends using a SHA-256-based HMAC. They also recommend not truncating the HMAC. However, some truncation is probably needed for cubesats to avoid overhead.

There is another issue that HMAC alone does not solve: replay attacks. In this scenario, an adversary resends an old packet with data from a year before. Since they are making an identical copy, they can keep the original HMAC and the packet will still authenticate. To protect against this, it's advisable to include a timestamp or packet counter within the data. Then if an old packet is resent, it's obvious that it's old.

HMAC standards and recommendations:
Open-source HMAC implementations:

99 comments:


  1. Thank you for this tutorial.its really informative tutorial.
    konteynershop

    ReplyDelete
  2. Thank you for this guidance.its really informative for all
    lduv-wx

    ReplyDelete
  3. Simply super comments are posted here.
    lsxgjg

    ReplyDelete
  4. I really like this And Great job too gecpx..

    ReplyDelete

  5. its really informative tutorial. Thank you for this tutorial . mrstexasamerica

    ReplyDelete
  6. I really like this And Great job too imobiliarianiteroi..

    ReplyDelete

  7. Information's are more innovative and nice to read it. wjdkj

    ReplyDelete
  8. Most of the information's are related my blog
    lyon-agenda

    ReplyDelete
  9. its really informative tutorial. Thank you for this tutorial .
    bobmehrpharmacies


    ReplyDelete
  10. Not only to read need to spreed every one
    onlyasiansforme

    ReplyDelete
  11. Nice comments too and articles are very nice michaelkorsoutletq

    ReplyDelete
  12. Thank you for this tutorial.its really informative tutorial.
    ofthedarkness


    ReplyDelete
  13. Most of the information's are related my blog
    pikkukaupunkilainen

    ReplyDelete

  14. Nice post. Every one should implement this one.
    iteratesolutions

    ReplyDelete
  15. All the words in simple way every one should understand easily
    oceanlawpublishing

    ReplyDelete
  16. Everyone can easily understand the comments thegreattequilashootout

    ReplyDelete
  17. Simply super comments are posted here.
    IkzhiBo

    ReplyDelete
  18. Technically very well above you said
    hzsdxc

    ReplyDelete
  19. Everyone can easily understand the comments solnejeskyne

    ReplyDelete
  20. Its very useful if every one should follow this
    alkinserver

    ReplyDelete
  21. its really informative tutorial. Thank you for this tutorial tantovincoio

    ReplyDelete

  22. its really informative tutorial. Thank you for this tutorial .
    artchartrons

    ReplyDelete
  23. Peoples are giving the wonderful thoughts for all comments
    ncaafootballclinics

    ReplyDelete
  24. It is very nice and thanks for sharing it event-safari

    ReplyDelete
  25. It is not only to read need to spreed every one nagasaki-npo.

    ReplyDelete
  26. Articles are really nice to read and most of the people like this
    yeyige

    ReplyDelete
  27. I am so excited while I read all the comments.
    dsn027

    ReplyDelete
  28. Thank your for your great post sundoz

    ReplyDelete
  29. Its really nice informative tutorial,so thanks for this tutorial
    aaa-stone

    ReplyDelete

  30. I am so excited while I read all the comments.
    gxshangsi

    ReplyDelete
  31. Good comments are useful to every one xhdeutz

    ReplyDelete
  32. The information's are really good and peoples are given superb comments
    gemofive

    ReplyDelete
  33. Keep posting the articles,useful to every one.
    nigerianmusicfactory

    ReplyDelete
  34. iias2013 Nice to read it...... Good stuff comments here...

    ReplyDelete
  35. Nice post. Every one should implement this one.yingwenhua

    ReplyDelete
  36. Must be appreciated for the article.
    Cnupc

    ReplyDelete
  37. What a good suggestion posted by the peoples.
    E-webLearning

    ReplyDelete
  38. Good stuff comments here... Nice to read it.
    Hi-kdy

    ReplyDelete
  39. Really good one,every should like this betonyvernon

    ReplyDelete
  40. Good stuff comments here... Nice to read it cistartupcamp

    ReplyDelete
  41. Peoples are giving really nice comments for this article
    sensecreator

    ReplyDelete
  42. Thank you for this guidance.its really informative for all..
    bayiv

    ReplyDelete
  43. Thank you for this tutorial.its really informative tutorial.
    emersondameron

    ReplyDelete
  44. The words are so simple and easy to understand
    CuraLoop

    ReplyDelete
  45. Peoples are giving really nice comments for this article
    msgcfitness

    ReplyDelete
  46. Must be appreciated for the article thepopsucker
    .

    ReplyDelete
  47. its really informative tutorial. Thank you for this tutorial . ndnspeechmom

    ReplyDelete
  48. Thank you for this tutorial.its really informative tutorial.
    ArchSport

    ReplyDelete

  49. Thank you for this tutorial.its really informative tutorial. kinograph

    ReplyDelete
  50. I am really excited for read all the post
    thesheltermovie

    ReplyDelete
  51. Not only to read need to spreed every one sqmyxx.

    ReplyDelete
  52. Not only to read need to spreed every one
    pv2009

    ReplyDelete
  53. Peoples are giving really nice comments for this article
    VenueMachine

    ReplyDelete

  54. What a good suggestion posted by the peoples.
    lbgzs

    ReplyDelete
  55. babyminding all the words in simple way every one should understand easily.

    ReplyDelete
  56. Technically very well above you said.
    KateRaphael

    ReplyDelete
  57. Good stuff comments here... Nice to read it. MoyeuvElo

    ReplyDelete
  58. All the information's are more innovative
    klartisan

    ReplyDelete
  59. Peoples are giving really nice comments for this article
    langelandschoolmassacre

    ReplyDelete
  60. Must be appreciated for the article. xnmyz

    ReplyDelete

  61. Thanks for the comments which the peoples are give here. w7zt

    ReplyDelete
  62. Peoples are giving the wonderful thoughts for all comments
    alfredadlerlegacy

    ReplyDelete
  63. Thanks for the comments which the peoples are give here.FantAziafuggony

    ReplyDelete
  64. This comment has been removed by the author.

    ReplyDelete
  65. Nice Post and all information's are used to everybody
    c4modeloflearning

    ReplyDelete
  66. Articles are really nice to read and most of the people like this
    surgelati

    ReplyDelete
  67. Technically very well above you said freyberghouse

    ReplyDelete
  68. All the post are good and the people nice comments to giving all post
    tksxcyw

    ReplyDelete
  69. What a good suggestion posted by the peoples.
    BendaNdBake

    ReplyDelete
  70. Nice Post and all information's are used to everybody
    kis110

    ReplyDelete
  71. What a good suggestion posted by the peoples.
    MopenStudio

    ReplyDelete
  72. All the post are good and the people nice comments to giving all post
    Arayu

    ReplyDelete
  73. Good comments are here, its very useful to every one goldcountrybaptist

    ReplyDelete
  74. This comment has been removed by the author.

    ReplyDelete
  75. Nice post. Every one should implement this one fossilfueldesign

    ReplyDelete

  76. Thank you for this tutorial.its really informative tutorial.
    Zaoxi

    ReplyDelete
  77. Some articles are related in our life,so nice
    VinaHotJobs

    ReplyDelete
  78. Nice Post and all information's are used to everybody
    LyGyyzz

    ReplyDelete
  79. Nice post. Every one should implement this one.
    SeDaySpa

    ReplyDelete
  80. All the post are good and the people nice comments to giving all post
    ChamoTimes

    ReplyDelete
  81. Thanks for the comments which the peoples are give here.
    arcade-gameover

    ReplyDelete
  82. Nice Post and all information's are used to everybody
    wottfood

    ReplyDelete
  83. All the words are simple way every one should understand easily
    menurepairmen

    ReplyDelete