Researchers break security guarantees of TTE networking used in spacecraft

On Tuesday, November 15th 2022, a group of researchers published findings on a
new vulnerability in the Time-Tagged Ethernet (TTE) protocol called PCspooF.
This vulnerability allows an attacker to disrupt the flow of mission critical
time triggered messages with delays of up to 300% of the TTE communication
period. These findings are particularly important because the crewed Orion
capsule is reliant on TTE to reduce the cost and weight associated with
multiple onboard networks traditionally utilized in spacecraft.

Researchers demonstrated this vulnerability on the testbed
for NASA’s crewed Orion capsule. They conducted a simulated mission where
the capsule attempted to dock with a robotic spacecraft while under the effects
of a PCspooF attack. The findings were clear, when unaffected the mission went
off without a hitch. When all mission critical controls, expected every 25
milliseconds, were delayed by 65 milliseconds due to the attack however, researchers
were unable to control the spacecraft with the necessary finesse required to
pull off the mission.

The PCspooF attack works by first listening to messages sent
over the TTE network to find two pieces of secret information, the critical
traffic marker and the virtual link ID. These values together can be used to
craft an authentic looking protocol control frame (PCF). The next step of the
attack involves sending the PCF message through a lower priority router and
then utilizing electromagnetic interference to cut off the header of the frame
in transit. This change to the request tricks downstream routers into thinking
that this malicious PCF message is time sensitive and should be given priority.
This attack is known as a “packet-in-packet” attack which traditional ethernet
networks have been highly vulnerable to in the past.

Due to the TTE network architecture, a PCspooF attack on
earth can affect a human’s ability to manually control a space vehicle in orbit
or beyond because the attacking packets share priority with the manually inputted
commands on the network. There are methods of defending against this attack
that are discussed in depth in the research paper, and responsible disclosure
on the part of the researchers to ensure that NASA had enough time to address
this finding. That said, this is still a terrifyingly effective attack on a
network architecture that was thought to be secure.

Original Article: