[amsat-bb] Hack-a-Sat finals this weekend - AMSAT volunteers represented!

[Michelle Thompson]

What a weekend!

There were a lot of presentations on satellite technology and security this
year at DEF CON.

Here are two.

https://www.youtube.com/watch?v=u5XLmlm59As
https://www.youtube.com/watch?v=ku0Q_Wey4K0

The Hack-a-Sat competition finals were fundamentally different from the
qualifications. It was the equivalent of qualifying for a Formula 1 race,
and then being taken to a different track and given funny cars to drive
through an obstacle course on race day.

GNU Radio featured heavily in the qualifications, and those of us with
signals, coding theory, and satellite tracking experience were very busy.
The traditional info security team members had somewhat less to do.

For the finals, this was flipped. The challenges were linear, they were
heavily info-sec, everything depended on knowing how to use COSMOS, how to
write applications for core flight, how to get them into a VM and
manipulate memory in sneaky ways.

Most importantly for our team, there was a punishing aspect to the scoring.
As soon as any team solved any challenge, the points available started
deteriorating. Within 2 hours, that challenge was worth 0 points to all
other teams. We were too slow to capture many points. We ended up either
6th or 8th depending on how one interprets the rules (see below!).

This type of scoring, where teams that solve a challenge first get the max
number of points, and everyone else gets less, is common in these types of
competitions. However, it's very rare for the points value to go to zero so
quickly.

That means there's no score incentive to do a challenge that has decayed to
zero, but because the contest was linear, you still had to work on things
that had no score value.

I haven't run the numbers from a game theory perspective, but given the
number of hours the competition was live each day, it may be impossible to
overcome a leading team's early lead, given that you had to solve the
challenges in order.

This was somewhat of a disincentive and got a lot of discussion in our
after-contest meetup.

Another very interesting part was a challenge to design a set of mission
directives to point a satellite at the moon. This was announced as a binary
gate. If you solved it, your team would be considered for prizes. If you
did not solve it, then you were not eligible for prizes. Wow! Yikes!

Well, we solved it. Six teams solved it, two did not. However, the
announced rule did not appear to be enforced. Everyone kept their score.
The highest scoring team failed to do this "side quest".

Our team is not a permanent team. This is in contrast to almost all the
other teams we competed against. We formed for the event. We are now going
to stick together and try more competitions.

So, what's the significance of this team being in the finals?

We had 40 members total. Not everyone competed actively in the finals. From
looking at the Discord server, about 25 people actively competed in the
finals.
Half the team have their amateur radio license. More than half of the
finals participants were hams. A lot of satellite service enthusiasts!
Finals members were split between the US and Europe.
About 30% of the finals team were women.
Age range was 30s-50s.
We finished 4th out of 2000 in the semifinals.

What would have helped our score in the finals?

We knew enough about core flight services (cFS, open source, NASA) to be
helpful. But, not enough of us knew as much about COSMOS (software from
Ball Aerospace) to move quickly enough to be in the points. Paying closer
attention to the hints about COSMOS would have helped a lot.

We made things too hard by assuming things were more difficult than they
actually were. This is not uncommon in CTF competitions! It's easy to get
tunnel vision and not notice that the answer is already there.

We did extremely well in the on-orbit challenge (the pass/fail gate). We
nearly won this part. Another team just barely got ahead of us in terms of
accuracy. The prize for this part was for your mission plan to be put on a
real satellite, and an image of the moon taken using your code. We all
agreed that that was the best prize in the competition.

What did we learn?

Modern satellites require information security skills, networking skills,
memory management skills, and protocol and message passing interface
skills. Computing and digital technologies are a necessary area of
expertise.

Someone that understands the permissions and packet filters just a little
better than the satellite operator, can take out a satellite. It can be
very tricky to find out what is going on, or get it back under control.
Someone that modifies code just enough to waste more propellant than was
allocated, and can cover it up in the telemetry, can do more than just
annoy - they can render a satellite inoperable.

These are the things that the Air Force and other communities seem to be
worried about.

This was a great event and it looks like it will happen again. The top
scoring team was told they had a free "ticket" to enter the CTF finals next
year.

Amateur satellite service enthusiasts made a very strong showing and proved
to be among the best in the world at hacking a real satellite. The target
for the competition was made available to us beforehand as a flat sat, and
I'm going to try to arrange to have it brought to the next in-person
convention that we have in the community, so that people can see it!

I'm organizing the GNU Radio Conference "capture the flag" competition.
This will be held in September, and will have satellite content. The
experience with Hack-a-Sat has been a big inspiration. When GRCon in-person
was postponed, the auto racing themed CTF was postponed too. At first, I
couldn't see how one would put on a CTF for radio signals and radio
hardware for a virtual event. But, Hack-a-Sat qualifications and finals
were both necessarily virtual, and it worked pretty well.

Wouldn't it be great to have a technical satellite competition like this at
Symposium?

More soon!
-Michelle W5NYV





On Thu, Aug 6, 2020 at 1:11 PM Robert MacHale <robert.machale at yahoo.com>
wrote:

> VERY COOL - Michelle - glad to hear you are engaged with the hack-a-sat!
>
> Robert MacHale
> . KE6BLR FCC Licensed Radio Operator
> . http://www.aprsat.com/predict
> . http://www.spaceCommunicator.club
> . Supporting Boy Scout Merit Badges in Radio, Robotics, and Space
> Exploration
> Silly Joke: What did the little mountain say to the bigger mountain? Hi
> Cliff!
> He who dares not offend cannot be honest. -- THOMAS PAINE
>
> There is nothing noble in being superior to your fellow men. True nobility
> lies in being superior to your former self. -- ERNEST HEMINGWAY
>
>
>
>
>
>
> On Thursday, August 6, 2020, 10:25:17 AM PDT, Michelle Thompson via
> AMSAT-BB <amsat-bb at amsat.org> wrote:
>
>
>
>
>
> Greetings all,
>
> There's a major event happening this weekend with a very large amateur
> radio satellite component.
>
> It's DEFCON. This year it's virtual and free to attend!
>
> https://www.defcon.org/
>
> DEFCON draws 30,000 people interested in improving technology and
> themselves.
>
> In the past, amateur radio and AMSAT have been well represented, presented,
> and promoted at WiFi Village, Ham Radio Village, and Hardware Hacking
> Village. It's been a real pleasure to present amateur satellite work at
> DEFCON because the audience is receptive, educated, interested, and
> supportive. Every time we have a booth or talk, the feedback is
> overwhelmingly positive.
>
> The largest US amateur radio licensing session on record happened at DEFCON
> a couple of years ago. Amateur radio is alive and well.
>
> This year, a number of AMSAT members have participated in another aspect of
> DEFCON: The competitions!
>
> There are a lot of competitions at DEFCON. They range from silly to
> extremely difficult multi-day technical ordeals.
>
> This year, the Air Force sponsored a high-end competition called
> Hack-a-Sat.
>
> For the qualifying event, amateur radio satellite service enthusiasts were
> recruited. Our practical knowledge and interdisciplinary can-do spirit was
> something that I thought would provide a unique advantage in a competition
> ordinarily dominated by networking and computing information security
> professionals.
>
> This strategy worked. An interdisciplinary team finished 20th out of over
> 1500. You can find reports about it in the -BB archive.
>
> Unfortunately, while 20th place is a remarkable achievement, that meant
> that team missed out on the finals, as only the top 10 moved on.
>
> However, I have some news! A number of us hams were recruited by teams that
> finished in the finals. There will be several AMSAT engineering volunteers
> participating in the final event this weekend. I'm on ADDVulcan along with
> several others.
>
> We are very excited to represent amateur radio in an event put on by the
> Air Force to explore current and pressing security issues with satellite
> technology.
>
> For the finals, the teams each received a flatsat. The challenges in the
> competition are both "virtual", meaning code only, and also "real", meaning
> having to do with the flatsat hardware.
>
> If you want to follow along, there will be coverage and content at
> https://www.hackasat.com/
>
> Some inside baseball: The team that won the semifinals is a famous
> engineering competition team called PPP. They have withdrawn from the
> finals because they also have a team in the "main" computing CTF at DEFCON,
> and could not field both teams at once.
>
> ADDVulcan finished 4th, and has strengthened their position through
> recruiting and practice.
>
> So, I think it's fair to say that amateur radio satellite service people
> have a chance to contribute to a possible win at an international elite
> competition. Everyone here should be very proud of what our license and
> hobby enables.
>
> Some of the things we've had to learn with respect to tools are Core Flight
> System (NASA open source) and COSMOS, from Ball Aerospace. We've also been
> given an opportunity to see what the Air Force believes are the 1) current
> capabilities of the technical community and 2) what the threat models might
> be.
>
> I look forward to sharing what we learn and how we do with all of you.
>
> These are the sorts of things I think AMSAT should be supporting and
> sponsoring. It's well within our capabilities as a community to host
> competitions like this one, where the goal of the challenges is to produce
> quality open source work that solves particular problems. If you are
> interested in doing something like this, then I'm here to help make it
> happen. Get in touch and let's see what we can come up with!
>
> -Michelle W5NYV
> _______________________________________________
> Sent via AMSAT-BB at amsat.org. AMSAT-NA makes this open forum available
> to all interested persons worldwide without requiring membership. Opinions
> expressed
> are solely those of the author, and do not reflect the official views of
> AMSAT-NA.
> Not an AMSAT-NA member? Join now to support the amateur satellite program!
> Subscription settings: https://www.amsat.org/mailman/listinfo/amsat-bb
>