| Website | https://jwillbold.com/ |
| GitHub | https://github.com/jwillbold |
| https://twitter.com/jwillbold | |
| Location | Bochum, Germany |
Are you still writing your space and satellite security papers for #SpaceSec23? The deadline has been extended to 13 January AoE, so almost one week to get that paper in!
CfP: https://easychair.org/cfp/SpaceSec23
#NDSS23: https://www.ndss-symposium.org/ndss2023/submissions/cfp-spacesec/
Only 7 days left to submit to @spacesec co-located at NDSS 2023, the first academic workshop on the security of space and satellite systems! Papers can have 4 or 8 pages and a large range of topics.
We are also collaborating with the CySat 2023 satellite security conference in Paris to offer up to five papers an additional chance to also present their work in Paris in April.
CfP: https://easychair.org/cfp/SpaceSec23
Send any questions regarding the workshop to my co-chair @masor or me!
#cybersecurity #space
Also now on Mastodon! :)
We are holding the Workshop on Satellite and Space Security at @NDSSSymposium
2023, the first academic workshop on space systems security. We accept short/long papers on all aspects of #space #security.
Submission: 10 Jan 2023, AoE.
CfP: https://www.ndss-symposium.org/ndss2023/submissions/cfp-spacesec/
We also collaborate with the CYSAT satellite security conference. Up to five accepted papers may also present their work on-site in Paris at the CySat 2023!
Any questions let us (@masor + @jwillbold) know!
Call for Papers: Workshop on the Security of Space and Satellite Systems (SpaceSec23) Novel mega-constellations in Low Earth Orbit (LEO), including those of Starlink, OneWeb and others, will see over 100,000 satellites in space over the next several years. They will increasingly fulfill communication functions in both consumer settings and critical infrastructures. These critical functions, ranging from global navigation … Continued
For some odd reason, flight tracking has been in the news. Perfect time for the first post here, with an infosec/flight tracking crossover that couldn't be more topical.
Usual caveat: None of this should be construed as some sort of value statement, it's just me providing the facts from a security researcher's point of view.
First there's a new article published at the 10th OpenSky Symposium (and online today at https://www.mdpi.com/2673-4591/28/1/7). It discusses how some owners of private jets have been trying to subvert public and crowdsourced data.
Great example provided below, an anonymous user trying to pass off Bernard Arnault's jet (of @laviondebernard fame) with transponder ID 395580 as a non-existing generic Air France aircraft. There were many more cases of astroturfing that we found. Full talk available now here: https://www.youtube.com/watch?v=KIz6M1YAI_g&list=PLNft4qtPGeqN0MtUc_k-R-H3wvxUN0WVq&index=4
But with everyone nowadays apparently an expert on flight tracking and blocking (taking over from epidemiology and military strategy it seems), it's some more science communication time: I want to submit two more articles for your reading pleasure.
1. Tracking aircraft is a fact of life in an era of cheap software defined radios. The ability to do so was a design decision for compatibility and safety done 30 years ago. It affects all stakeholders, unless you're the military and can switch all your comms off. Long analysis here in our 2018 paper: https://www.cs.ox.ac.uk/files/9919/eurosnp.pdf
It will also explain why all existing methods to prevent tracking are, sometimes hilariously, inept from a computer security perspective. This includes, but is not limited to web tracker blocking programmes (BARR, ASDI, LADD or whatever the flavour du jour is) and also the Privacy ICAO address (PIA) programme. They all are security through obscurity *at best*.
2. When the PIA was announced in 2019 it was clear it wouldn't do a single thing to make anybody more private. Sadly, it seems that FAA and NBAA never asked anyone familiar with computer security when designing this (we offered, no dice). So we started collecting data right when it went online in 2020 (before covid) to show it's useless.
You can read our analysis here, and it's been proven correct plenty of times in practice by now: https://cs.ox.ac.uk/files/13229/flying-in-private-mode.pdf
In short: It's like being the only one on a university campus on the TOR mixnet and using it to make a bomb threat in order to stop an exam. You'll stick out like a sore thumb and the police will have no trouble identifying you. [1]
Bernard Arnault realized correctly that the only privacy solution is to charter/fractional ownership. https://edition.cnn.com/2022/10/19/business/bernard-arnault-sells-private-jet-over-twitter-tracking/index.html
Again, this is not a value statement, it's just how the world is right now and it won't change anytime soon. Not with 100k cheap crowdsourced trackers globally and more by the day.
Tl;dr: Been droning on about aircraft privacy for over half a decade (NB: I was certainly not the only one!). Nobody cared. In 2022, shit hit the fan.
The usage of large private and business jets, from those owned by Elon Musk to Kylie Jenner and Bernard Arnault, has recently attracted considerable attention in many countries. Enabled by open and crowdsourced aircraft tracking systems based on the automatic dependent surveillance–broadcast protocol, the aircraft and their owners have been scrutinized. While the underlying technology is not novel and its privacy issues have been discussed for years, the increased attention has led to the backlash against open tracking data and, consequently, a scramble to find possible solutions to hide private jets from the public eye. In this paper, we analyze two such methods, which have not yet been discussed previously in the literature: blocking requests to web tracking platforms and malicious editing of crowdsourced databases. We draw on data from the OpenSky Network and illustrate the futility of such approaches. Finally, we outline the type of stakeholders and aircraft deploying such methods, as well as demonstrate the level of environmental impact that might have otherwise been missed by the public.
SpaceSec
Christoph Meyer
Martin