New Routing System Could Help Protect Starlink and Other LEO Satellite Networks from Hackers

New Security System Could Help Protect Starlink and Other Satellite Networks from Hackers

A team of Chinese researchers from Tsinghua University has developed a novel security system called STARVERI that could help protect growing satellite internet networks like SpaceX's Starlink from cyber threats.

The system addresses a critical vulnerability: as satellites orbit Earth, they inevitably pass over areas where they could be vulnerable to hacking or data theft. STARVERI verifies that network traffic avoids these "risk areas" while maintaining efficient service.

Initial testing shows the system achieves nearly 100% accuracy in path verification while imposing minimal delays on network traffic. This could be crucial for Starlink, which has over 6,300 satellites and 3 million subscribers as of 2024.

"Traditional security methods either overburden satellite systems or don't work well with constantly moving networks," explains lead researcher Zeqi Lai. "STARVERI solves this by using dynamic relay points and lightweight verification methods."

The research comes as satellite internet networks face increasing security challenges. Recent years have seen multiple attempts to hack or hijack satellite communications, highlighting the need for better safeguards as these networks become critical global infrastructure.

The team's findings were presented in a peer-reviewed paper at the International Conference on Network Protocols. 

STARVERI: Efficient and Accurate Verification for Risk-Avoidance Routing in LEO Satellite Networks

Computer Science > Networking and Internet Architecture

[Submitted on 21 Dec 2024]

Chenwei Gu, Qian Wu, Zeqi Lai, Hewu Li, Jihao Li, Weisen Liu, Qi Zhang, Jun Liu, Yuanjie Li

Emerging satellite Internet constellations such as SpaceX's Starlink will deploy thousands of broadband satellites and construct Low-Earth Orbit(LEO) satellite networks(LSNs) in space, significantly expanding the boundaries of today's terrestrial Internet. However, due to the unique global LEO dynamics, satellite routers will inevitably pass through uncontrolled areas, suffering from security threats. It should be important for satellite network operators(SNOs) to enable verifiable risk-avoidance routing to identify path anomalies.

In this paper, we present STARVERI, a novel network path verification framework tailored for emerging LSNs. STARVERI addresses the limitations of existing crypto-based and delay-based verification approaches and accomplishes efficient and accurate path verification by:

(i) adopting a dynamic relay selection mechanism deployed in SNO's operation center to judiciously select verifiable relays for each communication pair over LSNs; and

(ii) incorporating a lightweight path verification algorithm to dynamically verify each segment path split by distributed relays.

We build an LSN simulator based on real constellation information and the results demonstrate that STARVERI can significantly improve the path verification accuracy and achieve lower router overhead compared with existing approaches.

Subjects:	Networking and Internet Architecture (cs.NI)
Cite as:	arXiv:2412.16496 [cs.NI]
	(or arXiv:2412.16496v1 [cs.NI] for this version)
	https://doi.org/10.48550/arXiv.2412.16496

Authors

The paper's authors represent a collaboration between two Chinese institutions:

Primary Institutions:
- Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing
- Zhongguancun Laboratory, Beijing

Authors and Roles:
- Chenwei Gu, Qian Wu, Zeqi Lai (corresponding author), Hewu Li, Jihao Li, Weisen Liu, Qi Zhang, Jun Liu, and Yuanjie Li

Key Prior Work Referenced:

1. Path Verification Methods:
- ICING (2011) - Early crypto-based verification
- OPT (2014) - Lightweight source authentication
- EPIC (2020) - Data plane packet verification
- Alibi Routing (2015) - Delay-based verification

2. LEO Network Research:
- Handley (2018) - Low latency routing in space
- StarryNet (2023) - LEO network simulation framework
- Multiple papers on routing security in satellite networks (2021-2023)

The paper builds upon and addresses limitations in both crypto-based and delay-based verification methods, while leveraging recent advances in understanding LEO network dynamics and topology.

The work was supported by China's National Key R&D Program and National Natural Science Foundation.

Submission history

From: Chenwei Gu [view email]
[v1] Sat, 21 Dec 2024 05:52:38 UTC (2,941 KB)

Article Summary

This paper presents STARVERI, a novel framework for verifying that network paths in Low Earth Orbit (LEO) satellite networks avoid designated risk areas. Key points:

Problem:

• - LEO satellites move globally and may pass through uncontrolled areas, risking traffic hijacking and data leakage
• - Existing verification methods have limitations:
•   - Crypto-based approaches: High overhead on resource-constrained satellites
•   - Delay-based approaches: Poor accuracy due to LEO's dynamic topology

STARVERI's solution:

1. Dynamic Relay Selection:

• - Uses Nearest Low-Risk Planes (NLRP) to limit risk nodes
• - Dynamically selects relay satellites to split paths into segments
• - Avoids risk areas while minimizing delay penalties

2. Lightweight Verification:

• - Only relays perform MAC operations, reducing overhead
• - Uses inter-relay probing to establish delay ground truth
• - Verifies segments using both routing info and propagation delays

Results:

• - Near 100% verification accuracy for city pairs served by Starlink/Kuiper
• - Lower delay penalties compared to existing approaches
• - Better scalability and reduced router overhead
• - Successfully handles multiple risk areas

The authors validate STARVERI through extensive simulations using real constellation data from Starlink and Kuiper, demonstrating its effectiveness for secure routing in dynamic LEO satellite networks.

This work is significant as satellite networks like Starlink expand, making secure routing verification increasingly important for global internet infrastructure.

Background of the study:

The paper discusses the importance of path verification in emerging Low-Earth Orbit (LEO) satellite networks (LSNs). LSNs are being rapidly deployed by companies like SpaceX and Amazon to provide global internet services. However, due to the unique global LEO dynamics, satellite routers will inevitably pass through uncontrolled areas, which can lead to security threats like traffic hijacking and information leakage. Therefore, it is crucial for satellite network operators (SNOs) to enable verifiable risk-avoidance routing to identify path anomalies.

Research objectives and hypotheses:

The paper presents STARVERI, a novel network path verification framework tailored for emerging LSNs. STARVERI aims to address the limitations of existing crypto-based and delay-based verification approaches and accomplish efficient and accurate path verification in dynamic LSNs.

Methodology:

STARVERI incorporates two key techniques:
1) A dynamic relay selection mechanism deployed in the SNO's operation center to judiciously select verifiable relays for each communication pair over LSNs.
2) A lightweight path verification algorithm that integrates routing information and propagation delays to jointly verify the path compliance between the planned and the actual paths.

Results and findings:

The results of the large-scale simulation demonstrate that STARVERI can:
1) Achieve near-100% verification accuracy for city pairs served by Starlink and Kuiper constellations.
2) Largely reduce the delay of verifiable risk-avoidance paths compared to existing approaches.
3) Achieve low processing overhead and better scalability than crypto-based approaches.

Discussion and interpretation:

The paper shows that existing crypto-based and delay-based verification approaches suffer from high overhead and inaccuracy, respectively, in the dynamic LSN environment. STARVERI's dynamic relay selection and lightweight verification algorithm can effectively address these limitations.

Contributions to the field:

The main contributions of the paper include:
1) Highlighting the importance of path verification in emerging LSNs and exposing the inefficiency and inaccuracy problems of existing approaches.
2) Presenting the STARVERI framework, which exploits dynamic relay selection and a lightweight verification algorithm to efficiently and accurately verify dynamic network paths in LSNs.

Achievements and significance:

STARVERI can significantly improve the path verification accuracy, reduce the delay penalty of verifiable risk-avoidance paths, and achieve better scalability and performance compared to existing approaches.

Limitations and future work:

The paper does not discuss the potential impact of frequent path changes on the accuracy of the probing-based delay estimation used in STARVERI. Future work could explore more robust delay estimation techniques to handle the highly dynamic LSN topology.

StarVeri Routing Algorithm

The StarVeri routing algorithm uses a dynamic relay-based traffic steering mechanism and a lightweight, segment avoidance verification algorithm to efficiently and accurately verify dynamic network paths in low-Earth orbit satellite networks (LSNs).

It exploits a controller that reads satellite location data, calculates risk satellites and dynamic relays, obtains segment detour delay thresholds, and constructs the complete routing path for each communication city pair.

The source node pre-processes each ping packet by embedding them with timestamp, HASH, and AUTH fields, and the relays update the AUTH fields and forward the packets to the destination, which makes the final verification decision.

The normal nodes forward the packet without extra operations.