paint-brush
Satellite OSINT: Space-Based Intelligence in Aerospace Cybersecurityby@angelinatsuboi
2,485 reads
2,485 reads

Satellite OSINT: Space-Based Intelligence in Aerospace Cybersecurity

by Angelina TsuboiMay 10th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The field of cybersecurity called OSINT (short for open source intelligence) is often employed within cybersecurity to identify and track down bad actors and possible vulnerabilities. Satellites help collect a plethora of space-based or geospatial data using sensors and cameras. Examples of data collected by satellites include imagery of planet surfaces like Earth for mapping and environmental monitoring.
featured image - Satellite OSINT: Space-Based Intelligence in Aerospace Cybersecurity
Angelina Tsuboi HackerNoon profile picture

Publicly accessible datasets of satellite information such as telemetry, images, locations, and positioning predictions have made retrieving useful satellite data a lot easier for researchers and developers. The wide dissemination of these tools to gather pertinent information form satellites can provide useful geospatial information and insights into current events occurring around the world. This process of obtaining information from datasets in order to garner a better understanding of one’s environment (aerospace related or for general reconnaissance purposes) constitutes a widely regarded field of cybersecurity called OSINT (short for open source intelligence). The utility of satellite OSINT lies in being able to extract intelligence that can be utilized by federal organizations such as governmental agencies, military, private companies, etc in order to make better informed decisions during aerospace or geospatial related endeavors. For instance, images transmitted from satellites has been used in the past by the U.S. military in order to hunt down natural resources such as oil and gas to track the impact of global phenomenon like climate change and natural disasters.

Recently, I have become enamored by the field of aerospace cybersecurity and decided to learn more specifically about satellite reconnaissance systems by building a OSINT CLI (command line interface) tool using a programming language developed by Google called Golang. You can visit this GitHub repository to learn more about it. This article will serve as a primer to develop a foundational understanding of OSINT and its applications in cybersecurity, more specifically the aerospace sector. We will dive into the information that can be extracted from satellites, the application and relevance of that data, and how we can utilize external libraries and APIs along with Golang to develop a custom satellite based OSINT tool.

Democratization of Aerospace Cybersecurity

As aerospace applications and technologies become more mainstream in the upcoming years due to the expansion of the aerospace industry and the rapid development of space exploration, it is imperative to keep in mind the vulnerabilities these systems may possess in order to evade mass cyber attacks especially for crucial systems deployed into space. One way to do this is by making space-related cybersecurity applications and aerospace cyber education more accessible to the broader public. Thanks to the developments of new technologies, personal aerospace development has changed to become much more mainstream and approachable by any space enthusiast who wants to get their feet wet into creating programs that can be employed in space and/or leverage space-based data to conduct cybersecurity related activities ranging from threat intelligence to network segmentation to information management. Lucky for us developers, thousands of credible organizations have made their space based data collection public to the world via online datasets or publicly accessible APIs. In this article, I will be using the APIs provided by Space Track and N2YO to obtain information from specified satellites.

OSINT

OSINT — short for Open Source Intelligence — describes the process of collection, analysis, and dissemination of publicly available data sources. This could be any form of stored data ranging from website credentials (like usernames, emails, and passwords), press releases, social media posts, and in our case satellite information.

OSINT is often employed within cybersecurity to identify and track down bad actors and possible vulnerabilities. By diving into the data outputted by OSINT tools, security professionals can detect for vulnerabilities within their own systems by running a comprehensive audit or get insights into the attack strategies and information of potential hackers (ie. enumerating through publicly available information about hackers in order to find where they are located).

Satellite OSINT
One subfield of OSINT is for aerospace systems such as satellites. Satellites help collect a plethora of space-based or geospatial data using sensors and cameras. Examples of data collected by satellite include imagery of planet surfaces like Earth for mapping and environmental monitoring, communications data like internet and email traffic, navigation data such as GPS signals, environmental information such as ocean currents and air quality, etc etc.

Satellite Theory
Before we dive further into the data sets that can be collected from satellites, let’s explore further into what a satellite is and its applications to real world research and data collection.

What are Satellites?
The general definition of a satellite is any celestial body that is within the orbit of another object in space. More specifically, artificial satellites are man-made space technology deployed into orbit around the Earth or another planet for a series of purposes such as navigation, weather forecasting, communication, surveillance, etc. The first artificial satellite, the Sputnik 1, was deployed by the Soviet Union on October 4, 1957. Since then, over 2500 satellites have been deployed into space performing a wide range of tasks such as communications for radio and television shows, observing meteorological data, and collecting useful information for scientists in research groups for the Hubble Space Telescope or the International Space Station to utilize.

Satellite Functionality

Image from the Space Foundation

At its core, every satellite can be broken down into the following components:
Antennas: antennas are used onboard satellites in order to transmit and receive signals from Earth

Command and Data Handling: this system is the functional core of the satellite responsible for monitoring the state of the satellite and receiving commands from Earth

- Chassis: the chassis of the satellite houses all the components and is made out of strong, durable material that can withstand the harsh environment of space

Power Source: the power source provides power to all the necessary components of the satellite. Most satellites rely on a solar array system that converts sunlight into electrical energy.

Thermal Regulators: thermal control components of the satellite shield to withstand extreme changes in temperature throughout its lifespan.

Transponders: satellites rely on uplink and downlinks to retrieve signals from Earth. The transponder converts uplink frequencies to downlink frequencies and then amplify the transmission to be sent to Earth.

Sensor Systems: satellites house a wide range of sensors each designed to measure a specific value of a physical phenomena about Earth and its environment. Some sensors include optical sensors which measure reflected infrared light from the surface of the Earth, radar sensors that use radio waves to measure the distance and elevation of objects on the surface of the Earth, magnetometers which measure the strength and direction of the Earth’s magnetic field, etc.

Data Collection Methodology
Every satellite is equipped with a modulator and a demodulator which fine tune the data into radio waves and vice versa. The data collected by the satellite is encoded and formatted before being transmitted down through a satellite communications downlink. During its operation, data is transmitted from remote platforms to the satellite randomly or by using a interrogative command. Onboard the satellite, the data is stored either on the board for reading at a central receiving site or transmitted directly to a control processing center where the data is subsequently formatted and publicized for researchers and developers to use.

Data Collection

Satellite imagery and information come from a wide variety of sources including government agencies, commercial satellite providers operated by companies like Maxar Technologies and Planet Labs, open data platforms hosted by platforms like the European Space Agency and NASA, and crowdsourced online services. Satellite information in those publicly available datasets can be typically accessed via an API (application programming interface) endpoint which lets us retrieve formatted satellite information by sending a web request with the proper credentials to the service that provides the data.

APIs
APIs make it incredibly easy for developers to integrate satellite data into their application workflow. Once satellite information is retrieve from an API endpoint, the developer can use it for analysis or visualization. Some viable options for satellite based APIs include the following…

Google Earth Engine API
: The Google Earth Engine API provides a robust set of geospatial data making it compatible with applications that want to display or analyze geospatial telemetry datasets.
Sentinel Hub APIThe Sentinel Hub API returns satellite data from the European Space Agency’s Sentinel program.
AWS Ground Station APIAWS hosts their own satellite data and telemetry REST API program called AWS Ground Station.
Maxar GBDX APIMaxar’s Geospatial Big Data platform (GBDX) API is a great resource that hosts a wide range of satellite data.
Space Track API: Space Track is a site that hosts a wide range of space-related spatial information including its own satellite catalog.
N2YO API: N2YO provides real time satellite coverage and datasets via their REST API.

Telemetry Data
A wide range of data collection can be performed onboard satellites including indicators of status (power level, temperature, and operating factors), attitude / orbit (position, velocity, and orientation in space), intrument measurements (temperature, humidity, composition, etc), and data from payloads (data extracted from miscellaneous sensors and cameras). In order to collect this information, satellites use a wide range of communication methods such as radio frequency and laser communication to send the formatted data to Earth.

TLEs and Orbital Parameters
Once the data is received from the satellite by satellite data providers, the data is typically formatted according to the TLE standard. TLEs, or Two-Line Elements, are a conventional data format used to describe the orbital parameters of objects in space. TLEs are segmented into two lines containing telemetry information about the satellite. They always adhere to the structure below…

ISS (ZARYA)
1 25544U 98067A   08264.51782528 -.00002182  00000-0 -11606-4 0  2927
2 25544  51.6416 247.4627 0006703 130.5360 325.0288 15.72125391563537

The composition of TLEs is as follows:

Line One:
Satellite Name
: 11 characters containing the identifiable name of the satellite (ISS (ZARYA))

Line Two:
Line Number:
 1
Satellite Catalog Number: catalog number of satellite defined by 5 characters (25544)
Classification: U: unclassified, C: classified, S: secret (U)
International Designator: last two digits of launch year (98)
International Designator: launch number of the year (067)
International Designator: piece of the launch (A)
Epoch Year: last two digits of year (U)
Epoch: day of the year and fractional portion of the day (264.51782528)
First Derivative of Mean Motion: the ballistic coefficient (-.00002182)
Second Derivative of Mean Motion: decimal point assumed (00000–0)
B* Drag Term: radiation pressure coefficient. decimal point assumed (-11606–4)
Ephemeris Type: always zero; only used in undistributed TLE data (0)
Element Set Number: incremented when a new TLE is generated for this object (292)
Checksum: checking modulo 10 (7)

Line Three:
Line Number: 2
Satellite Catalog Number: catalog number of satellite defined by 5 characters (25544)
Inclination: in degrees (51.6416)|
Right Ascension: right ascension of the ascending node (degrees) (247.4627)
Eccentricity: decimal point assumed (0006703)
Argument of Perigee: in degrees (130.5360)
Mean Anomaly: in degrees (325.0288)
Mean Motion: revolutions per day (15.72125391)
Revolution Number of Epochs: revolution number at epoch (revolutions) (56353)
Checksum: checking modulo 10 (7)

Orbital Parameters Explained

Image from the Engineering 176: Orbital Design

First Derivative of Mean Motion: Average angular velocity of the satellite over time
Second Derivative of Mean Motion: rate of change of first derivative of mean motion. Rate of change of rate of change of satellite’s mean motion
B* Drag Term: atmospheric drag on satellite’s orbit. it is used alongside the ballistic coefficient of the satellite to calculate rate of decay of atmospheric orbit
Inclination: angle between plane of satellite’s orbit and plane of satellite’s equator
Right Ascension: analogous with Earth’s longitudinal coordinate system. used to keep track of satellite’s space positioning
Eccentricity: describes shape of elliptical orbit by taking the ratio of the distance between the foci of the ellipse and the length of the major axis
Argument of Perigee: angular distance between ascending node and perigee
Mean Anomaly: angle representation of satellite in orbit around its central body
Mean Motion: average angular speed the satellite moves at around its central body
Revolution Number of Epochs: number of complete orbits satellite has completed for a specified epoch length

Global Positioning

Using the provided APIs, we can retrieve the position of satellites in space, When we request for satellite position, we will be provided with data that adheres closely to the outlined data format below…

Image from the  ADCS For Beginners

Latitude: geographic coordinate that measures a geolocation north or south of the Earth’s equator
Longitude: geographic coordinate that measures a geolocation east or west of the Prime Meridian
Azimuth: angular distance between satellite and observer’s northward horizon
Elevation: satellite elevation with respect to observer’s location
Ascension: right ascension of satellite (one of two space coordinates used to describe positioning of satellite in space)
Declination: right declination of satellite (one of two space coordinates used to describe positioning of satellite in space)

In relation to satellite positioning systems, you may of heard of GPS (aka Global Positioning System). GPS is operated on a system of satellites that work together as a radio navigation system. GPS provides geolocation and time information to a GPS receive anywhere on Earth where is an unobstructed line of sight to four or more satellites.

Mathematics behind Orbital Mechanics

Johannes Kepler studied the motion of celestial bodies in outer space and was able to derive three basic laws about planets known as Kepler’s laws of planetary motion. They are as follows:
1. All planets move in elliptical orbits with the sun at one focus.
2. A line joining any planet to the sun sweeps out equal areas in equal times.
3. The square of the period of any planet about the sun is proportional to the cube of the planet’s mean distance from the sun.

In order to describe the motion of satellites, we will be focusing on Kepler’s first and third planetary laws. Let’s begin by analyzing the first law…

Image from the  braeunig.us

The image above two masses M and m under the influence of each other’s gravitational attraction. M moves in an orbit around C and m moves in an orbit of radius r while maintaining the same angular velocity of w. Fot this to occur, each of the bodies must provide some centripetal acceleration. In this case, the gravitational forces are equal and opposite in direction. Thus, we know that mw²r = Mw²r. This could be distilled down into the following equation:

GMm / (R + r)^2 = mw^2r

If we consider this equation for a negligible mass of m compared to M, then we know that R is negligible compared to r, so the equation becomes…

GM = w^2r^3

Finally, if we express the angular velocity in terms of the period of revolution, w = 2pi/P we derive the following where p represents the period of revolution

GM = (4pi^2*r^3) / p^2

p^2 = (4pi^2*a^3) / G(M+m)

Moving onto Kepler's Third Law of Planetary Motion which states the square of the period is proportional to the cube of the semi-major axis of the orbit. The following equation gives us the period of circular orbit of radius r about Earth:

Image from the  OpenStax

For an ellipse, the semi-major axis is one half the sum of the perihelion and the aphelion. For a circular orbit, the semi-major axis is the same as the radius for the orbit. As shown below…

Image from the  OpenStax

Orbital Predictions

Using information transmitted down by satellites in conjunction with mathematical models, researchers can make reasonable estimates a to where a satellite might be positioned and its movement. This is used for a wide range of applications such as satellite-based image mapping, navigation systems, and satellite tracking systems.

Visual Passes
A visual pass is a satellite pass that can be optically visible in the sky on a defined time duration. For a satellite to be optically visible, it must be above the horizon, illuminated by the Sun, and the sky must be dark enough to provide the visual contrast allowing visual observation of the satellite. Visual passes can be detected by a program by comparing the geocoordinates of the observer with the satellite’s orbital elements (inclination, right ascension, eccentricity, mean anomaly, and argument of perigee). For a visual pass to occur the sun must at least be -6˚ below the horizon so that it is dark enough that the light from the sun reflected on the satellite is bright enough to contrast with the sky — nautical twilight. The sun also must be above -18˚otherwise not enough sunlight will shine on the satellite for it to be optically visible. The last thing to consider is if the satellite might be eclipsed by the Earth as an eclipse with the Earth will render it invisible to the human eyes.

Radio Passes
Similar to a visible pass, radio passes occur when a satellite can be detected, however, unlike visible satellites, the satellite only has to be visible through radio communication in order to count as a radio pass. Predicting radio passes is useful before the satellite is used for radio communications. The quality of the pass prediction depends mostly on the maximum elevation value the satellite obtains during the pass. Predicting for radio passes is very similar to the process of predicting for visible passes with the only difference being that the highest elevation the satellite attains during its pass is considered.

Simplified General Perturbations 4 (SGP4)
SGP4 is a mathematical algorithm used to calculate the position and velocity of an Earth-tracking satellite using its TLE sets. The algorithm considers the various perturbations (small changes in the orbit configuration) of the satellite like gravitational fields of nearby celestial bodies, atmospheric drag, and the oblateness of the Earth to track and predict the orbits of artificial satellites deployed into space.

Mathematics behind SGP4
The Batch Least Squares method is the classical technique utilized for operational orbit determination. Given a satellite situated at an inital state of Yt0 and an available observation arc, the Batch Least Squares makes the prediction of the satellites positioning to be the following…

where oy0 can be solved by inputting values into the following non-linear equation…

where the variables are defined by the following…

A: the partial derivatives matrix

W: the weighing matrix

b: the residual vector

At the beginning, the weighing vector is initialized by the user. Then, the residual vector is determined for each measurement by taking the difference between the observed and estimated measurements. Lastly, the partial derivates matrix can by computed as the product of the observation matrix H by the transition matrix Φ as shown below…

In the above, ρt is an observed measurement at an arbitrary epoch t. In many cases, both the observation matrix and state transition matrix are computed using the automatic differentiation technique.

Applications

Golang Implementation
After learning as much about satellite telemetry in relation to OSINT, I decided to apply that newfound knowledge to make a custom OSINT cybersecurity CLI tool. Using my knowledge of the programming language Golang, I coded an OSINT tool for obtaining satellite telemetry, pass predictions, and TLEs called SatIntelGolang is a very good programming language for developing cybersecurity tools because of its speed, memory-safety, concurrency abilities, and large standard libraries. I highly recommend using the language if you ever want to develop your own reconnaissance tools. The program makes API calls to both Space Track and N2YO in order to retrieve information such as satellite catalogs, telemetry information, and pass predictions. Once the information is received, it is parsed into the application and displayed to the user via the command line. I think the tool is pretty nifty considering it only took me two days to make it and it obtains some really insightful data. This goes to show how accessible aerospace development and cybersecurity now that even a curious teen from home could start exploring aerospace reconnaissance techniques from the comfort of their home for free.

Other Applications
Other than just general telemetry reconnaissance, satellite OSINT is utilized in some of these other applications…

Satellite Imagery: images transmitted from satellites can be used in a variety of use cases such as monitoring agricultural health, urban planning, energy management, amongst many other applications

Tracking Satellite Launches: satellite OSINT can also be used to keep track of where and when satellites are launched around the world to gather intelligence into the satellite launch activity of other countries and companies

Monitoring for Satellite-Related Incidents: satellite OSINT data can also be used to keep track of satellite related accidents like malfunctions, collisions, etc. This data is useful for risk management and operational procedures

Conclusion

I hope you enjoyed learning a bit more about satellite OSINT. In this article we covered a wide range of topics including OSINT in a cybersecurity setting, the relevance of aerospace cybersecurity, satellite theory, orbital mechanics and the mathematics behind it, orbital predictions using visual, radio, and SGP4, APIs for satellite reconnaissance, and a basic implementation of a satellite OSINT program using Golang. Overall, satellite OSINT is a relatively new form of information gathering that provides a wide range of applications within the field of cybersecurity including identifying vulnerabilities and collecting meaningful telemetry. As the aerospace sector in cybersecurity gains more traction within the upcoming years, I hope that more security researchers start shifting their focus onto protecting the systems of payloads and devices sent into space.

Thanks for Reading!

View more of my work on GitHub: https://github.com/ANG13T
Follow my account on Instagram: https://instagram.com/builds.by.ang
See what I’m up to on Twitter: https://twitter.com/AngelinaTsuboi
Support my work on Cash App: https://cash.app/$AngelinaTsuboi

Also published here.