Trusting your neighborhood satellites

In the James Bond film Diamonds Are Forever, villain Ernst Stavro Blofeld hijacks a satellite to sow chaos around the world. While in 1971 that scenario may have seemed outlandish, today satellites have become prime targets for hacking.

With more than 8,000 satellites currently in low Earth orbit and little to no standardization of these sophisticated machines, the potential for bad actors to compromise one is not the stuff of campy action films. Indeed, a recent attack made headlines.

University of Pittsburgh engineering professors and scholars at the NSF Center for Space, High-Performance, and Resilient Computing (SHREC) are collaborating with MIT Lincoln Laboratory and the Naval Nuclear Laboratory to improve satellite security. Mai Abdelhakim, an associate professor of electrical and computer engineering, and Robert Cunningham, Vice Chancellor for Research Infrastructure at Pitt and their PhD students Quincy Bayer and Robert Esswein, and have helped develop a novel algorithm to more efficiently and effectively assess the trustworthiness of satellites.

Their research, “TAU: Trust via Asynchronous Updates for Satellite Network Resiliency” (DOI: 10.1007/978-3-031-95761-1_15), is published in Applied Cryptography and Network Security. It advances understanding of network behavior and provides a powerful tool to keep satellites more secure and resilient. 

Fast, cheap, and potentially out of control

“Satellites today cost much less to produce and send into low Earth orbit, meaning more are being launched,” said Abdelhakim, who is also a SHREC faculty member. “But there are supply chain vulnerabilities and little oversight, so you don’t know who’s putting in what components. These satellites are already vulnerable because they’re connected to networks.

“The attack surface is huge.”

“The satellites being sent into low Earth orbit are built to last approximately five years,” added Cunningham, himself part of the SHREC faculty. “They provide essential communication, sensing, and navigation services worldwide. They connect people in remote areas to the internet, power the GPS in people’s vehicles, and increasingly interact with our phones. Keeping these satellites secure and resilient is of utmost importance.”

Satellites are susceptible to various attacks such as kinetic and black hole attacks. The former involves a physical attack on the system, while the latter is a software attack that can cause a satellite to accept packets (units of data) that arrive via a network but then drop or discard some or all of them, disrupting functionality.

“We modeled attack scenarios and evaluated the current trust assessment tools,” said Bayer, first author of the paper. “We found that these tools are complex to scale up and require extensive computation and communication. In some of our models, compromised devices could even circumvent trust assessment packets by acting benignly.”

Added Abdelhakim, “There is currently no unified approach to trust assessment.” 

Ensuring trust, asynchronously

Satellites are powered by batteries and solar panels and need efficient systems and algorithms. Pitt, MIT, and Naval Nuclear Laboratory researchers developed TAU: Trust via Asynchronous Updates to secure satellite constellations by taking advantage of the unique aspects of low Earth orbit satellites.

TAU relies on a series of finite state machines, a model based on predetermined states; in this case, satellites are identified as trusted, questionable, or untrusted. Network interaction and satellite behavior determine the trust level.

“We evaluate trust based on the events reflecting networking behavior,” said Abdelhakim. “Did a satellite move the packets as expected? Are there more positive events than negative? If there are more negative events, the status would move to questionable and ultimately to untrusted.”

The system is also asynchronous. Satellites are connected to ground control, but they only communicate with nearby satellites. A satellite in a constellation will directly evaluate the trust of the three nearest ones and indirectly evaluate a few others on a separate orbital.

A satellite will alert others after it detects a satellite is behaving questionably. The decentralized model decreases the energy budget while more effectively identifying compromised systems, which can then be isolated and repaired or taken offline.

Abdelhakim, who is organizing an IEEE Workshop on Security and Resiliency of Critical Infrastructure and Space Technologies in November of 2025, in Pittsburgh, said, “It’s like a neighborhood watch. When someone sees something suspicious in their immediate area, they alert others nearby, who alert a few others farther out.

“The system can keep the ever-increasing constellations of satellites in low Earth orbit more secure, ensuring that the people who benefit from satellite technology can access it reliably.”