Marius Münch

Research Scholar at UC Santa Barbara

Marius Münch (*1990) is interested in hacking and its sub-cultures ince his high-school days. He studied and learned beyond the basics on his own and, after his Bachelor’s degree in Telematics (FH Wildau, Germany), he decided to take his interest to the next academic level.
Besides his freshly gained Master of Science in Telematics from the Norwegian University of Science and Technology (NTNU, Norway), he accomplished internships at top-level research facilities, such as the NASA Goddard Space Flight Center (USA) and the Computer Security Laboratory of the University of California in Santa Barbara (USA).
His main research interest lies in aerospace communications and the accompanying security problems.
In his free time, he enjoys playing the guitar and is also a passionate CTF player.

Presentation: CubeSats – A fairy tale; How academia got the chance to implement satellite (in-)security and how I tried to fix it.

CubeSats are tiny satellites; often no more than double the size of a Rubik’s cube. The specification for such nano satellites was elaborated in 1999 by the Polytechnic State University (USA). Its main goal was to reduce the costs of a satellite operation and hence enable students to carry out space missions. Since its inception over 100 CubeSats were sent into space, built by universities, amateur radio operators and companies.
This talk will focus on the security aspects regarding CubeSats, especially in the context of low-budget missions. The author will talk about his insights which he obtained from working one year in an academic CubeSat project named NTNU Test Satellite (NUTS).

Many solutions used in traditional satellite engineering cannot be transferred into the CubeSat environment. Therefore some interesting problems come to light such as “the presence of persistent memory cannot easily be assumed” or “we cannot encrypt our up- and downlink data”.

In the second part of the talk, the author discusses how he developed one possible security solution for those satellite missions. The proposed technique tries to work around the problems of space communication in a smart way. He demonstrates the justified usage of a normally flawed cryptographic protocol to improve the security of satellite communication. A brief introduction to the formal verification of cryptographic protocols will be given. Furthermore, it will be shown that the term authentication can have several meanings in this context.

In the last part of the talk, the author reflects about the lessons-learnt from the CubeSat project and how they can be transferred into a more general context. This will cover – amongst others – some controversy statements, including for instance as to why we should make more usage of formal verification; why a broken hash function like MD5 is still applicable in some contexts; and why the presented solution will never leave the development phase.

Presentation @DefCamp 2014