Detecting spoofing attacks to Low-Earth-Orbit (LEO) satellite systems is a cornerstone to assessing the authenticity of the received information and guaranteeing robust service delivery in several application domains. The solutions available today for spoofing detection either rely on additional communication systems, receivers, and antennas, or require mobile deployments. Detection systems working at the Physical (PHY) layer of the satellite communication link also require time-consuming and energy-hungry training processes on all satellites of the constellation, and rely on the availability of spoofed data, which are often challenging to collect. Moreover, none of such contributions investigate the feasibility of aerial spoofing attacks launched via drones operating at various altitudes. In this paper, we propose a new spoofing detection technique for LEO satellite constellation systems, applying anomaly detection on the received PHY signal via autoencoders. We validate our solution through an extensive measurement campaign involving the deployment of an actual spoofer (Software-Defined Radio) installed on a drone and injecting rogue IRIDIUM messages while flying at different altitudes with various movement patterns. Our results demonstrate that the proposed technique can reliably detect LEO spoofing attacks launched at different altitudes, while state-of-the-art competing approaches simply fail. We also release the collected data as open source, fostering further research on satellite security.

翻译：检测低地球轨道（LEO）卫星系统的欺骗攻击，是评估接收信息真实性、保障多个应用领域服务可靠交付的基石。当前可用的欺骗检测方案要么依赖额外的通信系统、接收器和天线，要么需要移动部署。在卫星通信链路物理（PHY）层工作的检测系统还需要在整个星座的所有卫星上进行耗时且耗能的训练过程，并且依赖于欺骗数据的可用性——这些数据通常难以收集。此外，现有研究均未探讨由在不同高度运行的无人机发起的空中欺骗攻击的可行性。本文提出一种针对低轨卫星星座系统的新型欺骗检测技术，通过自编码器对接收到的物理层信号进行异常检测。我们通过一项广泛的测量活动验证了我们的解决方案，该活动涉及部署一个安装在无人机上的实际欺骗器（软件定义无线电），在无人机以不同高度和多种运动模式飞行时注入伪造的IRIDIUM消息。我们的结果表明，所提出的技术能够可靠地检测在不同高度发起的低轨欺骗攻击，而最先进的竞争方法则完全失效。我们还将收集的数据开源发布，以促进卫星安全领域的进一步研究。