Risk Assessment for Space Nanosatellites
Astrocast
Astrocast
“The economics of satellite IoT communications systems depend on efficient resource management. Processing, memory, and power dedicated to security must be minimal. Finding the perfect trade-off and approach is difficult and requires skillful experts at the forefront of cybersecurity technologies, both in hardware and software.”
CYSEC carried out a risk assessment of Astrocast’s existing architecture and redesigned the architecture for an end-to-end, secure IoT ecosystem.
Telecommunications
60+
Secure the end-to-end IoT communication ecosystem of 80 nanosatellites
CYSEC LAB security evaluation and architecture design services
Astrocast is Switzerland’s first commercial satellite-telecom operator. In collaboration with European Space Agency, Airbus, and Thuraya, Astrocast is building a constellation of 80 nanosatellites with an objective to provide two-way IoT communications services at low cost.
Astrocast required a secure-by-design approach to their product architecture; their business model depends on the security of their IoT ecosystem. Security needs to cover a vast system: a two-way chain of communication from the mission control center, via the satellites, to their client’s terminals.
CYSEC LAB carried out a risk assessment of Astrocast’s complex product architecture, taking into account multiple ecosystem constraints. The team delivered a prioritized list of risks and a mitigation plan for each of them.
Based on the threat model, risk analysis, and risk trade-off, CYSEC developed the architecture design for their security solution.
Within 5 months, CYSEC had designed the security architecture. Security is thereby ensured end-to-end: from Astrocast’s customers, through the 80 nanosatellites of the constellation, all the way to the IoT terminals on ground and at sea.
Protecting Intellectual Property
“CYSEC was extremely flexible throughout our engagement, which enabled us to meet complex business objectives. They worked to our multi-milestone schedule, and respected our priority order for feature deployments. Further, they showed an impressive ability to adapt to our changing timeframe and evolving demands during the deployment. They were professional, responsive, and rapid.”
CYSEC enables Geosatis to secure communications for IoT-based electronic monitoring products with software & hardware-based key management and encryption.
Public safety
50
Get defense-in-depth IoT security for their products, with a software & hardware-based key management and encryption.
CYSEC ARCA appliance deployed on-premise and a custom CYSEC developed software deployed on top.
GEOSATIS is a Swiss-based global leader in electronic monitoring and predictive analytics solutions. The company offers technology for the supervision of parolees, probationers and defendants. It works with criminal justice agencies to enhance public safety, improve offender rehabilitation, and reduce recidivism.
When GEOSATIS developed a new version of their IoT-based electronic monitoring product, they wanted to take their IoT security up a level with a defense-in-depth approach.
CYSEC provided a two-fold solution. The CYSEC ARCA Trusted OS appliance was deployed on-premise to secure containerized workloads. A custom-built software, developed by CYSEC and deployed on top of CYSEC ARCA, would facilitate straightforward key management of their IoT products.
CYSEC ARCA is used for the most sensitive parts of their products. The cryptographic API in ARCA is used to sign configuration files and firmware and to derive and generate keys for their IoT products.
Within a few months, the CYSEC ARCA lightweight appliance was deployed on-premise with the custom-built key management application deployed on top.
GEOSATIS uses CYSEC ARCA to keep their line of products fully functional and to secure end-to-end communication between IoT products (such as bracelets, chargers, unlockers, beacons) and the backend. With CYSEC’s solution, GEOSATIS can securely perform firmware updates and IoT device provisioning using front-edge IoT security and key management technology, protecting Geosatis IP.
ClearSpace-1 mission: preliminary architecture design of ground segment components.
“We are very happy with the service provided by CYSEC LAB. We are impressed with the rapid comprehension of our needs and preliminary architecture design, appreciated their clear advice and high availability.”
Find out how ClearSpace benefited from the CYSEC LAB security architecture assessment and design services.
Aviation & Aerospace
20
Ground station secure architecture assessment and design for ClearSpace-1 mission
Services provided by CYSEC LAB
ClearSpace was founded out of the realization that On-Orbit Servicing and Space Debris Removal are vital services for the future of Space exploration and operations. In 2019, ClearSpace was selected by the European Space Agency to lead the first mission to remove debris from Orbit by 2025. ClearSpace has assembled a robust industrial team and is building up the path toward sustainable Space operations, starting with ClearSpace-1.
ClearSpace is currently designing, developing and procuring a proprietary ground system infrastructure to support ClearSpace-1 and prepare for follow-on missions. ClearSpace requires a secure-by-design approach which identifies risks and embeds resilience from the start. ClearSpace, like many space companies, works with third party providers for some of its building blocks. Multilateral partnerships and consortia bring advantages while losing control over the chain of trust can introduce security risks. ClearSpace needed consultancy from a company with space ecosystem security experience to conduct a risk assessment of the design and assess the various industrial proposals from a security and architectural perspective.
In a five-week period, CYSEC performed the following:
CYSEC analyzed ClearSpace first-level requirements, architecture design and CONOPS documentation, including functional and security requirements
CYSEC delivered a threat assessment of the ClearSpace-1 mission, including the possible threats against each ground system components, as well as the mitigating security mechanisms
Following the threat assessment, CYSEC analyzed the proposals made by several potential subcontractors
CYSEC LAB delivered a security-focused evaluation for each proposed architecture, with the benefits and weaknesses of each.
CYSEC LAB provided a set of recommendations for the overall mission
By providing a risk assessment and remediation measures, CYSEC is supporting ClearSpace towards its mission objective of safe active debris removal from space and prepare for a commercial service catalogue. Our work was efficient, enabling them to progress with the next stages of their project.
Altcoinomy
“CYSEC doesn’t just identify the security vulnerabilities in a fintech environment, it provides prioritized remediation advice, and then validates implementation. I recommend CYSEC LAB to any fintech player needing pentesting services.”
CYSEC LAB provided advanced penetration testing services for Altcoinomy to identify and address vulnerabilities in an KYC/AML platform, to protect client data.
Fintech
< 10
Ensure their KYC/AML platform was secure before go-live
CYSEC LAB web-application penetration testing services
Altcoinomy is a Swiss-based fintech company that specializes in cryptocurrency due diligence and institutional trading. Altcoinomy operates an OTC trading desk where it gets clients best pricing on trades. A core part of their operations is the onboarding platform, an online KYC/AML platform facilitating the onboarding of participants in blockchain projects.
Trust is a major growth driver in fintech. Applications need to be secure,
robustand available at all times or they risk losing credibility.
Prior to launching their KYC platform, Altcoinomy chose to test and
assess the security of its application and thus contacted the CYSEC LAB
for support.
CYSEC security engineers performed a web-application penetration testing on the KYC platform within the staging environment.
Reconnaissance activities to understand the networking topology and functionality
Scan of KYC onboarding platform in order to find OWASP Top-10 critical web application vulnerabilities
Attack simulation of the discovered vulnerabilities, leveraging custom scripts, exploits and a dedicated toolkit
Client report on vulnerabilities discovered, vulnerabilities confirmed, and remediation recommendations
Validation of newly implemented controls to eliminate the vulnerabilities
CYSEC successfully identified security issues in the KYC platform and confirmed their remediation, thus eliminating the risks before the market launch.
METACO’s SILO platform secured by ARCA
“We've been partnering with the CYSEC ARCA Trusted OS for over two years. Our customers are among the largest and most sophisticated financial services companies in the world and we've been able to consistently and successfully service them with ARCA. We would recommend the product to others.”
METACO relies on ARCA Trusted OS to secure sensitive data in SILO,
a technology stack for managing cryptocurrencies, tokens, and distributed ledgers.
Fintech
30+
Secure highly sensitive data with a partner that provides the secure hardware element of SILO platform
SILO (based on CYSEC ARCA)
Since 2014, the Swiss-based fintech company, METACO, has been helping banks and financial institutions securely enter the digital asset management market and capitalise on the latest blockchain technologies and systems. At the heart of their operations is the SILO platform, a technology stack for managing cryptocurrencies, tokens, and distributed legers.
The success of METACO depends on its ongoing ability to secure the highly sensitive data that it manages. They wanted to partner with a company who would help them provide secure hardware technology to secure data in all its states, against all types of cyber-attacks.
METACO’s Digital Asset Management and trading platform runs on top the CYSEC ARCA confidential computing environment. As a trusted execution environment (TEE), CYSEC ARCA provides optimal protection for high-value data in all its states and can be deployed on-premise or accessed in the cloud.
In a series of technology workshops, a joint solution was designed that included the customization of CYSEC ARCA to METACO’s specific requirements
Within a short timeframe, CYSEC and METACO developed and delivered an application for the financial services industry, built on CYSEC’s technology and METACO’s digital asset management platform, SILO
The financial institutions that use METACO’s solution can now leverage a trusted, secure and fully integrated digital asset management solution for cryptocurrencies and tokens
Traction with clients in Europe and Asia, including several Tier-1 banks
METACO is able to build, cryptographically sign, and deploy their applications on CYSEC ARCA confidential computing environment without needing any CYSEC support. This enables METACO to keep control of application flow, facilitates customer interactions, and allows for rapid customer deployments and updates