Infiltrating the Sky: Data Delay and Overflow Attacks in Earth Observation Constellations

TL;DR

This work identifies a new security risk in Earth Observation constellations arising from shared downlink resources between high- and low-priority satellites. It formalizes two data-centric attacks—data delay and data overflow—under a FIFO onboard queue and a constrained ground-station scheduler, and develops minimum-cost and feasible attack strategies that exploit predictable orbital dynamics. Using trace-driven simulations with real Planet data, the authors quantify attack success across varying image sizes, data rates, and attacker budgets, demonstrating practical viability under realistic settings. The study also discusses defenses, including dynamic prioritization and unpredictable queue behavior, highlighting an important need for proactive resilience in resource-sharing EO systems.

Abstract

Low Earth Orbit (LEO) Earth Observation (EO) satellites have changed the way we monitor Earth. Acting like moving cameras, EO satellites are formed in constellations with different missions and priorities, and capture vast data that needs to be transmitted to the ground for processing. However, EO satellites have very limited downlink communication capability, limited by transmission bandwidth, number and location of ground stations, and small transmission windows due to high velocity satellite movement. To optimize resource utilization, EO constellations are expected to share communication spectrum and ground stations for maximum communication efficiency. In this paper, we investigate a new attack surface exposed by resource competition in EO constellations, targeting the delay or drop of Earth monitoring data using legitimate EO services. Specifically, an attacker can inject high-priority requests to temporarily preempt low-priority data transmission windows. Furthermore, we show that by utilizing predictable satellite dynamics, an attacker can intelligently target critical data from low-priority satellites, either delaying its delivery or irreversibly dropping the data. We formulate two attacks, the data delay attack and the data overflow attack, design algorithms to assist attackers in devising attack strategies, and analyze their feasibility or optimality in typical scenarios. We then conduct trace-driven simulations using real-world satellite images and orbit data to evaluate the success probability of launching these attacks under realistic satellite communication settings. We also discuss possible defenses against these attacks.

Figures (16)

• Figure 1: EO constellations operated by Planet Labs course-intro-planet.
• Figure 2: EO constellations example consists of 4 low-priority satellites, 3 high-priority satellites, and 2 ground stations with 2 antennas each. Tx represents the transmissible indicator, and Att represents the attackable indicator.
• Figure 3: Onboard queue evolution. Low-priority satellites scan the Earth's surface, generating onboard queue input data. Data in the queue is either downlinked to a ground station or dropped due to limited storage capacity.
• Figure 4: Overview of data delay and data overflow attacks.
• Figure 5: The data delay attack. The timeline is from top to bottom, each block represents a data unit, and the queue evolves from left to right. Without an attack, the target data would be downlinked at $t_3$. With a delay attack at $t_2$, the target data is delayed one time slot and downlinked at $t_4$.