"Researchers Break Security Guarantees of TTE Networking Used in Spacecraft"

Time-Triggered Ethernet (TTE) is an example of a mixed-criticality network that can route traffic with varying levels of timing and fault tolerance requirements over the same set of hardware. Previously, spacecraft relied on one network to transmit safety-critical or mission-critical messages and one or more completely separate networks to carry video conferencing and other types of less-critical traffic. Orion is the first spacecraft to use a TTE network to route mixed-criticality traffic, including for vital systems such as navigation and life support, as well as for file transfers that are critical for delivery but not timing and non-critical tasks like crew video conferencing. TTE, which will also be used in NASA's Lunar Gateway space station and the European Space Agency's (ESA) Ariane 6 launcher, is critical for reducing modern spacecraft size, weight, cost, and power requirements. Safety-critical systems, such as those used for steering and engine control, typically require network messages to be sent and received at intervals as short as 40 to 50 milliseconds. If messages are delayed or dropped, there can be disastrous consequences. On the other end of the criticality spectrum, messages are sent by scientific instruments, which are often in the form of commercial off-the-shelf devices provided by universities or outside researchers with minimal safety review from the National Aeronautics and Space Administration (NASA). While fully compatible with the Ethernet standard, TTE can also deliver messages that engineers normally reserve for special-purpose networks. TTE provides two key benefits not available in regular Ethernet to prevent less-important messages from interfering with critical ones. They include a time-triggered paradigm in which all devices are tightly synchronized and send messages according to a set schedule. Another advantage is fault tolerance, as TTE replicates the entire network into multiple planes and simultaneously forwards messages across all planes. Researchers from the University of Michigan, the University of Pennsylvania, and NASA's Johnson Space Center recently published findings that breach TTE's isolation guarantees for the first time. PCspooF is a type of attack in which a single non-critical device connected to a single plane can disrupt synchronization and communication between TTE devices on all planes. The attack works through the exploitation of a flaw in the TTE protocol. This article continues to discuss TTE and the study that broke the security guarantees of TTE networking. 

Ars Technica reports "Researchers Break Security Guarantees of TTE Networking Used in Spacecraft"