Objectives:
The main objective of the project is the development of an open cyber range, called OpenSatRange (ORS), focused on satellite communication scenarios, to provide cyber security training to operators of satellite systems and networks.
The OSR platform has been designed to support attacks relevant to space communication systems on simulated and emulated satellite components based on modern virtualization technologies, in order to allow automated realizations of the considered scenarios, monitoring in real time the behavior of apprentices, tracking their progress and skills, and evaluating their performance.
Features
The considered scenarios will be mainly based on GEO satellites or on constellations of LEO satellites and will involve the implementation of services specific to satellite telecommunications networks. The modular approach with which OSR will be developed will allow its possible and subsequent expansion, both in terms of considerable scenarios and applications and of testable solutions and additional learning paths.
The main interface for learners, developers, and administrators will be a drag-and-drop web GUI that will allow a quick configuration of the training scenario. OSR will use a scenario definition language capable of describing component provisioning and configuration by using a high-level markup that will be extended and adapted to support satellite network component models and configurations.
A marketplace will allow the sharing of training scenarios among community members, allowing OSR not only to operate as a training tool, but also as a tool for creating a community of network, cyber-security, and satellite system experts.
System Architecture
The OSR platform architecture consists of the following five components:
-
- Simulation: allows the users to define satellite scenarios on which training exercises will be defined. Once defined, the scenario is instantiated within a simulation environment in order to calculate time traces of certain network parameters (e.g., the propagation delay and the maximum data rate of the ground-satellite links) describing the evolution of the network over time.
- Networking: automatically creates sandbox descriptors, i.e. the elements containing the information needed to create the defined scenario within an emulative environment where a training exercise will be created and executed.
- Emulation: provides an emulative environment within which the defined scenario is created from the data computed by the simulation component and the information specified in the networking component. All items are instantiated to allow the user to run a training exercise.
- Monitoring: collects information useful for monitoring the user’s behavior during the performance of an exercise, processes it and provides real-time reports that highlight the path taken by the user to complete the assigned tasks.
- Marketplace: A repository containing external modules that the user can leverage to create new scenarios and exercise templates along with the scenarios and exercises that have already been defined.
User Interface
The OSR platform interface allows users to create satellite sandboxes by interacting with the three dedicated backends (simulation, emulative and Marketplace). The OSR frontend allows the user:
- the creation of the desired network within the simulation environment, setting a large number of parameters, such as the number of nodes, the parameters of the satellite constellation, and the movement model of the users;
- the creation of the sandbox by inserting additional parameters related to the creation of the network within the emulative environment, such as the choice of the satellite constellation to be used, the operating system of the virtual machines to be allocated, the addressing of the various nodes of the network;
- the creation of the repository within the Marketplace, containing the files relating to the definition of the scenario and the tutorial to be carried out.
Training scenarios
The training scenarios implemented for platform validation include:
- Ground Segment Attack: Cyber attack on the ground segment with the ultimate goal of hijacking a satellite belonging to a LEO constellation by tampering with its firmware.
- Decryption of the broadcast channel: attack on the confidentiality of satellite messages, aiming to intercept and decrypt a satellite communication by obtaining the encryption keys adopted.
- DDoS on LEO constellation: DDoS attack on the satellite network carried out by bypassing the security controls applied by the firewall rules of a terrestrial corporate network and with the aim of saturating the communication links between satellites and between satellites and ground nodes.
- Satellite Hijacking: an attack aimed at taking control of a satellite through a satellite buffer overflow aimed at rewriting a specific area of the satellite’s memory.
Current status
The project started on 23/06/2023 and will last 24 months.
On July 15 2025, the Final Review meeting has been successfully held. The Italian Space Agency has positively evaluated the work carried out. The OSR cyber range met expectations by successfully showing its functionalities through the validation of the planned training scenarios.
Project team
The research project is financed by the Italian Space Agency within the funding call for “Medium-term research and development projects relating to the ASI 2020 Academic Space Research Days” relating to the thematic areas “Scientific Instrumentation, Cybersecurity and Advanced Materials”.
| Project Team: | ||||
|---|---|---|---|---|
| Prime Contractor Company: | Università degli Studi di Genova | Italia | https://unige.it/ |  |
| Subcontractors: | RomARS s.r.l. | Italia | https://romars.tech |  |
| Consorzio Interuniversitario per le Telecomunicazioni | Italia | https://www.cnit.it/en/ |  |
