Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keys Leaking Through the Air At RSA

Posted by CmdrTaco on from the patch-it-up dept.

NumberField writes "The RSA Conference is underway in San Francisco. A theme among the opening speakers is that the attackers are winning, and even well-funded organizations like NASDAQ can't secure their networks reliably. The show floor is lively, but dominated by the typical firewalls and 'compliance solutions.' One interesting exception is a scary side-channel analysis demo in the Cryptography Research booth using GNU Radio to capture secret keys from various smartphones from about 10 feet away. (The method is related to early computer music using AM radio interference.)"

85 comments

  1. Where's TFA? by Anonymous Coward · · Score: 1

    None of the links seem to be to anything very specific about the title issue ("keys leaking through the air")... was something mispasted in the submission?

    1. Re:Where's TFA? by Anonymous Coward · · Score: 0

      It's just a press release to drum up interest/buzz for RSA Conference.

    2. Re:Where's TFA? by Anonymous Coward · · Score: 0

      Who cares? This is /. ...

  2. I fucking hate summaries like this by topham · · Score: 5, Insightful

    I fucking hate summaries with a half dozen links that don't seem to link to an article actually discussing the issue in the summary.

    Why approved this shit?

    1. Re:I fucking hate summaries like this by Anonymous Coward · · Score: 1

      The summary is the article.

    2. Re:I fucking hate summaries like this by Lord+Ender · · Score: 3, Insightful

      Sounds like the poster is using slashdot to blog about what he is seeing at the RSA conference. There aren't good links because the data was originally presented in meatspace.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    3. Re:I fucking hate summaries like this by Anonymous Coward · · Score: 0

      It's a paid for posting by RSA, obviosuly.

    4. Re:I fucking hate summaries like this by lart2150 · · Score: 1

      I can't find anything about this on google so it must not be true.

    5. Re:I fucking hate summaries like this by Anonymous Coward · · Score: 0

      Cursing really only makes you look stupid.

    6. Re:I fucking hate summaries like this by Mikkeles · · Score: 0

      That's what Horton heard!

      --
      Great minds think alike; fools seldom differ.
    7. Re:I fucking hate summaries like this by PolygamousRanchKid+ · · Score: 1

      Why approved this shit?

      With apologies to Abbott and Costello:

      • Who's on first.
      • What's on second.
      • Why? Third base.

      http://en.wikipedia.org/wiki/Abbott_and_Costello#.22Who.27s_on_First.3F.22

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    8. Re:I fucking hate summaries like this by savvysteve · · Score: 1

      Or "Why approve this?"

    9. Re:I fucking hate summaries like this by Anonymous Coward · · Score: 0

      It's a paid for posting by RSA, obviosully.

      FTFY

    10. Re:I fucking hate summaries like this by dakameleon · · Score: 1

      Posted by CmdrTaco on Wednesday February 16, @08:41AM from the patch-it-up dept

      Byline too small for you?

      --
      Man who leaps off cliff jumps to conclusion.
    11. Re:I fucking hate summaries like this by sconeu · · Score: 1

      Why is the left fielder.
      I Don't Know is on third base.
      I Don't Give A Darn is the shortstop.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    12. Re:I fucking hate summaries like this by Anonymous Coward · · Score: 0

      Why not?

    13. Re:I fucking hate summaries like this by somersault · · Score: 1

      Yeah. Really fucking stupid.

      --
      which is totally what she said
    14. Re:I fucking hate summaries like this by Anonymous Coward · · Score: 0

      you obviously fixed that for yourself ;^)

    15. Re:I fucking hate summaries like this by adamofgreyskull · · Score: 1

      Go back and hide behind your mommy's skirt, quiche-eater.
      "Profanity is the crutch of the ignorant, but every once in a while you've got to talk to one of those ignorant motherfuckers..."

    16. Re:I fucking hate summaries like this by Anonymous Coward · · Score: 0

      I'll tell you tomorrow...

  3. HBGary Presentation? by Cherita+Chen · · Score: 1

    Wondering how Arron Barr's presentation on Social Network went... Though I might post as "Anonymous Coward", but don't feel like having my door kicked in by the Fed's today.

    --
    I'm not fat, just big boned...
    1. Re:HBGary Presentation? by c0lo · · Score: 1

      Wondering how Arron Barr's presentation on Social Network went... Though I might post as "Anonymous Coward", but don't feel like having my door kicked in by the Fed's today.

      Searched the RSA11 sessions: his presentation is nowhere to be found.

      --
      Questions raise, answers kill. Raise questions to stay alive.
    2. Re:HBGary Presentation? by Anonymous Coward · · Score: 1

      He cancelled his presentation of course, but they still have a booth at the RSA conference. Feel free to drop in and say 'hi'.

    3. Re:HBGary Presentation? by Anonymous Coward · · Score: 1

      http://www.hbgary.com/statement.htm

      A group of aggressive hackers known as “Anonymous” illegally broke into computer systems and stole proprietary and confidential information from HBGary, Inc. This breach was in violation of federal and state laws, and stolen information was publicly released without our consent.

      In addition to the data theft, HBGary individuals have received numerous threats of violence including threats at our tradeshow booth.

      In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks.

      HBGary is continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice.

      Thank you to all of our employees, our customers and the security community for your continued support.

      HBGary, Inc.

    4. Re:HBGary Presentation? by Anonymous Coward · · Score: 0

      © 2011 HBGary. All rights reserved.

    5. Re:HBGary Presentation? by PitaBred · · Score: 1

      The first step when you find yourself in a hole? Stop digging.

      --
      My blog. Good stuff (when I remember to update it). Read it.
  4. NASDAQ uses Windows 2003 Server by Anonymous Coward · · Score: 0

    "...organizations like NASDAQ can't secure their networks reliably " According to Netcraft, they use Windows server 2003 ( http://toolbar.netcraft.com/site_report?url=http://www.nasdaq.com )... Does this mean something? Just asking..

  5. why on earth... by joocemann · · Score: 2

    . are sensitive networks like NASDAQ even connected to the internet? There is a common fix for this issue called an AIR GAP. You simply physically disconnect the nternet from the sensitive technology, and then you work forward from there while always regarding the fundamental necessity of the air gap. It is, reckless and foolish considering the reality of the internet, to think you can connect and protect.

    1. Re:why on earth... by jandrese · · Score: 3, Informative

      Because eTrade would throw a hissyfit if the stock exchanges were completely disconnected from the net. Not to mention all of the traders that no longer work directly on the floor, but instead issue trades via the network, often times using bots.

      --

      I read the internet for the articles.
    2. Re:why on earth... by Mashiki · · Score: 3, Interesting

      Because all trade networks connect to each other now, and the internet is the cheapest way than building dedicated hardlinks to innerconnect to all stock exchanges. I doubt that any exchange would be willing to drop billions to build trans-atlantic/pacific data exchanges, unless something catastrophic happened. Plus it creates central points of weakness.

      The internet 'routes around damage'.

      --
      Om, nomnomnom...
    3. Re:why on earth... by vux984 · · Score: 2

      . are sensitive networks like NASDAQ even connected to the internet?

      So you can get up to date stock quotes from yahoo, instead of waiting for them in the news paper?

      So you can log into your bank or brokerage and buy and sell shares of something?

      So brokers, fund managers, and so on can do the same, all in real-time from their offices around the world?

      Air gapping the stock exchange would be pretty inconvenient for pretty much anyone who deals with it at all.

    4. Re:why on earth... by Fnkmaster · · Score: 2

      Hmmm... Okay, but all the other servers that have to talk to it *are* connected to the internet. I know because I've set servers up before in their primary data center.

      So even if you keep all the NASDAQ servers on a private network only, you still have all the entry points from the physical ethernet drops throughout the data center going into all the cages (several thousands of them) of people routing orders onto NASDAQ.

      So when Joe Brokerage or John Trading Shop gets compromised, it's only a hop away to the NASDAQ servers anyway.

      Also, any functions that NASDAQ runs that do need internet access now need to be run on servers that are segregated out from their private network servers... and again, surely those probably need to communicate with those private network servers at some point.

      In fact, I'm guessing that's roughly how their stuff is set up from what I remember about interacting with it. But completely disconnecting everything from the internet makes it kind of hard to interact with all the stuff out there that is on the internet.

    5. Re:why on earth... by mlts · · Score: 2

      Ideally, the networks should be on a backbone which can piggyback over Internet connections, but by using half-routers that already know each other and use preshared symmetric keys (so even if RSA is broken, the communication going across the pipe is still secure unless someone hacks the endpoint.)

      The US government has learned this (NIPRNet and SIPRnet), maybe businesses need their own backbone that is separate from the Internet.

    6. Re:why on earth... by c0lo · · Score: 0

      Air gapping the stock exchange would be pretty inconvenient for pretty much anyone who deals with it at all.

      The use of Telepathy Control Protocol over Idiotic Precogs would solve this in a blink.
      Too bad the BoA seems to hold some patents on it - they used it to register in advance some domain names, so the rumors have it.
      (*duck*)

      --
      Questions raise, answers kill. Raise questions to stay alive.
    7. Re:why on earth... by Doug+Neal · · Score: 2

      There is a middle ground between using the internet (where delivery is on a best effort basis and has no guarantees of anything) and laying your own submarine cables. Private international leased lines are readily available from a variety of vendors and are used extensively by financial institutions. They're available with various SLAs on contention, latency and uptime depending on how much you're willing to spend. Transatlantic routes are available surprisingly cheaply, as there is an abundance of bandwidth and a ton of carriers competing to sell it. It's usually provided over an MPLS core, which handles routing around damage, with a layer 2 (ethernet) or 3 (IP) handoff.

    8. Re:why on earth... by Anonymous Coward · · Score: 1

      This requires a simple data transfer through a sterile line with extremely simple data types, not a full on connection to the network.

    9. Re:why on earth... by bhcompy · · Score: 1

      Air gapping it might be inconvenient, but it will make the market a whole lot better for you and me

    10. Re:why on earth... by vux984 · · Score: 1

      Air gapping it might be inconvenient, but it will make the market a whole lot better for you and me

      We can make the market a whole lot better for you and me without throwing the baby out with the bathwater.

      Being connected to the internet isn't the problem. If they pulled the nasdaq of the net and institutional traders simply dialed into it on dedicated T1/fiber lines totally air-gapped from the Internet it would have all the problems it has now... and it would take a broker charging $100+ per trade to execute a transaction... like it used to.

    11. Re:why on earth... by eyenot · · Score: 1

      didn 't you read the summary?

      the "air gap" has been closed within 10 feet of a person even/especially on the busy, crowded, everybody's-holding-a-palmtop NASDAQ floor.

      --
      "Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
    12. Re:why on earth... by Anonymous Coward · · Score: 0

      . are sensitive networks like NASDAQ even connected to the internet?

      Who says they're not?

      But if this is a targeted attack, then the first step would be to look up the employees via LinkedIn or Monster. Most companies have algorithmic e-mail addresses (first.last@bigcorp.com), and now you can start going for internally connected individuals. Start off with secretaries and HR or Finance. They people are—generally speaking—not up to speed on the most recent advanced persistent threats (APTs).

      Once you get one of those machines, your malware should start scanning the network for network-attached (multi-function) printers, which often aren't patched regularly, and also have confidential documents that are on their disks (even if the spool files are deleted, they're rarely wiped/over-written). Printers also often have LDAP connections to the corporate address book for scan-to-email functionality where you can look up people's names/addresses. You can know everyone who works at the company and how to contact them (and perhaps even titles, so you know who to go after next).

      You now have a major beach head and can start your real attack.

      This isn't rocket surgery.

    13. Re:why on earth... by sexconker · · Score: 1

      Because all trade networks connect to each other now, and the internet is the cheapest way than building dedicated hardlinks to innerconnect to all stock exchanges. I doubt that any exchange would be willing to drop billions to build trans-atlantic/pacific data exchanges, unless something catastrophic happened. Plus it creates central points of weakness.

      The internet 'routes around damage'.

      Dedicated links are the only links which can be secured.
      It's worth it.

      And no, it doesn't necessarily give you a single point of failure, or "central points of wekaness" any more than the internet does.

      The worst case scenario for losing electronic trading is small delay in trades going through, thus killing off high frequency trading and forcing people to INVEST.
      This would be a GOOD THING.

    14. Re:why on earth... by bhcompy · · Score: 1

      Meanwhile, volatility goes down and focus on longer term investments than milliseconds goes up. Both are good for the market considering what we've seen these past few years. The cutting edge of technology isn't always beneficial to people or even countries(as I'm sure Mubarak is saying right now).

    15. Re:why on earth... by HomelessInLaJolla · · Score: 1

      Hooray! Someone else finally recognizes the printer attack as the ultimate way to pirate the entire network!

      Any HTML exploit to a vulnerable browser attached to a network and it's game over for the world. Firewalls, IDS, LAN, VLAN, virtual machine, blah blah blah doesn't matter. If the system on which you use a web browser has access to a shared printer then you may as well operate under the assumption that some teen in Bangkok already has access to everybodies' ATM cards.

      --
      the NPG electrode was replaced with carbon blac
    16. Re:why on earth... by Doug+Neal · · Score: 1

      Actually it's not common for exchanges to offer connectivity in via the internet except perhaps for low-traffic connections for integration testing and suchlike. The unpredictability of the internet makes it impossible for them to guarantee the service levels that are demanded. The constant stream of pricing updates can run into the gigabits per second depending on what you're subscribed to. If you're big enough to be trading directly on the exchange, the cost of the leased lines and/or colocation next to the exchange (latency is everything) is easy to swallow. Extranets like Radianz are also a very popular option. Brokerage is still alive and well and institutions that aren't doing high-frequency trading will often deal with with brokers.

    17. Re:why on earth... by nedlohs · · Score: 1

      But you can do that without the disconnecting option, so you are throwing out the baby (low commission trading) with the bathwater (high frequency trading).

    18. Re:why on earth... by nedlohs · · Score: 1

      But those with the connections aren't likely to air gap them from the rest of their network.

    19. Re:why on earth... by Anonymous Coward · · Score: 0

      half routers? you mean ... vpn?

    20. Re:why on earth... by vux984 · · Score: 1

      If you're big enough to be trading directly on the exchange, the cost of the leased lines and/or colocation next to the exchange (latency is everything) is easy to swallow.

      And as long as those leased lines and co-located servers are connected to the internet... ...Then the exchanges are connected to the internet.

    21. Re:why on earth... by timeOday · · Score: 1

      And WalMart could eliminate shoplifting by building their stores without doors.

    22. Re:why on earth... by Anonymous Coward · · Score: 0

      because NASDAQ still run on SCO systems......

    23. Re:why on earth... by Mashiki · · Score: 1

      And no, it doesn't necessarily give you a single point of failure, or "central points of wekaness" any more than the internet does.

      Oh I believe that dedicated links are worthwhile. The only question is what will happen, and how much money will be spent later. I'd call it human nature myself.

      As for a central point of weakness? Sure. All you need to do is look at past incidents where some ship(whether cargo/fisherman/idiot) dredges along and kills net access to 1/3 of the worlds population, or limits it.

      --
      Om, nomnomnom...
    24. Re:why on earth... by TheLink · · Score: 2

      I don't even mind high frequency trading. What I mind is them getting to see stuff before others and act on it.

      http://www.nytimes.com/2009/07/24/business/24trading.html
      http://www.nytimes.com/imagepages/2009/07/24/business/0724-webBIZ-trading.ready.html
      http://www.nytimes.com/2009/08/05/business/05flash.html

      Go ahead, send your orders as fast as you want. But being able to see other people's orders AND cancel your orders accordingly before the rest of the market gets them is cheating.

      --
    25. Re:why on earth... by nuggz · · Score: 1

      But liquidity goes down.
      I'm a buy and hold invester, I don't really care about HFT. I still don't understand how HFT hurts me?
      Doesn't it just increase volume thereby letting my trades complete more efficiently.

      I still get the shares I want at the price I want.

    26. Re:why on earth... by nuggz · · Score: 1

      What is the problem with high frequency trading?

      I'm an investor, it provides more liquidity.
      It doesn't change the value of the stock, it at most causes slight minor price swings, which, with the use of limit orders doesn't affect me.

    27. Re:why on earth... by Anonymous Coward · · Score: 0

      You can protect, a virtual air gap would be a system connected to the internet, it can receive data from a deeper layer, but cannot transmit any back.

    28. Re:why on earth... by bWareiWare.co.uk · · Score: 1

      The issue for NASDAQ isn't the trivial task of securing their servers, it is establishing and maintaining a chain of trust to the remote clients wanting to authorize trades.

    29. Re:why on earth... by nedlohs · · Score: 1

      Which can be removed without removing low commission changing.

    30. Re:why on earth... by Anonymous Coward · · Score: 0

      Exchanges are not on the net! It's all private, dedicated networks.

  6. An ad for RSA? by vvaduva · · Score: 1

    wtf is this article - is there actual content anywhere or is it an ad for the RSA conference?

  7. Some background by Dr.+JJJ · · Score: 5, Informative

    I'm sorry that there's no direct article for this submission, and I'm not certain who submitted it, but as an employee of CRI and one of the designers of the demo, I'd like to give you some details about what's going on.

    At CRI we have a lab full of what I consider to be cool equipment, and what's more, some spare time to look at things. We specialize in side-channel analysis and we asked ourselves: what sort of side-channel leaks might be present in consumer PDAs? We took a USRP(1) interface that we had lying around and started investigating the RF emanations of a few of the devices we had easily on hand. We coded some simple cryptographic applications and were surprised at how quickly we were able to find ways to demodulate the various signals in the device in a way that revealed the bits of the secret keys being used.

    We are indeed using GNURadio for the demo. It's been very helpful because it makes rapid prototyping very easy. We use gnuradio-companion to set up the signal processing blocks (mostly AM demodulation) and to set up a simple UI that helps us tune into the right carrier frequencies in real-time during the demo. The rest of the demo involves using our own custom waveform viewer to look at the demodulated signal and show visitors how we can analyze the signal on the screen and extract the key bits that were used during the encryption/decryption process on the device.

    1. Re:Some background by TubeSteak · · Score: 1

      mostly AM demodulation

      Amplitude Modulation demodulation?
      The avg person won't think twice about it, but us pedants can't help it.

      That aside, I'm not surprised that consumer software is blabbing its secrets all over the airwaves.
      Even for companies who spend millions on security Q&A for their software, they still manage to find new and innovative ways to screw it up.

      --
      [Fuck Beta]
      o0t!
    2. Re:Some background by Anonymous Coward · · Score: 3, Insightful

      What's wrong with demodulating an amplitude modulated signal? How would you have phrased it differently without losing information?

    3. Re:Some background by Anonymous Coward · · Score: 0

      I'm not sure I buy it. Sure you could detect signals eminating from a smart phone, but decifering them into something coherent? Really? That's pretty awesome if it can be done, but where are the details about what devices you used and what exactly you did?

      Pretty much any "bits" could be said to be part of a secret key. Did you get a few bytes of the secret key that are meaningful (statistically)? Or did you just get 0011 and say hey the secret key has a 3 in it so we deciphered part of it?

    4. Re:Some background by Anonymous Coward · · Score: 0

      Amplitude Modulation detection, carrier signal envelope recovery, ...

    5. Re:Some background by owlstead · · Score: 1

      "I'm not sure I buy it. Sure you could detect signals eminating from a smart phone, but decifering them into something coherent? Really? That's pretty awesome if it can be done, but where are the details about what devices you used and what exactly you did?"

      That is completely in line what I've seen done during side channel attacks on various kind of devices - for me it is not hard to believe at all. Besides that, I used to listen to radio tuned to my MSX computer. It wasn't long until you could find out by listening to the audio signal what your computer doing. This is basically the same thing, except that the frequency is a bit higher, and more dense information is extracted.

      Besides all that, there is no way that a company like this is *ever* going to fake this kind of demo. The security crowd isn't well known for its humor regarding rigged demos.

      PS quoted manually since the reply function does not seem to space the reply very well

    6. Re:Some background by Anonymous Coward · · Score: 0

      "Der, der, der, der, der. Imma massive douchebag! Look at my giant pedant-penis!"

    7. Re:Some background by Em+Adespoton · · Score: 1

      Maybe he'd prefer the term Amplitude Modem?

  8. TACO iS TOO FAT AND TOO DRUNK!! YOU ARE RELIEVED!! by Anonymous Coward · · Score: 0

    Get your fat ass to bed and then go talk to Marie O !!

  9. Same story at RSA every year by Anonymous Coward · · Score: 0

    Gee what a surprise, someone at RSA is demonstrating that RSA users' wireless is insecure. Next story please, this is done and tired.

  10. Re:side-channel analysis by DocSavage64109 · · Score: 1

    The side-channel analysis was the most fascinating blurb in this article. Thanks for sharing how this works. Are all PDAs so RF noisy in their processing? Have you considered using this technique on some modern smart phones?

  11. Shielding by unlocked · · Score: 1

    Couldn't you design the assemblies so the boards could be conformal coated with a dialectic layer and them potted with a RF absorbing layer and then a grounded layer as not be able to pick up the emissions in the first place.

    1. Re:Shielding by naturaverl · · Score: 1

      Couldn't you design the assemblies so the boards could be conformal coated with a dialectic layer and them potted with a RF absorbing layer and then a grounded layer as not be able to pick up the emissions in the first place.

      I suppose you could, but it'd really ruin your reception. As long as you have the need for a functioning antenna connected to the device, stray signals will be received as well as transmitted. Not to mention that your idea would increase the build cost in a way that most manufacturers would deem "unnecessary".

  12. TPM by Lehk228 · · Score: 1

    years ago i predicted that such attacks could be utilized to crack TPM keys and such, looks like my prediction was tending towards correct.

    --
    Snowden and Manning are heroes.
    1. Re:TPM by russotto · · Score: 1

      years ago i predicted that such attacks could be utilized to crack TPM keys and such, looks like my prediction was tending towards correct.

      These side-channel attacks have been known for years; the TPM guys know them too, and have likely at least made attempts to stymie them.

    2. Re:TPM by owlstead · · Score: 1

      You may leave that "likely" out. Most of these TPA modules are modified smart card chips, and they certainly provide security against DPA attacks. The problem is that most general purpose CPU's do not. This becomes more of a problem if this chip is a low frequency, highly mobile RISC chip, I suppose.

    3. Re:TPM by Em+Adespoton · · Score: 1

      The interesting thing about this is that the security protections in SC chips would be triviial to port to a larger IC CPU; you're get a bit of performance loss, but randomizing the pipelining would probably be enough for simple protection.

      So what you'd see is not too much cost involved in adding the protection, but a minor performance hit. Seems to me the Mobile market (where chips are usually underclocked anyway) would be the perfect market to start implementing this in. Gaming PCs probably don't need this feature anyway, so if it could be installed but disabled (with a Turbo/Insecure button?) everyone could have what they want.

  13. We used to play the disk channel on an IBM 1130 by garyebickford · · Score: 1

    Gee, this takes me back. The IBM 1130 (actually IIRC a later clone) had a 'Winchester' (IBM model 3030) washingmachine-sized drive with a 5 HP stepping motor to drive the arm, and removable 5 MB disk packs. Somebody back in the mists of history figured out that if you put a transistor radio on top of the console in the right place, the disk controller signals that drove the stepping motor made enough EMI to generate an AM radio signal. So they wrote an assembler program that could play different songs according to data stored on a data cards that followed the program cards in the deck. So we could play "Jingle Bells" while thrashing the disk seek mechanism. Big Fun!!

    Those Winchester drives would actually walk across the floor if the seek cycles got in sync with the natural resonant frequency of the box itself. Five horsepower (about 4 KW) has to go somewhere.

    --
    It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
    1. Re:We used to play the disk channel on an IBM 1130 by garyebickford · · Score: 1

      Correcting myself - The disk drive was not model 30-30. It was probably the IBM 1311. You can read the history of how these got called "Winchesters".

      --
      It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
    2. Re:We used to play the disk channel on an IBM 1130 by garyebickford · · Score: 1

      ... or the IBM 2311. Sigh... Note to self: do the research before you hit 'Submit'. :P

      --
      It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/