Iran GPS Spoofing and the RSA Cipher
Peter Fairbrother
zenadsl6186 at zen.co.uk
Fri Dec 23 19:52:38 GMT 2011
Ian Mason wrote:
>
> On 23 Dec 2011, at 15:33, Ian Batten wrote:
>>
>> Leaving aside the practicalities of the algorithms, an asymmetric
>> system would be attractive for military-grade GPS, as it would mean
>> that the theft and complete analysis of a receiver would not provide
>> the key material for spoofing. There are a lot of military handsets
>> and by definition they are going to be used in hostile environments
>> with a risk of capture, so were it possible to engineer a system where
>> the handsets did not contain the transmission keys that would be a
>> desirable property. As you point out, it might prove very difficult
>> to achieve, but those problems would bring some value as well.
>>
>> ian
>
> I see what you're getting at, but I think you haven't really thought it
> through or misunderstand the problem. Remember that the satellites are
> broadcasting to all receivers, not having a conversation with each GPS
> receiver individually. The satellite/receiver system would still need to
> share secret material as having one private key per receiver would be
> impractical. If nothing else it would require the satellite to
> speculatively transmit the current spreading code key wrapped in many
> different public keys.
I'm with t'other other Ian on this - an enemy finding a receiver could
then use it to locate themselves, and if they could extract the key (a
big if - it's hard enough to extract the key from the chip in a bank
card) they could build more receivers (until the key is changed), but if
it's RSA protected they couldn't use the key they found to spoof other
receivers.
Brian's property, being able to calculate bit x without having to
calculate bits 1 ...x is probably essential, but it isn't exactly hard
to do, and it doesn't require RSA. Anything which can reset a simplish
PRNG every second or so could also be used.
Pure speculation: Although it's somewhat inefficient, it is doable. ..a
bit of theory goes in here, multichannel datastream, XOR of subset of
datastreams gives real individualised ciphertext, XOR again plus key for
real plaintext .. you can switch off the signal to any individual
receivers which are known to be in enemy hands. You can also spoof a few
captured or cloned receivers at once as well.
Getting back to the actual drone, I know very little about it. Is it
autonomous or controlled by a satellite signal link? I have heard a
whisper that for at least some drones which have such a link, the remote
setup of that control link is protected by RSA.
But then the USAF isn't exactly famous for getting codes right, or even
for using codes at all. It wouldn't surprise me terribly if there were
some unencrypted links around. Maybe this one:
>
> All the GPS satellites transmit simultaneously on the same frequency
> using a CDMA/DSSS modulation. The only way you can separate the signals
> from multiple satellites is to use a different spreading code for each
> satellite, both for satellite transmission and terrestrial reception.
That's true if the receivers are all in one place and omnidirectional,
but if you have several receivers which are well-seperated then you can
seperate the signals from the satellites (and find the prngstream, and
transmit that to your equipment). That sounds like something a country
could easily do over it's own territory.
Doesn't matter what the encryption scheme used for the CDMA/DSSS
modulation was, the keystream is just plaintext against that attack.
Now I'm not sure if the keystream would be particularly useful for
everyday equipment, as it's maybe half a second or so out of date, but
if a receiver can keep half a second's worth of raw data ..
> The spreading code is the bitstream output of a PRNG, also sometimes
> called a keystream when the intent is encryption. The receiver needs the
> spreading code to demodulate the transmitted signal, so it has to
> generate exactly the same spreading code as the sender is using just to
> detect the signal - a fundamentally symmetric relationship.
>
> For the public channels such as the C/A (Coarse/Acquisition) signal the
> the PRNG formulation (key+algorithmn) used to generate the spreading
> signal is well known, the key is the satellite number. The M-code
> channel is an anti-spoofing feature and also uses a secret and much
> longer spreading code to achieve the antispoofing characteristic.
Merry Christmas!
-- Peter Fairbrother
More information about the ukcrypto
mailing list