zenadsl6186 at zen.co.uk
Sat Dec 24 21:00:04 GMT 2011
John Brazier wrote:
> Dear all,
> I am now no doubt out of date, but one of the rules I learnt was that an
> encryption system only has to be as good as the timescale you're concerned
> So the Playfair was completely appropriate as a battlefield cypher in the
> First World War: even if you knew the system, it would take you at least an
> hour to derive the key, at which point the information was redundant.
> I would assume any of these drones is a technological compromise between
> flight time, control, and weapons delivery. The last probably being the
> most important, it would mean that they would, assuming their control system
> is cryptographically protected, go for the simplest possible system that
> gives them protection within the expected flight time. That, to me, would
> certainly exclude RSA as its computing baggage would be better directed
> towards things like targeting.
> But I'm not an expert in this domain.
I think there are two issues here, control of the vehicle and GPS
spoofing. I have heard that RSA is used in the setup of control links,
which makes sense.
The use of RSA in GPS anti-spoofing technology is a little more
uncertain, but it is also possible. I think it is most unlikely to be
used as a prng stream generator, but it's use in distributing
verification and/or prng stream keys seems well within normal crypto
Of course, there are easier ways to spoof GPS than breaking the crypto.
There's the method I mentioned, and also perhaps the simplest method of
all, which afaics cannot be cryptographically protected against - if you
want a GPS receiver at point Y to think it is at point X, put something
at point X which can collect the GPS signals there, and send them to
point Y at signal strength levels which overwhelm the legitimate GPS
signals at point Y.
You don't have to even think about the crypto then, never mind break it.
-- Peter Fairbrother
> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk
> [mailto:ukcrypto-bounces at chiark.greenend.org.uk] On Behalf Of Peter
> Sent: 23 December 2011 7:53 PM
> To: UK Cryptography Policy Discussion Group
> Subject: Re: Iran GPS Spoofing and the RSA Cipher
> Ian Mason wrote:
>> On 23 Dec 2011, at 15:33, Ian Batten wrote:
>>> Leaving aside the practicalities of the algorithms, an asymmetric
>>> system would be attractive for military-grade GPS, as it would mean
>>> that the theft and complete analysis of a receiver would not provide
>>> the key material for spoofing. There are a lot of military handsets
>>> and by definition they are going to be used in hostile environments
>>> with a risk of capture, so were it possible to engineer a system
>>> where the handsets did not contain the transmission keys that would
>>> be a desirable property. As you point out, it might prove very
>>> difficult to achieve, but those problems would bring some value as well.
>> I see what you're getting at, but I think you haven't really thought
>> it through or misunderstand the problem. Remember that the satellites
>> are broadcasting to all receivers, not having a conversation with each
>> GPS receiver individually. The satellite/receiver system would still
>> need to share secret material as having one private key per receiver
>> would be impractical. If nothing else it would require the satellite
>> to speculatively transmit the current spreading code key wrapped in
>> many different public keys.
> I'm with t'other other Ian on this - an enemy finding a receiver could then
> use it to locate themselves, and if they could extract the key (a big if -
> it's hard enough to extract the key from the chip in a bank
> card) they could build more receivers (until the key is changed), but if
> it's RSA protected they couldn't use the key they found to spoof other
> Brian's property, being able to calculate bit x without having to calculate
> bits 1 ...x is probably essential, but it isn't exactly hard to do, and it
> doesn't require RSA. Anything which can reset a simplish PRNG every second
> or so could also be used.
> Pure speculation: Although it's somewhat inefficient, it is doable. ..a bit
> of theory goes in here, multichannel datastream, XOR of subset of
> datastreams gives real individualised ciphertext, XOR again plus key for
> real plaintext .. you can switch off the signal to any individual receivers
> which are known to be in enemy hands. You can also spoof a few captured or
> cloned receivers at once as well.
> Getting back to the actual drone, I know very little about it. Is it
> autonomous or controlled by a satellite signal link? I have heard a whisper
> that for at least some drones which have such a link, the remote setup of
> that control link is protected by RSA.
> But then the USAF isn't exactly famous for getting codes right, or even for
> using codes at all. It wouldn't surprise me terribly if there were some
> unencrypted links around. Maybe this one:
>> All the GPS satellites transmit simultaneously on the same frequency
>> using a CDMA/DSSS modulation. The only way you can separate the
>> signals from multiple satellites is to use a different spreading code
>> for each satellite, both for satellite transmission and terrestrial
> That's true if the receivers are all in one place and omnidirectional,
> but if you have several receivers which are well-seperated then you can
> seperate the signals from the satellites (and find the prngstream, and
> transmit that to your equipment). That sounds like something a country
> could easily do over it's own territory.
> Doesn't matter what the encryption scheme used for the CDMA/DSSS
> modulation was, the keystream is just plaintext against that attack.
> Now I'm not sure if the keystream would be particularly useful for
> everyday equipment, as it's maybe half a second or so out of date, but
> if a receiver can keep half a second's worth of raw data ..
>> The spreading code is the bitstream output of a PRNG, also sometimes
>> called a keystream when the intent is encryption. The receiver needs the
>> spreading code to demodulate the transmitted signal, so it has to
>> generate exactly the same spreading code as the sender is using just to
>> detect the signal - a fundamentally symmetric relationship.
>> For the public channels such as the C/A (Coarse/Acquisition) signal the
>> the PRNG formulation (key+algorithmn) used to generate the spreading
>> signal is well known, the key is the satellite number. The M-code
>> channel is an anti-spoofing feature and also uses a secret and much
>> longer spreading code to achieve the antispoofing characteristic.
> Merry Christmas!
> -- Peter Fairbrother
More information about the ukcrypto