For MTU (don't use 3I at all) I came up with a ship transponder system. The terminology is necessarily taken from our TL but it is only as analogy.

The transponder is installed towards to end of ship construction. It is basically a smallish (1 meter3) armoured box self powered by beta voltaics. It has one fiber connector to hook into the ships comm computer.

components: purpose built computer. densiometer. beta voltaic power source (100 years).

When the "box" is 1st installed it makes a detailed grav map of the ship and has the perm structure "fixed" into memory. This is detailed down to minor structural anomalies.

Shortly before the ship is turned over to its owner from the yard, Scout Service (or equivalent) programs it with its unique Public & Private encryption keys along with registration details of ship. This data is securely sent out via the x-boat system to starports, Scout service & Navy. Only the appropriate Scout Service dept. gets the Private key.

When a ship enters a system and its transponder is queried by system control it sends its reply encrypted with its private key, the star port secure comm system decrypts using the ships registered Public key. The response from the transponder also includes last 10 system control ID's its communicated with including dates. Starports also have their own keys and the ship transponders have the public keys in database to be able to verify that it is indeed communicating with actual correct authorities.

Transponders record if they have been moved or, put in a new ship. They will respond with this data when ID queried by authorities. They can also detect (via densiometer) if the ship is carrying nukes. This data being detailed to authorities when transponder queried.

The unit is totally sealed and unlocks from within when proper coded instructions are given (encrypted with private key) if servicing is required by appropriate Scout personnel with correct equipment. If someone attempts to gain illegal access, all encryption keys are wiped and key h/w is fused (useless blob).

Data as to ship past itinerary is up-streamed to sub-sector & sector starport authorities and computers automatically find conflicting data if someone has managed to use another ships private key code in a transponder.

Sounds impressively draconian.

Just means that the black market transponder suppliers can charge more.

_________________
Maritime Games Club (Medway, Kent, UK)

Come and visit, we need more Traveller players...

Not compared to the constant GPS tracking of cargo ships on Earth...



"After market" transponders don't really work under this system. Reread description...

Certainly within the realm of possibility.

Today ships do have GPS tracking, but they can also turn their transponders off.

A system such as this would be helpful to the authorities, but for every lock made, there are always ways around it and ways to spoof it. You should add some of those to the description.

Based on my work in this area of security, ya can't really "spoof" it. You'd have to steal a key (take a unit or get one from the Scouts) that matches your ship and use it once or twice before you're caught. But, that is self explanatory. That's about all you could do.

I work in software security, specifically password and identity management. There are many ways security can be hacked. Plus codes can be broken, people bribed, etc.

As far as I know, nobody has ever designed a security system with computers that somebody else hasn't been able to break or hack. The only encryption technique that is relatively unbreakable are one-time ciphers run through a process that makes it virtually impossible to decrypt without knowing how it was done.

Describe spoofing a public/private key system as described. I don't need many examples, just one.

BTW, you can turn the thing off.

A typical computer is designed specifically to make it easy to modify the hardware, OS, and software.

A "black box" system could be designed from the ground up with no means for modifying the "code" without opening it up would be astronomically more secure.
Tampering with input and output could still be done.

For example, some manner of spoofing input so that the box thinks it's still on the original ship even though it has been moved. The OP says the transponder sends its data out via the comm system so output could be intercepted, modified, and then sent.

One word: Virus

_________________
Traveller - Beyond the Frontier pbp

The input it uses to determine the ship it is on is its densitometer readings. To modify its output requires knowing the private key (see data on public/private key crypto)

Your system has a fundamental flaw, like every other public/private key. You stated every starport would have its own key, and they would need multiple keys. Each copy of the key increases the vulnerability of the system. And with literally millions of copies of the key across space (assuming you are using the Traveller default universe), that key WILL have been compromised.

Public asymetric keys are also more vulnerable to brute-force attacks because the algorithm has to be exposed for it to work. Sure, you can offset this by making a 1,024 bit length key, but that requires more time to decrypt. And as computers become faster for decryption, they also become faster for attacks.

Not to mention that in order for this to work, the underlying algorithm must be kept a complete secret. Secrets tend to get out over time, through many means - exposure by the enemy, sale for profit, for other motives, etc.

The bottom line is that every system is vulnerable to hacking in one way or another. Thus far technology has shown that to be true. If it wasn't, then people would have stopped creating new algorithms and new encryption methods. Security stops the average person. Your design would make it difficult for the average or even above-average person to change things. But it would not totally stop a person who had the skills to reverse-engineer it, and it wouldn't stop the person who could use the old-fashioned ways of getting around it (i.e. don't attack the technology, utilize the people involved).

But hey, it's a game, and if in your game universe you want to make it impossible to hack, that's fine. But if you wish to convince others that it would be fool-proof, that's a different story.

Millions of starports? Do tell? My public key has been sent thousands of times. No breach...





Currently, an RSA type key takes about .65 billion years to brute force.



Nope. The current PGP algorithm is known. doesn't help.

Still waiting for the spoof you promised btw.

Agreed. PGP is an oddity because it's a 'one-way' mathematical function - knowing how to encrypt doesn't mean knowing how to decrypt, and knowing the algorithm without the key doesn't help.

That said, be cautious about claims on crackability - no prime factorization algorithm is currently known but no-one has managed to prove such a function can't exist (a perennial nightmare for ITS types these days). Equally, once computers get to the level of running realistic smart-interface intellects, processing speeds are clearly orders of magnitude outside ours.

Note that this isn't of much use to a player per se; a criminal syndicate on a TL13+, multi-billion population world could quite easily assemble a botnet that would make the contemporary NSA look like a slide rule, but a bunch of PCs on the battered suleiman-class S.S. Overdue Mortgage Payment on a week's visit to the planet would need some seriously canny roleplaying to get access to it.

A more pragmatic version is that if (almost) every system has a copy, someone would be able to find a moderately corruptible starport official, or transponder manufacturer, with reasonable ease somewhere. Particularly note the situation for non-core worlds, which aren't on the X-Boat routes and must therefore wait for (presumably) mail drum updates and won't necessarily have a scout-service presence. Crack it at that end, and you have the transmission keys for every ship of your class registered in imperial space.

The key weakness is - as ever - not technology but people. The transponder box is essentially unbreachable technologically but the system control doesn't 'see' the box, only a string of SC identity headers verified by a publically known key - regardless of the encryption algorithm, because SC has to send out a known 'challenge' code and get a known 'reponse' code, and be able to verify that these match against its records. If the 'ring-back' has the correct header, SC doesn't know if it came from a legitimate box or the ship's own computer.



But your private key hasn't.
PGP allows you to encrypt a message into a form that you yourself cannot decrypt but the recipient can - in many ways this is the problem with it as a form of encryption; it protects the message content but does not verify the sender - which is actually the more important part of the task here.

In order to create a 'knock-off' transponder, all you need is a message format (has to be publically available as it can't be realistically modified given the number of starports and starships in service) and your public key. You can't modify the message that your transponder generates, but you don't have to; you can physically cut it out of the loop and cook your own from scratch saying whatever you want it to. You can generate your public key from your private key but not the other way around, but since you're the source of the encrypted message not the recipient, your private key is the one held by everyone and their dog.

Equally, you're not going to be sending the densitometer map in each transponder call - simply on bandwidth. It's going to be a string of yes/no responses;

Yes, I believe I am still on the correct ship
No, no-one has attempted to access me since the last appropriate service
No, there have been no suspicious interruptions of link to the computer
Yes, my densitometer map of the hull remains accurate to the level of accuracy I can see*

Which is why message format is the important element.

* Also; Densitometer plating from Scoundrel. just put the damn thing in a g-plate box and it can think it's on a Tigress class for all it matters.

_________________
Understand that I'm not advocating violence.
I'm just saying that it's highly effective and I strongly recommend using it.

Minbari Protectorate Fleet:
http://www.mediafire.com/?cmymg13nzmd

The problem I see is not that it can/can't be hacked but that it's too draconian. What happens when changes to the ship structure, due to battle damage or equipment upgrades, cause some of those "minor structural anomalies" to be radically altered or disappear?

_________________
Sir Dhaven Hevelin, IOD, Baronet of Fulacin
Owner/Captain - S.S. Warlock

Playing RQ/BRPS/Traveller since 1978

Yes, exactly! Like, say a DVD player - designed from the ground up to deny users access to the internals. That could never be cracked!

Oh, wait...


You know what the great thing about Moore's Law is? It's exponential. Give Moore's Law 100 years of continuing development and what takes 650 million years today will take under a second.

Granted, Moore's Law is very unlikely to hold up for another century, but, then, Traveller is several centuries in the future. It's much more likely that the reason RSA-type encryption will be useless by then is that factoring large primes will no longer be difficult, whether due to advances in algorithms or due to a new computing paradigm. I've often heard the claim that quantum computers, for instance, could factor arbitrarily large numbers more-or-less instantaneously. A new version of public/private key crypto which doesn't rely on factoring large primes may or may not be available at that point.


Yep. The greatest crackers don't need to break your algorithm. They'll social engineer your people.


Agreed. My first thought on reading the OP was "What happens when you add a weapon, upgrade the drives, etc.?" Battle damage hadn't even occurred to me, but that could make for some pretty serious structural changes, both while the damage remains and after it is repaired (replacement parts won't be 100% identical, hull patches may have a different shape than the original hull section...).

I'm also unclear on how the densitometer would distinguish between "ship" and "not-ship" when taking it's reading and, if it can't make that distinction, then just filling your hold with a load of cargo is going to make it think it's been moved onto a new ship. Or jumping, since the liquid hydrogen filling 10-60% of the hull volume before the jump is substantially more dense than the empty space filling that volume after the jump.