ship transponder & communication with "system control"

F

F33D

Mongoose
For MTU (don't use 3I at all) I came up with a ship transponder system. The terminology is necessarily taken from our TL but it is only as analogy.

The transponder is installed towards to end of ship construction. It is basically a smallish (1 meter3) armoured box self powered by beta voltaics. It has one fiber connector to hook into the ships comm computer.

components: purpose built computer. densiometer. beta voltaic power source (100 years).

When the "box" is 1st installed it makes a detailed grav map of the ship and has the perm structure "fixed" into memory. This is detailed down to minor structural anomalies.

Shortly before the ship is turned over to its owner from the yard, Scout Service (or equivalent) programs it with its unique Public & Private encryption keys along with registration details of ship. This data is securely sent out via the x-boat system to starports, Scout service & Navy. Only the appropriate Scout Service dept. gets the Private key.

When a ship enters a system and its transponder is queried by system control it sends its reply encrypted with its private key, the star port secure comm system decrypts using the ships registered Public key. The response from the transponder also includes last 10 system control ID's its communicated with including dates. Starports also have their own keys and the ship transponders have the public keys in database to be able to verify that it is indeed communicating with actual correct authorities.

Transponders record if they have been moved or, put in a new ship. They will respond with this data when ID queried by authorities. They can also detect (via densiometer) if the ship is carrying nukes. This data being detailed to authorities when transponder queried.

The unit is totally sealed and unlocks from within when proper coded instructions are given (encrypted with private key) if servicing is required by appropriate Scout personnel with correct equipment. If someone attempts to gain illegal access, all encryption keys are wiped and key h/w is fused (useless blob).

Data as to ship past itinerary is up-streamed to sub-sector & sector starport authorities and computers automatically find conflicting data if someone has managed to use another ships private key code in a transponder.
 
Vyrolakos said:
Sounds impressively draconian.
Click to expand...

Not compared to the constant GPS tracking of cargo ships on Earth...

Vyrolakos said:
Just means that the black market transponder suppliers can charge more. :wink:
Click to expand...

"After market" transponders don't really work under this system. Reread description...
 
Certainly within the realm of possibility.

Today ships do have GPS tracking, but they can also turn their transponders off.

A system such as this would be helpful to the authorities, but for every lock made, there are always ways around it and ways to spoof it. You should add some of those to the description.
 
phavoc said:
A system such as this would be helpful to the authorities, but for every lock made, there are always ways around it and ways to spoof it. You should add some of those to the description.
Click to expand...

Based on my work in this area of security, ya can't really "spoof" it. You'd have to steal a key (take a unit or get one from the Scouts) that matches your ship and use it once or twice before you're caught. But, that is self explanatory. That's about all you could do.
 
I work in software security, specifically password and identity management. There are many ways security can be hacked. Plus codes can be broken, people bribed, etc.

As far as I know, nobody has ever designed a security system with computers that somebody else hasn't been able to break or hack. The only encryption technique that is relatively unbreakable are one-time ciphers run through a process that makes it virtually impossible to decrypt without knowing how it was done.
 
phavoc said:
I work in software security, specifically password and identity management. There are many ways security can be hacked. ...
Click to expand...

Describe spoofing a public/private key system as described. I don't need many examples, just one.

BTW, you can turn the thing off.
 
phavoc said:
As far as I know, nobody has ever designed a security system with computers that somebody else hasn't been able to break or hack.
Click to expand...
A typical computer is designed specifically to make it easy to modify the hardware, OS, and software.

A "black box" system could be designed from the ground up with no means for modifying the "code" without opening it up would be astronomically more secure.
phavoc said:
there are always ways around it and ways to spoof it. You should add some of those to the description.
Click to expand...
Tampering with input and output could still be done.

For example, some manner of spoofing input so that the box thinks it's still on the original ship even though it has been moved. The OP says the transponder sends its data out via the comm system so output could be intercepted, modified, and then sent.
 
CosmicGamer said:
Tampering with input and output could still be done.

For example, some manner of spoofing input so that the box thinks it's still on the original ship even though it has been moved. The OP says the transponder sends its data out via the comm system so output could be intercepted, modified, and then sent.
Click to expand...


The input it uses to determine the ship it is on is its densitometer readings. To modify its output requires knowing the private key (see data on public/private key crypto)
 
F33D said:
phavoc said:
I work in software security, specifically password and identity management. There are many ways security can be hacked. ...
Click to expand...

Describe spoofing a public/private key system as described. I don't need many examples, just one.

BTW, you can turn the thing off.
Click to expand...

Your system has a fundamental flaw, like every other public/private key. You stated every starport would have its own key, and they would need multiple keys. Each copy of the key increases the vulnerability of the system. And with literally millions of copies of the key across space (assuming you are using the Traveller default universe), that key WILL have been compromised.

Public asymetric keys are also more vulnerable to brute-force attacks because the algorithm has to be exposed for it to work. Sure, you can offset this by making a 1,024 bit length key, but that requires more time to decrypt. And as computers become faster for decryption, they also become faster for attacks.

Not to mention that in order for this to work, the underlying algorithm must be kept a complete secret. Secrets tend to get out over time, through many means - exposure by the enemy, sale for profit, for other motives, etc.

The bottom line is that every system is vulnerable to hacking in one way or another. Thus far technology has shown that to be true. If it wasn't, then people would have stopped creating new algorithms and new encryption methods. Security stops the average person. Your design would make it difficult for the average or even above-average person to change things. But it would not totally stop a person who had the skills to reverse-engineer it, and it wouldn't stop the person who could use the old-fashioned ways of getting around it (i.e. don't attack the technology, utilize the people involved).

But hey, it's a game, and if in your game universe you want to make it impossible to hack, that's fine. But if you wish to convince others that it would be fool-proof, that's a different story.
 
phavoc said:
And with literally millions of copies of the key across space (assuming you are using the Traveller default universe), that key WILL have been compromised.
Click to expand...

Millions of starports? Do tell? My public key has been sent thousands of times. No breach...



phavoc said:
Public asymetric keys are also more vulnerable to brute-force attacks because the algorithm has to be exposed for it to work. Sure, you can offset this by making a 1,024 bit length key, but that requires more time to decrypt. And as computers become faster for decryption, they also become faster for attacks.
Click to expand...

Currently, an RSA type key takes about .65 billion years to brute force. :roll:

phavoc said:
Not to mention that in order for this to work, the underlying algorithm must be kept a complete secret. Secrets tend to get out over time, through many means
Click to expand...

Nope. The current PGP algorithm is known. doesn't help.

Still waiting for the spoof you promised btw.
 
Nope. The current PGP algorithm is known. doesn't help.
Click to expand...

Agreed. PGP is an oddity because it's a 'one-way' mathematical function - knowing how to encrypt doesn't mean knowing how to decrypt, and knowing the algorithm without the key doesn't help.

That said, be cautious about claims on crackability - no prime factorization algorithm is currently known but no-one has managed to prove such a function can't exist (a perennial nightmare for ITS types these days). Equally, once computers get to the level of running realistic smart-interface intellects, processing speeds are clearly orders of magnitude outside ours.

Note that this isn't of much use to a player per se; a criminal syndicate on a TL13+, multi-billion population world could quite easily assemble a botnet that would make the contemporary NSA look like a slide rule, but a bunch of PCs on the battered suleiman-class S.S. Overdue Mortgage Payment on a week's visit to the planet would need some seriously canny roleplaying to get access to it.

A more pragmatic version is that if (almost) every system has a copy, someone would be able to find a moderately corruptible starport official, or transponder manufacturer, with reasonable ease somewhere. Particularly note the situation for non-core worlds, which aren't on the X-Boat routes and must therefore wait for (presumably) mail drum updates and won't necessarily have a scout-service presence. Crack it at that end, and you have the transmission keys for every ship of your class registered in imperial space.

The key weakness is - as ever - not technology but people. The transponder box is essentially unbreachable technologically but the system control doesn't 'see' the box, only a string of SC identity headers verified by a publically known key - regardless of the encryption algorithm, because SC has to send out a known 'challenge' code and get a known 'reponse' code, and be able to verify that these match against its records. If the 'ring-back' has the correct header, SC doesn't know if it came from a legitimate box or the ship's own computer.

Millions of starports? Do tell? My public key has been sent thousands of times. No breach...
Click to expand...

But your private key hasn't.
PGP allows you to encrypt a message into a form that you yourself cannot decrypt but the recipient can - in many ways this is the problem with it as a form of encryption; it protects the message content but does not verify the sender - which is actually the more important part of the task here.

In order to create a 'knock-off' transponder, all you need is a message format (has to be publically available as it can't be realistically modified given the number of starports and starships in service) and your public key. You can't modify the message that your transponder generates, but you don't have to; you can physically cut it out of the loop and cook your own from scratch saying whatever you want it to. You can generate your public key from your private key but not the other way around, but since you're the source of the encrypted message not the recipient, your private key is the one held by everyone and their dog.

Equally, you're not going to be sending the densitometer map in each transponder call - simply on bandwidth. It's going to be a string of yes/no responses;

Yes, I believe I am still on the correct ship
No, no-one has attempted to access me since the last appropriate service
No, there have been no suspicious interruptions of link to the computer
Yes, my densitometer map of the hull remains accurate to the level of accuracy I can see*

Which is why message format is the important element.

* Also; Densitometer plating from Scoundrel. just put the damn thing in a g-plate box and it can think it's on a Tigress class for all it matters.
 
The problem I see is not that it can/can't be hacked but that it's too draconian. What happens when changes to the ship structure, due to battle damage or equipment upgrades, cause some of those "minor structural anomalies" to be radically altered or disappear?
 
CosmicGamer said:
A typical computer is designed specifically to make it easy to modify the hardware, OS, and software.

A "black box" system could be designed from the ground up with no means for modifying the "code" without opening it up would be astronomically more secure.
Click to expand...
Yes, exactly! Like, say a DVD player - designed from the ground up to deny users access to the internals. That could never be cracked!

Oh, wait...

F33D said:
Currently, an RSA type key takes about .65 billion years to brute force. :roll:
Click to expand...
You know what the great thing about Moore's Law is? It's exponential. Give Moore's Law 100 years of continuing development and what takes 650 million years today will take under a second.

Granted, Moore's Law is very unlikely to hold up for another century, but, then, Traveller is several centuries in the future. It's much more likely that the reason RSA-type encryption will be useless by then is that factoring large primes will no longer be difficult, whether due to advances in algorithms or due to a new computing paradigm. I've often heard the claim that quantum computers, for instance, could factor arbitrarily large numbers more-or-less instantaneously. A new version of public/private key crypto which doesn't rely on factoring large primes may or may not be available at that point.

locarno24 said:
The key weakness is - as ever - not technology but people.
Click to expand...
Yep. The greatest crackers don't need to break your algorithm. They'll social engineer your people.

SSWarlock said:
The problem I see is not that it can/can't be hacked but that it's too draconian. What happens when changes to the ship structure, due to battle damage or equipment upgrades, cause some of those "minor structural anomalies" to be radically altered or disappear?
Click to expand...
Agreed. My first thought on reading the OP was "What happens when you add a weapon, upgrade the drives, etc.?" Battle damage hadn't even occurred to me, but that could make for some pretty serious structural changes, both while the damage remains and after it is repaired (replacement parts won't be 100% identical, hull patches may have a different shape than the original hull section...).

I'm also unclear on how the densitometer would distinguish between "ship" and "not-ship" when taking it's reading and, if it can't make that distinction, then just filling your hold with a load of cargo is going to make it think it's been moved onto a new ship. Or jumping, since the liquid hydrogen filling 10-60% of the hull volume before the jump is substantially more dense than the empty space filling that volume after the jump.
 
F33D said:
Millions of starports? Do tell? My public key has been sent thousands of times. No breach...
Click to expand...

Yeah, go back and read your own posting. Every starport has at least one key, if not dozens, or hundreds, to read all of the transponders of the ships coming into the system. I wasn't talking about YOUR personal key. And if it's YOUR personal key, I don't doubt it's still safe. Do you have anything worth stealing that a hacker would bother to do so?


F33D said:
Currently, an RSA type key takes about .65 billion years to brute force. :roll:
Click to expand...

A few years ago, at a Blackhat conference, it was estimated that you could build a machine to crack a 1024-bit RSA key in about 12 months. And that was seven years ago.

Where did you find that statistic?

If you want to know more about cryptography, I'd suggest reading some of the papers out of the Black Hat conferences. There are some really interesting theories and conjectures by some very creative people.
 
nDervish said:
CosmicGamer said:
A "black box" system could be designed from the ground up with no means for modifying the "code" without opening it up would be astronomically more secure.
Click to expand...
Yes, exactly! Like, say a DVD player - designed from the ground up to deny users access to the internals. That could never be cracked!

Oh, wait...
Click to expand...
First, I've never met a DVD player that couldn't be opened up and the user is not denied access to the disk so I'm not sure what comparison the example is supposed to represent.

From what I could tell the link had nothing to do with breaking security on a DVD player but instead, taking an in hand DVD and being able to decode it.

To me it would be more comparable to decrypting the output sent by the transponder without having the proper software and whatnot of space port flight control. I'm not too up on DVD tech, but I believe it's just encryption/decryption and the DVD and players don't all have keys?
 
F33D said:
Vyrolakos said:
Sounds impressively draconian.
Click to expand...

Not compared to the constant GPS tracking of cargo ships on Earth...

Vyrolakos said:
Just means that the black market transponder suppliers can charge more. :wink:
Click to expand...

"After market" transponders don't really work under this system. Reread description...
Click to expand...

Oh, I read your description just fine the first time. My post was just suggesting that where there is pretty serious money to be made, criminal ingenuity knows no bounds.

Of course, if you want there to be no smugglers, pirates, dodgy types, etc, running around in misappropriated starships in YTU, then fair enough.
 
phavoc said:
Yeah, go back and read your own posting. Every starport has at least one key, if not dozens, or hundreds, to read all of the transponders of the ships coming into the system. I wasn't talking about YOUR personal key. And if it's YOUR personal key, I don't doubt it's still safe. Do you have anything worth stealing that a hacker would bother to do so?
Click to expand...

I said that as a joke. As you know, you can't derive a private key from having a correctly generated Public key. THAT is why my private key is still secure. Not, because how many or, how few copies are out in the wild.



phavoc said:
Where did you find that statistic?.
Click to expand...

From an internal presentation at DHS by NRO crypto. (The current public/private scheme won't be able to be factored until ~2034 based on current computer speed growth curve. Using A LOT of networked machines that a civvie could likely use, it is in that figure I gave.

p.s. I've worked the IT sec area (retired now) for many years and participated in public (US intel & law) private sector & consulting NATO member internal sec ministries.
 
SSWarlock said:
The problem I see is not that it can/can't be hacked but that it's too draconian. What happens when changes to the ship structure, due to battle damage or equipment upgrades, cause some of those "minor structural anomalies" to be radically altered or disappear?
Click to expand...


Simple, the unit gets reset at the shipyard when you come in for repairs/work. What's so difficult about that?
 
You must log in or register to reply here.

Similar threads

A
Locking down the ship (Who's got the keys?)
Replies
7
Views
1K
Condottiere
C
23Weasels
Muster out with a scout ship - A question
8 9 10
Replies
191
Views
4K
rinku
R
ottarrus
Travellers, Banks, and Character Finances
2 3
Replies
42
Views
2K
rinku
R
H
POD landing at a system with the Harrier.
Replies
4
Views
639
agentwigggles
A
R
X-Boat Pilots (heard at the bar)
Replies
4
Views
211
Bense
Bense
Back
Top