Open pjalocha opened 6 years ago
optimaltracking
commented
6 years ago I think that the goal of the presented signature is to make hacking "difficult" but not "impossible". One constraint is the length of the message. The signature can not be greater than 32 bytes and 8 bytes is a good perspective.
pjalocha
commented
6 years ago Just one important "attack" which I obviously forgot to include: generation of false position signals. There is a possibility that some bad guys would attempt to paralize the airport operation by pretending there are for drones flying around it which may force the ATC to close the airport for traffic.
Could this attack be done ? First, the bad guys good obviously transmit lot of signals with a random signature. Would/should these be taken for real by the receovers natwork ? Then, the bad guys could cracks one of the drones key, say by brute force attack, and use this one to transmit fake positions. Then, they could request a new key using the starndard web-based method and use this one to transmit fake positions. This is probably the easiest way, correct ?
There is a method which could be used to combat this type of attacks: use timing of signals to confirm the positions reported in the position packets. This has not been done with the OGN network but some initial tests show the (relative) timing of the packets can be measured to 50-100ns accuracy which gives about 15-30m. If a signal is heard by several stations and these have a mean to obtain common timing reference, the position of the signal source can be confirmed.
I thus think a developement in this topic is needed. The OGN receiver is nearly read to supply this information so some tests could be run very soon.
When reading about digital authentication I understood that to judge the safety of the system one should not really look at the encryption algorithm but rather on the possible attacks which could be performed on the system being designed. So I try to imagine what could the "bad guys" do with the UAV tracking system.
The system primary purpose is to correctly identify who the tracked UAV belongs to thus the most obvious attack would be to pretend to be somebody else thus to fly a drone and send signals giving false identity. I think the only way to do it is by having the secret key of another drone. Am I correct here ? Record-and-replay strategy would not be possible if the data being signed contains the current 32-bit time, as this time never repeats thus the bad guy would never be able to reuse a packet from the past.
Now, to crack the key of a flying UAV one could record several packets sent by this aircraft and then off-line, use brute force or some weakness of the algorithm to find the secret key. One should thus use long keys (to prevent brute force attacks) and use algorithms which have no known weakness for this type of attack. One could as well change the key often thus before the bad guy cracks it, the key is already different. As drone's flight are relatively short this could be fairly effective strategy.
Another type of attack could in pricinple be performed on the OGN recievers, if the reported all the positions on the APRS, to send several packets with different content and wait before getting positive position report on the APRS. But the number of tests like this would be limited by time and the OGN reciever could likely be make intelligent to stop such attack.