And Yet, It Transmits!
Ian Goldberg likes to state Kerckhoffs’ principle as “The security of a system shouldn’t rely on anything that’s hard to change.” So it is with deep amusement that I report on what’s probably one of the hardest to change systems out there. And I do mean out there: 23,222 km out there. Let me back up.
The Galileo satelite system is a European-funded alternative to the US Global Positioning System, driven to completion by US insistence that Uncle Sam may turn off or degrade the signals at will. In “Cracking the Secret Codes of Europe’s Galileo Satellite” we learn that certain bits of the system, designed to ensure that the signals had to be licensed, have been made non-secret. The web description of the system, how they did it, and the codes, are at http://gps.ece.cornell.edu/galileo/.
I bet that random number generator is hard to change.
(Via Slashdot.)
I bet that random number generator is hard to change.
It’s worth noting that, as stated by the team on their web site, “Subsequently, the Cornell project team has learned that … the GIOVE-A codes and navigation message were not meant to be the same as the final Galileo codes and navigation message.”, which is to say that it has always been the intention that the pseudo-random codes for encrypting the stream will be changed before production. It’s not clear if the whole structure of the encryption system can be changed from the ground but clearly the remoteness of the system is not actually a huge hurdle to updating the system.
It is further worth noting that the purpose of encrypting (or shall we say “obfuscating”) the stream coming from the sky is to allow the satellite owners to extract money for the codes from equipment manufacturers who are on the ground. The vast majority of people are not going to build their own receivers and the majority of manufacturers are unlikely to be willing to risk legal troubles by selling unlicensed devices, so for the purpose in hand it seems likely that the security is effective.
I don’t know if it’s a given that manufacturers won’t risk legal trouble. Maybe European manufacturers won’t, but others may. Look at the DVD player market; while none of the “big names” are breaking the rules by making multi-region players, there’s a steady stream of them from smaller Asian manufacturers.
Nicko– Good catch! The skeptic in me is curious about the phrase “not intended to be,” and the possible lock-in effects of early client systems using only those codes. (Heck, I’m curious about the lock-in effects of clients. When millions of handheld GaleleoPS systems are deployed, what does the upgrade protocol look like?