undefined | Better HN

0 pointsamanaplanacanal5d ago0 comments

Why wouldn't they use public key cryptography for that?

0 comments

5 comments · 1 top-level

Your satellite doesn't want to be sending out lots of different signals - due to a limited power budget.

So you have to send out one (or maybe a couple) of signals protected by a key.

Yes, you can distribute that key individually to clients using public key cryptography over the same link (and many services like pay TV do exactly that).

But fundamentally any client who is able to decrypt the main stream can also share the key with someone evil who can use that info to jam the same stream.

Enginerrrd5d ago

Isn’t this the exact problem tree-based broadcast encryption schemes were designed to solve? You could surgically revoke the keys of a bad actor, and I’m not exactly sure, but I think the scope of their ability to affect the jamming resistance of other users is necessarily limited by the tree.

londons_explore5d ago

Indeed you can revoke anyone's keys any time with such a scheme. But a single leaked and unrevoked key is still enough to jam it for everyone.

Obviously you could have some "revoke each players keys in turn until the jamming stops" scheme, but it seems suboptimal.

1 more reply

mjmas5d ago

> jam the same stream.

To add to that, other people won't be able to spoof the original stream (as that needs the private key), but instead only jam it.

It would be the same failure mode as SSL certificates.

londons_explore5d ago

In the case of gnss systems, you can also spoof the stream, since the interesting bit of the stream is not the data contained inside, but instead the relative time of arrival of different streams from different satellites.

An attacker can record the streams and replay them milliseconds later.

A client can protect against this if they have an atomic clock, but that's only for clients willing to pay a decent amount.

j / k navigate · click thread line to collapse

0 comments

5 comments · 1 top-level

londons_explore5d ago· 4 in thread

Your satellite doesn't want to be sending out lots of different signals - due to a limited power budget.

So you have to send out one (or maybe a couple) of signals protected by a key.

Yes, you can distribute that key individually to clients using public key cryptography over the same link (and many services like pay TV do exactly that).

But fundamentally any client who is able to decrypt the main stream can also share the key with someone evil who can use that info to jam the same stream.

Enginerrrd5d ago

Isn’t this the exact problem tree-based broadcast encryption schemes were designed to solve? You could surgically revoke the keys of a bad actor, and I’m not exactly sure, but I think the scope of their ability to affect the jamming resistance of other users is necessarily limited by the tree.

londons_explore5d ago

Indeed you can revoke anyone's keys any time with such a scheme. But a single leaked and unrevoked key is still enough to jam it for everyone.

Obviously you could have some "revoke each players keys in turn until the jamming stops" scheme, but it seems suboptimal.

1 more reply

mjmas5d ago

> jam the same stream.

To add to that, other people won't be able to spoof the original stream (as that needs the private key), but instead only jam it.

It would be the same failure mode as SSL certificates.

londons_explore5d ago

In the case of gnss systems, you can also spoof the stream, since the interesting bit of the stream is not the data contained inside, but instead the relative time of arrival of different streams from different satellites.

An attacker can record the streams and replay them milliseconds later.

A client can protect against this if they have an atomic clock, but that's only for clients willing to pay a decent amount.

j / k navigate · click thread line to collapse