Most US Drones Still Beam Video Unencrypted

An anonymous reader writes "Four years after discovering that militants were tapping into drone video feeds, the U.S. military still hasn't secured the transmissions of more than half of its fleet of Predator and Reaper drones, Danger Room has learned. The majority of the aircraft still broadcast their classified video streams 'in the clear' — without encryption. With a minimal amount of equipment and know-how, militants can see what America's drones see."

Link is spam

The real Wired article is here.
http://www.wired.com/dangerroom/2012/10/hack-proof-drone/

Spaceballs: When will then be now? Soon.

[retroworks]

I can picture the Taliban watching the back of their heads on a screen, like in the Mel Brooks film. "Prepare to fast forward!" http://tinyurl.com/cqbwm5y

Achmed, check this out, we're on TV!

[Freddybear]

Wait, are those cross-hairs? Oh shit...

Re:Any technical details?

[Pinhedd]

Encryption, real time, and noisy signals don't mix well. This isn't a youtube video in which the client can request that the server resend a packet that contained an error. Unencrypted video streams are fairly error tolerant as an error will only manifest itself as a slight artifact for a few short frames. Strong encryption schemes are not error tolerant, a non-correctable error would result in one or more blocks of data being entirely unusable.

A stream cipher could be used instead of a block cipher but a stream cipher presents added difficulties in that not only would the bitwise/bytewise encrypted transmission (as opposed to blockwise) have to be tracked, but it would have to be tracked in sync with a key. If the key repeats, it can be determined with a little bit of work in the same fashion that an RC4 key can be determined to break into WEP protected networks.

You misunderstand

[backslashdot]

You misunderstand. Pinhedd is saying that with an unencrypted signal .. unlike a digital encrypted signal .. if the signal is weak and lossy you can still see usable information.. it may have image noise .. but you'll be able to make out rough outlines. But if the signal is encrypted .. with most forms of encryption you either get a perfect imagery or nothing. Either you will see a clear image or random total image noise. If you make the signal more resilient to noise, the weaker the encryption quality. This also means you lose out on range too since you need a clear strong signal.

We need better ways to encrypt.

Re:You misunderstand

[mysidia]

Use a reliable strongly encrypted side-channel for controlling crypto of the primary channel.

Use a "one-time pad" for the video channel used as a "multi-time pad instead", XOR each block by a random value preloaded on both sender and receiver, each block also XOR'ed by a value negotiated over an encrypted control channel protected with a shared key, pick a new XOR value every 10 - 20 seconds to transmit over the encrypted channel, for the next N seconds of video, and a number of One time PAD bits to skip in the transmission, also transmit a value indicating a pattern for a certain number of 'extra' bits of noise or false signal to be included --- possibly a FALSE unencrypted video stream transmitted alongside the real one.

Include enough "one time pad" / random data stored on a memory card, for 18 - 24 hours of video, then recycle the pad.

One time pads are resilient against 'noise' because they result in the same number of bits noise in the output.

The non-sophisticated adversaries are not likely to defeat even an imperfect implementation. Strictly speaking, any reuse or multiple use of a one time pad makes the stream immediately decipherable by a potential adversary, who has successfully recorded enough ciphertext encoded with the same pad bits, in that they can determine parts of the one time pad.

The possible range of original plaintext for video are much larger than readable human language -- any arbitrary value. Even with simple 'scramble every bit by XORing it with a fixed value' will be extremely tough for unsophisticated adversaries, trying lots of XOR values to decrypt is easy -- ANALYZING the output of every value that you try, requires an adversary to have some serious computer vision technology, to decide if the output of each attempted value is the video stream being searched for or not.

However, 'skipping' a certain number of pad bits, for every transmission, introduces unpredictability, and means only a proportion of bits in a frame might be reused, that requires an adversary not only have more than 48hours recorded data but also conduct complex difficult matching, in the process of trying to figure out which bits might be reused --- only a percentage of bits in the transmission may be reused, and by the time they have conducted the search, the drone's mission is done.

XOR'ing every block over a period of time by the same reference block, is also immediately decipherable by an adversary, who can conduct an analysis to figure out what the XOR block is.

However, combining XOR with a "one time" or "multi use" pad, significantly complicates the process of attempting to figure out the XOR key. No analysis of that is possible without first figuring out the random pad data of a block.

And the simple / militant adversaries, are not likely to break any level of encryption. Or at least, if they do, by the time they were able to decode the video stream: again, the mission will already be over by the time they get it.

And they are in no better position to decode the next video stream (assuming new keys and random pads are loaded on every drone, before its next mission).

Re:play chess much?

[Lloyd_Bryant]

What is this some Michael Bay "the signal that hacked your network" shit? How could they detect a passive receiver?

Because the receiver ain't quite as "passive" as you think. Google for "local oscillator" for an example.

Digital systems tend to generate noise on predictable frequencies as well - if a device has a chip that's clocked at a given frequency, then somewhere in that device is an oscillator used to generate that clock (though it may or may not be working at that particular frequency).

The only truly passive receiver is one that is completely shielded to prevent it from radiating any of this noise. But you *have* to have a gap in the shielding in order for the incoming signal to be received. So building an undetectable receiver is not quite as easy as you might think.