It's only an engineering problem in the sense that pipelines are no more logical concepts, they have physical representation and you can't skip it. Those are of course solvable problems, only that the current CPU architectures aren't amenable to such treatment. That's not the end of the world, though, even now MS is pushing for parallelizing compilation.
Also remember that whatever position fix you get automatically validates the location of satellites in space, especially once you've got more than the minimum number of satellites needed for a fix. Since the receivers would keep unspoofable ephemerides, you can't really make the satellites "appear" to be somewhere else. The most you could spoof things is within a rather narrow position window, +/-100m or so.
Due to the rather arbitrary phasing of the satellites, replay attacks are pretty much infeasible. Even if they were feasible, GPS receivers know what the time is - they have pretty decent timebases. Time rolling back is a big no-no. If you've got your timebase synced up to crypto-validated time source "up there", the time won't ever roll back. Even "tiny" rollbacks, just a few ms worth, are not only detectable, but can't happen with the real GPS system. If you detect it, it only will due to spoofing or serious problems with the infrastructure - that's when you have to turn off the receiver's position output, if it's not a hybrid receiver with an IMU.
Except that when you're seeing more than the minimum amount of satellites, there are simple feasibility checks that will trigger if you push the target too far off. In open space, like on sea, you can detect such spoofing if it's off by merely 50m or so. Remember that the ephemerides tell you where the satellites are supposed to be at any time. If you've got redundant signals, like you most often do, there are no solutions to changes in the signals that will still be self-consistent, IIRC. Some solutions, if they exist, put you at some spot very far from the original position, a spot you have no control over.
The GPS satellites are dumb relays with local timebases, roughly speaking. You don't need to modify anything on the satellites to transmit arbitrary NAV data. The changes are to the ground segment software only.
I think it's time for a revision to the L2C, L1C and L5 civilian GPS specifications. Right now all signals, if/when present (some are at demo stage only), transmit a default message with no navigational data. It seems to me that messages on those signals should use public cryptography techniques to verify the authenticity and integrity of navigational data. It is feasible to do so, since L2C, L5 and L1C all use a packetized format and to-spec receivers must ignore unknown packets. Thus a cryptographic signature packet can be added in a fully backwards-compatible fashion. Properly done, this prevents spoofing of the navigational data, including preventing replay attacks. It should be sufficient to pretty much end spoofing once and for all.
What you're saying is that some elliptical trajectory with a periapsis of 0km can be circularized with a 30m/s burn. I'd like to see some calculations to back this claim up.
You didn't quite understand. What was said is that if there was no atmosphere, any uncorrected/ballistic orbit that you launch into will include the point on Earth's surface where you shot from. This is a one sided implication - it only means that if you launch from surface, it will punch you in the ass, so to speak. It doesn't mean that a random orbit will include a point on Earth - that's demonstrably not true. Do you have random satellites punching into the Earth just half orbital revolution after launch? No? Well, that's because they are on orbits that, after correction, don't go through the Earth. Any sort of a gun barrel that's on Earth's surface is part of the ballistic orbit, there's no way around it.
Of course when the atmosphere is involved, and if you've got some controllable vanes, you can do just that, at the cost of wasting a lot of energy as heat. IIRC the trajectory is very sensitive to atmospheric disturbances, though, so it's not practical at all:(
Hurt "the US"? What the heck are you talking about? Given the scale the PCs are deployed at, nobody repairs them. Nobody. I mean we're talking less than 1 in 1000 PCs ever being repaired, even if it'd be a software repair only! Even PCs that have fully functional hardware are thrown away because they "become slow and crash often" - read: they are malware infested, nothing wrong with the hardware at all.
It's being deluded to think that the repairability of the PC affects anyone but the geeks and data center operators.
I think only distributed transputer-style processing will be able to tackle that efficiently. Big networks of small CPUs with local memories will be "it". Assuming 0.2mmx0.2mm size of one compute-memory element, we'd have 4,000 such elements fit on a Haswell die.
So, the transputer is going to get a comeback?:) But seriously, transputers are alive and well. I'd salivate ever so slightly given an XMOS slice running at 1THz.
Nope. The signal can travel as far as you wish, as evidenced by the DSN (deep space network) using the 8.5 and 32GHz bands at pretty significant distances within our Solar System. Voyager comms are in the 8.5GHz band IIRC.
The fact that the length of a clock pulse is physically small (on the order of 1mm) only makes it interesting from the engineering side of things, not impossible.
Well, let's see. The Solar System weighs on the order of 10^30 kg. That's 2^100 kg. There's 2^86 atoms in a kilogram of hydrogen. That's only 2^186 hydrogens in our solar system, if its whole mass was hydrogen. You seem to be right - iterating through 2^256 is quite unfeasible.
Assuming iteration speed of 2^32/second, given 2^24 seconds per year, and a billion PCs worldwide (2^30), we could "crunch" only a space of 2^86. Our current resources are about a factor of 2^170 too small:)
BiCMOS is alive and well, thank you very much. It's just silly to use it for CPUs. Was it even used for any Intel chips at all? What for? It's pretty pointless unless you need bipolar-specific analog stuff on the same die.
Besides, if you really want to send an aircraft off track, you may just own it outright, no need to fuck GPS for everyone in the vicinity, you know. Various "dismissals" by "officials" come from people who seriously don't know what they are talking about. There's no one at FAA who really understands it at such a level. No one. The bullshit about "certified" hardware not being subject to the exploits: lol, and what, if you buy it on eBay you suddenly magically get obsolete, non-certified stuff?
I'm pretty damn sure the more modern airliners where everything sits on a common bus (say TT-Ethernet) are even more vulnerable, since once you own any one device on the bus, you presumably can find vulnerabilities in other devices and own them as well. The old Honeywell FMS is a simpler device that doesn't give you as much potential for breaking other stuff. I'm pretty damn sure that on a Dreamliner, if you own the device that receives ACARS, you can soon own everything to the point where even pilots can't override you. All it takes is one stack overflow somewhere.
I doubt it. It's easier to attack the stream cipher than the private key. Armed with a receiver with a high-gain tracking antenna, you can pretty much recover the key stream since you know both the publicly documented P code, and what the low frequency bit stream the P code is applied to.
I doubt that C/A would ever need to be used as a fallback. If you can receive C/A, you are receiving P(Y). There'd be no advantage to falling back to C/A, since that expressly reduces the robustness of the location data and makes it prone to spoofing. I mean, come on, they're willing to go the optical correlator route just to avoid having to rely on HOW from C/A!
When you're spoofing GPS, you don't do any jamming, you just need to present your own signal of sufficient strength. That's about it. There's also the complication that many GPS receivers don't have automatic gain control - it'd be useless when you're receiving from multiple transmitters at variable distances from you.
Another silly one. If the done used the unencrypted C/A GPS signal, then that's a specification or implementation issue that applies to all civilian users. If the issue was indeed spoofing (unlikely), then the drone must have used the C/A signal, because that's the only one that's feasible to be spoofed. The P(Y) signal is encrypted and is processed by modern receivers with key management via public crypto. The P(Y) signal could be spoofed in theory, if you had a couple thousand dishes around the world to capture individual signals 24/7.
What you claim as facts is a bunch of made up rubbish, sorry. First of all, what do you mean by tokenisation of communication? If you mean that tokens = packets than that's insane, so let's hope you mean something lese. Why the heck do you even need to talk about tokenisation?
If you like a doofus imply that encryption makes things less reliable, then that's just borderline clinical insane. Protip for the clueless: it's precisely the encryption of GPS's P-code that makes it pretty much spoof-proof. These days there are P(Y)-code receivers that don't need the hand off word (HOW) from C/A code. To accomplish that feat, they use optical correlators that perform the Fourier transform needed for fast correlation of the very long P(Y) code with the incoming signal in order to detect where in the sequence the code is, without using HOW. There's no one spoofing that.
While spoofing is somewhat theoretically possible, it'd require a fairly gargantuan effort. You'd need a station with a bunch (dozen) of fairly large (IIRC ~10m diameter) dishes tracking the individual satellites. And you'd need stations all around the globe so that you would have continuous coverage of all the satellites - the number of stations would be in the dozens, too. You could then receive good signal from each satellite individually, signal good enough to just read the P(Y) code without doing the correlations. As I've said, that's pretty crazy, and no single nation could pull it off since you really need to install equipment all over the world, and it's not stuff that fits in a suitcase. Oh, and of course you'd need to collect all those signals, put them through signal processing to recode them with fake data, and then transmit that in real time to the location where you intend to spoof stuff. I'm pretty damn sure the military receivers don't like date rollbacks, so it's not like you could record stuff last year and transmit this year.
Alas, GPS signal's encryption utilizes a stream cipher and not public key cryptography. But they do use public key crypto for key management. If it's ever found out how to break the cipher to extract the key, they may simply re-key the receivers more often - presumably the key extraction won't be an overnight thing. Now of course PKC is not the hardest thing to implement, far from it, as it can be done even on tiny 8 bit microcontrollers. But even RSA is still state of the art public key crypto, so you can get pretty good results without making it complicated. No need for complications, really.
So, you're just full of it. Where on Earth did you learn all this crap, or are you on some purposeful disinformation campaign?
Slashdot Mirror
Stop with the bullshit, AC. You think there was no asking involved? Get a grip.
Only commercial users ever do that. Consumers throw stuff out constantly.
It's only an engineering problem in the sense that pipelines are no more logical concepts, they have physical representation and you can't skip it. Those are of course solvable problems, only that the current CPU architectures aren't amenable to such treatment. That's not the end of the world, though, even now MS is pushing for parallelizing compilation.
Also remember that whatever position fix you get automatically validates the location of satellites in space, especially once you've got more than the minimum number of satellites needed for a fix. Since the receivers would keep unspoofable ephemerides, you can't really make the satellites "appear" to be somewhere else. The most you could spoof things is within a rather narrow position window, +/-100m or so.
Due to the rather arbitrary phasing of the satellites, replay attacks are pretty much infeasible. Even if they were feasible, GPS receivers know what the time is - they have pretty decent timebases. Time rolling back is a big no-no. If you've got your timebase synced up to crypto-validated time source "up there", the time won't ever roll back. Even "tiny" rollbacks, just a few ms worth, are not only detectable, but can't happen with the real GPS system. If you detect it, it only will due to spoofing or serious problems with the infrastructure - that's when you have to turn off the receiver's position output, if it's not a hybrid receiver with an IMU.
Except that when you're seeing more than the minimum amount of satellites, there are simple feasibility checks that will trigger if you push the target too far off. In open space, like on sea, you can detect such spoofing if it's off by merely 50m or so. Remember that the ephemerides tell you where the satellites are supposed to be at any time. If you've got redundant signals, like you most often do, there are no solutions to changes in the signals that will still be self-consistent, IIRC. Some solutions, if they exist, put you at some spot very far from the original position, a spot you have no control over.
The GPS satellites are dumb relays with local timebases, roughly speaking. You don't need to modify anything on the satellites to transmit arbitrary NAV data. The changes are to the ground segment software only.
I think it's time for a revision to the L2C, L1C and L5 civilian GPS specifications. Right now all signals, if/when present (some are at demo stage only), transmit a default message with no navigational data. It seems to me that messages on those signals should use public cryptography techniques to verify the authenticity and integrity of navigational data. It is feasible to do so, since L2C, L5 and L1C all use a packetized format and to-spec receivers must ignore unknown packets. Thus a cryptographic signature packet can be added in a fully backwards-compatible fashion. Properly done, this prevents spoofing of the navigational data, including preventing replay attacks. It should be sufficient to pretty much end spoofing once and for all.
Well, not exactly "just that", you can decrease the eccentricity, but some of the work has to be done outside of the atmosphere, obviously.
What you're saying is that some elliptical trajectory with a periapsis of 0km can be circularized with a 30m/s burn. I'd like to see some calculations to back this claim up.
You didn't quite understand. What was said is that if there was no atmosphere, any uncorrected/ballistic orbit that you launch into will include the point on Earth's surface where you shot from. This is a one sided implication - it only means that if you launch from surface, it will punch you in the ass, so to speak. It doesn't mean that a random orbit will include a point on Earth - that's demonstrably not true. Do you have random satellites punching into the Earth just half orbital revolution after launch? No? Well, that's because they are on orbits that, after correction, don't go through the Earth. Any sort of a gun barrel that's on Earth's surface is part of the ballistic orbit, there's no way around it.
I don't know what stuff this can really launch, since even a plain old hammer wouldn't survive it. The handle would collapse.
Of course when the atmosphere is involved, and if you've got some controllable vanes, you can do just that, at the cost of wasting a lot of energy as heat. IIRC the trajectory is very sensitive to atmospheric disturbances, though, so it's not practical at all :(
I think that KSP has done more at explaining orbital mechanics to the masses than any public education campaign ever would.
Hurt "the US"? What the heck are you talking about? Given the scale the PCs are deployed at, nobody repairs them. Nobody. I mean we're talking less than 1 in 1000 PCs ever being repaired, even if it'd be a software repair only! Even PCs that have fully functional hardware are thrown away because they "become slow and crash often" - read: they are malware infested, nothing wrong with the hardware at all.
It's being deluded to think that the repairability of the PC affects anyone but the geeks and data center operators.
I think only distributed transputer-style processing will be able to tackle that efficiently. Big networks of small CPUs with local memories will be "it". Assuming 0.2mmx0.2mm size of one compute-memory element, we'd have 4,000 such elements fit on a Haswell die.
So, the transputer is going to get a comeback? :) But seriously, transputers are alive and well. I'd salivate ever so slightly given an XMOS slice running at 1THz.
Nope. The signal can travel as far as you wish, as evidenced by the DSN (deep space network) using the 8.5 and 32GHz bands at pretty significant distances within our Solar System. Voyager comms are in the 8.5GHz band IIRC.
The fact that the length of a clock pulse is physically small (on the order of 1mm) only makes it interesting from the engineering side of things, not impossible.
Well, let's see. The Solar System weighs on the order of 10^30 kg. That's 2^100 kg. There's 2^86 atoms in a kilogram of hydrogen. That's only 2^186 hydrogens in our solar system, if its whole mass was hydrogen. You seem to be right - iterating through 2^256 is quite unfeasible.
Assuming iteration speed of 2^32/second, given 2^24 seconds per year, and a billion PCs worldwide (2^30), we could "crunch" only a space of 2^86. Our current resources are about a factor of 2^170 too small :)
Thankfully there's a rather solid limit in how far that can go :)
BiCMOS is alive and well, thank you very much. It's just silly to use it for CPUs. Was it even used for any Intel chips at all? What for? It's pretty pointless unless you need bipolar-specific analog stuff on the same die.
Besides, if you really want to send an aircraft off track, you may just own it outright, no need to fuck GPS for everyone in the vicinity, you know. Various "dismissals" by "officials" come from people who seriously don't know what they are talking about. There's no one at FAA who really understands it at such a level. No one. The bullshit about "certified" hardware not being subject to the exploits: lol, and what, if you buy it on eBay you suddenly magically get obsolete, non-certified stuff?
I'm pretty damn sure the more modern airliners where everything sits on a common bus (say TT-Ethernet) are even more vulnerable, since once you own any one device on the bus, you presumably can find vulnerabilities in other devices and own them as well. The old Honeywell FMS is a simpler device that doesn't give you as much potential for breaking other stuff. I'm pretty damn sure that on a Dreamliner, if you own the device that receives ACARS, you can soon own everything to the point where even pilots can't override you. All it takes is one stack overflow somewhere.
I doubt it. It's easier to attack the stream cipher than the private key. Armed with a receiver with a high-gain tracking antenna, you can pretty much recover the key stream since you know both the publicly documented P code, and what the low frequency bit stream the P code is applied to.
I doubt that C/A would ever need to be used as a fallback. If you can receive C/A, you are receiving P(Y). There'd be no advantage to falling back to C/A, since that expressly reduces the robustness of the location data and makes it prone to spoofing. I mean, come on, they're willing to go the optical correlator route just to avoid having to rely on HOW from C/A!
When you're spoofing GPS, you don't do any jamming, you just need to present your own signal of sufficient strength. That's about it. There's also the complication that many GPS receivers don't have automatic gain control - it'd be useless when you're receiving from multiple transmitters at variable distances from you.
Another silly one. If the done used the unencrypted C/A GPS signal, then that's a specification or implementation issue that applies to all civilian users. If the issue was indeed spoofing (unlikely), then the drone must have used the C/A signal, because that's the only one that's feasible to be spoofed. The P(Y) signal is encrypted and is processed by modern receivers with key management via public crypto. The P(Y) signal could be spoofed in theory, if you had a couple thousand dishes around the world to capture individual signals 24/7.
What you claim as facts is a bunch of made up rubbish, sorry. First of all, what do you mean by tokenisation of communication? If you mean that tokens = packets than that's insane, so let's hope you mean something lese. Why the heck do you even need to talk about tokenisation?
If you like a doofus imply that encryption makes things less reliable, then that's just borderline clinical insane. Protip for the clueless: it's precisely the encryption of GPS's P-code that makes it pretty much spoof-proof. These days there are P(Y)-code receivers that don't need the hand off word (HOW) from C/A code. To accomplish that feat, they use optical correlators that perform the Fourier transform needed for fast correlation of the very long P(Y) code with the incoming signal in order to detect where in the sequence the code is, without using HOW. There's no one spoofing that.
While spoofing is somewhat theoretically possible, it'd require a fairly gargantuan effort. You'd need a station with a bunch (dozen) of fairly large (IIRC ~10m diameter) dishes tracking the individual satellites. And you'd need stations all around the globe so that you would have continuous coverage of all the satellites - the number of stations would be in the dozens, too. You could then receive good signal from each satellite individually, signal good enough to just read the P(Y) code without doing the correlations. As I've said, that's pretty crazy, and no single nation could pull it off since you really need to install equipment all over the world, and it's not stuff that fits in a suitcase. Oh, and of course you'd need to collect all those signals, put them through signal processing to recode them with fake data, and then transmit that in real time to the location where you intend to spoof stuff. I'm pretty damn sure the military receivers don't like date rollbacks, so it's not like you could record stuff last year and transmit this year.
Alas, GPS signal's encryption utilizes a stream cipher and not public key cryptography. But they do use public key crypto for key management. If it's ever found out how to break the cipher to extract the key, they may simply re-key the receivers more often - presumably the key extraction won't be an overnight thing. Now of course PKC is not the hardest thing to implement, far from it, as it can be done even on tiny 8 bit microcontrollers. But even RSA is still state of the art public key crypto, so you can get pretty good results without making it complicated. No need for complications, really.
So, you're just full of it. Where on Earth did you learn all this crap, or are you on some purposeful disinformation campaign?