Discussion:
OT: The Truth About Predator Drones
(too old to reply)
Le Chaud Lapin
2009-12-17 17:20:09 UTC
Permalink
Hi All,

This Christmas, I offer to the US Defense Advanced Research Projects
Agency a reflection of truth about the Predator program:

http://en.wikipedia.org/wiki/MQ-1_Predator

As some of you have undoubtedly already seen, the live video feed was
allegedly hacked using OTS

http://online.wsj.com/article/SB126102247889095011.html
Le Chaud Lapin
2009-12-17 17:34:58 UTC
Permalink
On Dec 17, 11:20 am, Le Chaud Lapin <***@gmail.com> wrote:
> Hi All,
>
> This Christmas, I offer to the US Defense Advanced Research Projects
> Agency a reflection of truth about the Predator program:
>
> http://en.wikipedia.org/wiki/MQ-1_Predator
>
> As some of you have undoubtedly already seen, the live video feed was
> allegedly hacked using OTS*

*off the shellf software

> http://online.wsj.com/article/SB126102247889095011.html

Futhermore, these drones seem to crash a lot:

http://cursor.org/stories/dronesyndrome.htm

Earlier this year, when I spoke to DARPA program managers and prime
contractors about secure, mobile, wirless links, it seemed that that
"their bread was not fully baked" in this area. I asked a technical
director of a $11US+ billion program if this was the case, and he was
reluctant to admit that, after $5US billion already spent, they still
had not figured out how to do secure mobile links in a way that
actually made sense. His response was something like,

"Yes, before, we had some issues around 2000-2001, but recently we
have provided demonstrations that show that we have control of the
situation."

DARPA, please, you are impressing us toooo much!!!!

-Le Chaud Lapin-
Jerry Avins
2009-12-17 21:07:13 UTC
Permalink
Le Chaud Lapin wrote:
> On Dec 17, 11:20 am, Le Chaud Lapin <***@gmail.com> wrote:
>> Hi All,
>>
>> This Christmas, I offer to the US Defense Advanced Research Projects
>> Agency a reflection of truth about the Predator program:
>>
>> http://en.wikipedia.org/wiki/MQ-1_Predator
>>
>> As some of you have undoubtedly already seen, the live video feed was
>> allegedly hacked using OTS*
>
> *off the shellf software
>
>> http://online.wsj.com/article/SB126102247889095011.html
>
> Futhermore, these drones seem to crash a lot:
>
> http://cursor.org/stories/dronesyndrome.htm
>
> Earlier this year, when I spoke to DARPA program managers and prime
> contractors about secure, mobile, wirless links, it seemed that that
> "their bread was not fully baked" in this area. I asked a technical
> director of a $11US+ billion program if this was the case, and he was
> reluctant to admit that, after $5US billion already spent, they still
> had not figured out how to do secure mobile links in a way that
> actually made sense. His response was something like,
>
> "Yes, before, we had some issues around 2000-2001, but recently we
> have provided demonstrations that show that we have control of the
> situation."
>
> DARPA, please, you are impressing us toooo much!!!!

The video down link is not encrypted. They say they're working on it.

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Le Chaud Lapin
2009-12-18 00:11:08 UTC
Permalink
On Dec 17, 3:07 pm, Jerry Avins <***@ieee.org> wrote:
> Le Chaud Lapin wrote:
> > Earlier this year, when I spoke to DARPA program managers and prime
> > contractors about secure, mobile, wirless links, it seemed that that
> > "their bread was not fully baked" in this area. I asked a technical
> > director of a $11US+ billion program if this was the case, and he was
> > reluctant to admit that, after $5US billion already spent, they still
> > had not figured out how to do secure mobile links in a way that
> > actually made sense. His response was something like,
>
> > "Yes, before, we had some issues around 2000-2001, but recently we
> > have provided demonstrations that show that we have control of the
> > situation."
>
> > DARPA, please, you are impressing us toooo much!!!!
>
> The video down link is not encrypted. They say they're working on it.

Well, if you give me $100US million dollars, I will open a (non-Swiss)
bank account, deposit $99.5US million into the account, and use the
remaining $500,000US to hire two cryptographers for six months to get
the encryption right.

The Predator was not exactly a high-school science project.

Surely we can all agree that there is something ironic about a top-
secrete weapon lacking security that a 20-year-old computer science
student at a top engineering school could probably get right (almost)
on the first run.

What they did (not do), given rancid amounts of money given to them by
the general public, is inexcusable.

-Le Chaud Lapin-
David Schwartz
2009-12-18 01:15:20 UTC
Permalink
On Dec 17, 4:11 pm, Le Chaud Lapin <***@gmail.com> wrote:

> Surely we can all agree that there is something ironic about a top-
> secrete weapon lacking security that a 20-year-old computer science
> student at a top engineering school could probably get right (almost)
> on the first run.

Passing encrypted video over a satellite network built for unencrypted
analog video is not a trivial challenge. As far as I know, there
exists no scheme to do this that has not been broken already. The
problem is that encryption works partly by diffusing information so
that no part of the output looks like any part of the input. The
satellite link is filled with errors and distortion that have to be
contained to retain adequate video quality.

DS
Mark
2009-12-18 01:44:12 UTC
Permalink
>
> Passing encrypted video over a satellite network built for unencrypted
> analog video is not a trivial challenge. As far as I know, there
> exists no scheme to do this that has not been broken already. The
> problem is that encryption works partly by diffusing information so
> that no part of the output looks like any part of the input. The
> satellite link is filled with errors and distortion that have to be
> contained to retain adequate video quality.
>
> DS

um,, is that why General Instrument was able to do it did it 15 years
ago for HBO?

Mark
krw
2009-12-18 02:05:07 UTC
Permalink
On Thu, 17 Dec 2009 17:44:12 -0800 (PST), Mark <***@yahoo.com>
wrote:

>
>>
>> Passing encrypted video over a satellite network built for unencrypted
>> analog video is not a trivial challenge. As far as I know, there
>> exists no scheme to do this that has not been broken already. The
>> problem is that encryption works partly by diffusing information so
>> that no part of the output looks like any part of the input. The
>> satellite link is filled with errors and distortion that have to be
>> contained to retain adequate video quality.
>>
>> DS
>
>um,, is that why General Instrument was able to do it did it 15 years
>ago for HBO?

It can obviously be done. It just requires different, perhaps less
efficient, error correction algorithms which may mean lower S/N
required.
Archimedes' Lever
2009-12-18 08:20:47 UTC
Permalink
On Thu, 17 Dec 2009 20:05:07 -0600, krw <***@att.bizzzzzzzzzzz> wrote:

>On Thu, 17 Dec 2009 17:44:12 -0800 (PST), Mark <***@yahoo.com>
>wrote:
>
>>
>>>
>>> Passing encrypted video over a satellite network built for unencrypted
>>> analog video is not a trivial challenge. As far as I know, there
>>> exists no scheme to do this that has not been broken already. The
>>> problem is that encryption works partly by diffusing information so
>>> that no part of the output looks like any part of the input. The
>>> satellite link is filled with errors and distortion that have to be
>>> contained to retain adequate video quality.
>>>
>>> DS
>>
>>um,, is that why General Instrument was able to do it did it 15 years
>>ago for HBO?
>
>It can obviously be done. It just requires different, perhaps less
>efficient, error correction algorithms which may mean lower S/N
>required.

Wrong. It just requires MORE FEC.
krw
2009-12-19 01:04:59 UTC
Permalink
On Fri, 18 Dec 2009 00:20:47 -0800, Archimedes' Lever
<***@InfiniteSeries.Org> wrote:

>On Thu, 17 Dec 2009 20:05:07 -0600, krw <***@att.bizzzzzzzzzzz> wrote:
>
>>On Thu, 17 Dec 2009 17:44:12 -0800 (PST), Mark <***@yahoo.com>
>>wrote:
>>
>>>
>>>>
>>>> Passing encrypted video over a satellite network built for unencrypted
>>>> analog video is not a trivial challenge. As far as I know, there
>>>> exists no scheme to do this that has not been broken already. The
>>>> problem is that encryption works partly by diffusing information so
>>>> that no part of the output looks like any part of the input. The
>>>> satellite link is filled with errors and distortion that have to be
>>>> contained to retain adequate video quality.
>>>>
>>>> DS
>>>
>>>um,, is that why General Instrument was able to do it did it 15 years
>>>ago for HBO?
>>
>>It can obviously be done. It just requires different, perhaps less
>>efficient, error correction algorithms which may mean lower S/N
>>required.
>
> Wrong. It just requires MORE FEC.

AlswasWrong is once again wrong. Surprise everyone!
Rick Jones
2009-12-18 02:08:44 UTC
Permalink
In comp.protocols.tcp-ip Mark <***@yahoo.com> wrote:
> > Passing encrypted video over a satellite network built for
> > unencrypted analog video is not a trivial challenge. As far as I
> > know, there exists no scheme to do this that has not been broken
> > already. The problem is that encryption works partly by diffusing
> > information so that no part of the output looks like any part of
> > the input. The satellite link is filled with errors and distortion
> > that have to be contained to retain adequate video quality.

> um,, is that why General Instrument was able to do it did it 15 years
> ago for HBO?

Is it "known" that the GI stuff (irony :) isn't cracked?

rick jones
--
No need to believe in either side, or any side. There is no cause.
There's only yourself. The belief is in your own precision. - Joubert
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
krw
2009-12-18 02:27:49 UTC
Permalink
On Fri, 18 Dec 2009 02:08:44 +0000 (UTC), Rick Jones
<***@hp.com> wrote:

>In comp.protocols.tcp-ip Mark <***@yahoo.com> wrote:
>> > Passing encrypted video over a satellite network built for
>> > unencrypted analog video is not a trivial challenge. As far as I
>> > know, there exists no scheme to do this that has not been broken
>> > already. The problem is that encryption works partly by diffusing
>> > information so that no part of the output looks like any part of
>> > the input. The satellite link is filled with errors and distortion
>> > that have to be contained to retain adequate video quality.
>
>> um,, is that why General Instrument was able to do it did it 15 years
>> ago for HBO?
>
>Is it "known" that the GI stuff (irony :) isn't cracked?

I don't believe anyone suggested using civilian encryption for
military applications, though it would have been better than nothing.
Andrew Swallow
2009-12-18 23:19:43 UTC
Permalink
krw wrote:
> On Fri, 18 Dec 2009 02:08:44 +0000 (UTC), Rick Jones
> <***@hp.com> wrote:
>
>> In comp.protocols.tcp-ip Mark <***@yahoo.com> wrote:
>>>> Passing encrypted video over a satellite network built for
>>>> unencrypted analog video is not a trivial challenge. As far as I
>>>> know, there exists no scheme to do this that has not been broken
>>>> already. The problem is that encryption works partly by diffusing
>>>> information so that no part of the output looks like any part of
>>>> the input. The satellite link is filled with errors and distortion
>>>> that have to be contained to retain adequate video quality.
>>> um,, is that why General Instrument was able to do it did it 15 years
>>> ago for HBO?
>> Is it "known" that the GI stuff (irony :) isn't cracked?
>
> I don't believe anyone suggested using civilian encryption for
> military applications, though it would have been better than nothing.

AES encryption would have probably beaten the Taliban and the Iranians.
Available in a single chip, or you can use software.

Andrew Swallow
krw
2009-12-19 01:06:22 UTC
Permalink
On Fri, 18 Dec 2009 23:19:43 +0000, Andrew Swallow
<***@btopenworld.com> wrote:

>krw wrote:
>> On Fri, 18 Dec 2009 02:08:44 +0000 (UTC), Rick Jones
>> <***@hp.com> wrote:
>>
>>> In comp.protocols.tcp-ip Mark <***@yahoo.com> wrote:
>>>>> Passing encrypted video over a satellite network built for
>>>>> unencrypted analog video is not a trivial challenge. As far as I
>>>>> know, there exists no scheme to do this that has not been broken
>>>>> already. The problem is that encryption works partly by diffusing
>>>>> information so that no part of the output looks like any part of
>>>>> the input. The satellite link is filled with errors and distortion
>>>>> that have to be contained to retain adequate video quality.
>>>> um,, is that why General Instrument was able to do it did it 15 years
>>>> ago for HBO?
>>> Is it "known" that the GI stuff (irony :) isn't cracked?
>>
>> I don't believe anyone suggested using civilian encryption for
>> military applications, though it would have been better than nothing.
>
>AES encryption would have probably beaten the Taliban and the Iranians.
>Available in a single chip, or you can use software.

Real encryption is pretty cheap. The only complication anymore is key
management. No matter what you do that's a problem, so might just as
well make the encryption good. Rag heads aren't the only potential
enemy.
Michael A. Terrell
2009-12-18 10:56:55 UTC
Permalink
Rick Jones wrote:
>
> In comp.protocols.tcp-ip Mark <***@yahoo.com> wrote:
> > > Passing encrypted video over a satellite network built for
> > > unencrypted analog video is not a trivial challenge. As far as I
> > > know, there exists no scheme to do this that has not been broken
> > > already. The problem is that encryption works partly by diffusing
> > > information so that no part of the output looks like any part of
> > > the input. The satellite link is filled with errors and distortion
> > > that have to be contained to retain adequate video quality.
>
> > um,, is that why General Instrument was able to do it did it 15 years
> > ago for HBO?
>
> Is it "known" that the GI stuff (irony :) isn't cracked?


You do know there were two levels of Videocipher? VC-1 was designed
for military applications. VC-II was a very scaled down version done for
HBO in the early '80s. I installed one of the first VC-II units for
beta testing for HBO at United Video in Cincinnati, Ohio. That would
make it 25 years.


--
Offworld checks no longer accepted!
HiggsField
2009-12-19 03:34:55 UTC
Permalink
On Fri, 18 Dec 2009 05:56:55 -0500, "Michael A. Terrell"
<***@earthlink.net> wrote:

>
>Rick Jones wrote:
>>
>> In comp.protocols.tcp-ip Mark <***@yahoo.com> wrote:
>> > > Passing encrypted video over a satellite network built for
>> > > unencrypted analog video is not a trivial challenge. As far as I
>> > > know, there exists no scheme to do this that has not been broken
>> > > already. The problem is that encryption works partly by diffusing
>> > > information so that no part of the output looks like any part of
>> > > the input. The satellite link is filled with errors and distortion
>> > > that have to be contained to retain adequate video quality.
>>
>> > um,, is that why General Instrument was able to do it did it 15 years
>> > ago for HBO?
>>
>> Is it "known" that the GI stuff (irony :) isn't cracked?
>
>
> You do know there were two levels of Videocipher? VC-1 was designed
>for military applications.

Total bullshit. It was designed for backhaul work. It was also used
by companies like General Motors, to feed training seminars, etc. to all
their dealerships. They were one of the first OTA educational systems of
that depth.

ALL the major networks ended up using it, and that is what made GI the
de facto standard, and is why they were UNsuccessfully sued as a
monopoly. Uplink encoding is used by any content provider, and they must
use GI gear because that is what all the birds use. So they ARE a
monopoly, by default, but it is not their fault all the networks went
with their gear.

> VC-II was a very scaled down version done for
>HBO in the early '80s.

VC-I was in use in 1983 and from then on.

It was retired on the last day of last year, 2008.

VC-II (1985)"was done for" satellite receivers, uplink encoders and
decoders, and backhaul work, not just for HBO. It was retired in 1993 as
piracy had to be nipped out of the system. That was VC-II RS and that is
where the false keys and rolling keys and such came from. Then came
DigiCipher and DigiCipher II.

> I installed one of the first VC-II units for
>beta testing for HBO at United Video in Cincinnati, Ohio. That would
>make it 25 years.

It appears that you understand basic math.

VC-II was hardware items for cable system operators, sure, but it was
ALSO hardware items for use in end user satellite set-top boxes, which
have nothing to do with cable.
glen herrmannsfeldt
2009-12-18 02:15:19 UTC
Permalink
In comp.dsp Mark <***@yahoo.com> wrote:
(someone wrote)

>> Passing encrypted video over a satellite network built for unencrypted
>> analog video is not a trivial challenge. As far as I know, there
>> exists no scheme to do this that has not been broken already.
(snip)

> um,, is that why General Instrument was able to do it did it 15
> years ago for HBO?

He said "that has not been broken already". As far as I know,
both the analog in digital encryptions have been broken.

It slows down most people, though, so it still works.

The usual analog encryption reverses the polarity of some scan
lines and/or frames. It isn't hard to figure out fairly reliably
a polarity reversal.

-- glen
Le Chaud Lapin
2009-12-18 02:55:33 UTC
Permalink
On Dec 17, 8:15 pm, glen herrmannsfeldt <***@ugcs.caltech.edu> wrote:
> In comp.dsp Mark <***@yahoo.com> wrote:
> (someone wrote)
>
> >> Passing encrypted video over a satellite network built for unencrypted
> >> analog video is not a trivial challenge. As far as I know, there
> >> exists no scheme to do this that has not been broken already.
>
> (snip)
>
> > um,, is that why General Instrument was able to do it did it 15
> > years ago for HBO?
>
> He said "that has not been broken already".  As far as I know,
> both the analog in digital encryptions have been broken.
>
> It slows down most people, though, so it still works.

When has 256-bit Rijndael been broken? Or 128-bit for that matter? Or
RC6? Or many other symmetric ciphers?

> The usual analog encryption reverses the polarity of some scan
> lines and/or frames.  It isn't hard to figure out fairly reliably
> a polarity reversal.

Take a look at the SkyGrabber site. It looks like the whole thing is
based on satellite Internet access, which of course, is entirely in
the digital domain:

http://www.skygrabber.com/en/skygrabber.php

-Le Chaud Lapin-
Jerry Avins
2009-12-18 03:00:49 UTC
Permalink
Le Chaud Lapin wrote:
> On Dec 17, 8:15 pm, glen herrmannsfeldt <***@ugcs.caltech.edu> wrote:
>> In comp.dsp Mark <***@yahoo.com> wrote:
>> (someone wrote)
>>
>>>> Passing encrypted video over a satellite network built for unencrypted
>>>> analog video is not a trivial challenge. As far as I know, there
>>>> exists no scheme to do this that has not been broken already.
>> (snip)
>>
>>> um,, is that why General Instrument was able to do it did it 15
>>> years ago for HBO?
>> He said "that has not been broken already". As far as I know,
>> both the analog in digital encryptions have been broken.
>>
>> It slows down most people, though, so it still works.
>
> When has 256-bit Rijndael been broken? Or 128-bit for that matter? Or
> RC6? Or many other symmetric ciphers?
>
>> The usual analog encryption reverses the polarity of some scan
>> lines and/or frames. It isn't hard to figure out fairly reliably
>> a polarity reversal.
>
> Take a look at the SkyGrabber site. It looks like the whole thing is
> based on satellite Internet access, which of course, is entirely in
> the digital domain:
>
> http://www.skygrabber.com/en/skygrabber.php

"Hacking" is the wrong term for that. Am I hackinf usenet with Thunderbird?

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Le Chaud Lapin
2009-12-18 03:24:18 UTC
Permalink
On Dec 17, 9:00 pm, Jerry Avins <***@ieee.org> wrote:
> Le Chaud Lapin wrote:
> > On Dec 17, 8:15 pm, glen herrmannsfeldt <***@ugcs.caltech.edu> wrote:
> > Take a look at the SkyGrabber site. It looks like the whole thing is
> > based on satellite Internet access, which of course, is entirely in
> > the digital domain:
>
> >http://www.skygrabber.com/en/skygrabber.php
>
> "Hacking" is the wrong term for that. Am I hackinf usenet with Thunderbird?

Well, sure, there is no hacking, which, from a public relations
perspective, is worse than if there had been.

If you were head of tech ops for Predator program, would news report
would you rather see:

1. USA Predator data link empowered with 256-bit-Rijndael/elliptic
curve crypto broken in Afghanistan by massive super-computer in hands
of terrorists who received $50 million in funding from sympathetic
neighboring country that is hostile to the US military. The break was
lead by eminent team of crytographers, as well as specialists in
massively parallel super-computing and experts in information theory.
Break was aided by failure of field personnel to follow strict
protocols in the handling of key data on the ground.

-OR-

2. We got sniffed by some kids with $26 to spare.

-Le Chaud lapin-
Jerry Avins
2009-12-18 03:36:01 UTC
Permalink
Le Chaud Lapin wrote:
> On Dec 17, 9:00 pm, Jerry Avins <***@ieee.org> wrote:
>> Le Chaud Lapin wrote:
>>> On Dec 17, 8:15 pm, glen herrmannsfeldt <***@ugcs.caltech.edu> wrote:
>>> Take a look at the SkyGrabber site. It looks like the whole thing is
>>> based on satellite Internet access, which of course, is entirely in
>>> the digital domain:
>>> http://www.skygrabber.com/en/skygrabber.php
>> "Hacking" is the wrong term for that. Am I hackinf usenet with Thunderbird?
>
> Well, sure, there is no hacking, which, from a public relations
> perspective, is worse than if there had been.
>
> If you were head of tech ops for Predator program, would news report
> would you rather see:
>
> 1. USA Predator data link empowered with 256-bit-Rijndael/elliptic
> curve crypto broken in Afghanistan by massive super-computer in hands
> of terrorists who received $50 million in funding from sympathetic
> neighboring country that is hostile to the US military. The break was
> lead by eminent team of crytographers, as well as specialists in
> massively parallel super-computing and experts in information theory.
> Break was aided by failure of field personnel to follow strict
> protocols in the handling of key data on the ground.
>
> -OR-
>
> 2. We got sniffed by some kids with $26 to spare.

You echo my point. But the press, probably echoing a Pentagon press
release, calls it hacking. It seems that some people here bought into that.

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Michael A. Terrell
2009-12-18 10:59:43 UTC
Permalink
Jerry Avins wrote:
>
> "Hacking" is the wrong term for that. Am I hackinf usenet with Thunderbird?


No, 'Coping' would be closer. :)


--
Offworld checks no longer accepted!
glen herrmannsfeldt
2009-12-18 06:20:40 UTC
Permalink
In comp.dsp Le Chaud Lapin <***@gmail.com> wrote:
(snip, I wrote)

>> It slows down most people, though, so it still works.

> When has 256-bit Rijndael been broken? Or 128-bit for that matter? Or
> RC6? Or many other symmetric ciphers?

>> The usual analog encryption reverses the polarity of some scan
>> lines and/or frames. ?It isn't hard to figure out fairly reliably
>> a polarity reversal.

> Take a look at the SkyGrabber site. It looks like the whole thing is
> based on satellite Internet access, which of course, is entirely in
> the digital domain:

The original question was on analog video, which is somewhat
harder to encrypt without affecting the picture.

> http://www.skygrabber.com/en/skygrabber.php

It may not be 'broken', but if you can steal a key and duplicate it,
that is just as good. I haven't followed it lately, but I believe
that is how it is done. That is, forged key cards.

-- glen
Archimedes' Lever
2009-12-19 03:11:27 UTC
Permalink
On Fri, 18 Dec 2009 06:20:40 +0000 (UTC), glen herrmannsfeldt
<***@ugcs.caltech.edu> wrote:

>
>The original question was on analog video, which is somewhat
>harder to encrypt without affecting the picture.

Bullshit.
Archimedes' Lever
2009-12-19 02:22:06 UTC
Permalink
On Thu, 17 Dec 2009 18:55:33 -0800 (PST), Le Chaud Lapin
<***@gmail.com> wrote:

>On Dec 17, 8:15 pm, glen herrmannsfeldt <***@ugcs.caltech.edu> wrote:
>> In comp.dsp Mark <***@yahoo.com> wrote:
>> (someone wrote)
>>
>> >> Passing encrypted video over a satellite network built for unencrypted
>> >> analog video is not a trivial challenge. As far as I know, there
>> >> exists no scheme to do this that has not been broken already.
>>
>> (snip)
>>
>> > um,, is that why General Instrument was able to do it did it 15
>> > years ago for HBO?
>>
>> He said "that has not been broken already".  As far as I know,
>> both the analog in digital encryptions have been broken.
>>
>> It slows down most people, though, so it still works.
>
>When has 256-bit Rijndael been broken? Or 128-bit for that matter? Or
>RC6? Or many other symmetric ciphers?
>
>> The usual analog encryption reverses the polarity of some scan
>> lines and/or frames.  It isn't hard to figure out fairly reliably
>> a polarity reversal.
>
>Take a look at the SkyGrabber site. It looks like the whole thing is
>based on satellite Internet access, which of course, is entirely in
>the digital domain:
>
>http://www.skygrabber.com/en/skygrabber.php
>
>-Le Chaud Lapin-


The original "VideoCipher" was never broken.

There WERE decoding chips being sold by the fab house that made them,
out the back door at night, while they made legit chips during the day,
but that early MPEG2 encrypted stream has still yet to have been broken.

That goes double, triple, and quadruple for the subsequent
"Videocipher2" and the now in use "Digicipher I" and "Digicipher II"

None of you "any encryption method can be broken" IDIOTS have EVER even
come close. Look at the streams, and the "false keys" will throw you
every time, and that is just ONE of the mechanisms in place.

So your "any cipher can be broken" mindset is flawed and there is
proof.

There are at least ten current cipher modes out there that you dopes
will never even come close to EVER breaking.
Michael A. Terrell
2009-12-18 10:58:13 UTC
Permalink
glen herrmannsfeldt wrote:
>
> In comp.dsp Mark <***@yahoo.com> wrote:
> (someone wrote)
>
> >> Passing encrypted video over a satellite network built for unencrypted
> >> analog video is not a trivial challenge. As far as I know, there
> >> exists no scheme to do this that has not been broken already.
> (snip)
>
> > um,, is that why General Instrument was able to do it did it 15
> > years ago for HBO?
>
> He said "that has not been broken already". As far as I know,
> both the analog in digital encryptions have been broken.
>
> It slows down most people, though, so it still works.
>
> The usual analog encryption reverses the polarity of some scan
> lines and/or frames. It isn't hard to figure out fairly reliably
> a polarity reversal.
>
> -- glen

Videocipher-I was digital video & audio. Videocipher-II was analog.


--
Offworld checks no longer accepted!
glen herrmannsfeldt
2009-12-18 11:02:41 UTC
Permalink
In comp.dsp Michael A. Terrell <***@earthlink.net> wrote:
(snip)

> Videocipher-I was digital video & audio. Videocipher-II was analog.

And then there was the system that adds a sine wave to the
video signal such that the sync is not the lowest level anymore,
and wonders around enough that you won't try watch it.

-- glen
Michael A. Terrell
2009-12-18 15:50:36 UTC
Permalink
glen herrmannsfeldt wrote:
>
> In comp.dsp Michael A. Terrell <***@earthlink.net> wrote:
> (snip)
>
> > Videocipher-I was digital video & audio. Videocipher-II was analog.
>
> And then there was the system that adds a sine wave to the
> video signal such that the sync is not the lowest level anymore,
> and wonders around enough that you won't try watch it.



That was 'On TV' or the 'Hamlin' scrambling system on Cable TV. That
was '70s technology.


--
Offworld checks no longer accepted!
Archimedes' Lever
2009-12-19 03:37:35 UTC
Permalink
On Fri, 18 Dec 2009 11:02:41 +0000 (UTC), glen herrmannsfeldt
<***@ugcs.caltech.edu> wrote:

>In comp.dsp Michael A. Terrell <***@earthlink.net> wrote:
>(snip)
>
>> Videocipher-I was digital video & audio. Videocipher-II was analog.
>
>And then there was the system that adds a sine wave to the
>video signal such that the sync is not the lowest level anymore,
>and wonders around enough that you won't try watch it.
>
>-- glen


That was not encryption.

That was called "In-band gated sync scrambling".
Archimedes' Lever
2009-12-19 03:35:38 UTC
Permalink
On Fri, 18 Dec 2009 05:58:13 -0500, "Michael A. Terrell"
<***@earthlink.net> wrote:

>
>glen herrmannsfeldt wrote:
>>
>> In comp.dsp Mark <***@yahoo.com> wrote:
>> (someone wrote)
>>
>> >> Passing encrypted video over a satellite network built for unencrypted
>> >> analog video is not a trivial challenge. As far as I know, there
>> >> exists no scheme to do this that has not been broken already.
>> (snip)
>>
>> > um,, is that why General Instrument was able to do it did it 15
>> > years ago for HBO?
>>
>> He said "that has not been broken already". As far as I know,
>> both the analog in digital encryptions have been broken.
>>
>> It slows down most people, though, so it still works.
>>
>> The usual analog encryption reverses the polarity of some scan
>> lines and/or frames. It isn't hard to figure out fairly reliably
>> a polarity reversal.
>>
>> -- glen
>
> Videocipher-I was digital video & audio. Videocipher-II was analog.


You're an idiot.
PeterD
2009-12-18 14:36:52 UTC
Permalink
On Thu, 17 Dec 2009 17:44:12 -0800 (PST), Mark <***@yahoo.com>
wrote:

>
>>
>> Passing encrypted video over a satellite network built for unencrypted
>> analog video is not a trivial challenge. As far as I know, there
>> exists no scheme to do this that has not been broken already. The
>> problem is that encryption works partly by diffusing information so
>> that no part of the output looks like any part of the input. The
>> satellite link is filled with errors and distortion that have to be
>> contained to retain adequate video quality.
>>
>> DS
>
>um,, is that why General Instrument was able to do it did it 15 years
>ago for HBO?
>
>Mark
>

They didn't do the video, just the audio. Video was a very simple
inversion technique, that was trivial to break. The audio was DES (so
they said) encrypted, but there were several holes in the system that
rendered it a bit less secure.
Mark
2009-12-18 18:16:50 UTC
Permalink
>
>
> >> Passing encrypted video over a satellite network built for unencrypted
> >> analog video is not a trivial challenge. As far as I know, there
> >> exists no scheme to do this that has not been broken already. The
> >> problem is that encryption works partly by diffusing information so
> >> that no part of the output looks like any part of the input. The
> >> satellite link is filled with errors and distortion that have to be
> >> contained to retain adequate video quality.
>
> >> DS
>
> >um,, is that why General Instrument was able to do it did it 15 years
> >ago for HBO?
>
> >Mark
>
> They didn't do the video, just the audio. Video was a very simple
> inversion technique, that was trivial to break. The audio was DES (so
> they said) encrypted, but there were several holes in the system that
> rendered it a bit less secure.- Hide quoted text -
>
> - Show quoted text -

That was Videocypher, I'm talking about DigiCypher, which was
transmitted over "analog" satellite transponders...

Mark
Le Chaud Lapin
2009-12-18 02:33:53 UTC
Permalink
On Dec 17, 7:15 pm, David Schwartz <***@webmaster.com> wrote:
> Passing encrypted video over a satellite network built for unencrypted
> analog video is not a trivial challenge. As far as I know, there
> exists no scheme to do this that has not been broken already. The
> problem is that encryption works partly by diffusing information so
> that no part of the output looks like any part of the input. The
> satellite link is filled with errors and distortion that have to be
> contained to retain adequate video quality.

????

Data encryption of the kind that they need for someone who is
experienced in cryptography is near-trivial. The biggest problem,
which is not a problem in this particular case, is key distribution.

Maybe I misunderstand, but the system, based on this link:

http://www.skygrabber.com/en/skygrabber.php

...looks like it is entirely in the digital domain.

If that is true, encryption, under the scenarios required by US DoD,
would take maybe 3 weeks using Rijndael or other symmetric cipher for
a rough run, and maybe a month more by a crypto expert to remove the
fatal flaws.

The more I think about this, the more I find it hard to believe that
the people who designed the communications of the Predator could be
so...ahem....

A more plausible, conspiracy-theorist, explanation might be this:

The US Military realizes that al-Quaeda/Taliban are becoming more and
more sophisticated in their employment of technology such as laptop
computers, desktoop computers, networks, smartphones with Internet
connections, etc. Ideally, one could inject a nerd-mole into these
groups to infiltrate their computer systems, but that would be
expensive, hit-or-miss, and if he is caught, he would be surely
executed.

A much easier alternative would be to fake a breach of your own
security system, then publicize widely exactly how it was breached:
via software that is readily avaialble on Internet. Make the software
ridiculously cheap, since most terrorists do not have Bin Laden's
billions. Then wait for the fish.

Every terrorist and wannabe-terrorist who wants to be able to break
into US military satellite com's will visit the web site, whereupon IP
addresses and times of visit will be collected into a database,
creating a nice map (using Google Earth of course) of distribution of
terrorists. Furthermore, by clandestine agrement with author of
software, a root-kit will be built into the software. When terrorists'
computers become infected by the download, the military will be able
to receive highly valuable information from infected computers. If
military is fortunate, these computers will occasionally become
networked, in which case, the virus could propagate.

Yes, it's a long shot, but give me a break...a $10 million drone,
under a multi-billion-dollar program, designed by Ph.D's in electrical
engineering, computer science, and aero/astro, and they forget
something as simple as a little symmetric crypto? NSA, which has last
say in all crypto/data security matters, would have/should have never
allowed this.

Smells fishy.

-Le Chaud Lapin-
David Schwartz
2009-12-18 02:54:53 UTC
Permalink
On Dec 17, 6:33 pm, Le Chaud Lapin <***@gmail.com> wrote:

> > Passing encrypted video over a satellite network built for unencrypted
> > analog video is not a trivial challenge. As far as I know, there
> > exists no scheme to do this that has not been broken already. The
> > problem is that encryption works partly by diffusing information so
> > that no part of the output looks like any part of the input. The
> > satellite link is filled with errors and distortion that have to be
> > contained to retain adequate video quality.

> Maybe I misunderstand, but the system, based on this link:
>
> http://www.skygrabber.com/en/skygrabber.php
>
> ...looks like it is entirely in the digital domain.

They're grabbing it later in the system, but if you want it encrypted
later in the system, you have to encrypt it earlier in the system.

> If that is true, encryption, under the scenarios required by US DoD,
> would take maybe 3 weeks using Rijndael or other symmetric cipher for
> a rough run, and maybe a month more by a crypto expert to remove the
> fatal flaws.

There is no place in the system to put such a cipher. The only
practical way to do is to encrypt the analog uplink. The satellite-
based system from the uplink from the Predator to the downlink to the
operator is simply not encryption-capable. Essentially, the problem is
basically that they chose a completely unsuitable system to handle the
image downlink to the operator.

DS
krw
2009-12-18 03:00:37 UTC
Permalink
On Thu, 17 Dec 2009 18:54:53 -0800 (PST), David Schwartz
<***@webmaster.com> wrote:

>On Dec 17, 6:33 pm, Le Chaud Lapin <***@gmail.com> wrote:
>
>> > Passing encrypted video over a satellite network built for unencrypted
>> > analog video is not a trivial challenge. As far as I know, there
>> > exists no scheme to do this that has not been broken already. The
>> > problem is that encryption works partly by diffusing information so
>> > that no part of the output looks like any part of the input. The
>> > satellite link is filled with errors and distortion that have to be
>> > contained to retain adequate video quality.
>
>> Maybe I misunderstand, but the system, based on this link:
>>
>> http://www.skygrabber.com/en/skygrabber.php
>>
>> ...looks like it is entirely in the digital domain.
>
>They're grabbing it later in the system, but if you want it encrypted
>later in the system, you have to encrypt it earlier in the system.

Why? A bit is a bit.

>> If that is true, encryption, under the scenarios required by US DoD,
>> would take maybe 3 weeks using Rijndael or other symmetric cipher for
>> a rough run, and maybe a month more by a crypto expert to remove the
>> fatal flaws.
>
>There is no place in the system to put such a cipher. The only
>practical way to do is to encrypt the analog uplink. The satellite-
>based system from the uplink from the Predator to the downlink to the
>operator is simply not encryption-capable. Essentially, the problem is
>basically that they chose a completely unsuitable system to handle the
>image downlink to the operator.

I'm not buying what you're selling.
Le Chaud Lapin
2009-12-18 03:13:05 UTC
Permalink
On Dec 17, 8:54 pm, David Schwartz <***@webmaster.com> wrote:
> On Dec 17, 6:33 pm, Le Chaud Lapin <***@gmail.com> wrote:
>
> > > Passing encrypted video over a satellite network built for unencrypted
> > > analog video is not a trivial challenge. As far as I know, there
> > > exists no scheme to do this that has not been broken already. The
> > > problem is that encryption works partly by diffusing information so
> > > that no part of the output looks like any part of the input. The
> > > satellite link is filled with errors and distortion that have to be
> > > contained to retain adequate video quality.
> > Maybe I misunderstand, but the system, based on this link:
>
> >http://www.skygrabber.com/en/skygrabber.php
>
> > ...looks like it is entirely in the digital domain.
>
> They're grabbing it later in the system, but if you want it encrypted
> later in the system, you have to encrypt it earlier in the system.
>
> > If that is true, encryption, under the scenarios required by US DoD,
> > would take maybe 3 weeks using Rijndael or other symmetric cipher for
> > a rough run, and maybe a month more by a crypto expert to remove the
> > fatal flaws.
>
> There is no place in the system to put such a cipher. The only
> practical way to do is to encrypt the analog uplink. The satellite-
> based system from the uplink from the Predator to the downlink to the
> operator is simply not encryption-capable. Essentially, the problem is
> basically that they chose a completely unsuitable system to handle the
> image downlink to the operator.

Sorry David, this does not make sense at all.

Based on my < 5 minutes review of

http://www.skygrabber.com/en/skygrabber.php

...it's nothing more than a satellite Internet sniffer. If that is
true, everything is possible.

From one perspective, the so-called "link" does not exist. Saying it
does is like saying that a spread-spectrum receiver is "analog". Yes,
it is, and no it ain't, depending on what you are talking.

1. Encrypt the data in the Predator before it leaves the Predator.
2. Send the encrypted digital data from Predator to satellite.
3. Receive encrypted digital data from satellite to ground-based
satellite receiver.
4. Decrypt the data after it enters PC, or whatever over-priced thingy
they have waiting for the encrypted data.

????

What I am I missing?

-Le Chaud Lapin-
David Schwartz
2009-12-18 06:09:31 UTC
Permalink
On Dec 17, 7:13 pm, Le Chaud Lapin <***@gmail.com> wrote:

> > There is no place in the system to put such a cipher. The only
> > practical way to do is to encrypt the analog uplink. The satellite-
> > based system from the uplink from the Predator to the downlink to the
> > operator is simply not encryption-capable. Essentially, the problem is
> > basically that they chose a completely unsuitable system to handle the
> > image downlink to the operator.

> Sorry David, this does not make sense at all.

I'm not sure how I can explain it any clearer.

> Based on my < 5 minutes review of
>
> http://www.skygrabber.com/en/skygrabber.php
>
> ...it's nothing more than a satellite Internet sniffer. If that is
> true, everything is possible.
>
> From one perspective, the so-called "link" does not exist. Saying it
> does is like saying that a spread-spectrum receiver is "analog". Yes,
> it is, and no it ain't, depending on what you are talking.

Huh?

> 1. Encrypt the data in the Predator before it leaves the Predator.
> 2. Send the encrypted digital data from Predator to satellite.

Cannot be done. The satellite that the predator talks to only supports
analog video.

> 3. Receive encrypted digital data from satellite to ground-based
> satellite receiver.
> 4. Decrypt the data after it enters PC, or whatever over-priced thingy
> they have waiting for the encrypted data.
>
> ????
>
> What I am I missing?

You're missing that the link from the satellite to the ground station
is a completely different link from the link from the Predator. The
system was changed around from the one originally designed because it
turned out that the latency introduced by multiple geosynchronous
satellite links was too high for reliable operation.

DS
Le Chaud Lapin
2009-12-18 06:54:33 UTC
Permalink
On Dec 18, 12:09 am, David Schwartz <***@webmaster.com> wrote:
> On Dec 17, 7:13 pm, Le Chaud Lapin <***@gmail.com> wrote:
> Cannot be done. The satellite that the predator talks to only supports
> analog video.
>
> > 3. Receive encrypted digital data from satellite to ground-based
> > satellite receiver.
> > 4. Decrypt the data after it enters PC, or whatever over-priced thingy
> > they have waiting for the encrypted data.
>
> > ????
>
> > What I am I missing?
>
> You're missing that the link from the satellite to the ground station
> is a completely different link from the link from the Predator. The
> system was changed around from the one originally designed because it
> turned out that the latency introduced by multiple geosynchronous
> satellite links was too high for reliable operation.

Ok, I just did a more thorough investigation based on the original
article in the Wall Street Journal:

http://online.wsj.com/article/SB126102247889095011.html

as well as how the SkyGrabber software works:

http://www.skygrabber.com/en/skygrabber.php

And I am all but convinced that the problem has nothing to do with
analog links anywhere.

[By the way, I started my career developing wireless narrow-band
transceivers, and I can tell you that there is no way that they are
controlling those drones with analog links, either via the satellite
from remote, or via a ground unit that is closer to the drone. The
drones would have all crashed by now.]

Apparently, the link from Satellite to Predator is digital and follows
a standard format for such links, which the SkyGrabber software is
familiar with:

http://en.wikipedia.org/wiki/Satellite_Internet_access

The Wikipedia article does not say what modulation scheme is used, but
QPSK seems to be popular:

http://www.satsig.net/ivsatcos.htm

In any case, the link from drone to satellite is digital, and link
from satellite to ground station is almost certainly digital, as it
would make no sense at all to decode a digital bit stream arriving
from the drone into the satellite, decode that bitstream, convert it
to analog, then send it back to earth in some analog format, which
would be hopelessly inefficient in so many ways.

Also, the military itself implys in the WSJ article that they have
know about this for a while and simply goofed.

-Le Chaud Lapin-
Michael A. Terrell
2009-12-18 11:04:46 UTC
Permalink
Le Chaud Lapin wrote:
>
> On Dec 18, 12:09 am, David Schwartz <***@webmaster.com> wrote:
> > On Dec 17, 7:13 pm, Le Chaud Lapin <***@gmail.com> wrote:
> > Cannot be done. The satellite that the predator talks to only supports
> > analog video.
> >
> > > 3. Receive encrypted digital data from satellite to ground-based
> > > satellite receiver.
> > > 4. Decrypt the data after it enters PC, or whatever over-priced thingy
> > > they have waiting for the encrypted data.
> >
> > > ????
> >
> > > What I am I missing?
> >
> > You're missing that the link from the satellite to the ground station
> > is a completely different link from the link from the Predator. The
> > system was changed around from the one originally designed because it
> > turned out that the latency introduced by multiple geosynchronous
> > satellite links was too high for reliable operation.
>
> Ok, I just did a more thorough investigation based on the original
> article in the Wall Street Journal:
>
> http://online.wsj.com/article/SB126102247889095011.html
>
> as well as how the SkyGrabber software works:
>
> http://www.skygrabber.com/en/skygrabber.php
>
> And I am all but convinced that the problem has nothing to do with
> analog links anywhere.
>
> [By the way, I started my career developing wireless narrow-band
> transceivers, and I can tell you that there is no way that they are
> controlling those drones with analog links, either via the satellite
> from remote, or via a ground unit that is closer to the drone. The
> drones would have all crashed by now.]
>
> Apparently, the link from Satellite to Predator is digital and follows
> a standard format for such links, which the SkyGrabber software is
> familiar with:
>
> http://en.wikipedia.org/wiki/Satellite_Internet_access
>
> The Wikipedia article does not say what modulation scheme is used, but
> QPSK seems to be popular:
>
> http://www.satsig.net/ivsatcos.htm
>
> In any case, the link from drone to satellite is digital, and link
> from satellite to ground station is almost certainly digital, as it
> would make no sense at all to decode a digital bit stream arriving
> from the drone into the satellite, decode that bitstream, convert it
> to analog, then send it back to earth in some analog format, which
> would be hopelessly inefficient in so many ways.
>
> Also, the military itself implys in the WSJ article that they have
> know about this for a while and simply goofed.


20 MHz analog bandwidth and 40 MB/s data rates have been available
for about 10 years for telemetry receivers with excellent Doppler
compensation.


--
Offworld checks no longer accepted!
David Schwartz
2009-12-18 16:46:31 UTC
Permalink
On Dec 17, 10:54 pm, Le Chaud Lapin <***@gmail.com> wrote:

> Apparently, the link from Satellite to Predator is digital and follows
> a standard format for such links, which the SkyGrabber software is
> familiar with:

Where did you find something that says that the video link to the
Predator is the one that's being grabbed?

> In any case, the link from drone to satellite is digital, and link
> from satellite to ground station is almost certainly digital, as it
> would make no sense at all to decode a digital bit stream arriving
> from the drone into the satellite, decode that bitstream, convert it
> to analog, then send it back to earth in some analog format, which
> would be hopelessly inefficient in so many ways.

It is my understanding that it was the link to the ground station that
was digital and being intercepted, not the link from the Predator. If
you can point to some reliable source that says otherwise, let me
know. I'll be mightily surprised.

DS
Le Chaud Lapin
2009-12-18 18:00:42 UTC
Permalink
On Dec 18, 10:46 am, David Schwartz <***@webmaster.com> wrote:
> On Dec 17, 10:54 pm, Le Chaud Lapin <***@gmail.com> wrote:
>
> > Apparently, the link from Satellite to Predator is digital and follows
> > a standard format for such links, which the SkyGrabber software is
> > familiar with:
>
> Where did you find something that says that the video link to the
> Predator is the one that's being grabbed?

Haven't found anything. All the articles on the subject are too vague.
They are merely regurgitations of what the WSJ wrote, without any
reliable specifics.

> > In any case, the link from drone to satellite is digital, and link
> > from satellite to ground station is almost certainly digital, as it
> > would make no sense at all to decode a digital bit stream arriving
> > from the drone into the satellite, decode that bitstream, convert it
> > to analog, then send it back to earth in some analog format, which
> > would be hopelessly inefficient in so many ways.
>
> It is my understanding that it was the link to the ground station that
> was digital and being intercepted, not the link from the Predator. If
> you can point to some reliable source that says otherwise, let me
> know. I'll be mightily surprised.

I took a quick look, and did not find any specifics, but once the
information is digital, it is a done deal, as the only excuses
remaining would be:

1. Not enough power for cipher operations.
2. Overhead of padding consumes too much bandwidth for data link.

We know it is not #1, because a $100 PDA can easily do 128-bit
symmetric cipher at reasonable rate for Wi-Fi link without killing the
battery, which I tried several years ago.

We know that it is definitely not #2, because one video frame, at even
low-res black-and white (not even grayscal) would swamp the 16-byte
padding required for typical 128-bit symmetric block ciphers.

I think DARPA simply got lazy and punted on this one.

-Le Chaud Lapin-
Rick Jones
2009-12-18 20:25:54 UTC
Permalink
In comp.protocols.tcp-ip Le Chaud Lapin <***@gmail.com> wrote:
> I took a quick look, and did not find any specifics, but once the
> information is digital, it is a done deal, as the only excuses
> remaining would be:

> 1. Not enough power for cipher operations.
> 2. Overhead of padding consumes too much bandwidth for data link.

> We know it is not #1, because a $100 PDA can easily do 128-bit
> symmetric cipher at reasonable rate for Wi-Fi link without killing the
> battery, which I tried several years ago.

> We know that it is definitely not #2, because one video frame, at even
> low-res black-and white (not even grayscal) would swamp the 16-byte
> padding required for typical 128-bit symmetric block ciphers.

I don't seek to excuse the US. DoD and/or their contractors but...

It is my understanding that as wizzy as "things military" are, they
tend to be built from components that rather lag in performance
compared to what is available to civilians. That is, "mil spec"
processors and what not are not at the forefront of the performance
curve.

http://en.wikipedia.org/wiki/Predator_drone

suggests the first ones at least entered service in 1995, which means
they were probably prototypes a couple years earlier, which suggests
they were designed with stuff from the late '80s.

Could a late 1980's PDA do 128-bit symmetric cipher at a reasonable
rate?

Now, there is still the question of "Well, why not upgrade the
things?!? This is the 21st century!" Indeed a very good question,
probably one that is deeply ensconced in what one might consider
analogs to layers 8 and 9 of the 9 layer model:

https://www.isc.org/files/9layer.thumb.png

(which should slightly bring it back OT for comp.protocols.tcp-ip :)

The main point though is that by and large, at least to my
understanding, military technology tends to lag, which means making
comparisons to contemporary civilian tech somewhat complicated.

rick jones
--
denial, anger, bargaining, depression, acceptance, rebirth...
where do you want to be today?
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
David Schwartz
2009-12-19 01:28:04 UTC
Permalink
On Dec 18, 12:25 pm, Rick Jones <***@hp.com> wrote:

> It is my understanding that as wizzy as "things military" are, they
> tend to be built from components that rather lag in performance
> compared to what is available to civilians.  That is, "mil spec"
> processors and what not are not at the forefront of the performance
> curve.

Not just that, but equipment that operates in space has to be space-
qualified. Last I checked, the fastest space-qualified CPUs were
comparable to 66MHz Pentiums. And power and heat budgets on a
satellite are tight.

> http://en.wikipedia.org/wiki/Predator_drone
>
> suggests the first ones at least entered service in 1995, which means
> they were probably prototypes a couple years earlier, which suggests
> they were designed with stuff from the late '80s.

The issue is that the design was changed. At first, it was assumed
that latency was not super-critical. The idea was that you would use a
direct link during takeoff and landing and for normal flight, a few
seconds of latency is tolerable. it was later discovered both that the
latency wasn't that tolerable and that you might not want to put your
operators where the Predator takes off and lands. This required a
"quick change" to the system with no ability to modify the satellites
already deployed.

DS
David Schwartz
2009-12-19 01:25:22 UTC
Permalink
On Dec 18, 10:00 am, Le Chaud Lapin <***@gmail.com> wrote:

> I took a quick look, and did not find any specifics, but once the
> information is digital, it is a done deal, as the only excuses
> remaining would be:

> 1. Not enough power for cipher operations.
> 2. Overhead of padding consumes too much bandwidth for data link.
3. No place to put the encryption devce.

The uplink from the Predator is analog. The downlink from the
satellite is digital. There is no accessible point between the two to
put the encryption device.

DS
Le Chaud Lapin
2009-12-19 01:39:31 UTC
Permalink
On Dec 18, 7:25 pm, David Schwartz <***@webmaster.com> wrote:
> On Dec 18, 10:00 am, Le Chaud Lapin <***@gmail.com> wrote:
>
> > I took a quick look, and did not find any specifics, but once the
> > information is digital, it is a done deal, as the only excuses
> > remaining would be:
> > 1. Not enough power for cipher operations.
> > 2. Overhead of padding consumes too much bandwidth for data link.
>
> 3. No place to put the encryption devce.
>
> The uplink from the Predator is analog. The downlink from the
> satellite is digital. There is no accessible point between the two to
> put the encryption device.

Where on the Internet/etc. does it say that?

Also, CNN is quoting a military official implying that encryption was
possible, but would have slowed the link:

http://www.cnn.com/2009/US/12/17/drone.video.hacked/index.html

"The official said that many of the UAV feeds need to be sent out live
to numerous people at one time, and encryption was found to slow the
real-time link. The encryption therefore was removed from many feeds."

This statement he makes, btw, is bogus. Symmetric ciphers, even in
1990, are so fast, they are hardly the bottleneck in system. Signing
the packets, OTOH, would have been problematic.

-Le Chaud Lapin-
Eric Jacobsen
2009-12-18 18:35:55 UTC
Permalink
On 12/17/2009 11:54 PM, Le Chaud Lapin wrote:
> On Dec 18, 12:09 am, David Schwartz<***@webmaster.com> wrote:
>> On Dec 17, 7:13 pm, Le Chaud Lapin<***@gmail.com> wrote:
>> Cannot be done. The satellite that the predator talks to only supports
>> analog video.
>>
>>> 3. Receive encrypted digital data from satellite to ground-based
>>> satellite receiver.
>>> 4. Decrypt the data after it enters PC, or whatever over-priced thingy
>>> they have waiting for the encrypted data.
>>> ????
>>> What I am I missing?
>> You're missing that the link from the satellite to the ground station
>> is a completely different link from the link from the Predator. The
>> system was changed around from the one originally designed because it
>> turned out that the latency introduced by multiple geosynchronous
>> satellite links was too high for reliable operation.
>
> Ok, I just did a more thorough investigation based on the original
> article in the Wall Street Journal:
>
> http://online.wsj.com/article/SB126102247889095011.html
>
> as well as how the SkyGrabber software works:
>
> http://www.skygrabber.com/en/skygrabber.php
>
> And I am all but convinced that the problem has nothing to do with
> analog links anywhere.
>
> [By the way, I started my career developing wireless narrow-band
> transceivers, and I can tell you that there is no way that they are
> controlling those drones with analog links, either via the satellite
> from remote, or via a ground unit that is closer to the drone. The
> drones would have all crashed by now.]
>
> Apparently, the link from Satellite to Predator is digital and follows
> a standard format for such links, which the SkyGrabber software is
> familiar with:
>
> http://en.wikipedia.org/wiki/Satellite_Internet_access
>
> The Wikipedia article does not say what modulation scheme is used, but
> QPSK seems to be popular:
>
> http://www.satsig.net/ivsatcos.htm

The SkyGrabber site implies it works with DVB-S and DVB-S2 standards. I
think it's dumb to use a standardized air interface on things you want
to be very secure for warfighting, but that's just me.

Because satellite links are inherently power limited the modulations
tend to be low, with QPSK being arguably the most common. 8-PSK is used
sometimes, and DVB-S2 has some weird stuff in it IIRC, but nothing very
high-order.


> In any case, the link from drone to satellite is digital, and link
> from satellite to ground station is almost certainly digital, as it
> would make no sense at all to decode a digital bit stream arriving
> from the drone into the satellite, decode that bitstream, convert it
> to analog, then send it back to earth in some analog format, which
> would be hopelessly inefficient in so many ways.
>
> Also, the military itself implys in the WSJ article that they have
> know about this for a while and simply goofed.
>
> -Le Chaud Lapin-
>
>
>
>


--
Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.abineau.com
Le Chaud Lapin
2009-12-18 21:00:19 UTC
Permalink
On Dec 18, 12:35 pm, Eric Jacobsen <***@ieee.org> wrote:
> The SkyGrabber site implies it works with DVB-S and DVB-S2 standards.  I
> think it's dumb to use a standardized air interface on things you want
> to be very secure for warfighting, but that's just me.

Some argue that security by obscurity not good, which I tend to agree
with:

http://en.wikipedia.org/wiki/Security_through_obscurity

I guess you know that the military has committed to moving toward IP-
based, commoditized components, to their credit, IMO. One of the
things they kept telling me was, "Whatever you give us, it has to run
over IPv4."

They have some outstanding solicitations with promising-yet-misleading
names like "Military Network Protocol:

http://www.darpa.mil/STO/Solicitations/sn09-04/index.html

...which gives the impression that it is a new protocol for the
military, but that is not what MNP is. Speculatively speaking,
soldiers in the field have been tying up precious downlinks by
downloading "unscrupulous" material, frustrating higher-ranking
officers who are trying to get real work done, or, perhaps, download
their own unscruplous material :D. The purpose of MNP is to allow
prioritized access to the inbound/outbound trunk based upon parameters
that at least includes the rank of the officer trying to use the link.
So if a rear admirer...pardon me....admiral, is hoping to download the
lastest from http://www.fhm.com/, he would simply start download, and
all captains and lieutenants would get booted off the trunk until he
is done.

There was another soliiciation which basically said, "Look..IPv4 is
great, and we are thoroughly convinced that packet switching is
superior to circuit switching, commoditization is good, yada...but now
we would like to take all the concepts of computer networking that we
have learned over the past 30 years and formalize them into a new
networking protocol that is both useful for public and military. Give
us Version II of The Internet, and make sure every ingredient is in
the soup pot, including security and mobility, maybe some multicast.
We do require that it be compatible with IPv4/6, so long as you give
us something revolutionary."

The program manager who was in charge of this soliciation mysteriously
disengaged not long after it was published.

-Le Chaud Lapin-
Le Chaud Lapin
2009-12-18 21:13:03 UTC
Permalink
On Dec 18, 3:00 pm, Le Chaud Lapin <***@gmail.com> wrote:
> There was another soliiciation which basically said, "Look..IPv4 is
> great, and we are thoroughly convinced that packet switching is
> superior to circuit switching, commoditization is good, yada...but now
> we would like to take all the concepts of computer networking that we
> have learned over the past 30 years and formalize them into a new
> networking protocol that is both useful for public and military. Give
> us Version II of The Internet, and make sure every ingredient is in
> the soup pot, including security and mobility, maybe some multicast.
> We do require that it be compatible with IPv4/6, so long as you give
> us something revolutionary."

* do not

> The program manager who was in charge of this soliciation mysteriously
> disengaged not long after it was published.

-Le Chaud Lapin-
Eric Jacobsen
2009-12-18 21:31:36 UTC
Permalink
On 12/18/2009 2:00 PM, Le Chaud Lapin wrote:
> On Dec 18, 12:35 pm, Eric Jacobsen<***@ieee.org> wrote:
>> The SkyGrabber site implies it works with DVB-S and DVB-S2 standards. I
>> think it's dumb to use a standardized air interface on things you want
>> to be very secure for warfighting, but that's just me.
>
> Some argue that security by obscurity not good, which I tend to agree
> with:
>
> http://en.wikipedia.org/wiki/Security_through_obscurity
>
> I guess you know that the military has committed to moving toward IP-
> based, commoditized components, to their credit, IMO. One of the
> things they kept telling me was, "Whatever you give us, it has to run
> over IPv4."
>
> They have some outstanding solicitations with promising-yet-misleading
> names like "Military Network Protocol:
>
> http://www.darpa.mil/STO/Solicitations/sn09-04/index.html
>
> ...which gives the impression that it is a new protocol for the
> military, but that is not what MNP is. Speculatively speaking,
> soldiers in the field have been tying up precious downlinks by
> downloading "unscrupulous" material, frustrating higher-ranking
> officers who are trying to get real work done, or, perhaps, download
> their own unscruplous material :D. The purpose of MNP is to allow
> prioritized access to the inbound/outbound trunk based upon parameters
> that at least includes the rank of the officer trying to use the link.
> So if a rear admirer...pardon me....admiral, is hoping to download the
> lastest from http://www.fhm.com/, he would simply start download, and
> all captains and lieutenants would get booted off the trunk until he
> is done.
>
> There was another soliiciation which basically said, "Look..IPv4 is
> great, and we are thoroughly convinced that packet switching is
> superior to circuit switching, commoditization is good, yada...but now
> we would like to take all the concepts of computer networking that we
> have learned over the past 30 years and formalize them into a new
> networking protocol that is both useful for public and military. Give
> us Version II of The Internet, and make sure every ingredient is in
> the soup pot, including security and mobility, maybe some multicast.
> We do require that it be compatible with IPv4/6, so long as you give
> us something revolutionary."
>
> The program manager who was in charge of this soliciation mysteriously
> disengaged not long after it was published.
>
> -Le Chaud Lapin-

I was addressing the link, not the cryptography. Most security people
I've worked with recognize that layering barries is usually a good
thing, so why use a standardized link that anybody can buy a receiver
for when it's not hard at all to obscure the link protocol? That'd
make the barrier to just getting the signal MUCH higher, and require
some pretty specialized research to figure out. That's a step that'd
need to be done before one could even begin to address the decryption,
which is a different issue entirely.

But that's just me, what do I know? ;)

--
Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.abineau.com
Joel Koltner
2009-12-18 22:41:31 UTC
Permalink
"Eric Jacobsen" <***@ieee.org> wrote in message
news:%wSWm.5633$***@newsfe16.iad...
> I was addressing the link, not the cryptography. Most security people I've
> worked with recognize that layering barries is usually a good thing, so why
> use a standardized link that anybody can buy a receiver for when it's not
> hard at all to obscure the link protocol?

I think the usual argument is the "chain is only as strong as its weakest
link" and "time is money" approach -- if you've selected, e.g., AES-256 as the
encryption algorithm, if there's someone who can manage to crack it in
real-time, you kinda have to assume they'll find decoding your proprietary
link protocol to be utterly trivial as well. Hence, it may not be worth the
extra time and expense to cook up your own new protocol -- especially when
you're paying for it with the taxpayer's money. :-)

The other problem of is that there are plenty of cases where someone coming up
with a proprietary protocol unintentionally weakens the overall system
security by embedded something in plaintext that correlates with something in
the encrypted portion of the data packet. If you stick with well-known public
standards, there's usually a long track record of their vulnerabilities to
consider.

If you have really good crypto guys and plenty of money, I'd agree that
layering provides extra security. With the U.S. military, it seems to me that
the later is still usually not a problem, whereas the former sometimes is.

---Joel
Eric Jacobsen
2009-12-18 23:10:54 UTC
Permalink
On 12/18/2009 3:41 PM, Joel Koltner wrote:
> "Eric Jacobsen" <***@ieee.org> wrote in message
> news:%wSWm.5633$***@newsfe16.iad...
>> I was addressing the link, not the cryptography. Most security people
>> I've worked with recognize that layering barries is usually a good
>> thing, so why use a standardized link that anybody can buy a receiver
>> for when it's not hard at all to obscure the link protocol?
>
> I think the usual argument is the "chain is only as strong as its
> weakest link" and "time is money" approach -- if you've selected, e.g.,
> AES-256 as the encryption algorithm, if there's someone who can manage
> to crack it in real-time, you kinda have to assume they'll find decoding
> your proprietary link protocol to be utterly trivial as well. Hence, it
> may not be worth the extra time and expense to cook up your own new
> protocol -- especially when you're paying for it with the taxpayer's
> money. :-)
>
> The other problem of is that there are plenty of cases where someone
> coming up with a proprietary protocol unintentionally weakens the
> overall system security by embedded something in plaintext that
> correlates with something in the encrypted portion of the data packet.
> If you stick with well-known public standards, there's usually a long
> track record of their vulnerabilities to consider.
>
> If you have really good crypto guys and plenty of money, I'd agree that
> layering provides extra security. With the U.S. military, it seems to me
> that the later is still usually not a problem, whereas the former
> sometimes is.
>
> ---Joel

Yet again, I'm not addressing the encryption, but the link (i.e., air
interface) protocol. Even in DVB-S and DVB-S2, the air interfaces are
completely independent from the transport layer and the encryption. If
you make the air interface just a bit pipe, it CAN'T expose the
encryption any more than any using a standardized air interface.

Making it difficult to even demodulate the signal, however, provides an
additional barrier to a would-be eavesdropper in that they must,
somehow, figure out how to demodulate the signal. This includes
figuring out the modulation type, the polynomial of the entropy
scrambler (NOT the same as encryption), the FEC, including any
polynomials, interleavers, or code matrices, any framing, etc., etc.,
etc. It's a monumental task if you don't also have a modulator with
which to perform detailed experiments, and even if you do the investment
and expertise required make it a pretty high hurdle.

Instead, they used DVB-S or DVB-S2, for which receivers are commonly
available.

Which is easier for eavesdropping?

--
Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.abineau.com
Joel Koltner
2009-12-18 23:25:02 UTC
Permalink
Ah, sorry Eric, I was thinking you meant the packet transport protocol (what I
meant be tempted to call "link layer" but that's probably not correct) and not
the actual "physical" level link. My apologies.

> Which is easier for eavesdropping?

DVB-S, certainly, although if they had used AES (ok, probably not available
when it was designed -- maybe 3DES?), they still would probably have been OK.

---Joel
Le Chaud Lapin
2009-12-18 23:44:31 UTC
Permalink
On Dec 18, 5:25 pm, "Joel Koltner" <***@yahoo.com>
wrote:
> Ah, sorry Eric, I was thinking you meant the packet transport protocol (what I
> meant be tempted to call "link layer" but that's probably not correct) and not
> the actual "physical" level link.  My apologies.
>
> > Which is easier for eavesdropping?
>
> DVB-S, certainly, although if they had used AES (ok, probably not available
> when it was designed -- maybe 3DES?), they still would probably have been OK.

Or RC6. I remember playing around with its predecessor, RC4, in the
early 90's. I have chunks of code still on my hard disk for RC6 that I
wrote a while ago (attached).

template <unsigned int w, unsigned int r, unsigned int b> bool
Cipher<w, r, b>::encipher (void *buffer, unsigned int length)
{
if (length % sizeof(Block))
return false;

unsigned int block_count = length / sizeof(Block);

for (unsigned int k = 0; k < block_count; ++k)
{
struct
{
unsigned long int A : w;
unsigned long int B : w;
unsigned long int C : w;
unsigned long int D : w;
} block = {0};

unsigned int m;

for (m = 0; m < (w / 8); ++m)
{
block.A |= unsigned long int (*((unsigned char *)
buffer + 0 * w / 8 + m)) << (m*8);
block.B |= unsigned long int (*((unsigned char *)
buffer + 1 * w / 8 + m)) << (m*8);
block.C |= unsigned long int (*((unsigned char *)
buffer + 2 * w / 8 + m)) << (m*8);
block.D |= unsigned long int (*((unsigned char *)
buffer + 3 * w / 8 + m)) << (m*8);
}

....


It's 5:40 P.M. where I am. Using this code, and a spec of whatever
format exists for their data stream, assuming they will allow me up to
16 bytes per packet of padding, I could have a secure link done by
11:00 PM, while still not missing my favorite show on TV.

So the excuse that there was "not enough time" is not an an excuse,
IMO.

-Le Chaud Lapin-
Steve Pope
2009-12-19 00:22:28 UTC
Permalink
Le Chaud Lapin <***@gmail.com> wrote:

>So the excuse that there was "not enough time" is not an an excuse,
>IMO.

Probably encryption was not in the requirements. It would of
course be illegal for a defense contractor to add features
just because they thought those features were important...
they must trace back to a contractual requirement.

Steve
Le Chaud Lapin
2009-12-19 00:45:42 UTC
Permalink
On Dec 18, 6:22 pm, ***@speedymail.org (Steve Pope) wrote:
> Le Chaud Lapin  <***@gmail.com> wrote:
>
> >So the excuse that there was "not enough time" is not an an excuse,
> >IMO.
>
> Probably encryption was not in the requirements.  It would of
> course be illegal for a defense contractor to add features
> just because they thought those features were important...
> they must trace back to a contractual requirement.

I'll try to remember that the next time I'm designing a spacecraft for
NASA:

"Hey...Tyrone...I know they said Mars... but do you think they'd be OK
with a Saturn swing-around just for kicks?" :)

These guys have meetings ad nauseum. Things that would take you and me
to think about an make a decision in 4 hours, they discuss for four
months. Everything is deliberate. Everything is known. NSA and other
goverment agencies know all about what they are doing, as they are
doing it.

If crypto was not in the spec, the decision was deliberate. Since it
was not in the spec, the decision to not put it in was deliberate,
which is stupid, because it would have been easy, even in 1990, given
the amount of money involved.

Note that it does not take an entire team to do crypto. I could rattle
off the names of 10 (prominent) individuals who could have done the
crypto part single-handedly and likely not have made a mistake. My
guess is that such individuals would have been content with a
fraction, say, 1%, of the $1+ billion spent:

http://postmanpatel.blogspot.com/2006/04/global-hawk-uav-delays-cost-overruns.html

-Le Chaud Lapin-
Jerry Avins
2009-12-19 01:19:51 UTC
Permalink
Steve Pope wrote:
> Le Chaud Lapin <***@gmail.com> wrote:
>
>> So the excuse that there was "not enough time" is not an an excuse,
>> IMO.
>
> Probably encryption was not in the requirements. It would of
> course be illegal for a defense contractor to add features
> just because they thought those features were important...
> they must trace back to a contractual requirement.

I uncovered a serious specification omission when, as a technician for a
subcontractor, I built hardware for the Mercury space capsule. The
contractor (Collins Radio) agreed that the omission could lead to
catastrophic failure, but determined that the amount of paperwork to
effect a change was prohibitive. (Just as I kicked it up to Collins,
they would have had to continue up the chain through McDonnell Douglas
to NASA.) The project manager at Collins agreed to push the matter after
I said that I would ask the astronauts what to do.

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
glen herrmannsfeldt
2009-12-18 23:32:01 UTC
Permalink
In comp.dsp Eric Jacobsen <***@ieee.org> wrote:
(snip)

> Yet again, I'm not addressing the encryption, but the link (i.e., air
> interface) protocol. Even in DVB-S and DVB-S2, the air interfaces are
> completely independent from the transport layer and the encryption. If
> you make the air interface just a bit pipe, it CAN'T expose the
> encryption any more than any using a standardized air interface.

> Making it difficult to even demodulate the signal, however, provides an
> additional barrier to a would-be eavesdropper in that they must,
> somehow, figure out how to demodulate the signal. This includes
> figuring out the modulation type, the polynomial of the entropy
> scrambler (NOT the same as encryption), the FEC, including any
> polynomials, interleavers, or code matrices, any framing, etc., etc.,
> etc. It's a monumental task if you don't also have a modulator with
> which to perform detailed experiments, and even if you do the investment
> and expertise required make it a pretty high hurdle.

How many have crashed or been shot down (but not completely destroyed)
and been recovered? That is, assume that they have the hardware and
algorithms.

-- glen
Eric Jacobsen
2009-12-19 00:31:06 UTC
Permalink
On 12/18/2009 4:32 PM, glen herrmannsfeldt wrote:
> In comp.dsp Eric Jacobsen<***@ieee.org> wrote:
> (snip)
>
>> Yet again, I'm not addressing the encryption, but the link (i.e., air
>> interface) protocol. Even in DVB-S and DVB-S2, the air interfaces are
>> completely independent from the transport layer and the encryption. If
>> you make the air interface just a bit pipe, it CAN'T expose the
>> encryption any more than any using a standardized air interface.
>
>> Making it difficult to even demodulate the signal, however, provides an
>> additional barrier to a would-be eavesdropper in that they must,
>> somehow, figure out how to demodulate the signal. This includes
>> figuring out the modulation type, the polynomial of the entropy
>> scrambler (NOT the same as encryption), the FEC, including any
>> polynomials, interleavers, or code matrices, any framing, etc., etc.,
>> etc. It's a monumental task if you don't also have a modulator with
>> which to perform detailed experiments, and even if you do the investment
>> and expertise required make it a pretty high hurdle.
>
> How many have crashed or been shot down (but not completely destroyed)
> and been recovered? That is, assume that they have the hardware and
> algorithms.
>
> -- glen

A bunch, by my understanding, which may be how they figured out it was
DVB-S/S2. If, on the other hand, they find an FPGA (or some unknown
part) where the modulator goes, then they have to sort out what the heck
is going on.

Not trivial.
--
Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.abineau.com
Jerry Avins
2009-12-18 21:48:25 UTC
Permalink
Le Chaud Lapin wrote:
> On Dec 18, 12:35 pm, Eric Jacobsen <***@ieee.org> wrote:
>> The SkyGrabber site implies it works with DVB-S and DVB-S2 standards. I
>> think it's dumb to use a standardized air interface on things you want
>> to be very secure for warfighting, but that's just me.
>
> Some argue that security by obscurity not good, which I tend to agree
> with:
>
> http://en.wikipedia.org/wiki/Security_through_obscurity
>
> I guess you know that the military has committed to moving toward IP-
> based, commoditized components, to their credit, IMO. One of the
> things they kept telling me was, "Whatever you give us, it has to run
> over IPv4."
>
> They have some outstanding solicitations with promising-yet-misleading
> names like "Military Network Protocol:
>
> http://www.darpa.mil/STO/Solicitations/sn09-04/index.html
>
> ...which gives the impression that it is a new protocol for the
> military, but that is not what MNP is. Speculatively speaking,
> soldiers in the field have been tying up precious downlinks by
> downloading "unscrupulous" material, frustrating higher-ranking
> officers who are trying to get real work done, or, perhaps, download
> their own unscruplous material :D. The purpose of MNP is to allow
> prioritized access to the inbound/outbound trunk based upon parameters
> that at least includes the rank of the officer trying to use the link.
> So if a rear admirer...pardon me....admiral, is hoping to download the
> lastest from http://www.fhm.com/, he would simply start download, and
> all captains and lieutenants would get booted off the trunk until he
> is done.
>
> There was another soliiciation which basically said, "Look..IPv4 is
> great, and we are thoroughly convinced that packet switching is
> superior to circuit switching, commoditization is good, yada...but now
> we would like to take all the concepts of computer networking that we
> have learned over the past 30 years and formalize them into a new
> networking protocol that is both useful for public and military. Give
> us Version II of The Internet, and make sure every ingredient is in
> the soup pot, including security and mobility, maybe some multicast.
> We do require that it be compatible with IPv4/6, so long as you give
> us something revolutionary."
>
> The program manager who was in charge of this soliciation mysteriously
> disengaged not long after it was published.

The need to guard against cyberattacks on power stations and military
installations is a clear indication of bad -- make that stupid --
design. Critical facilities shouldn't share wire networks with
internet-at-large, and there would ideally be no radio links. Those who
don't like other people reading over their shoulders shouldn't build
glass houses.

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
casual observer
2009-12-18 22:50:36 UTC
Permalink
On Fri, 18 Dec 2009 16:48:25 -0500, Jerry Avins <***@ieee.org> wrote:

>The need to guard against cyberattacks on power stations and military
>installations is a clear indication of bad -- make that stupid --
>design. Critical facilities shouldn't share wire networks with
>internet-at-large, and there would ideally be no radio links. Those who
>don't like other people reading over their shoulders shouldn't build
>glass houses.

Agreed. Get rid of the wireless links on the Predator drones and use
wired connections. Wait....huh? ;-)
Jerry Avins
2009-12-18 23:31:16 UTC
Permalink
casual observer wrote:
> On Fri, 18 Dec 2009 16:48:25 -0500, Jerry Avins <***@ieee.org> wrote:
>
>> The need to guard against cyberattacks on power stations and military
>> installations is a clear indication of bad -- make that stupid --
>> design. Critical facilities shouldn't share wire networks with
>> internet-at-large, and there would ideally be no radio links. Those who
>> don't like other people reading over their shoulders shouldn't build
>> glass houses.
>
> Agreed. Get rid of the wireless links on the Predator drones and use
> wired connections. Wait....huh? ;-)

I didn't write about drones, but about power stations. As far as I know,
few distribute wireless power. Eat your heart out, Tesla! It should be
physically impossible to reach NORAD's computers from the web, let alone
hack into them.

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Vladimir Vassilevsky
2009-12-18 23:05:44 UTC
Permalink
Jerry Avins wrote:


> The need to guard against cyberattacks on power stations and military
> installations is a clear indication of bad -- make that stupid --
> design.

Big design can't be without stupid flaws, especially if that design is
done by big company. This is just the law of big numbers. Only the
simple things that were in production in large quantities and for many
years, can be cleaned to perfection.

> Critical facilities shouldn't share wire networks with
> internet-at-large, and there would ideally be no radio links. Those who
> don't like other people reading over their shoulders shouldn't build
> glass houses.

Recently I read that "Boeing 787 Dreamliner is safe against intended or
unintended cyberatacks, as its entertainment network is software
firewalled from the flight controls". Isn't it wonderful?

Vladimir Vassilevsky
DSP and Mixed Signal Design Consultant
http://www.abvolt.com
Jerry Avins
2009-12-18 23:32:31 UTC
Permalink
Vladimir Vassilevsky wrote:
>
>
> Jerry Avins wrote:
>
>
>> The need to guard against cyberattacks on power stations and military
>> installations is a clear indication of bad -- make that stupid -- design.
>
> Big design can't be without stupid flaws, especially if that design is
> done by big company. This is just the law of big numbers. Only the
> simple things that were in production in large quantities and for many
> years, can be cleaned to perfection.
>
>> Critical facilities shouldn't share wire networks with
>> internet-at-large, and there would ideally be no radio links. Those
>> who don't like other people reading over their shoulders shouldn't
>> build glass houses.
>
> Recently I read that "Boeing 787 Dreamliner is safe against intended or
> unintended cyberatacks, as its entertainment network is software
> firewalled from the flight controls". Isn't it wonderful?

Groovy!

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Archimedes' Lever
2009-12-19 03:10:13 UTC
Permalink
On Thu, 17 Dec 2009 22:09:31 -0800 (PST), David Schwartz
<***@webmaster.com> wrote:

>Cannot be done. The satellite that the predator talks to only supports
>analog video.

Are you sure?

General instrument was able to digitize, compress, and send no less
than 12 standard 6MHz wide analog video signals up to a bird that was
only for analog TV signals, and they effectively increased satellite
channel capacity ten fold.

I do not think that you have thought this through very well.

Digital signals can be passed over analog carriers, and are, every day,
no problem.

It is all analog at some point.
Archimedes' Lever
2009-12-19 02:15:58 UTC
Permalink
On Thu, 17 Dec 2009 18:54:53 -0800 (PST), David Schwartz
<***@webmaster.com> wrote:

>On Dec 17, 6:33 pm, Le Chaud Lapin <***@gmail.com> wrote:
>
>> > Passing encrypted video over a satellite network built for unencrypted
>> > analog video is not a trivial challenge. As far as I know, there
>> > exists no scheme to do this that has not been broken already. The
>> > problem is that encryption works partly by diffusing information so
>> > that no part of the output looks like any part of the input. The
>> > satellite link is filled with errors and distortion that have to be
>> > contained to retain adequate video quality.
>
>> Maybe I misunderstand, but the system, based on this link:
>>
>> http://www.skygrabber.com/en/skygrabber.php
>>
>> ...looks like it is entirely in the digital domain.
>
>They're grabbing it later in the system, but if you want it encrypted
>later in the system, you have to encrypt it earlier in the system.
>
>> If that is true, encryption, under the scenarios required by US DoD,
>> would take maybe 3 weeks using Rijndael or other symmetric cipher for
>> a rough run, and maybe a month more by a crypto expert to remove the
>> fatal flaws.
>
>There is no place in the system to put such a cipher. The only
>practical way to do is to encrypt the analog uplink. The satellite-
>based system from the uplink from the Predator to the downlink to the
>operator is simply not encryption-capable. Essentially, the problem is
>basically that they chose a completely unsuitable system to handle the
>image downlink to the operator.
>
>DS


Real simple. Make it TCP/IP and use IP encryption, just like the
government and military does everywhere else.

As far as your claim of knowing what they did implement... I have
serious doubts that you do. Your simple, blanket statement that it "is
simply not encryption capable" is about as uninformed and stupid as it
gets.

ANY data stream can be EASILY encrypted, and that at a very strong
level.
krw
2009-12-18 02:58:44 UTC
Permalink
On Thu, 17 Dec 2009 18:33:53 -0800 (PST), Le Chaud Lapin
<***@gmail.com> wrote:

>On Dec 17, 7:15 pm, David Schwartz <***@webmaster.com> wrote:
>> Passing encrypted video over a satellite network built for unencrypted
>> analog video is not a trivial challenge. As far as I know, there
>> exists no scheme to do this that has not been broken already. The
>> problem is that encryption works partly by diffusing information so
>> that no part of the output looks like any part of the input. The
>> satellite link is filled with errors and distortion that have to be
>> contained to retain adequate video quality.
>
>????
>
>Data encryption of the kind that they need for someone who is
>experienced in cryptography is near-trivial. The biggest problem,
>which is not a problem in this particular case, is key distribution.

Even that is no problem for an experienced cryptographer. A little
public key magic and all done. ;-)

>Maybe I misunderstand, but the system, based on this link:
>
>http://www.skygrabber.com/en/skygrabber.php
>
>...looks like it is entirely in the digital domain.
>
>If that is true, encryption, under the scenarios required by US DoD,
>would take maybe 3 weeks using Rijndael or other symmetric cipher for
>a rough run, and maybe a month more by a crypto expert to remove the
>fatal flaws.

Likely wouldn't even need that. The video has a shelf life. It
needn't be secure for a generation.

>The more I think about this, the more I find it hard to believe that
>the people who designed the communications of the Predator could be
>so...ahem....
>
>A more plausible, conspiracy-theorist, explanation might be this:
>
>The US Military realizes that al-Quaeda/Taliban are becoming more and
>more sophisticated in their employment of technology such as laptop
>computers, desktoop computers, networks, smartphones with Internet
>connections, etc. Ideally, one could inject a nerd-mole into these
>groups to infiltrate their computer systems, but that would be
>expensive, hit-or-miss, and if he is caught, he would be surely
>executed.
>
>A much easier alternative would be to fake a breach of your own
>security system, then publicize widely exactly how it was breached:
>via software that is readily avaialble on Internet. Make the software
>ridiculously cheap, since most terrorists do not have Bin Laden's
>billions. Then wait for the fish.

That's my conspiracy theory of the day. ;-)

>Every terrorist and wannabe-terrorist who wants to be able to break
>into US military satellite com's will visit the web site, whereupon IP
>addresses and times of visit will be collected into a database,
>creating a nice map (using Google Earth of course) of distribution of
>terrorists. Furthermore, by clandestine agrement with author of
>software, a root-kit will be built into the software. When terrorists'
>computers become infected by the download, the military will be able
>to receive highly valuable information from infected computers. If
>military is fortunate, these computers will occasionally become
>networked, in which case, the virus could propagate.
>
>Yes, it's a long shot, but give me a break...a $10 million drone,
>under a multi-billion-dollar program, designed by Ph.D's in electrical
>engineering, computer science, and aero/astro, and they forget
>something as simple as a little symmetric crypto? NSA, which has last
>say in all crypto/data security matters, would have/should have never
>allowed this.
>
>Smells fishy.
>
>-Le Chaud Lapin-
pnachtwey
2009-12-18 03:59:10 UTC
Permalink
On Dec 17, 5:15 pm, David Schwartz <***@webmaster.com> wrote:
> On Dec 17, 4:11 pm, Le Chaud Lapin <***@gmail.com> wrote:
>
> > Surely we can all agree that there is something ironic about a top-
> > secrete weapon lacking security that a 20-year-old computer science
> > student at a top engineering school could probably get right (almost)
> > on the first run.
>
> Passing encrypted video over a satellite network built for unencrypted
> analog video is not a trivial challenge. As far as I know, there
> exists no scheme to do this that has not been broken already.
Sure there is a way to encrypt the data so that it can't be decrypted
in real time. If the video is decrypted a day or even hours latter it
is too late for the target.

Peter Nachtwey
Le Chaud Lapin
2009-12-18 05:41:46 UTC
Permalink
On Dec 17, 9:59 pm, pnachtwey <***@gmail.com> wrote:
> On Dec 17, 5:15 pm, David Schwartz <***@webmaster.com> wrote:> On Dec 17, 4:11 pm, Le Chaud Lapin
> > Passing encrypted video over a satellite network built for unencrypted
> > analog video is not a trivial challenge. As far as I know, there
> > exists no scheme to do this that has not been broken already.
>
> Sure there is a way to encrypt the data so that it can't be decrypted
> in real time.  If the video is decrypted a day or even hours latter it
> is too late for the target.

It should be noted that decrypting in non-real time, right now, in
December, 2009, is impossible using 256-bit AES.

It would take billions of quadrillions of trillions, of [insert -
illions as you please] of years.

A thought:

If the terrorists can see and interpret the video, that means:

1. The protocol is decipherable.
2. The protocol is encipherable.
3. It is theoretically possible to inject bogus data into the stream.

With some very clever software engineering, it would be possible to
feed the satellite with bogus images that are superpositions of actual
video images and computer-generated animations.

I just hope the image decompression software at the receiving end does
not have any buffer-overflow vunerabilities. But NSA is supposed to
catch things like that.

-Le Chaud Lapin-
Steve Pope
2009-12-18 08:55:42 UTC
Permalink
Le Chaud Lapin <***@gmail.com> wrote:

>It should be noted that decrypting in non-real time, right now, in
>December, 2009, is impossible using 256-bit AES.

WTF are you talking about?

Steve
Le Chaud Lapin
2009-12-18 17:23:05 UTC
Permalink
On Dec 18, 2:55 am, ***@speedymail.org (Steve Pope) wrote:
> Le Chaud Lapin  <***@gmail.com> wrote:
>
> >It should be noted that decrypting in non-real time, right now, in
> >December, 2009, is impossible using 256-bit AES.
>
> WTF are you talking about?

This is precisely a question I have asked myself with regard to a few
of the other posts.

I work with digital communication 5 days a week, 3+ hours a day,
including symmetric and assymetric cipher systems of the kind that
might be used by the military, so some of the responses are just as
perplexing to me as mine is to you.

-Le Chaud Lapin-
Joel Koltner
2009-12-18 17:51:52 UTC
Permalink
"Le Chaud Lapin" <***@gmail.com> wrote in message
news:e53174eb-234b-4682-9c7e-***@a32g2000yqm.googlegroups.com...
> I work with digital communication 5 days a week, 3+ hours a day,
> including symmetric and assymetric cipher systems of the kind that
> might be used by the military, so some of the responses are just as
> perplexing to me as mine is to you.

To add more fuel to the fire:
http://www.wired.com/dangerroom/2009/12/not-just-drones-militants-can-snoop-on-most-us-warplanes/

IMO the lack of encryption was a failure in management. I would bet you a
nickel that when the systems were being developed, the contractors said,
"sure, we can add encryption, but it will add years and millions to the
development schedule," and someone made the Executive Decision to skip it.

This is a major problem with many military and commercial contracts today:
Often the people with the high-dollar decision-making authority don't have the
technical background to know if someone pitching them a huge schedule and cost
increase are doing so because what's being asked for really is a Hard Problem
or just because the contractor doesn't happen to be very good in that area.

---Joel
Le Chaud Lapin
2009-12-18 18:22:17 UTC
Permalink
On Dec 18, 11:51 am, "Joel Koltner" <***@yahoo.com>
wrote:
> To add more fuel to the fire:http://www.wired.com/dangerroom/2009/12/not-just-drones-militants-can...
>
> IMO the lack of encryption was a failure in management.  I would bet you a
> nickel that when the systems were being developed, the contractors said,
> "sure, we can add encryption, but it will add years and millions to the
> development schedule," and someone made the Executive Decision to skip it.
>
> This is a major problem with many military and commercial contracts today:
> Often the people with the high-dollar decision-making authority don't have the
> technical background to know if someone pitching them a huge schedule and cost
> increase are doing so because what's being asked for really is a Hard Problem
> or just because the contractor doesn't happen to be very good in that area.

Or, it could be that

1. The management is technically imcompetent
2. The drones working for them are technically compotent [sorry, could
not resist :)]
3. The people holding purse strings at DARPA as not as competent as
they should be.
4. The drones inform management that it "would not be too hard to add
encryption"
5. The management sees an opportunity to stretch the schedule.

After all, management at these contractors are judged not by how well
they hit the bulls-eye, but how much bacon they bring home. They last
thing they want to hear is for one of their own people to say, "We
don't really need $15 million to do this...a team of four of us could
probably have a prototype in a month for $100,000."

One prime contractor that I spoke with during my utterly-depressing
communications with DARPA & Company in 2008 boasted that "a single
individual at DARPA" was solely responsible for giving his group $200
million over 8 years. It was sickening, because the "thing" they were
making was simply pathetic. Not only that, we had a conference call
one day, with three of their Ph.D's at the table, and I could swear
that one of the things they were asking for was a compressor that
could magically compress any data. I gently reminded them that there
was no such thing, as well as the fact that it was was not even the
topic on the agenda, and they kept coming back to it..."If you could
find a way to compress our already-compressed data...we might be able
to work with you." I tried to tell them that there was a limit beyond
which it is theoretically and provably impossible, but they didn't
want to hear that.

They have been using the same Microsoft Powerpoint slides to sell and
resell the same piece of wood to DARPA and appropriations committees.

-Le Chaud Lapin-
Eric Jacobsen
2009-12-18 18:38:16 UTC
Permalink
On 12/18/2009 1:55 AM, Steve Pope wrote:
> Le Chaud Lapin<***@gmail.com> wrote:
>
>> It should be noted that decrypting in non-real time, right now, in
>> December, 2009, is impossible using 256-bit AES.
>
> WTF are you talking about?
>
> Steve

I think he meant cracking it in real time. Certainly decryption in
real-time isn't a big deal. Why any of it would be a problem in
non-real time is anybody's guess.

--
Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.abineau.com
Steve Pope
2009-12-18 20:22:23 UTC
Permalink
Eric Jacobsen <***@ieee.org> wrote:

>On 12/18/2009 1:55 AM, Steve Pope wrote:

>> Le Chaud Lapin<***@gmail.com> wrote:

>>> It should be noted that decrypting in non-real time, right now, in
>>> December, 2009, is impossible using 256-bit AES.

>> WTF are you talking about?

>I think he meant cracking it in real time. Certainly decryption in
>real-time isn't a big deal.

Thanks, that makes sense. I (as usual) was reading the sentence
too literally.

Steve
Archimedes' Lever
2009-12-19 02:58:42 UTC
Permalink
On Thu, 17 Dec 2009 21:41:46 -0800 (PST), Le Chaud Lapin
<***@gmail.com> wrote:

>A thought:
>
>If the terrorists can see and interpret the video, that means:
>
>1. The protocol is decipherable.

No, it means they (the idiots that claim to have hacked it) found an
open stream that was NOT ever encrypted. All they succeeded in doing was
finding a carrier. No technical prowess required whatsoever.

>2. The protocol is encipherable.

No. It is more likely not encrypted at all.

>3. It is theoretically possible to inject bogus data into the stream.

Absolutely not. The GPS timestamps are going to keep that from ever
happening. Just because the video is able to be seen, that doesn't mean
that there was not more data included with each frame. In fact, I am
sure that there is.
Archimedes' Lever
2009-12-19 03:05:28 UTC
Permalink
On Thu, 17 Dec 2009 21:41:46 -0800 (PST), Le Chaud Lapin
<***@gmail.com> wrote:

>
>With some very clever software engineering, it would be possible to
>feed the satellite with bogus images that are superpositions of actual
>video images and computer-generated animations.

No, it would be absolutely NOT possible.
Archimedes' Lever
2009-12-19 03:06:30 UTC
Permalink
On Thu, 17 Dec 2009 21:41:46 -0800 (PST), Le Chaud Lapin
<***@gmail.com> wrote:

>I just hope the image decompression software at the receiving end does
>not have any buffer-overflow vunerabilities. But NSA is supposed to
>catch things like that.

Considering all the other crap you have spewed, I doubt seriously that
you know a goddamned thing about what the NSA wants or does, much less
how they operate.
Jerry Avins
2009-12-18 01:44:21 UTC
Permalink
Le Chaud Lapin wrote:
> On Dec 17, 3:07 pm, Jerry Avins <***@ieee.org> wrote:
>> Le Chaud Lapin wrote:
>>> Earlier this year, when I spoke to DARPA program managers and prime
>>> contractors about secure, mobile, wirless links, it seemed that that
>>> "their bread was not fully baked" in this area. I asked a technical
>>> director of a $11US+ billion program if this was the case, and he was
>>> reluctant to admit that, after $5US billion already spent, they still
>>> had not figured out how to do secure mobile links in a way that
>>> actually made sense. His response was something like,
>>> "Yes, before, we had some issues around 2000-2001, but recently we
>>> have provided demonstrations that show that we have control of the
>>> situation."
>>> DARPA, please, you are impressing us toooo much!!!!
>> The video down link is not encrypted. They say they're working on it.
>
> Well, if you give me $100US million dollars, I will open a (non-Swiss)
> bank account, deposit $99.5US million into the account, and use the
> remaining $500,000US to hire two cryptographers for six months to get
> the encryption right.

What do you mean "get the encryption right"? I understood that there was
no encryption at all.

> The Predator was not exactly a high-school science project.
>
> Surely we can all agree that there is something ironic about a top-
> secrete weapon lacking security that a 20-year-old computer science
> student at a top engineering school could probably get right (almost)
> on the first run.
>
> What they did (not do), given rancid amounts of money given to them by
> the general public, is inexcusable.

It wasn't encryption that failed, but specification.

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Le Chaud Lapin
2009-12-18 02:05:15 UTC
Permalink
On Dec 17, 7:44 pm, Jerry Avins <***@ieee.org> wrote:
> What do you mean "get the encryption right"? I understood that there was
> no encryption at all.

I just assumed that, since it is the US military, employing a drone to
do semi-stealth reconnaisance, that a basic requirement would be that
young kids who probably earn < $100/month should not be able to
intercept the stealth video. My bad.

Maybe they should leave it as it is. That way, the terrorists could
put it up on YouTube. Maybe there is a Hollywood show in it...

"So You Think You Can Out-Run A Hell-Fire Missile."

> > The Predator was not exactly a high-school science project.
>
> > Surely we can all agree that there is something ironic about a top-
> > secrete weapon lacking security that a 20-year-old computer science
> > student at a top engineering school could probably get right (almost)
> > on the first run.
>
> > What they did (not do), given rancid amounts of money given to them by
> > the general public, is inexcusable.
>
> It wasn't encryption that failed, but specification.

Hmmm...that's a bit like a surgeon leaving a person's gut open after
an appendectomy and saying,

"Well, technically, you never explicitly said to stitch him up, geez."

-Le Chaud Lapin-
Rick Jones
2009-12-18 02:12:28 UTC
Permalink
In comp.protocols.tcp-ip Le Chaud Lapin <***@gmail.com> wrote:
> I just assumed that, since it is the US military, employing a drone
> to do semi-stealth reconnaisance, that a basic requirement would be
> that young kids who probably earn < $100/month should not be able to
> intercept the stealth video. My bad.

It isn't as if the presumed young kids who earn < $100/month came-up
with the way to grab the feeds - they are simply using something that
someone else produced. Not too unlike say the potentially young kids
in the U.S. military who might be receiving the drone feeds "in the
field."

rick jones
--
oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
krw
2009-12-18 02:14:11 UTC
Permalink
On Thu, 17 Dec 2009 18:05:15 -0800 (PST), Le Chaud Lapin
<***@gmail.com> wrote:

>On Dec 17, 7:44 pm, Jerry Avins <***@ieee.org> wrote:
>> What do you mean "get the encryption right"? I understood that there was
>> no encryption at all.
>
>I just assumed that, since it is the US military, employing a drone to
>do semi-stealth reconnaisance, that a basic requirement would be that
>young kids who probably earn < $100/month should not be able to
>intercept the stealth video. My bad.
>
>Maybe they should leave it as it is. That way, the terrorists could
>put it up on YouTube. Maybe there is a Hollywood show in it...

Perhaps it was intentional. They can sell electronics to the
terrorists. Who knows what backdoors lurk...

>"So You Think You Can Out-Run A Hell-Fire Missile."

"Smile! You're on Candid Camera!"
Le Chaud Lapin
2009-12-18 03:01:27 UTC
Permalink
On Dec 17, 8:14 pm, krw <***@att.bizzzzzzzzzzz> wrote:
> On Thu, 17 Dec 2009 18:05:15 -0800 (PST), Le Chaud Lapin
> >Maybe they should leave it as it is. That way, the terrorists could
> >put it up on YouTube. Maybe there is a Hollywood show in it...
>
> Perhaps it was intentional.  They can sell electronics to the
> terrorists.  Who knows what backdoors lurk...

Check out the list of PCI adapters required by PC to receive satellite
feed at bottom of page:

http://www.skygrabber.com/en/skygrabber.php

If I were to design a backdoor, I would put it in the hardware. Of
course, this would mean that:

1. One of the listed manufacturers is actually a wolf in sheep's
clothing: DoD posing as a legitimate company.
2. DoD has contracts unders some Homeland Security act with all the
manufacturers to put in backdoors for units sold to regions inhabited
by terrorist.

#2 is more likely, as #1 would depend on getting lucky that terrorist
chose your adapter and not someone else's.

A hardware-resident virus on PC can pretty much do anything it wants
with the PC.

-Le Chaud Lapin-
krw
2009-12-18 03:09:28 UTC
Permalink
On Thu, 17 Dec 2009 19:01:27 -0800 (PST), Le Chaud Lapin
<***@gmail.com> wrote:

>On Dec 17, 8:14 pm, krw <***@att.bizzzzzzzzzzz> wrote:
>> On Thu, 17 Dec 2009 18:05:15 -0800 (PST), Le Chaud Lapin
>> >Maybe they should leave it as it is. That way, the terrorists could
>> >put it up on YouTube. Maybe there is a Hollywood show in it...
>>
>> Perhaps it was intentional.  They can sell electronics to the
>> terrorists.  Who knows what backdoors lurk...
>
>Check out the list of PCI adapters required by PC to receive satellite
>feed at bottom of page:
>
>http://www.skygrabber.com/en/skygrabber.php
>
>If I were to design a backdoor, I would put it in the hardware. Of
>course, this would mean that:
>
>1. One of the listed manufacturers is actually a wolf in sheep's
>clothing: DoD posing as a legitimate company.
>2. DoD has contracts unders some Homeland Security act with all the
>manufacturers to put in backdoors for units sold to regions inhabited
>by terrorist.

Those models suddenly become available in Kabul and Islamabad markets.
;-)

>#2 is more likely, as #1 would depend on getting lucky that terrorist
>chose your adapter and not someone else's.
>
>A hardware-resident virus on PC can pretty much do anything it wants
>with the PC.

Also remember the printer ruse used in DS1. Spy-vs-Spy.

OTOH, it's the US government. I'm backing the dumb-as-a-rock
explanation.
Andrew Swallow
2009-12-18 23:34:56 UTC
Permalink
krw wrote:
{snip}

>
> OTOH, it's the US government. I'm backing the dumb-as-a-rock
> explanation.

Front line tactical radio communication has traditionally been
unencrypted. This is just a continuation of that. However being
digital they are changing that. Also high speed off the shelf
portable encryption may not have been available.

Andrew Swallow
krw
2009-12-19 01:08:32 UTC
Permalink
On Fri, 18 Dec 2009 23:34:56 +0000, Andrew Swallow
<***@btopenworld.com> wrote:

>krw wrote:
>{snip}
>
>>
>> OTOH, it's the US government. I'm backing the dumb-as-a-rock
>> explanation.
>
>Front line tactical radio communication has traditionally been
>unencrypted. This is just a continuation of that. However being
>digital they are changing that. Also high speed off the shelf
>portable encryption may not have been available.

Nonsense. It's been available for decades.
Andrew Swallow
2009-12-19 01:10:31 UTC
Permalink
krw wrote:
> On Fri, 18 Dec 2009 23:34:56 +0000, Andrew Swallow
> <***@btopenworld.com> wrote:
>
>> krw wrote:
>> {snip}
>>
>>> OTOH, it's the US government. I'm backing the dumb-as-a-rock
>>> explanation.
>> Front line tactical radio communication has traditionally been
>> unencrypted. This is just a continuation of that. However being
>> digital they are changing that. Also high speed off the shelf
>> portable encryption may not have been available.
>
> Nonsense. It's been available for decades.

True but tactical in the clear is still used.

Andrew Swallow
krw
2009-12-19 01:31:49 UTC
Permalink
On Sat, 19 Dec 2009 01:10:31 +0000, Andrew Swallow
<***@btopenworld.com> wrote:

>krw wrote:
>> On Fri, 18 Dec 2009 23:34:56 +0000, Andrew Swallow
>> <***@btopenworld.com> wrote:
>>
>>> krw wrote:
>>> {snip}
>>>
>>>> OTOH, it's the US government. I'm backing the dumb-as-a-rock
>>>> explanation.
>>> Front line tactical radio communication has traditionally been
>>> unencrypted. This is just a continuation of that. However being
>>> digital they are changing that. Also high speed off the shelf
>>> portable encryption may not have been available.
>>
>> Nonsense. It's been available for decades.
>
>True but tactical in the clear is still used.

For radio that's expected. For a Predator link it's stupid. It gives
up the Predator's main advantage; stealth.
HardySpicer
2009-12-19 02:39:26 UTC
Permalink
On Dec 18, 4:01 pm, Le Chaud Lapin <***@gmail.com> wrote:
> On Dec 17, 8:14 pm, krw <***@att.bizzzzzzzzzzz> wrote:
>
> > On Thu, 17 Dec 2009 18:05:15 -0800 (PST), Le Chaud Lapin
> > >Maybe they should leave it as it is. That way, the terrorists could
> > >put it up on YouTube. Maybe there is a Hollywood show in it...
>
> > Perhaps it was intentional.  They can sell electronics to the
> > terrorists.  Who knows what backdoors lurk...
>
> Check out the list of PCI adapters required by PC to receive satellite
> feed at bottom of page:
>
> http://www.skygrabber.com/en/skygrabber.php
>
> If I were to design a backdoor, I would put it in the hardware. Of
> course, this would mean that:
>
> 1. One of the listed manufacturers is actually a wolf in sheep's
> clothing: DoD posing as a legitimate company.
> 2. DoD has contracts unders some Homeland Security act with all the
> manufacturers to put in backdoors for units sold to regions inhabited
> by terrorist.
>
> #2 is more likely, as #1 would depend on getting lucky that terrorist
> chose your adapter and not someone else's.
>
> A hardware-resident virus on PC can pretty much do anything it wants
> with the PC.
>
> -Le Chaud Lapin-

That's assuming that your side ever even saw it before it blew
something up. I am surprised that terrorists haven't used drones - so
simple. Even model aircraft could od a little damage and they have
spread spectrum comms now.


Hardy
Michael A. Terrell
2009-12-18 11:08:26 UTC
Permalink
krw wrote:
>
> On Thu, 17 Dec 2009 18:05:15 -0800 (PST), Le Chaud Lapin
> <***@gmail.com> wrote:
>
> >On Dec 17, 7:44 pm, Jerry Avins <***@ieee.org> wrote:
> >> What do you mean "get the encryption right"? I understood that there was
> >> no encryption at all.
> >
> >I just assumed that, since it is the US military, employing a drone to
> >do semi-stealth reconnaisance, that a basic requirement would be that
> >young kids who probably earn < $100/month should not be able to
> >intercept the stealth video. My bad.
> >
> >Maybe they should leave it as it is. That way, the terrorists could
> >put it up on YouTube. Maybe there is a Hollywood show in it...
>
> Perhaps it was intentional. They can sell electronics to the
> terrorists. Who knows what backdoors lurk...
>
> >"So You Think You Can Out-Run A Hell-Fire Missile."
>
> "Smile! You're on Candid Camera!"


Hopefully, the video of them ramming a drone up a terrorist's ass as
he runs for his life will be leaked. It would be great for morale on
both sides. :)


--
Offworld checks no longer accepted!
Jerry Avins
2009-12-18 03:04:53 UTC
Permalink
Le Chaud Lapin wrote:
> On Dec 17, 7:44 pm, Jerry Avins <***@ieee.org> wrote:
>> What do you mean "get the encryption right"? I understood that there was
>> no encryption at all.
>
> I just assumed that, since it is the US military, employing a drone to
> do semi-stealth reconnaisance, that a basic requirement would be that
> young kids who probably earn < $100/month should not be able to
> intercept the stealth video. My bad.
>
> Maybe they should leave it as it is. That way, the terrorists could
> put it up on YouTube. Maybe there is a Hollywood show in it...
>
> "So You Think You Can Out-Run A Hell-Fire Missile."
>
>>> The Predator was not exactly a high-school science project.
>>> Surely we can all agree that there is something ironic about a top-
>>> secrete weapon lacking security that a 20-year-old computer science
>>> student at a top engineering school could probably get right (almost)
>>> on the first run.
>>> What they did (not do), given rancid amounts of money given to them by
>>> the general public, is inexcusable.
>> It wasn't encryption that failed, but specification.
>
> Hmmm...that's a bit like a surgeon leaving a person's gut open after
> an appendectomy and saying,
>
> "Well, technically, you never explicitly said to stitch him up, geez."

Exactly like.

Jerry
--
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Randy Yates
2009-12-17 21:10:10 UTC
Permalink
Le Chaud Lapin <***@gmail.com> writes:

> http://cursor.org/stories/dronesyndrome.htm

Why is this article dated December 18th, 2009?
--
Randy Yates % "Bird, on the wing,
Digital Signal Labs % goes floating by
mailto://***@ieee.org % but there's a teardrop in his eye..."
http://www.digitalsignallabs.com % 'One Summer Dream', *Face The Music*, ELO
a***@netzero.com
2009-12-18 00:06:07 UTC
Permalink
On Dec 17, 4:10 pm, Randy Yates <***@ieee.org> wrote:
> Le Chaud Lapin <***@gmail.com> writes:
>
> >http://cursor.org/stories/dronesyndrome.htm
>
> Why is this article dated December 18th, 2009?
> --
> Randy Yates % "Bird, on the wing,
> Digital Signal Labs % goes floating by
> mailto://***@ieee.org % but there's a teardrop in his eye..."http://www.digitalsignallabs.com% 'One Summer Dream', *Face The Music*, ELO

Cuz that's the date and time in China.
Le Chaud Lapin
2009-12-18 00:12:23 UTC
Permalink
On Dec 17, 3:10 pm, Randy Yates <***@ieee.org> wrote:
> Le Chaud Lapin <***@gmail.com> writes:
>
> >http://cursor.org/stories/dronesyndrome.htm
>
> Why is this article dated December 18th, 2009?

Not sure. On my screen it says

"POSTED JANURARY 12, 2003"

-Le Chaud Lapin-
Malachy Moses
2009-12-17 22:41:22 UTC
Permalink
From today's newspapers (Dec 17, 2009):

"Iraq insurgents hack into video feeds from US drones
"Insurgents in Iraq have hacked into live video feeds from unmanned
American drone aircraft, US media reports say."

See http://news.bbc.co.uk/2/hi/middle_east/8419147.stm among many
others.

Apparently, the insurgents have been using off-the-shelf software
called SkyGrabber to view the live video feeds from the drones. So
the word "hacked" in the article is not entirely accurate, since it
implies that effort was involved, whereas in actuality the SkyGrabber
software made it almost effortless.
Le Chaud Lapin
2009-12-18 00:40:20 UTC
Permalink
On Dec 17, 4:41 pm, Malachy Moses <***@gmail.com> wrote:
> From today's newspapers (Dec 17, 2009):
>
> "Iraq insurgents hack into video feeds from US drones
> "Insurgents in Iraq have hacked into live video feeds from unmanned
> American drone aircraft, US media reports say."
>
> See
> http://news.bbc.co.uk/2/hi/middle_east/8419147.stmamong many
> others.
>
> Apparently, the insurgents have been using off-the-shelf software
> called SkyGrabber to view the live video feeds from the drones.  So
> the word "hacked" in the article is not entirely accurate, since it
> implies that effort was involved, whereas in actuality the SkyGrabber
> software made it almost effortless.

Which makes one wonder what real crytographers in other countries are
thinking right now. I doubt if any of them are impressed.

Imagine:

The most powerful country in the world, your adversary, spending
enough money on their military technology annually to overwhelm your
entire GDP, only to have one of their more advanced systems "hacked"
by what are probably kids, since many older people in Afghanistan/etc.
have never used the Internet. In retrospect, the word "hacked" allows
DARPA & Company to save face, since the word "hacked", as you stated,
implies some effort by the adversary, whereas "listened in" would be
more indicative of the stupidity at play. Perhaps they should have
used "breached" instead of "hacked". The average person can appreciate
breaches.

This is not just embarrassing. It makes us look vulnerable, both in
the eyes of our adversaries, as well as our friends.

If it were not for the greediness/cockiness of DARPA and these prime
contractors who make this stuff...well, it would still be
intolerable.... but the greediness/cockiness added to it makes me want
to puke. I spent months listening to these military guys talk about
their "capability", a flowing stream of unending bombastic babble,
wasting millions (sometimes billions) of dollars.

I searched Google for "DARPA Wireless Security" and found one of the
first links that came up:

http://www.darpa.mil/STO/Solicitations/SN07-09/mod1.html

This solicitation talks about "breakthrough", "paradigm shift",
"revolutionary", "robust", and in the end, they give us Linksys.

All that money they spent to make a wireless link that my 14-year-old
niece could have set up!

-Le Chaud Lapin-
robert bristow-johnson
2009-12-18 06:51:35 UTC
Permalink
On Dec 17, 12:34 pm, Le Chaud Lapin <***@gmail.com> wrote:
>
> DARPA, please, you are impressing us toooo much!!!!

maybe they're including psychological warfare in this. so i'm some
kinda Iraqi insurgent watching my latest "Drone TV". and i see my
face on it. that would be soooo cool.

another thing is they could put some drones up there with video tape
of some other drone. they could be transmitting the "real" signal on
some other channel where no one is expecting it and broadcast the
video tape of some completely fictional place on the other.

or they could be putting some Tokyo Rose propaganda on it. that would
be cool.

or PORN!!! make these hardcore Islamists watch some hardcore porn!!!
titles like "Under the Burka" or something like that. or US daytime
TV hits like Genital Hospital. that would be *really* cool.

them DARPA guys are pretty clever.

r b-j
Michael A. Terrell
2009-12-18 11:11:15 UTC
Permalink
robert bristow-johnson wrote:
>
> On Dec 17, 12:34 pm, Le Chaud Lapin <***@gmail.com> wrote:
> >
> > DARPA, please, you are impressing us toooo much!!!!
>
> maybe they're including psychological warfare in this. so i'm some
> kinda Iraqi insurgent watching my latest "Drone TV". and i see my
> face on it. that would be soooo cool.
>
> another thing is they could put some drones up there with video tape
> of some other drone. they could be transmitting the "real" signal on
> some other channel where no one is expecting it and broadcast the
> video tape of some completely fictional place on the other.
>
> or they could be putting some Tokyo Rose propaganda on it. that would
> be cool.
>
> or PORN!!! make these hardcore Islamists watch some hardcore porn!!!
> titles like "Under the Burka" or something like that. or US daytime
> TV hits like Genital Hospital. that would be *really* cool.
>
> them DARPA guys are pretty clever.


Or videos of sexy women butchering hogs, while drinking lots of beer.
:)


--
Offworld checks no longer accepted!
Archimedes' Lever
2009-12-19 03:13:40 UTC
Permalink
On Thu, 17 Dec 2009 22:51:35 -0800 (PST), robert bristow-johnson
<***@audioimagination.com> wrote:

>or PORN!!! make these hardcore Islamists watch some hardcore porn!!!
>titles like "Under the Burka" or something like that. or US daytime
>TV hits like Genital Hospital. that would be *really* cool.
>
>them DARPA guys are pretty clever.
>
>r b-j


It's national Take a bath in a vat of pig's blood day!
Jorgen Grahn
2009-12-18 15:28:30 UTC
Permalink
On Thu, 2009-12-17, Le Chaud Lapin wrote:
> Hi All,
>
> This Christmas, I offer to the US Defense Advanced Research Projects
> Agency a reflection of truth about the Predator program:
...

You are off-topic and (in your followup) you silently cross-post to
other, more inflammed groups like sci.crypt. That's a technique trolls
use to destroy useful news groups -- is that what you are trying to
do?

If not, please don't do it again. Google 'netiquette'.

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
Le Chaud Lapin
2009-12-18 17:18:25 UTC
Permalink
On Dec 18, 9:28 am, Jorgen Grahn <grahn+***@snipabacken.se> wrote:
> On Thu, 2009-12-17, Le Chaud Lapin wrote:
> > Hi All,
>
> > This Christmas, I offer to the US Defense Advanced Research Projects
> > Agency a reflection of truth about the Predator program:
>
> ...
>
> You are off-topic and (in your followup) you silently cross-post to
> other, more inflammed groups like sci.crypt. That's a technique trolls
> use to destroy useful news groups -- is that what you are trying to
> do?
>
> If not, please don't do it again. Google 'netiquette'.

Even though the topic itself is off-topic, which I labeled it at such,
I would think that since the problem is lack of encryption, which DoD
itself admits, sci.crypt would be a relevant group.

-Le Chaud Lapin-
biject
2009-12-18 21:07:51 UTC
Permalink
On Dec 18, 9:46 am, David Schwartz <***@webmaster.com> wrote:


>
> It is my understanding that it was the link to the ground station that
> was digital and being intercepted, not the link from the Predator. If
> you can point to some reliable source that says otherwise, let me
> know. I'll be mightily surprised.
>
> DS

The sad thing is at one time the government had good
laboratories like China Lake that could for pennies on
the dollar fix this problem in less than a month. But
the dumb people running the show in DC would rather keep
spending millions of dollars getting nothing done than
actually fix the problem. Contractors also seem to get
more money by promising to fix things and then even more
money when they fail. This country is in big trouble if
it still has minor problems like this. Bring back the
good labs where the only requirement is to get the job
done. Forget all the EEO rules and crap just hire competent
people who can get the work done. I know the team I
worked with could fix this problem if they had a chance
and no pain in the ass bureaucrats slowing us down.

David A. Scott
--
My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"
Loading...