[aprssig] Authentication over APRS was: Ab)Use of APRS for telemetry? Anyone doing it?

[James Washer]

This brings up a question I've had for some time. As I recall, the FCC rules prevent amateurs from using "encryption" or anything that obscurs the meaning of a message. I don't recall the exact words.

But what if I wanted to have a secure method for sending commands ( to non space based devices, as I seen to recall the FCC made an exception for satelite control)?

Including a simple password in the message does nothing to prevent "replay attacks" (not good if you want to do something like open your garage door, or unlock something)

One could certainly use a OTP (one time pad), but that clearly violates the FCC rule mentioned above.

So, I was thinking the best method would be to send the command in plain text, thereby making the FCC happy. Including a date stamp to avoid replay attacks. And finally, attaching a hash of the message body encrypted with a PK (public key) tool. This way nothing is encrypted excecpt the "signature".

I've not given this much thought as to the "size" of the key, and the complexity of PKE code for microcontrollers...

Has anyone else thought about this? Any great ideas?

 - jim

p.s. If you all think this is way over the top, you are likely correct.. but I worry a lot about encryption for networks, etc at my day job.

On Mon, 6 Dec 2004 07:17:08 -0800
<scott at opentrac.org> wrote:

>
> I haven't seen the KPC-3+'s password-protected I/O feature.  I'll have to
> check that out.  Though no TNC I've seen yet has had any kind of strong
> authentication.
> 
> Scott
> N1VG
> 
>