[aprssig] Authentication over APRS was: Ab)Use of APRS for telemetry? Anyone doing it?

Scott Miller scott at opentrac.org
Mon Dec 6 13:13:33 EST 2004


> > This still leaves you vulnerable to replay attacks, where someone just
> > copies a valid command sequence off the air and resends it later.
>
> Once the particular OTP has been used, the server will not accept it in
> the future. No replay vulnerability. The other ones you mention are valid
> of course.

I think what I was refering to was my MAC scheme, sans challenge/response.
Or maybe not.  Again, lack of coffee may be an issue.  Time to brew another
pot.

> If you simply want someone to not be able to open your garage door or turn
> your lights on an OTP system seems as 'reasonable' risk. If you intend to
> launch ICB missles...then no :)  Compare risk to effort.

Yeah, but if I'm going to build a system to be the APRS equivalent of an X10
system, I'm going to do it in as safe a way as possible.  For a DIY project,
probably not a big deal.

> For me, if I developed such a thing and found a local ham turning my
> lights off an on for kicks I'd probably laugh about it and then use it as
> direction finding practice. Then buy the guy a beer! :)

Yeah, but someone tripping the cutdown device on your high-altitude balloon
would be a real bummer!  But you're right of course... appropriate security
depends on the value of what you're protecting, and from whom you're
protecting it.

Scott
N1VG





More information about the aprssig mailing list