[aprssig] APRS-XO proposal

Scott Miller scott at opentrac.org
Thu Jan 10 14:48:15 EST 2008

> One big problem with UDP vs. TCP - source address spoofing.  Yes, there 
> are still tons of networks out there that will forward packets from 
> bogus source addresses.  TCP solves the problem if the server is 

Very true.  You can still work around that, though.  For example, 
require a public key to be registered for each UDP sender, and have each 
position report signed.  For that matter, it doesn't have to be a public 
key - it can be a shared secret between the registered client and the 
server network.  That'd probably allow for a much more compact MAC, and 
would certainly be easier computationally.  If someone abuses the 
network, you just revoke their registration.  Any incoming UDP packets 
without a valid MAC just get dropped.

> The problem once things get spoofed...the packets point back to someone 
> who didn't do it, but to an untrained eye, it sure looks like they did.  

And I can vouch for the fact that 'untrained eye' also includes most of 
the low-level guys at AFCERT who used to call about that sort of thing 
when I worked for the USAF.  I had a long canned email explaining the 
whole concept, and we had to send that probably every week or two.  Just 
because they'd been trained to sit in front of an IDS console and read 
alerts didn't mean they had a clue as to what they were seeing, or how 
to read a tcpdump file.

So here's what I'd propose - each UDP packet gets a header identifying 
the originator plus a message authentication code.  Say, a CRC32 digest 
of an XXTEA-encrypted version of the message plus originator and a 
timestamp if you're concerned about replay attacks.  (And yes, there are 
more secure message digests and MACs out there, but I'm trying to keep 
things computationally simple.  I do a lot of work with 8-bit micros.)

And yes, I understand that UDP doesn't give any acknowledgment that the 
datagram was received.  What's the sender going to do if it's not?  Try 
again, of course.  For UDP, you could just send reports twice as often 
and still generate 1/3 of the traffic.

Remember that UDP is analogous to the unconnected AX.25 UI frames we use 
for APRS on the air.  We don't use acks there either, and it still works 
despite packet loss rates that are far higher.


More information about the aprssig mailing list