Satellite eavesdropping of 802.11b traffic

Arnold G. Reinhold reinhold at world.std.com
Fri May 28 07:56:30 EDT 2004 

At 9:19 PM -0400 5/27/04, Perry E. Metzger wrote:
>"R. A. Hettinga" <rah at shipwright.com> writes:
>>  At 12:35 PM -0400 5/27/04, John Kelsey wrote:
>>>Does anyone know whether the low-power nature of wireless LANs protects
>>>them from eavesdropping by satellite?
>>
>>  It seems to me that you'd need a pretty big dish in orbit to get that kind
>>  of resolution.
>>
>>  The Keyholes(?) are for microwaves, right?
>
>Dunno if it would work in orbit,, but you can get surprising results
>right here on earth using phased arrays.
>
>Vivato is selling very long range phased array equipment as long
>range/high quality 802.11 basestations, but you could do precisely the
>same trick to eavesdrop instead of to communicate. With enough
>computing power, one device could listen in on every 802.11
>communication in a very large radius.
>
>I don't know how practical it would be to set up some sort of large
>scale phased array in orbit -- I suspect the answer is "not practical
>at all" -- but the principle could apply there, too.
>

I would say quite practical. A huge advantage for the attacker is 
that 802.11b/g is in a fixed frequency band. A half-wave dipole is 
6.25 cm long. A large phased array could be assembled out of printed 
circuit board tiles, each with many antennas.

The outdoor range for 802.11 is up to 100 m.  Low earth orbit is 
about 150 km.  That is a factor of 1500. Power attenuation is the 
square of that, which works out to a 64 db loss.  Throw in another 10 
db for slant range, building attenuation, etc. The loss has to be 
made up by a combination of antenna gain, improved receiver 
performance and better signal processing. That doesn't sound undoable.

A single LEO satellite would only have a few minutes of visibility 
per day over any one location on Earth. That suggests an active 
attack, where the satellite looks for files or even changes data. The 
satellite's ability to transmit at much higher power levels is an 
advantage.

A third option is spot jamming. Here high power means one can get 
away with a smaller antenna, perhaps wrapped around a cheaper spin 
stabilized satellite.  Such a system could be used to briefly disable 
802.11-based security systems, perhaps allowing a spy to gain access 
to a building.

Other interesting possibilities include long endurance 
remotely-piloted aircraft, balloons and small receiving stations that 
could be planted by spies or even parachuted into position. I'm sure 
802.11 has given the SIGINT community much joy.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list