[Cryptography] improved identification of non-targets

John Denker jsd at av8n.com
Sun Jan 12 01:13:28 EST 2020 

Hi Folks --

There have been outrageously many incidents of people shooting
down airliners without really meaning to.  This looks partly
analogous if not identical to a classical crypto problem,
namely identification and authentication.  Heretofore it has
been handled very badly.

1) The term IFF (identification friend of foe) is a gross
misnomer:
 *) A favorable result from the IFF system identifies a
  friendly military aircraft.
 *) The only other result is a non-result which could be:
  -- an out-and-out foe,
  -- a neutral,
  -- a friendly non-military aircraft,
  -- or even a friendly warplane with a broken or
   misconfigured transponder.

2) There exists such a thing as "non cooperative target
 identification" but that is very much the answer to the
 wrong question.  Airliners are not targets, and more
 importantly, they would cooperate if given half a chance.
 So the question is, why are they not given the chance?

3) To ask the same question in a slightly different way:
 Can we provide airliners with IFF functionality?  What
 would that involve?

 The equipment would have to be highly trusted.  If there
 were any appreciable risk that identifications could be
 stolen or forged, missile crews would ignore the IFF and
 shoot at anything that moves.

4) You can't just install military transponders in airliners,
 partly because the equipment is classified, and partly because
 the task is different.  Military IFF responds only if you
 ask nicely, using a coded query, but an airliner should
 respond to anybody who asks.  Instead, the airliner needs
 some kind of nonce (to prevent trivial replay attacks).

 So, if we can come up with some sort of design that makes
 sense, perhaps ICAO could standardize it.  Once it is
 deployed, there would be a lot of pressure for militaries
 to respect it.

5) The existing ADS-B Mode-S transponder is a step in the
 right direction.  No crypto is involved.  The reply carries
 a 24-bit claim of identity.  This enormously simplifies the
 missile battery's task, because rather than trying to figure
 out what this object is, ab_initio, based only on its primary
 radar signature, they need only verify that it is exactly
 what it claims to be.

6) Layering some crypto on that shouldn't be toooo hard.
 The aircraft can perform some sort of public-key signature
 or zero-knowledge proof of identity.  Append the nonce to
 your claimed ID, sign it, and send it back.

 This raises the usual questions about what certificates
 to trust.  My standard answer to all such questions is
 that I trust certificates that I have issued myself.
 Each country could issue its own certificates, good for
 one flight only, and send them to the airline via a
 secure channel.  Friendly and neutral airlines would
 have every incentive to not let the certificates leak
 to foes.

 Conversely, airliners belonging to my out-and-out foes
 are not allowed to operate in my airspace.  Too many
 opportunities for hanky-panky.

7) There have been rumors of military aircraft flying
 in close formation with unwitting airliners, using the
 airliner partly as a stalking horse and partly as
 human shields.  I'm not sure what to do about this.
 It seems unsporting, but that doesn't mean it can't
 happen.

 As mentioned in item (5), knowing exactly what the object
 is supposed to be makes it easier to detect a primary
 radar return that isn't quite right.  Buzzword = MASINT.

8) There are implementation issues.  In an integrated air
 defense network implementation shouldn't be too bad, but
 for things like Buk or Tor launchers, which were designed
 in the Soviet era, designed to operate more-or-less
 autonomously, I don't know what all would be involved.

9) We have to ask, what is the threat model? Obvious
 starting points include:
 -- From the airliner's point of view, the main threat is
  trigger-happy missile crews.  Also bad guys trying to
  steal your authentication certificates.
 -- From the air defense point of view, the threat includes
  foes masquerading as neutrals.  Also stalking horses.
 -- What else?  I don't know.

===========

Bottom line:  There's obviously a problem here.  How do
we understand the problem?  Is it fixable?

More information about the cryptography mailing list