[Cryptography] improved identification of non-targets
John Denker
jsd at av8n.com
Sun Jan 12 01:13:28 EST 2020
Hi Folks --
There have been outrageously many incidents of people shooting
down airliners without really meaning to. This looks partly
analogous if not identical to a classical crypto problem,
namely identification and authentication. Heretofore it has
been handled very badly.
1) The term IFF (identification friend of foe) is a gross
misnomer:
*) A favorable result from the IFF system identifies a
friendly military aircraft.
*) The only other result is a non-result which could be:
-- an out-and-out foe,
-- a neutral,
-- a friendly non-military aircraft,
-- or even a friendly warplane with a broken or
misconfigured transponder.
2) There exists such a thing as "non cooperative target
identification" but that is very much the answer to the
wrong question. Airliners are not targets, and more
importantly, they would cooperate if given half a chance.
So the question is, why are they not given the chance?
3) To ask the same question in a slightly different way:
Can we provide airliners with IFF functionality? What
would that involve?
The equipment would have to be highly trusted. If there
were any appreciable risk that identifications could be
stolen or forged, missile crews would ignore the IFF and
shoot at anything that moves.
4) You can't just install military transponders in airliners,
partly because the equipment is classified, and partly because
the task is different. Military IFF responds only if you
ask nicely, using a coded query, but an airliner should
respond to anybody who asks. Instead, the airliner needs
some kind of nonce (to prevent trivial replay attacks).
So, if we can come up with some sort of design that makes
sense, perhaps ICAO could standardize it. Once it is
deployed, there would be a lot of pressure for militaries
to respect it.
5) The existing ADS-B Mode-S transponder is a step in the
right direction. No crypto is involved. The reply carries
a 24-bit claim of identity. This enormously simplifies the
missile battery's task, because rather than trying to figure
out what this object is, ab_initio, based only on its primary
radar signature, they need only verify that it is exactly
what it claims to be.
6) Layering some crypto on that shouldn't be toooo hard.
The aircraft can perform some sort of public-key signature
or zero-knowledge proof of identity. Append the nonce to
your claimed ID, sign it, and send it back.
This raises the usual questions about what certificates
to trust. My standard answer to all such questions is
that I trust certificates that I have issued myself.
Each country could issue its own certificates, good for
one flight only, and send them to the airline via a
secure channel. Friendly and neutral airlines would
have every incentive to not let the certificates leak
to foes.
Conversely, airliners belonging to my out-and-out foes
are not allowed to operate in my airspace. Too many
opportunities for hanky-panky.
7) There have been rumors of military aircraft flying
in close formation with unwitting airliners, using the
airliner partly as a stalking horse and partly as
human shields. I'm not sure what to do about this.
It seems unsporting, but that doesn't mean it can't
happen.
As mentioned in item (5), knowing exactly what the object
is supposed to be makes it easier to detect a primary
radar return that isn't quite right. Buzzword = MASINT.
8) There are implementation issues. In an integrated air
defense network implementation shouldn't be too bad, but
for things like Buk or Tor launchers, which were designed
in the Soviet era, designed to operate more-or-less
autonomously, I don't know what all would be involved.
9) We have to ask, what is the threat model? Obvious
starting points include:
-- From the airliner's point of view, the main threat is
trigger-happy missile crews. Also bad guys trying to
steal your authentication certificates.
-- From the air defense point of view, the threat includes
foes masquerading as neutrals. Also stalking horses.
-- What else? I don't know.
===========
Bottom line: There's obviously a problem here. How do
we understand the problem? Is it fixable?
More information about the cryptography
mailing list