[Cryptography] improved identification of non-targets

Michael Kjörling michael at kjorling.se
Sun Jan 12 08:37:30 EST 2020


>From a bit of an aviation, not cryptography, perspective here...


On 11 Jan 2020 23:13 -0700, from cryptography at metzdowd.com (John Denker via cryptography):
> 4) You can't just install military transponders in airliners,
>  partly because the equipment is classified, and partly because
>  the task is different.  Military IFF responds only if you
>  ask nicely, using a coded query, but an airliner should
>  respond to anybody who asks.  Instead, the airliner needs
>  some kind of nonce (to prevent trivial replay attacks).

Mode-A/C/S transponders (which is what you'll find in any typical
civilian aircraft, besides more recently ADS-B Out) already respond to
"anybody who asks". If you're not happy with the answer, nothing says
you can't ask again, or wait for someone else to ask and listen to the
response.


> 5) The existing ADS-B Mode-S transponder is a step in the
>  right direction.  No crypto is involved.  The reply carries
>  a 24-bit claim of identity.  This enormously simplifies the
>  missile battery's task, because rather than trying to figure
>  out what this object is, ab_initio, based only on its primary
>  radar signature, they need only verify that it is exactly
>  what it claims to be.

ADS-B isn't Mode-S. The 24-bit identifier you have in mind is Mode-S;
I'm not sure what exactly ADS-B uses for an identifier, it _might_
even be the same value, but the two technologies are different. Once
you consider ADS-B In, they are _very_ different.

Mode-S already gives aircraft identity (which can be mapped to a
flight number in commercial aviation, via filed flightplans which are
required for Instrument Flight Rules traffic already; in turn,
virtually all commercial air traffic is IFR) and standard-atmosphere
pressure altitude (pressure altitude corresponding to a ground level
static pressure of 1013.25 hPa). It also gives the transponder code
("squawk" code) assigned by air traffic control to that flight and
selectable by the pilot. The latter is a four-digit octal number,
thereby allowing for 8^4 combinations, a handful of which are reserved
for specific purposes (including emergency situations such as radio
failure and illegal interference) but most are free for assignment by
ATC.

Mode-S transponders have been required in large swaths of airspace for
a long time. ADS-B is making inroads as of recently.


> 6) Layering some crypto on that shouldn't be toooo hard.
>  The aircraft can perform some sort of public-key signature
>  or zero-knowledge proof of identity.  Append the nonce to
>  your claimed ID, sign it, and send it back.

Don't forget the timing issue. Transponders send the Mode-S packet in
response to radar interrogation; in congested airspace (such as in the
vicinity of airports, which also often happens to be in close
proximity to radar transmitters) this needs to happen quickly enough
that it can't be confused for one from another aircraft. Also, the
nonce would need to come from the ground station; if the aircraft can
select the nonce, little keeps them from picking them ahead of time.
It's absolutely possible for an aircraft to be in radar range, and
therefore its transponder interrogated, from multiple ground stations
at once. Once you add airborne radar stations to the mix, things get
even more complicated. I very strongly suspect that there's a standard
document somewhere which specifies a hard real-time limit to
interrogation responses.


>  Conversely, airliners belonging to my out-and-out foes
>  are not allowed to operate in my airspace.  Too many
>  opportunities for hanky-panky.

If an aircraft isn't allowed to operate in your airspace and has a
working transponder, it will show up on secondary radar and you just
have your ATC not clear it into your airspace. That's standard
procedure already, and pilots flying in controlled airspace are
legally required to comply with ATC instructions anyway except in a
few specific cases that don't apply during normal operation and which
basically boil down to pilots' final authority in emergency
situations. If pilots don't follow ATC instructions and enter
controlled or restricted airspace without proper clearance, there are
already procedures in place for how to deal with that which almost
certainly _don't_ involve missile batteries as a first or even second
step.

If the aircraft has its transponder turned off for whatever reason, it
doesn't really matter how that transponder is designed, because it's
not going to respond to interrogations anyway. At that point your best
bet is primary radar, with all its drawbacks. (There's good reason why
ATC relies primarily on secondary radar.)

Do keep in mind that regulations already require that pilots are able
to turn off every piece of electrical equipment on the aircraft from
the cockpit (even if doing so requires pulling a circuit breaker).
While hopefully extremely rare, there are potential situations where a
problem with the transponder might actually require turning it off.

As for the recent case of Ukrainian Intl 752, at least according to
what I've seen publicly stated so far, the flight was flying its
cleared departure, on a proper flightplan, with everything in order
and the transponder turned on (otherwise it would not, for example,
have shown on Flightradar24). It departed Tehran international
airport, which (at least according to Wikipedia) is owned by the
government of Iran, so the government absolutely could have access to
ATC's transponder code assignments, the actual departure time, and the
flightplan which would specify the airframe used; the departure point
and heading would also match the flight's departure runway. There's
probably more than this. While of course none of this is _conclusive_
evidence in favor of a given radar return being a commercial passenger
flight, that's a _lot_ of things adding up in favor of it being one.

A simple NOTAM (Notice to Airmen) closing the relevant airspace to
traffic could potentially have prevented the PS752 disaster. Pilots
already review NOTAMs before departure (or Dispatch does it for them,
but it's ultimately the responsibility of the Pilot In Command to
ensure it has been done) when selecting the route to fly; any airspace
closure NOTAM would have been a huge red flag, especially if they
included airspace near the airport's normal departure corridors.

Aviation, _especially_ commercial aviation, has a huge number of
checks and balances in place precisely to prevent any one person's
mistake from turning into a disaster, because it's been well known
since the 1970s that even highly trained, experienced people make
unintentional mistakes as well as (far less often, thankfully)
intentional errors. (Look up cockpit resource management for just one
aspect of this.) Some of those checks and balances are technological
in nature; others are non-technological; others mix the two.


> 9) We have to ask, what is the threat model? Obvious
>  starting points include:
>  -- From the airliner's point of view, the main threat is
>   trigger-happy missile crews.  Also bad guys trying to
>   steal your authentication certificates.
>  -- From the air defense point of view, the threat includes
>   foes masquerading as neutrals.  Also stalking horses.
>  -- What else?  I don't know.

You can add at the very least TCAS (Traffic Collision Avoidance
System) requirements to that list. I'm willing to bet that despite
those being uncommon, too-close encounters with other aircraft are a
_lot_ more common than too-trigger-happy missile crews operating in
airspace not closed to traffic.

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
 “Remember when, on the Internet, nobody cared that you were a dog?”



More information about the cryptography mailing list