[Cryptography] improved identification of non-targets

Henry Baker hbaker1 at pipeline.com
Sun Jan 12 14:55:01 EST 2020


At 10:13 PM 1/11/2020, John Denker via cryptography wrote:
>Hi Folks --
>
>There have been outrageously many incidents of people shooting
>down airliners without really meaning to.  This looks partly
>analogous if not identical to a classical crypto problem,
>namely identification and authentication.  Heretofore it has
>been handled very badly.
>
>1) The term IFF (identification friend of foe) is a gross
>misnomer:
> *) A favorable result from the IFF system identifies a
>  friendly military aircraft.
> *) The only other result is a non-result which could be:
>  -- an out-and-out foe,
>  -- a neutral,
>  -- a friendly non-military aircraft,
>  -- or even a friendly warplane with a broken or
>   misconfigured transponder.
>
>2) There exists such a thing as "non cooperative target
> identification" but that is very much the answer to the
> wrong question.  Airliners are not targets, and more
> importantly, they would cooperate if given half a chance.
> So the question is, why are they not given the chance?
>
>3) To ask the same question in a slightly different way:
> Can we provide airliners with IFF functionality?  What
> would that involve?
>
> The equipment would have to be highly trusted.  If there
> were any appreciable risk that identifications could be
> stolen or forged, missile crews would ignore the IFF and
> shoot at anything that moves.
>
>4) You can't just install military transponders in airliners,
> partly because the equipment is classified, and partly because
> the task is different.  Military IFF responds only if you
> ask nicely, using a coded query, but an airliner should
> respond to anybody who asks.  Instead, the airliner needs
> some kind of nonce (to prevent trivial replay attacks).
>
> So, if we can come up with some sort of design that makes
> sense, perhaps ICAO could standardize it.  Once it is
> deployed, there would be a lot of pressure for militaries
> to respect it.
>
>5) The existing ADS-B Mode-S transponder is a step in the
> right direction.  No crypto is involved.  The reply carries
> a 24-bit claim of identity.  This enormously simplifies the
> missile battery's task, because rather than trying to figure
> out what this object is, ab_initio, based only on its primary
> radar signature, they need only verify that it is exactly
> what it claims to be.
>
>6) Layering some crypto on that shouldn't be toooo hard.
> The aircraft can perform some sort of public-key signature
> or zero-knowledge proof of identity.  Append the nonce to
> your claimed ID, sign it, and send it back.
>
> This raises the usual questions about what certificates
> to trust.  My standard answer to all such questions is
> that I trust certificates that I have issued myself.
> Each country could issue its own certificates, good for
> one flight only, and send them to the airline via a
> secure channel.  Friendly and neutral airlines would
> have every incentive to not let the certificates leak
> to foes.
>
> Conversely, airliners belonging to my out-and-out foes
> are not allowed to operate in my airspace.  Too many
> opportunities for hanky-panky.
>
>7) There have been rumors of military aircraft flying
> in close formation with unwitting airliners, using the
> airliner partly as a stalking horse and partly as
> human shields.  I'm not sure what to do about this.
> It seems unsporting, but that doesn't mean it can't
> happen.
>
> As mentioned in item (5), knowing exactly what the object
> is supposed to be makes it easier to detect a primary
> radar return that isn't quite right.  Buzzword = MASINT.
>
>8) There are implementation issues.  In an integrated air
> defense network implementation shouldn't be too bad, but
> for things like Buk or Tor launchers, which were designed
> in the Soviet era, designed to operate more-or-less
> autonomously, I don't know what all would be involved.
>
>9) We have to ask, what is the threat model? Obvious
> starting points include:
> -- From the airliner's point of view, the main threat is
>  trigger-happy missile crews.  Also bad guys trying to
>  steal your authentication certificates.
> -- From the air defense point of view, the threat includes
>  foes masquerading as neutrals.  Also stalking horses.
> -- What else?  I don't know.
>
>===========
>
>Bottom line:  There's obviously a problem here.  How do
>we understand the problem?  Is it fixable?

The problem is much, much bigger than your post indicates.

Hospitals & ambulances in war zones are routinely targeted,
whether unintentionally or otherwise.

And then there are "intelligence" operations that routinely
masquerade as doctors & health care workers.  E.g., Bin Laden's
DNA was verified by CIA-recruited doctors and health care
workers.

"The distrust sowed by the sham campaign in Pakistan could conceivably
postpone polio eradication for 20 years, leading to 100,000 more cases
that might otherwise not have occurred, says Leslie F. Roberts of
Columbia University's Mailman School of Public Health. 'Forevermore,
people would say this disease, this crippled child is because the
U.S. was so crazy to get Osama bin Laden,' he argues." [1]

Was Joe Biden and Barack Obama's 2008 campaign slogan "Bin
Laden is dead and GM is alive" [4] worth 100,000 lives?

In retrospect, Biden's 2012 slogan should be corrected to
"Bin Laden and vaccinators are dead and polio/smallpox/measles/...
are alive".

[1] https://www.scientificamerican.com/article/how-cia-fake-vaccination-campaign-endangers-us-all/

How the CIA's Fake Vaccination Campaign Endangers Us All;
The U.S. was wrong to use health workers to target Osama
bin Laden, May 1, 2013

[2] http://www.virology.ws/2013/01/08/deans-write-to-obama-about-cia-vaccine-scheme-in-pakistan/

Deans write to Obama about CIA vaccine scheme in Pakistan;
8 January 2013

[3] 

https://www.nationalgeographic.com/news/2015/02/150225-polio-pakistan-vaccination-virus-health/

https://www.nationalgeographic.com/news/2015/02/150227-polio-pakistan-vaccination-taliban-osama-bin-laden/

https://www.nationalgeographic.com/news/2015/03/150303-polio-pakistan-islamic-state-refugees-vaccination-health/

https://www.nationalgeographic.com/news/2015/03/150305-polio-syria-iraq-islamic-state-refugees-vaccination-virus-jihad/

[4] https://www.cnbc.com/id/47189546

Biden: "Bin Laden Dead, GM Alive"; David Jackson|USA TODAY; Published 11:15 AM ET Thu, 26 April 2012 Updated 3:36 PM ET Thu, 26 April 2012



More information about the cryptography mailing list