[Date Prev][Date Next][Thread Prev][Thread Next] - [Date Index][Thread Index][Author Index]

RE: Any serious risk ?

> > Good post Assi!  You are correct, the first line of 
> security is not ciphers
> > but concealment.  If the spy/hacker doesn't know that the 
> command link is
> > there they can't break it.  If the hacker doesn't know 
> where the door is he
> > can't break in.  Even better, don't let on that there is a 
> door.   Get the
> > idea?
> I know I'm going to get flak for this, but I don't agree with 
> this concept.  First of all, 
> except for the human element, it is possible to have 
> virtually un-breakable security in 

Well, at least to a point where the effort required to break it makes it not
worthwhile.  In years gone past, simply picking an obscure frequency would
have sufficed, as the effort to find the frequency in the first place, then
_build_ a transmitter capable of operating on the command uplink was quite
considerable.  Today, this is not as big an obstacle.  And it will get
smaller with time an technology.

> something like this without any encryption at all, and with 
> minimal hardware/software.  
> I have no idea of what level of security is being employed, 
> but if it is so vulnerable that 
> you can't risk talking about it, then it must not be very 
> secure. If that is the case, then 
> the discussion on this list is certainly a valid topic, at 
> least for future projects, as it is 

This sort of thing has been done to death on lists such as BugTraq (a full
disclosure list for security problems with computer systems), and the
consensus there is that "security through obscurity" is not security at all.
In our case, the fact that we have a fair bit of spectrum to play with does
offer a bit more protection, but even that is diminishing with time.  Has
anyone heard of the Optoelectronics Scout receiver?  

Granted, our situation is a little different, we have a few more physical
variables to play with than the purely software crowd, but that's no cause
to be complacent and deny there's a potential for trouble.

In other words, I feel we should keep our eyes open to the possibility that
malicious people may seek to gain control of a satellite for whatever
reason.  Our systems may already be secure enough to deal with this threat,
but we need to keep our eyes open and be prepared (any Boy Scouts here? :)

>    I think we are all here to learn, not to just be users of 
> the sats. This list should 
> encourage any topic related to how the sats work.  Any time 
> any valid topic is shut 
> down, we are doing the hobby a disservice.

I have to say that since the launch of AO-40, I've learnt a lot about
satellites and orbits, and some of the issues involved in managing a
satellite.  While I don't feel the need at this time to know the command
codes (maybe one day, when I have time and a suitable station, I may step
forward and get more involved), I do like to understand the rudimentary
basics of what's involved.
Via the amsat-bb mailing list at AMSAT.ORG courtesy of AMSAT-NA.
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org