[Date Prev][Date Next][Thread Prev][Thread Next] - [Date Index][Thread Index][Author Index]

Re: Question about AO-40 telemetry


The mere fact that people don't want to describe the AO-40 command
authentication methods should be enough to tell you that you don't
want to use them.

For new designs, standard cryptographic authentication techniques
should work just fine. Let's assume that you don't actually need to
hide the meaning of each command; you only need to authenticate each
command and to prevent old commands from being recorded and replayed.

To do this, you establish a command counter on the spacecraft that
increments with each valid received command. This counter is
transmitted in the clear in downlink telemetry.

Each uplinked command consists of the command itself (in the clear),
plus an authenticator computed as the one-way-hash of the
concatenation of the command, the command counter, and a secret key
known only to the spacecraft and the command station. Suitable one-way
hash functions include MD5 and SHA-1. Both are widely used in Internet
security protocols like IPSEC ESP, SSL, TLS, GPG/PGP and SSH. See the
IETF Security Area RFCs and Internet Drafts for their full
specifications, and for the precise ways to construct the input to the
hash functions to avoid any theoretical weaknesses. Also see Bruce
Schneier's book "Applied Cryptography".

To be sure, authentication won't protect your command uplink from
jamming. For that you'd have to use spread spectrum with a
cryptographically generated spreading sequence. Even then, the best
you could do is to penalize the jammer by a factor equal to the spread
spectrum processing gain. That is, if you have a process gain of 20
dB, then the jammer would have to increase power by 20 dB to have the
same jamming effect without spread spectrum.

Via the amsat-bb mailing list at AMSAT.ORG courtesy of AMSAT-NA.
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org