Forgot your password?
typodupeerror

Cracking the GPS Galileo Satellite 364

Posted by ScuttleMonkey
from the giving-people-a-reason dept.
Glyn writes "Newswise is reporting the the encryption in the Galileo GPS signal has been broken. The pseudo random number generator used to obscure the information stored in the Galileo GPS signal has been broken. From the article: 'Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.'"
This discussion has been archived. No new comments can be posted.

Cracking the GPS Galileo Satellite

Comments Filter:
  • Galileo != GPS (Score:4, Informative)

    by matt4077 (581118) on Sunday July 09, 2006 @05:59AM (#15686291) Homepage
    Galileo is the European System, GPS is the American. "GPS" is kind of generic, so I guess it's going to be the name for the whole category, but I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.
    • Re:Galileo != GPS (Score:5, Informative)

      by Anonymous Coward on Sunday July 09, 2006 @06:05AM (#15686297)
      > I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.

      There is: the "American GPS" is named NAVSTAR according to this site [kowoma.de]
    • Re:Galileo != GPS (Score:4, Informative)

      by Tugrik (158279) <tugrik@gmail.COLAcom minus caffeine> on Sunday July 09, 2006 @06:30AM (#15686344)
      If you want to get technical, the "American" system is called NAVSTAR GPS, which stands for NAVigation Signal Timing And Ranging Global Positioning System.
    • by Professor_UNIX (867045) on Sunday July 09, 2006 @07:26AM (#15686421)
      I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.
      To paraphrase Michael Bolton, "Why doesn't he change his name, he's the one that sucks!"
  • Encryption (Score:4, Informative)

    by Anonymous Coward on Sunday July 09, 2006 @05:59AM (#15686293)
    AFAIK the PRNs are not really encryption keys. They're merely a technical detail that can be kept secret. GPS and Galileo are spread spectrum applications and the PRNs define the way the signal is spread. If you don't know the spreading function, you can't tell the (unencrypted) signal from the noise. It's really security by obscurity.
    • If you don't know the spreading function, you can't tell the (unencrypted) signal from the noise. It's really security by obscurity.

      Apparently not obscure enough...

    • Spread spectrum using pseudo-random sequences is an encryption method, and an effective one, if the pesudo-random number generator is well chosen.

      Whether it was intended to be used as such as part of Galileo is another question.
    • AFAIK the PRNs are not really encryption keys. They're merely a technical detail that can be kept secret.

      What is a PRNG if not a hash function? You hash each number in the sequence to get the next number. Since you don't want just anybody who knows the hash algorithm to be able to predict your sequence, you generate a longer than necessary number and only reveal part of it, keeping some of the bits secret. If Galileo was cracked, somebody must have figured out the secret bits as well as the function.

    • High-security spread-spectrum systems do use cryptographically secure spreading codes. Unlike the spreading codes used in less secure systems, they don't repeat and you need an accurate time reference to synchronize the PN code generator in the receiver with the PN code generator in the transmitter.
    • AFAIK the PRNs are not really encryption keys.

      You must be wrong. It says so in the paper.

    • Re:Encryption (Score:5, Informative)

      by FireFury03 (653718) <slashdot@nexusuk.oGAUSSrg minus math_god> on Sunday July 09, 2006 @11:02AM (#15686905) Homepage
      It's really security by obscurity.

      It's not really intended to be security anyway - everyone knows the normal NAVSTAR, WAAS and EGNOS PRNs (you have to in order to use the services) - the PRNs are used to differentiate between individual satellites, which all transmit on the same frequencies. I guess they just decided not to publish the Galileo PRNs until they'd got further into the project.
    • "spread spectrum [...] It's really security by obscurity."

      No, it isn't.

      A "security by obscurity" device is one that you can't tell how is it built and still use it as a "security device".

      For instance "rot 13" is a "security by obscurity" device. Once you tell a cypher is made out "rotting13" a clear token, you are gone.

      On the other hand, "Caesar's cypher" is not a "security by obscurity" device. Caesar's cypher, you know, is the general procedure which rot 13 is an special case. You can tell "this is cyp
  • Offtopic but.... (Score:5, Insightful)

    by rolfwind (528248) on Sunday July 09, 2006 @06:08AM (#15686299)
    Afraid that cracking the code might have been copyright infringement, Psiaki's group consulted with Cornell's university counsel. "We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the encryption used by a navigation signal is fair game," said Psiaki.


    Sigh, how did READING the bits on your own CDs/DVDs ever become illegal? Freedom of speech implies a freedom to read what you want. (Yes, I understand the DMCA, but I'm still in shock - I always considered laws making it illegal to read "signals", etcetera "not intended for you" very British but very unAmerican. And I say British because I'm getting those quotes from British laws circa WW2 and probably before.)

    Props to Cornell.
    • It's not the reading signals bit that's the illegal one. It's knowingly intercepting signals that you know aren't intended for you. Alternatively, accidentally intercepting signals and then telling somebody else.
    • very British but very unAmerican.

      Strange that it is America that is forcing Britain to accept these laws ... In legal terms Britain always had the concept of State Secrets just the same as the US but it is the US that has re-introduced the era of the guilds, trade secrets like that went out in the middle ages in Britain.
    • Thanks to US great politicians, their poor understanding of the IT world, and great lobbying of groups of interest.
      There is a really good article about DMCA in the current release of IEEE Spectrum, pointing out all the bad things that it introduced (no hardware DVD copiers, no digital VCRs capable of skipping ads, etc.)
  • by tonigonenstein (912347) on Sunday July 09, 2006 @06:10AM (#15686302)
    The article is inacurate and makes a big deal about nothing (BTW did you notice it was written by a guy from Cornell ?) First, Galileo is not ready yet. The article claim they plan to charge for the keys. This is plain wrong, the base precision signal (which is the one we are talking about) will be available free of charge. The system is simply in testing phase right now and they don't want anyone playing with it, that's all. Second, this PRN sequence is not supposed to be difficult to crack at all, since it will actually be made public in time. This is in no way an achievement. It is was the high precision signal, this would be another matter.
  • by FrankDrebin (238464) on Sunday July 09, 2006 @06:15AM (#15686313) Homepage
    1. The Cornell team anaylzed signals from a demonstration satellite that by itself is not useful for navigation, and according to the documentation transmits the same power-envelope, but not the same PRN's, as the operational system.
    2. According to Cornell's lawyers, the DMCA was not a concern because navigation data is not, and cannot be, copyrighted.
    • 2. According to Cornell's lawyers, the DMCA was not a concern because navigation data is not, and cannot be, copyrighted.

      There is no navigation data in the signal. Its a time signal/timestamp that gets transmitted.

      The "logic" of your navigation system is inside the "box" in your car/ship/.. The box calculates the position depending on the timesignal.
      If your system can't read the time signal you can not calculate your position.

      If the time signal is encrypted it may become a DMCA matter in US. Would be nice t

      • Its a time signal/timestamp that gets transmitted [...] If the time signal is encrypted it may become a DMCA matter in US.

        Umm, so you're claiming that a timestamp can be copyrighted?
        • By the way, I claim the copyright on his date of birth.

          I don't happen to know what it is at the moment, but I must be given the copyright on it anyway because as we all know Property Rights Must Be Protected.

          -
    • navigation data is not, and cannot be, copyrighted.

      I think the cartographers would beg to differ on this count.
      • >I think the cartographers would beg to differ on this count.

        Not at all. It is not the geographically data itself that they get copyright on (or no one else could maka map of an area were you have copyright on your map). It is your expresion of that data into your specific map that you get copyright on. Anyone is free to make their own map (or whatever) based on the information on someone else map. They can't copy that specific map with its layouts and so on.
    • According to Cornell's lawyers, the DMCA was not a concern because navigation data is not, and cannot be, copyrighted.
      It's not important that a suit has merit, it's only important that the defendant runs out of money before the plantiff.
  • by Anonymous Coward on Sunday July 09, 2006 @06:24AM (#15686331)
    If a European tried doing something like this with a US GPS satellite, they'd get arrested for being a terrorist long before they had chance to write a paper on it.
    • Errr. Wrong.

      They'd possibly get a medal in the east, loads of cash from certain people in the west.
    • I realise that its dangerous replying to trolls, but everyone who really wants to has already cracked the US GPS high precision code. I don't know how much of a secreat that is, but I've been told by people who know that its been done. The government is aware, but I think they still retain the posibility of switching it if they need to and having all of the military GPS work without modification. No, the US doesn't like the Euro Gallileo, because as far as we know, they lack the ability to block, or change
      • Re:Nope (Score:3, Interesting)

        by FireFury03 (653718)
        No, the US doesn't like the Euro Gallileo, because as far as we know, they lack the ability to block, or change the signal.

        This is not true (anymore). ISTR the sequence of events went something like:
        1. EU announced Gallileo
        2. US started complaining that they didn't see why the EU wanted to do this since there was an already perfectly good GPS system in operation.
        3. EU pointed out that NAVSTAR is under the control of the US millitary and they didn't trust the US not to turn it off or "adjust" it
        4. US said that this wou
  • by i-neo (176120) on Sunday July 09, 2006 @06:38AM (#15686350)
    Cornell demonstration is pretty useless.

    First Galileo is only in testing phase, therefore nothing tells you the signal encryption they are using is the definitive one. I would rather think they are testing and they don't care if someone is getting it.

    Second have you ever heard of firmware upgrade ? I guess encryption will be updated when the satelites will be in production, and there will not be any problem since it is not being used in any device yet.

    Thank you Cornell people for this useless article. Another Cornell box ?
    • by jefu (53450)

      (Not According To The FA)

      The article says that the Cornell GPS group tried to get the information but failed, as did several other groups - so :

      they don't care if someone is getting it.

      does not seem to apply. Furthermore, there are other parts of the article that hint that the signal encryption used is indeed the definitive one.

      Now, as to the satellite/receiver firmware being updated - that is certainly always a possibility and nothing in the article contraindicates that.

  • by Goonie (8651) * <robert DOT merkel AT benambra DOT org> on Sunday July 09, 2006 @06:45AM (#15686358) Homepage
    If I read this, and the GPS [wikipedia.org] article in the Wikipedia, it would now be possible to build a Galileo system out of off-the-shelf parts and some moderately clever software. Is this the case, or is there something I'm missing?
    • > is there something I'm missing?
      Yep. There's only the one satellite, (a demo and a placeholder, a bit like Vista beta :) so a lot of the time it's not going to be above the horizon on your part of the rock. Yeah, a lot like Vista beta, come to think of it.
    • by HuguesT (84078) on Sunday July 09, 2006 @08:22AM (#15686513)
      Yes, you are missing the fact that there is only one Galileo satellite in orbit right now, and this one doesn't include all the technology that will make Galileo an interesting system, namely the high-precision onboard atomic clock. In all generality you need timings from at least 4 different satellites visible from everywhere to be able to locate a point in 3D. This means about 12 at a base minimum must be in orbit for the system to be useful. The final system will have 30.

      The current sole Galileo system in orbit is a test system. The final systems will be significantly different.

       
  • by KDN (3283) on Sunday July 09, 2006 @07:30AM (#15686422)
    The US GPS system also has two encrypted channels, P1 and P2, which use undocumented PRN generators (or at least I've never found them). Has anyone ever cracked them? The CA signal is what the civilian systems use.
  • Isnt That Illegal? (Score:3, Insightful)

    by omegashenron (942375) on Sunday July 09, 2006 @07:43AM (#15686442)

    Given that these codes are in place to sell premium products to consumers and recoup the investment made with putting the satellites in orbit - how is this any different to breaking codes for satellite TV and/or DRM?

    I really hope the folks at Cornell start working on something that would have a legitimate use such as the ability to make a backup of a legally purchased HD-DVD movie... oh wait... that would be illegal :-(

    • It's not the premium code - they simply found the code used for the test satellite's Open Service. Once the system is up and running, this key will be changed and given out to manufacturers anyway, it's not like it's going to be highly protected.

      The Commercial Service, Public Regulated Service and Safety of Life Service all use different (more secure) encryption means.
      • "this key wil be changed and given out to manufacturers anyway, it's not like it's going to be highly protected."

        Makes you wonder why they bother in the first place. Sounds like a lot of effort, infrastructure and middlemen to construct something that's obviously going to be bypassed very shortly. Ah, the middle men, that's where it came from....
  • by justthisdude (779510) on Sunday July 09, 2006 @08:45AM (#15686555)
    I'm no big fan of copyright, but I think Cornell needs a better lawyer. Clearly, no one can copyright a location (although this would make for a great scene: "Where am I?" "I can't tell you; it's copyrighted." I bet Dick Cheney is already drooling, but I digress). What they are protecting is the output signal from their satellites' atomic clocks, and measurements of their exact orbits. A mobile device computes its own position by comparing path delays to themselves from many satellites' known locations. The timing signal and satellite ephemeris are creative content that can be protected just like a map or satellite picture can be copyrighted, while the location depicted isn't. TFA compares decoding the timing signal to looking at a lighthouse and deducing your own position, which is clearly free. That same arguement would support decoding satellite signals of CNN to deduce world events. World events are clearly free, but the video isn't.

    A stronger arguement can be made: since they have agreed to make the codes open source they have no right to enforce copyright. You just can't say they aren't creating anything.

    • No offense, but I think engineers need to stop playing lawyers. As an engineer headed to law school in the fall, I'm smart enough to know how little I know at this point.

      With that said, the very first thing they teach you in law school is "it depends"...everything in the law is a balancing act, and is subject to human judgement. Sometimes it's a very lopsided balancing act, but there's almost always room for argument.
  • "Imagine someone builds a lighthouse," argued Psiaki. "And I've gone by and see how often the light flashes and measured where the coordinates are. Can the owner charge me a licensing fee for looking at the light? ... No. How is looking at the Galileo satellite any different?"

    You would expect it to work that way, but NO. Today, it really is possible to transmit information into publicly receivable media and still be able to prohibit the use of it and to do the research necessary to make the signal useful (
  • by joshua42 (103889) on Sunday July 09, 2006 @08:57AM (#15686584)
    Acoording to a friend working on the Galileo project they came up with a new encryption algorithm specification a week ago. Quite annoying with such changes this late in the project, they thought. I guess this news kind of explains it.
  • What does this mean to me? Can i reprogram my portable GPS to this new code? And what does it give me if i can? I already get free access to GPS now ( well i paid my purchase fee on the device ) and didnt the US government lift restrictions on accuracy recently ?

    No i couldnt get to TFA to read it.
  • I don't understand (Score:2, Interesting)

    by MrShaggy (683273)
    Why it was necessary to break up someone's business like this? Now instead of paying monthly for access, they are going to have to license the access right to the manufacturer. Space is expensive. So when satellites need repair or replacement, how is this going to happen ?? All you will see is either the company will figure out a way to update the codes all the time(Like sat. tv) or, a massive increase in the cost of GPS units, to cover the license cost. Now someone that has a small hobby like geocachin

Consultants are mystical people who ask a company for a number and then give it back to them.

Working...