Cracking the GPS Galileo Satellite 364
Glyn writes "Newswise is reporting the the encryption in the Galileo GPS signal has been broken. The pseudo random number generator used to obscure the information stored in the Galileo GPS signal has been broken. From the article: 'Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.'"
Amateur Galileo receiver? (Score:3, Interesting)
Re:uncrackable encryption (Score:5, Interesting)
Re:Accuracy not critical with nukes on soft target (Score:3, Interesting)
Actually, like most such strategies, North Korean nuclear strategy is most likely to revolve around not having to actually fire such weapons; if you at any point need to actually launch, you've already lost, they can only be used to make the enemy and the rest of the world lose too.
Taken to the natural conclusion, see the Dr Strangelove version of Doomsday Machine. No precision needed at all, and you dont even need a trebuchet.
Re:and North Korean rocket scientists appreciate t (Score:1, Interesting)
Re:How about the US GPS encrypted channels? (Score:4, Interesting)
which is a pity -apparently it works better under tree cover than civilian GPS.
Algorithm is being replaced (Score:5, Interesting)
Re:uncrackable encryption (Score:4, Interesting)
Security is the difference in access-pain for those with permisison vs. those without. Putting something where nobody can get to it is not ultimate security, thats no security at all.
As for the satellite, I presume the European one is offering more accuracy and that it can't be shut off by the US Government. Well not because they unilaterally decide to.
Also I'm surprised if anyone in US would be able to use this cracked satellite data in the US due to DMCA. But everyone else in the world can, lol.
I don't understand (Score:2, Interesting)
What about the DMCA? How likely would this company try to sue the university, and the students, for breaking the code. I'm sure that they would go after the magazine as well. Why did they have to name the company? Why couldn't they just say they cracked a type of code this way? Did they even inform the company that the code was cracked in order to give them time to fix it? Just because you don't like the Pay-per-use model, doesn't mean that you have to use it.
Re:uncrackable encryption (Score:3, Interesting)
Hate to make a plug for myself but I came up with a one time pad authentication method for logging into websites. It's as secure as can be socially accepted. Key words there.
http://www.tacocat.net/
The idea is to get your password sent to you by some method and upon successful authentication, the password is reset and retransmitted. The socially accepted part is sending the password to you in such a way that you'll actually be able to use it. The most common form of sending new passwords today is via email. I'll pass on any discussion about how secure this is, it's too common to ignore. But the better alternative is via SMS to your phone.
Almost as good as biometric authentication but you can run it on websites. No need for HTTPS authentication schemes since the password expires immediately. No need for each website to come up with their own password authentication modules (PAM) -- It's just a proxy pass to a central server (me) to authenticate.
I ginned up something as a proof of concept out there and it works well enough.
And before you go running off to make a patent, white papers exist on the internet dating back to 1990 on using One Time Pads for internet/computer authentication mechanisms. And the fact that I wrote all this up here also serves as prior art.
Re:Nope (Score:3, Interesting)
This is not true (anymore). ISTR the sequence of events went something like:
Now personally, I think this is a very Bad Thing - if I'm using a global positioning system for safety critical purposes I want it to be as damned bulletproof as possible, I don't want it purposefully designed to be easilly jammable just to please a paranoid foreign government.
Re:Two Interesting Points (Score:1, Interesting)
If you don't believe all that, just go to Google Maps and read the copyright in the corner. It will usually be either Nav-Tech or Geographic Data Technology (my former employer).
Re:Quantum encryption (Score:2, Interesting)
Re:uncrackable encryption (Score:3, Interesting)
I was hoping that the website would explain this. Did you RTFM? Assuming you did not. The advantage that still exists is that OTP, even over SMS is much harder to intercept than standing behind someone at an airport kioske or sniffing wireless networks... I didn't say it was 100% secure, in fact I think I even make mention that it is still not perfect. But it's a hell of a lot better than common practice today.
I would think it would be preferred if someone would be willing to move towards a better solution than waiting for the perfect solution and damning all others.
The key problems that are addressed are:
As as far as my idea sucking. Fuck you. I don't see you coming up with anything but vinegar. You're not even trying.
what non-military use? (Score:3, Interesting)
a. standard GPS
b. standard GPS plus a differential signal (good for airport approaches)
c. carrier-phase (sub-centimeter but slow, for surveying)
I'll grant that differential signals can make airports easy targets.
For what are you needing the combination of precision, accuracy, fast measurements, and a location that hasn't been set up with a differential transmitter?