[aprssig] Authentication over APRS was: Ab)Use of APRS for telemetry? Anyone doing it?

[Scott Miller]

> > This still leaves you vulnerable to replay attacks, where someone just
> > copies a valid command sequence off the air and resends it later.
>
> Once the particular OTP has been used, the server will not accept it in
> the future. No replay vulnerability. The other ones you mention are valid
> of course.

I think what I was refering to was my MAC scheme, sans challenge/response.
Or maybe not.  Again, lack of coffee may be an issue.  Time to brew another
pot.

> If you simply want someone to not be able to open your garage door or turn
> your lights on an OTP system seems as 'reasonable' risk. If you intend to
> launch ICB missles...then no :)  Compare risk to effort.

Yeah, but if I'm going to build a system to be the APRS equivalent of an X10
system, I'm going to do it in as safe a way as possible.  For a DIY project,
probably not a big deal.

> For me, if I developed such a thing and found a local ham turning my
> lights off an on for kicks I'd probably laugh about it and then use it as
> direction finding practice. Then buy the guy a beer! :)

Yeah, but someone tripping the cutdown device on your high-altitude balloon
would be a real bummer!  But you're right of course... appropriate security
depends on the value of what you're protecting, and from whom you're
protecting it.

Scott
N1VG