[aprssig] Message reject behavior

[scott at opentrac.org]

> The WhereAVR does.  It's not a production item, but I think Gary 
> provides all the info you need if you want to build one:
> 
> http://www.knology.net/~gdion/whereavr.html

Last I heard, it was a single-character payload that it decoded.  Has that
changed now?  I didn't think it was anything that'd be Igated by default,
but I could be wrong.

I've got two authentication modes planned so far - callsign-based, where it
just matches the sending call against a predefined list (working as of
yesterday), and a cryptographic message authentication code.  I'm also
thinking about a simpler scheme that you could use from a D7 or D700, and
calculate the code in your head.

The main difficulty with the MAC is providing protection from replay
attacks.  Challenge-response is problematic when you might be commanding a
device (like a balloon cutdown) in the blind, and including a timestamp is
difficult because of the network latency and the fact that the device might
not have a GPS receiver for time-of-day information.

Without replay protection, there's nothing to prevent someone from recording
a command (and they can see what the command is, since encryption isn't
allowed) with a valid MAC and retransmitting it later, and it's hardly more
secure than callsign-based authentication.  With databases like FindU
archiving messages, it's trivial to go look up past commands that were sent.

Some kind of one-time salt value could be used, but has the same problem as
the challenge-response option - with an unreliable or asymmetric link you
can get out of sync with what the remote device thinks the next value should
be.

What I'll probably do is a sequence number and window... the device will be
expecting the command to have either the current sequence number (which it
might advertise in its status text) or a value within a certain window.
That way, it'll be less sensitive to getting out of sync with an assymetric
link or multiple stations sending commands at once.

Scott
N1VG