[aprssig] APRS-XO proposal
scott at opentrac.org
Thu Jan 10 13:48:15 CST 2008
> One big problem with UDP vs. TCP - source address spoofing. Yes, there
> are still tons of networks out there that will forward packets from
> bogus source addresses. TCP solves the problem if the server is
Very true. You can still work around that, though. For example,
require a public key to be registered for each UDP sender, and have each
position report signed. For that matter, it doesn't have to be a public
key - it can be a shared secret between the registered client and the
server network. That'd probably allow for a much more compact MAC, and
would certainly be easier computationally. If someone abuses the
network, you just revoke their registration. Any incoming UDP packets
without a valid MAC just get dropped.
> The problem once things get spoofed...the packets point back to someone
> who didn't do it, but to an untrained eye, it sure looks like they did.
And I can vouch for the fact that 'untrained eye' also includes most of
the low-level guys at AFCERT who used to call about that sort of thing
when I worked for the USAF. I had a long canned email explaining the
whole concept, and we had to send that probably every week or two. Just
because they'd been trained to sit in front of an IDS console and read
alerts didn't mean they had a clue as to what they were seeing, or how
to read a tcpdump file.
So here's what I'd propose - each UDP packet gets a header identifying
the originator plus a message authentication code. Say, a CRC32 digest
of an XXTEA-encrypted version of the message plus originator and a
timestamp if you're concerned about replay attacks. (And yes, there are
more secure message digests and MACs out there, but I'm trying to keep
things computationally simple. I do a lot of work with 8-bit micros.)
And yes, I understand that UDP doesn't give any acknowledgment that the
datagram was received. What's the sender going to do if it's not? Try
again, of course. For UDP, you could just send reports twice as often
and still generate 1/3 of the traffic.
Remember that UDP is analogous to the unconnected AX.25 UI frames we use
for APRS on the air. We don't use acks there either, and it still works
despite packet loss rates that are far higher.
More information about the aprssig