[aprssig] Part 3/3: Updating APRS Clients (Consumer Needs)
scott at opentrac.org
Tue Jan 15 11:46:27 CST 2008
For use on commercial frequencies it's not hard to implement encryption.
Pick a different PID, encrypt with a shared key using XXTEA (secure
and easy for small tracker to implement) on the transmit side, and
decrypt anything with that PID on the receive side.
Key management is still an issue, especially if you need multiple
systems with different keys on the same channel. And the resulting
system is arguably not "APRS".
I did come up with a useful hack for the T2 that could be used for
crypto key material - you can get a 1-wire EEPROM in a TO92 package and
crimp it directly into an RJ-11 plug and it'll fit in the accessory port
on the front. That's at least enough space for a 128-bit key, and
possibly some other configuration data as well.
Jason KG4WSV wrote:
> On Jan 15, 2008 10:49 AM, Steve Dimse <steve at dimse.com
> <mailto:steve at dimse.com>> wrote:
> I see a potentially insurmountable post-9/11 challenge, encryption.
> The current paranoia makes it hard to convince anyone to send accurate
> positions of critical assets over an open channel, all the worse that
> the posits are made instantly available on the internet. Before
> investing efforts in meeting the other challenges, how would this
> potential deal-breaker be solved?
> APRS is entirely useful without the global APRS-IS. It is trivial to
> see the case where an APRS-IS is running in an intranet scenario, even
> encrypted if so desired (although we wouldn't do that on ham
> frequencies, of course). For example, one can trivially create an
> APRS-IS with xastir on a laptop with an ad-hoc wireless network; I have
> done so in my truck on balloon chases.
> More specific solutions would depend on the specific problem/scenario,
> but I can see where security, obscurity, or openness could be applicable
> in various scenarios.
> The paranoia is indeed the part that would make the problem insurmountable.
> aprssig mailing list
> aprssig at lists.tapr.org
More information about the aprssig