Zurich Orbital Habitat Encryption, Corporate Guide says it is unbreakable? Options

[Smokeskin]

Say what? How come these guys get it? And why aren't they just using tight-beam microwave?

[LurkerOutThere]

Because their the ruling body for the entire world with unlimited money to spend?

Addendum: I should be more specific and say I've been kind of piecemealing my way through corp guide and haven't gotten to the section in question. They give an example of a ZO base station in uniwired and it's the scariest system detailed in the book by a safe margin.


Addendum:
For my part hacking the ZO is going to be an epic run, we're talking people in the Fastjack league backed up by a further world class team of speacilists to actually get them access. Even then it's questionable what they could get access to. Although just getting a hack into the ZO would probly net you pay data or banking info to make the trip worth it.

[Smokeskin]

Because their the ruling body for the entire world with unlimited money to spend?

And that allows them to do the mathematically impossible?

[TommyTwoToes]

And that allows them to do the mathematically impossible?

They use plotion encryption. The plot says they need it, so they have it.

Move along, nothing to see here citizen, move along....

[Smokeskin]

They use plotion encryption. The plot says they need it, so they have it.

Oh yeah of course.

Sort of like the inverse of why everyone else can't use one-time pads for encryption - that setting needs it for hackers to be useful, so they can't have it.

Ok, in my game, ZO Habitat uses tightbeam microwave comms, and yes their redhot sensors will spot whatever you're trying to sneak in there. Just like how XORing with long random strings causes chaos sprites to appear and garble it all up. Fucking technomancers.

[Johnny B. Good]

Fucking technomancers.

In know right?
I heard they eat bank accounts and drink firewalls.

[Karoline]

In know right?
I heard they eat bank accounts and drink firewalls.

Mmmm, firewalls, goes down smooth.

That aside, there is specific mention in Unwired that there are various kinds of encryption. The most common kind (found on 99.9% of stuff) is fairly easy to crack. There are however other forms of encryption that could take much longer to crack, but aren't used often because it makes the data difficult to access even for those intended to be allowed to access it. I would guess that whatever they do on that space station is so important, that they're willing to go through the absurd difficulties associated with the highest level of encryption, which likely includes running the passkeys around physically, and hours/days of (authorized) encrypt/decrypt time on the data.

[Traul]

Sort of like the inverse of why everyone else can't use one-time pads for encryption - that setting needs it for hackers to be useful, so they can't have it.

Same reason as why one time pads are not in use nowadays: how do you share the pad?

[Karoline]

Same reason as why one time pads are not in use nowadays: how do you share the pad?

Even back in the Cold War one time pads were too much hassle for the CIA (and others) to use even on its most secure communications. Russia made use of it from my understanding though.

To use a one time pad the message must be (hand) encoded using a big page of switcharoos, this could literally take hours for even a fairly short message. The message was then encoded (again) and sent to whoever. Whoever would then have to do a standard decode to get the one time encoded message, which included a pad number. Whoever would then have to look through their stacks of pads to find that particular pad, then spend hours decoding the message. I'm not sure if the pad was burned (With a witness) at this point, or if they were two part ordeals that included another code for the return message. Either way they were burned and required a witness to the burning (and a destruction of the ashes). So, after a few hours and alot of pain in the ass, you managed to get one message through. Very very slow, and generally communication needed to be faster than that to be effective.

So yeah, one time pads aren't used in SR because no one wants to spend half an hour to decode "Hi, how are you doing today?", and no one wants to have to carry around massive stacks of pads so that they can send and receive stuff. Keep in mind you really can't do any of this digitally, because if you do, then the pad might get hacked, making the entire effort worthless.

[IcyCool]

So yeah, one time pads aren't used in SR because no one wants to spend half an hour to decode "Hi, how are you doing today?", and no one wants to have to carry around massive stacks of pads so that they can send and receive stuff. Keep in mind you really can't do any of this digitally, because if you do, then the pad might get hacked, making the entire effort worthless.

That's ... not entirely true. There are electronic variations of one-time pads for secure access and communication. You may have seen them, they are about the size of a credit card, and at set time intervals they generate a string of characters that you use as your access key (which is used to encrypt your data). The only effort required by this method is to enter that string as the seed for your encryption. We have come quite a long way from the pencil and paper one-time pad.

Now it is true that unless you are communicating with another person who has the companion card, that the receiving end would have the software that generates the companion key. In that latter case, a hacker could get the algorithm that generates the digital one-time pad from the server, and then that pair would be un-secure. But in the case of two companion cards which don't wire-lessly broadcast anything, that would be absolutely as secure as a regular one-time pad (i.e. Someone would have to steal a card, or gain access to the card to copy that card's key generation algorithm).

Edit - It's worth noting that with a digital pad, your transmission could be intercepted and copied, which means that eventually a hacker would be able to break your encryption by brute force, which takes time. But by the time said message is cracked, the content could be very old (weeks, if not months), and the users will already have moved on to another one-time key. If a hacker intercepted enough encoded messages, brute forced the encryption on them and analyzed the keys used to encrypt them, it's possible that the hacker might be able to duplicate the key generating algorithm. That's alleviated by using multiple key-generators, but still worth considering.

So I guess it's entirely possible that digital one-time pads could be represented in Shadowrun by high rating encryption. It's not impossible to break, but a nova-hot decker with some seriously SotA decryption software might be able to do it in a reasonable amount of time. After all, it's not like the world of computer security is very detailed in Shadowrun, quite often such things are abstracted as a rating 6 Decrypt program.

[sabs]

You mean key FOBs?

They already have that level of encryption/access. But you're still running softwaer, and if you can capture the data, you can work on decrypting it.

Still, the whole Shadowrun world works on the idea that decryption tech has outstripped encryption tech. Which is the opposite of our world today.

[Karoline]

Yeah, my dad actually has to make use of those now (He used to use something very similar to a one time pad, but instead it was a one day pad). You still have a problem of: if a computer is doing the encryption/decryption, then the hacker could get access to that computer and get the key generator. Unless of course the work and encryption and decryption is all done on separate computers that aren't on the matrix at all.

But you are right, it is all abstracted. Maybe that level of security is a rating 6 encrypt program, and it is just a mark of how far decryption has come (Something which SR constantly pounds home) that even something like that only takes a few moments to break. I mean commlinks after all have an unspecified but absurdly huge amount of processing power, so maybe they can just brute force hack that quickly.

[IcyCool]

You mean key FOBs?

They already have that level of encryption/access. But you're still running softwaer, and if you can capture the data, you can work on decrypting it.

Still, the whole Shadowrun world works on the idea that decryption tech has outstripped encryption tech. Which is the opposite of our world today.

See my edit above, I think it went in after your post.

If by key FOBs you mean these, then yes.

At any rate, given that, in Shadowrun, Encryption isn't unbreakable, just weak or really strong, I would gather that by the 2070's, some brilliant mathematician has discovered a way to derive a "random" string of numbers through some mathemagic.

The only real exception is the security on Zurich Orbital. Maybe they've got some brilliant brain in a jar up there who is manually generating one-time pads.

[sabs]

yes, those are Security FOBS.

Maybe ZO is running real time synchronized modulating encryption on their signals.
Using specialized hardware linked to their dish arrays.

The system still needs to be useable though.
But if everyone connecting to the ZO Nodes has to have a special commlink module?

Like say a ZO Encryption Module.

That module has special hardwired circuitry that handles synchronized modulating encryption, and security.
If you attempt to connect to ZO's node without said module, then your connection gets immediately terminated, no questions asked. Try multiple times and we fry your commlink. Try more than that, and we fry you. After all, if you're authorized to be in the system, you're probably running cold sim. So you're mostly safe.

[suoq]

[not serious]
Actually, they don't really use encryption. They use [carl sagan]billions upon billions[/carl sagan] of tiny courier sprites. These sprites are all connected to a giant internal Resonance Mesh. They do send a lot of normal traffic but that network is really just a lot of honeypots sending random gibberish. The traffic network is necessary because if the didn't have a network passing tons of data people would start wondering how they really did business and would start looking deeper into resonance links and sprites.
[/not serious]

[Traul]

That's ... not entirely true. There are electronic variations of one-time pads for secure access and communication. You may have seen them, they are about the size of a credit card, and at set time intervals they generate a string of characters that you use as your access key (which is used to encrypt your data). The only effort required by this method is to enter that string as the seed for your encryption. We have come quite a long way from the pencil and paper one-time pad.

Now it is true that unless you are communicating with another person who has the companion card, that the receiving end would have the software that generates the companion key. In that latter case, a hacker could get the algorithm that generates the digital one-time pad from the server, and then that pair would be un-secure. But in the case of two companion cards which don't wire-lessly broadcast anything, that would be absolutely as secure as a regular one-time pad (i.e. Someone would have to steal a card, or gain access to the card to copy that card's key generation algorithm).

This is known as one time password, not one time pad. I know, it does not help that the acronym is the same (IMG:style_emoticons/default/wobble.gif) It is not nearly as safe as one time pad. Here, "one time" does not mean that the password or the encrypted date cannot be recovered, but that even if it is recovered, an attacker cannot use it to guess the next one. To ensure this, the devices still need to hold only a finite number of passwords: if they were able to generate the N+1 password form the N, then an attacker could do the same. What they usually do is work backwards: decide the number of passwords to generate then derive the N password from the N+1. Then guessing the N+1 password form the N one is essentially decrypting the generation function. These functions are considered sure nowadays, but how about the SR setting?

[suoq]

On a more serious note, security can be thought of as having three categories.

1) Something you have. (Key)
2) Something you know. (Password)
3) Something you are. (Fingerprint)

However, in shadowrun, it should be possible to add a 4th level of security

4) Something you cast.

(Which has the nice side effect of making a H.A.C.K. acronym. "Have, are, cast, know".)

Security based on Magic really hasn't appeared in Shadowrun (at least as far as I can think of). The first group to devote a lot of resources in secret to it is going to have a huge security advantage. That may be what Zurich Orbital has done.

[hobgoblin]

before the late 90s, USA considered anything above 64-bit (or there about) encryption weapon grade under export laws. So when someone put a 128-bit encryption system online for free download, they dragged him to court.

Basically, SR computing is as if the EFF, the FSF and a whole lot of others never existed (or got marginalized by government and corp by various means). Thats on top of the whole crash 1.0 thing, that the corps supposedly used to introduce a whole different computer design paradigm. One that fitted their interests more closely (masking chips in SR1-3 was a "go directly to jail" offense. i am surprised that some SR4 software is not F grade).

thats on top of the SR1-3 matrix had design elements more in common with the phone system then the internet (if one read *TG's as phone switches more then internet routers).

[IcyCool]

This is known as one time password, not one time pad. I know, it does not help that the acronym is the same (IMG:style_emoticons/default/wobble.gif) It is not nearly as safe as one time pad.

Well, yes, but if the "password" string was used to encrypt the message, this would be functionally identical to a one-time pad. And I could swear I saw just such an application of this somewhere, but my memory and google-fu are failing me, so I won't push that aspect any further.

At any rate, Shadowrun doesn't really go that in-depth into security, thankfully. It just abstracts things out.

suoq's suggestion of somehow incorporating magic into tech security is interesting though. Maybe some sort of encrypted summoning formula that, when used, summons up a spirit that provides the relevant data, as long as the individuals summoning fit a certain assensing profile? That would be a really limited use though. How might it be used to provide a more secure, and generalized, security?

[Ancient History]

The answer, unfortunately, is a small abomination called an "alchemical passkey." Like most of y'all's questions, comments, concerns, kvetchings, and queries, the details are pretty much all in Unwired.

[Traul]

Well, yes, but if the "password" string was used to encrypt the message, this would be functionally identical to a one-time pad. And I could swear I saw just such an application of this somewhere, but my memory and google-fu are failing me, so I won't push that aspect any further.

1) If the password is shorter than the message it encrypts, then the encryption of one message is not as strong as a one time pad.
2) If the sequence of passwords is not purely random, then the system as a whole is not as safe as a one time pad.
3) If the sequence of passwords is purely random and each password is as long as the message it encrypts, then it IS a one-time pad, with all the defaults. Soon you run out of pads.

[Dumori]

Edit - It's worth noting that with a digital pad, your transmission could be intercepted and copied, which means that eventually a hacker would be able to break your encryption by brute force, which takes time. But by the time said message is cracked, the content could be very old (weeks, if not months), and the users will already have moved on to another one-time key. If a hacker intercepted enough encoded messages, brute forced the encryption on them and analyzed the keys used to encrypt them, it's possible that the hacker might be able to duplicate the key generating algorithm. That's alleviated by using multiple key-generators, but still worth considering..

And if your luck they may decrypt a message you dint put there that dosen't effect your plans. Brute frocing a one time pad is annoying for that reason. You have to get every possible decryption to be sure you've go the right message. Currently that could take forever and aday. In SR the expernetal nature of IT delveopment could drop that by alot but large one time pad files could still be horrific to brute force.

[Doc Chase]

Say what? How come these guys get it? And why aren't they just using tight-beam microwave?

I thought Corp Guide said they used multiple comm sats to transmit, and the other sats transmit garbage - like Disney tunes - but it wasn't unbreakable. Just very difficult.

[Smokeskin]

Even back in the Cold War one time pads were too much hassle for the CIA (and others) to use even on its most secure communications. Russia made use of it from my understanding though.

To use a one time pad the message must be (hand) encoded using a big page of switcharoos, this could literally take hours for even a fairly short message. The message was then encoded (again) and sent to whoever. Whoever would then have to do a standard decode to get the one time encoded message, which included a pad number. Whoever would then have to look through their stacks of pads to find that particular pad, then spend hours decoding the message. I'm not sure if the pad was burned (With a witness) at this point, or if they were two part ordeals that included another code for the return message. Either way they were burned and required a witness to the burning (and a destruction of the ashes). So, after a few hours and alot of pain in the ass, you managed to get one message through. Very very slow, and generally communication needed to be faster than that to be effective.

So yeah, one time pads aren't used in SR because no one wants to spend half an hour to decode "Hi, how are you doing today?", and no one wants to have to carry around massive stacks of pads so that they can send and receive stuff. Keep in mind you really can't do any of this digitally, because if you do, then the pad might get hacked, making the entire effort worthless.

Look, in the age of computers, you don't have to do any of this by hand. You don't have to carry around "stacks of pads". You just both have the same copy of very long random string. It is very easy and computationally A LOT faster than any other type of encryption.

Storage isn't a problem either. Want to encrypt the video feed from a drone? A one-time pad that takes up as much space as 100 hours of video (totally insignificant in SR4) allows for 100 hours of video to be transmitted securely.

Exchanging keys? Not a problem either. For drones, you exchange them when they refuel/recharge. Teams exchange OTPs when during mission briefing. Etc. Arguing that we now think it is too much hassle doesn't hold - today we have solid alternatives, in SR4 you either go through the absolutely minor hassle of exchanging OTPs, or you suffer totally unsecure comms.

Afraid of someone on your team getting hacked and the OTP gets stolen? That will only happen if his system accepts non-encrypted channels, which of course they're set to not allow. Any hostile commands doesn't have the proper OTP encoding so it is garbled. And if someone should manage it anyway - well, you're really no worse off than you are today anyway.

There is absolutely no reason why cops, security teams, shadowrunners etc. wouldn't use OTPs - it is very simple, and it gives unbreakable comms.

If you want to talk about standard, long range communication, then a 3rd party OTP provider could solve this. This provider sells sealed data chips with OTPs on it. I want to send a message to Eve, I encode my message with the OTP and sends it to provider along with Eve's ID. They then decrypt it with my OTP, encrypt it with Eve's OTP, and sends it to Eve. If we're feeling really paranoid, Eve and I could encrypt the message normally first. So, you ask, doesn't this require a lot of trust in the provider? No, not anymore than you already trust all the owners of all the nodes your data goes through. This is a risk you're already living with. The only risk here is if someone manages to break into the provider, but for one, the entire world would rely on encryption from these providers and you can bet the only ones in business are the ones with the hottest matrix security available. Secondly, even if someone managed to do it, then do you think the guys who did that are the ones who want to listen to your comms, are you that important? And if that one group happens to be the ones on your tail, ok then that one group can do to you what everyone can do to you if you weren't using the OTP provider. Even the hottest datasteal on the planet wouldn't make you worse off than you already are.


Bottom line is, OTPs will allow for near perfect encryption. You can handwave it away, or you can make something up that explains why OTPs aren't in use. I thought, hey this is shadowrun, its magic! Random strings attract things from the resonance realms that screw operations with them up, problem solved.

[suoq]

The answer, unfortunately, is a small abomination called an "alchemical passkey." Like most of y'all's questions, comments, concerns, kvetchings, and queries, the details are pretty much all in Unwired.

Ok. I've read it and re-read it. What does it answer and why is it even an improvement? Sure, the device where it's used needs to be able to read the alchemical passkey but since it appear to be sending regular digital data I don't see how that, in any way, bothers a hacker spoofing the terminal id or a technomancer. Perhaps both devices are also communicating magically but the lack of an astral presence makes that hard to believe.

Maybe you know what makes it secure, but reading it, I sure can't figure it out.