Zurich Orbital Habitat Encryption, Corporate Guide says it is unbreakable? Options

[KarmaInferno]

Except we're not talking "most of the data transmission needs of Corporate Entities".

We're talking the secure transmission needs of Zurich Orbital.

There's probably a lot of non-critical data chatter to and from ZO that uses standard channels.

But the hyper-critical data transfers? The ones that CANNOT be allowed in the wrong hands?

Those are probably low traffic enough to use OTP or similar level encryption methods.


-karma

[kzt]

If every node in between unecrypted it, reencrypted it and passed it on, that would be a nightmare. Because your data passes literally through the hands of a dozen different legal entities hands between source and destination. If any of those could decrypt your data at will when it was on their leg of the journey, nothing would be secure.

This is actually how a GSM cell phone call works. The link between your phone and the tower is encrypted, the tower decrypts it and hands the call off to someone else decrypted. The voice/data stream passes unencrypted unit it reaches the destination. If the destination is a cell phone the tower connected to the cell phone encrypts the traffic and sends it to the cell phone.

GSM also initially used a poorly designed encryption algorithm, not sure it this was ever corrected.

[suoq]

But the hyper-critical data transfers? The ones that CANNOT be allowed in the wrong hands?

Those are probably low traffic enough to use OTP or similar level encryption methods.

What strikes me about this is there is one data transfer that CANNOT be allowed into the wrong hands involved in this and that's the OTP. The people in favor of it have been very convinced of it's physical security and invulnerability to with regards to social engineering and de-syncing.

Whatever one's method is for getting the OTP from here to there, it makes me wonder a few things:
1) How far in advance has the OPT be transferred to the endpoint? How much time does a team have to get a copy of that OTP? At what points is the physical OTP vulnerable? How much is a copy of that pad worth?
2) What is it about the data that's forcing it to move through public channels if the OTP didn't have to?

[Doc Chase]

What strikes me about this is there is one data transfer that CANNOT be allowed into the wrong hands involved in this and that's the OTP. The people in favor of it have been very convinced of it's physical security and invulnerability to with regards to social engineering and de-syncing.

Whatever one's method is for getting the OTP from here to there, it makes me wonder a few things:
1) How far in advance has the OPT be transferred to the endpoint? How much time does a team have to get a copy of that OTP? At what points is the physical OTP vulnerable? How much is a copy of that pad worth?
2) What is it about the data that's forcing it to move through public channels if the OTP didn't have to?

1.) I would say monthly. Since there are constant trips up to ZO and back, a vetted courier can hand-deliver the OTP to the recipient either spaceside or dirtside. The OTP is most vulnerable in the pre-delivery stage, because if it's coming from GOD like I would assume it is, then you're only going to get it between the time it lands on Earth and is delivered to the end-user. It's probably delivered with a heavy escort and tucked away in a highly-secure environment guarded by, well, everything. If you could get a copy of that pad, you would be privy to the communications of ZO and everything that entails. Thoughts from the judges on the Corporate Court about cases, advance interest rates from ZOG, new security algorithms from GOD - all the juicy bits. It would be priceless for as long as it took to create and send another OTP once the copy is discovered missing.

2.) You lost me.

[Smokeskin]

If every node in between unecrypted it, reencrypted it and passed it on, that would be a nightmare. Because your data passes literally through the hands of a dozen different legal entities hands between source and destination. If any of those could decrypt your data at will when it was on their leg of the journey, nothing would be secure.

Oh, you mean like how it is in SR4, where everything can be decrypted at will and nothing is secure?

Guess that's your argument gone right there.

[Smokeskin]

Using VPN tunnels you can have decently secure data. Is it unhackable, probably not, but it's certainly difficult.
Corporations use VPN tunnels across the internet /all/ the time to transfer data 'securely'

In SR4 it is really, really easy to hack and nowhere even approaching secure.

[Traul]

2) What is it about the data that's forcing it to move through public channels if the OTP didn't have to?

Time? You need to send the data as soon as they are ready, and as fast as possible. The pad, however, can be sent in advance so you can afford slower and more secure transmission (for example physical transfer in military vehicles with spirit escort, humorless guards, decoys,...) and you can send it in bulk to reduce the cost of said security.

Or you have the quantic explanation. The difference between the pad and the data is that the data actually mean something, whereas you don't care what the pad is as long as both ends have the same. There are people working on quantum transmission that generates the pad during the transfer and ensures no one else can listen to the communication. But it seems you cannot do that with any pre-generated data. I don't know much about the details.

[Smokeskin]

Bolded in the key parts

I've been trying to say that this setup is completely unworkable for most of the data transmission needs of Corporate Entities in ShadowRun.

You haven't provided a single argument for it though.

[suoq]

1.) I would say monthly. Since there are constant trips up to ZO and back, a vetted courier can hand-deliver the OTP to the recipient either spaceside or dirtside. The OTP is most vulnerable in the pre-delivery stage, because if it's coming from GOD like I would assume it is, then you're only going to get it between the time it lands on Earth and is delivered to the end-user. It's probably delivered with a heavy escort and tucked away in a highly-secure environment guarded by, well, everything. If you could get a copy of that pad, you would be privy to the communications of ZO and everything that entails. Thoughts from the judges on the Corporate Court about cases, advance interest rates from ZOG, new security algorithms from GOD - all the juicy bits. It would be priceless for as long as it took to create and send another OTP once the copy is discovered missing.

The issue here is "OTP only the important stuff or OPT everything.

If it's OTP everything, then anyone who can get a copy of the OPT and keep it in sync and copy the data going through the public lines is golden. The easier it is to keep in synce the more golden they are. The harder it is to keep it in sync, the more vulnerable the communication is to being disrupted. Turning that vetted courier is worth a heck of a lot. Getting Technomancer access is even better and easier to hide. And how many vetted couriers do you need to keep all your units in communication with each other constantly? What is the process when a facility can no longer communicate via OTP ?

If it's OPT only the important stuff, why isn't the important stuff carried by the vetted courier?

The issue here is that breakability is only half of security. Usability is the other half. Usability is killer when it comes to security and OTPs are really a pain to use properly. One uses them when not getting the transmission is preferred to the enemy getting the transmission. The reason so many things are often so badly secured is that security, done properly, is a giant hassle. Ignoring that and embracing only the math is neither fun to play nor fun to deal with in the real world.

[Smokeskin]

What strikes me about this is there is one data transfer that CANNOT be allowed into the wrong hands involved in this and that's the OTP. The people in favor of it have been very convinced of it's physical security and invulnerability to with regards to social engineering and de-syncing.

Whatever one's method is for getting the OTP from here to there, it makes me wonder a few things:
1) How far in advance has the OPT be transferred to the endpoint? How much time does a team have to get a copy of that OTP? At what points is the physical OTP vulnerable? How much is a copy of that pad worth?
2) What is it about the data that's forcing it to move through public channels if the OTP didn't have to?

Of course there are social engineering and infiltration issues (desync is not an issue, you can easily verify your position in the OTP).

Compare the two situations

Current SR4 encryption
1) Some degree of vulnerability to social engineering
2) Some degree of vulnerability to hacking
3) Comms that are effectively unsecure

SR4 with OTP
1) Some degree of vulnerability to social engineering
2) 100% safe from hacking through encrypted lines, some degree of vulnerability to hacking on other lines
3) 100% secure comms

Number 1 is something you can handle through operational security. Number 2 is by and large something you can handle with spiders, but you're still cutting down your vulnerability a lot with OTPs. Number 3 is the really, really bad news, there is nothing you can do about it under the current SR4 system, you comms are matematically certain to be wide open - you can go from that to 100% secure with OTPs.

Bottom line, you can't fault the OTP scheme for having a vulnerability that also exists under the current setup. Using OTPs would be a MAJOR security improvement.

If you want to argue against the OTP scheme, you HAVE to point out something in it that is worse than the current setup (and on top of that more of a downside than the major advantage of non-dectryptable comms).

[Smokeskin]

If it's OTP everything, then anyone who can get a copy of the OPT and keep it in sync and copy the data going through the public lines is golden. The easier it is to keep in synce the more golden they are. The harder it is to keep it in sync, the more vulnerable the communication is to being disrupted.

You apparently fail to realize that getting a copy of the OTP is equivalent to comprimising their entire security setup. If you can do that, you already have a backdoor that lets you listen in on whatever you want. You'd be screwed over no matter if you ran with OTP or not, so it isn't an argument against the method, just the simple fact that if the opposition can infiltrate your organisation, they can spy on you. That's not something you can solve with encryption anyway.

And please, this sync thing, why do you get the idea that OTPs go out of sync? Why should there be any packet loss? Do normal transmissions suffer packet loss? In the future, they stopped using protocols that fixed that? And even if it did, there's no harm done exchanging resync info.

[KarmaInferno]

In SR4 it is really, really easy to hack and nowhere even approaching secure.

Heh, which kinda makes the whole concept fall apart if you try and model an actual society.

Really good encryption security is what lets a highly technological society function.



-karma

[Doc Chase]

If it's OPT only the important stuff, why isn't the important stuff carried by the vetted courier?

It is only OPT the important stuff (the fluff coming out of ZO, for the fifth time now, is encrypted to a lesser degree albeit heavily and masked with a 12-satellite shell game to throw folks off), and the vetted courier doesn't carry it because it takes time to get a mission into orbit. Prep time, launch window, secure the dataz, all of it. Easier to send down a OTP once a month and then the data can be sent near-instantaneous using the OTP as an encryption. It's hid with the rest of the garbage on the commsats they're using for a shell game to minimize anyone even picking up the transmission.

[Smokeskin]

Heh, which kinda makes the whole concept fall apart if you try and model an actual society.

Really good encryption security is what lets a highly technological society function.



-karma

Yeah. I try not to think about how they make the whole electronic money thing work without encryption.

[Smokeskin]

It is only OPT the important stuff (the fluff coming out of ZO, for the fifth time now, is encrypted to a lesser degree albeit heavily and masked with a 12-satellite shell game to throw folks off), and the vetted courier doesn't carry it because it takes time to get a mission into orbit. Prep time, launch window, secure the dataz, all of it. Easier to send down a OTP once a month and then the data can be sent near-instantaneous using the OTP as an encryption. It's hid with the rest of the garbage on the commsats they're using for a shell game to minimize anyone even picking up the transmission.

So what you're saying is, if a black ops team used channelhopping and hid their actual comms in lots of garbage, people couldn't listen in, spoof commands, etc.? Why aren't they taking lessons from ZO orbital, it sounds easy enough (frequency hopping radios are already in use today).

That's another thing the Chaos Sprites fuck up I guess.

[Doc Chase]

So what you're saying is, if a black ops team used channelhopping and hid their actual comms in lots of garbage, people couldn't listen in, spoof commands, etc.? Why aren't they taking lessons from ZO orbital, it sounds easy enough (frequency hopping radios are already in use today).

That's another thing the Chaos Sprites fuck up I guess.

Because you'll get farther with minimal communication since that kind of noise screws up everyone's signal. It's concentrated on that scale. ZO has tight-beam transmissions bouncing to these sats, and these sats bounce it down to the target. Or each other. Half of it is to hide where the station actually is.

[suoq]

Yeah. I try not to think about how they make the whole electronic money thing work without encryption.

To the best of my experience, it's mostly along secure lines. FED transfers do NOT go over the internet unless something has radically changed lately. When I worked with them access to the area where the computer was kept was extremely controlled. The physical network itself was protected.

Doc: You are saying OTPs are for special use only. Smokeskin is claiming they're for constant use. Both have different advantages and vulnerabilities.

Yes, normal transmissions suffer packet loss. This isn't the fault of the protocols. Protocols exist for dealing with packet loss so that transmissions can be reliable and quick.

How are you exchanging resync info in a secure manner? Why is that exchange assumed to be invulnerable and reliable?

How do you keep hackers and sprites from brute forcing keys off the OTPs in an effort to destroy the reliability of the communication?

[Smokeskin]

Because you'll get farther with minimal communication since that kind of noise screws up everyone's signal. It's concentrated on that scale.

I don't know if you're being serious, or just doing the "GM-must-defend-the-setting"-thing.

[Doc Chase]

I don't know if you're being serious, or just doing the "GM-must-defend-the-setting"-thing.

I don't know if you're being serious, or just doing the "must-be-contrary-because-it's-edgy"-thing.

Since you're trying to equate hiding a signal across hundreds of thousands of miles with hiding a signal in about 150m of blaring garbage that any rigger/hacker is going to say "yup, jackasses there", then I'm leaning towards the latter.

[Smokeskin]

To the best of my experience, it's mostly along secure lines. FED transfers do NOT go over the internet unless something has radically changed lately. When I worked with them access to the area where the computer was kept was extremely controlled. The physical network itself was protected.

But everyone goes around paying for stuff in their every day life in SR4. Without encryption, that's pretty hard to have working.

Yes, normal transmissions suffer packet loss. This isn't the fault of the protocols. Protocols exist for dealing with packet loss so that transmissions can be reliable and quick.

My point is, the protocols ensures that lost packets get resend - every bit gets through. Sending an OTP encrypted signal is no different from any other signal, you'll end up with everything in the right order in the right place, for you to decrypt.

How are you exchanging resync info in a secure manner? Why is that exchange assumed to be invulnerable and reliable?

A protocol could be "Begin at cipher x, the first 100 bits encrypted bits are all 1s". If you receive such a message and the first 100 bits doesn't decode to all 1s, it is from an enemy, and you discard it. If it decodes properly, it is from a friend.

How do you keep hackers and sprites from brute forcing keys off the OTPs in an effort to destroy the reliability of the communication?

You can't brute force an OTP. Even a 100 bit check as above would require a trillion fake messages per second for 30 billion years to run through them all - only one of those signals would strip off one "key". If that's not good enough for you, we can go to a 200 bit check to make it take a million trillion trillion times longer.

[Smokeskin]

I don't know if you're being serious, or just doing the "must-be-contrary-because-it's-edgy"-thing.

Since you're trying to equate hiding a signal across hundreds of thousands of miles with hiding a signal in about 150m of blaring garbage that any rigger/hacker is going to say "yup, jackasses there", then I'm leaning towards the latter.

I'll just throw you a few key lines from Corp Guide p 27:

There is a constant stream of
communications traffic going between the ground and the station
[...], and no matter how good your Matrix
people are, that sort of traffic is tough to hide. [...]
I know a few hackers who have driven
themselves crazy trying to break the encryption of these streams,
only to find that beneath the garbled noise is only more noise.
> For all we know, some of those hackers might have lucked on the
real deal. I’d be severely disappointed in GOD if their encryption was
weak enough that some yahoo on the ground could break it.
> Except it’s not just yahoos who are looking for this info. Those who
are capable of cracking the encryption algorithm, however, are also
the least likely to talk about what they have done.

They're not managing to hide anything. They have some encryption going that is apparently hard to break.