Full Version: Chaining Comlinks
Is there anything to stop a hacker or rigger from chaining say five comlinks in a row between his actual broadcasting comlink and the rest of his equipment? In other words, if I were a rigger paranoid about my drones being hijacked, could I take comlink A (which I am connected to via the standard cyberware) connect it to comlink B (which has a subscriber list of Comlink A only) connect that to comlink C (which has a subscriber list of Comlink B only) and finally connect that to my drones, thus making a hacker go through three layers of comlinks to disrupt my control?
| QUOTE (Dewar) |
| comlink B (which has a subscriber list of Comlink A only) |
Your idea is broken there.
A hacker is faking that the commands origin from commlink A.
Effectively, he is hacking into commlink C, faking a command from commlink B and taking control of the drones.
You might confuse him in the first place, though, which could buy you time.
So, it works, in a way.
Wouldn't all the hacker need do is spoof the ID of the last commlink in line since that's where it's accepting commands from?
I was faster. 
(Though not entirely right, as I see now. Of course he is faking commands from commlink C, just as you explained, Grinder)
(Though not entirely right, as I see now. Of course he is faking commands from commlink C, just as you explained, Grinder)
I was under the impression that if your comlink wasn't on the subscriber list, then there wasn't any way to get in at all. Isn't that what prevents a hacker from just attacking a drone directly?
Edit:
So wouldn't you have to hack and then spoof comlink A to access comlink B, hack and spoof that to access comlink C, and then hack and spoof that to access the drones?
Edit:
So wouldn't you have to hack and then spoof comlink A to access comlink B, hack and spoof that to access comlink C, and then hack and spoof that to access the drones?
Hm, now I begin to get unsure. But since it would be terribly broken... I would not spend any more thought on it.
| QUOTE (Dewar @ Jun 13 2006, 12:54 PM) |
| I was under the impression that if your comlink wasn't on the subscriber list, then there wasn't any way to get in at all. Isn't that what prevents a hacker from just attacking a drone directly? Edit: So wouldn't you have to hack and then spoof comlink A to access comlink B, hack and spoof that to access comlink C, and then hack and spoof that to access the drones? |
Here's how I understand it:
Each device is this example is subscribed to and only accept commands from it's parent: Drone -> C -> B -> A thus, A tells B, B tells C, C tells the Drone.
In this case, the Drone will only accept commands from C's Access ID. So all you really need is the Access ID of that commlink since that's the one the Drone is listening to for instructions. With C's ID in hand, you can spoof commands to the Drone which thinks (hopefully) C is giving it orders. All you'd need to hack is C to get it's Access ID, or maybe even Sniffer the traffic and get it that way.
Since the Drone only accepts commands from C, trying to hack the drone itself would do no good since it can only be controlled by C.
Edited for readibility
Seems right to me. Won't help protect the drone a bit.
Although if you're now trying to attack the rigger's comm you've got some extra work to do, right?
Although if you're now trying to attack the rigger's comm you've got some extra work to do, right?
hmm. i see the original intent, as well as the problem there.
what if, A plugs into B and C with wire. rigger plugs into A. now, B receives data only, and C transmits data only. C is a transmitter that cannot recive a signal, so cannot be hacked directly. B can be hacked, but then you have to go B -> A -> C to hack into C. to make matters more complex, if B has a signal of 1... then you cant effectively hack the riggers commlink setup from a distance.
this does not protect the drone from you intercepting the trafic and spoofing the ID from that. but it does make hacking the rigger VERY difficult to do.
basic idea here, is that the transmitter has no receiver, and the receiver no transmitter. you can make the 'chain' as long as you like, but will have some practical limits in terms of bulky gear. by the way the game works, as long as both transmitters are in range of one another, it works.
looking at the way wireless rules work, this division could create a very secure commlink, to the point of being broken. I dont think it would work with anything other than a finite subscribers list. probably some basic problem im overlooking here.
what if, A plugs into B and C with wire. rigger plugs into A. now, B receives data only, and C transmits data only. C is a transmitter that cannot recive a signal, so cannot be hacked directly. B can be hacked, but then you have to go B -> A -> C to hack into C. to make matters more complex, if B has a signal of 1... then you cant effectively hack the riggers commlink setup from a distance.
this does not protect the drone from you intercepting the trafic and spoofing the ID from that. but it does make hacking the rigger VERY difficult to do.
basic idea here, is that the transmitter has no receiver, and the receiver no transmitter. you can make the 'chain' as long as you like, but will have some practical limits in terms of bulky gear. by the way the game works, as long as both transmitters are in range of one another, it works.
looking at the way wireless rules work, this division could create a very secure commlink, to the point of being broken. I dont think it would work with anything other than a finite subscribers list. probably some basic problem im overlooking here.
| QUOTE (GrinderTheTroll) |
| Here's how I understand it: Each device is this example is subscribed to and only accept commands from it's parent: Drone -> C -> B -> A thus, A tells B, B tells C, C tells the Drone. In this case, the Drone will only accept commands from C's Access ID. So all you really need is the Access ID of that commlink since that's the one the Drone is listening to for instructions. With C's ID in hand, you can spoof commands to the Drone which thinks (hopefully) C is giving it orders. All you'd need to hack is C to get it's Access ID, or maybe even Sniffer the traffic and get it that way. Since the Drone only accepts commands from C, trying to hack the drone itself would do no good since it can only be controlled by C. Edited for readibility |
Except if you aren't in the subscriber list for C, you can't hack it directly. Using a sniffer on the traffic from C to the drones would bypass all of this, but I don't recall any rules for using the sniffer to hack into drones. The only ones I remember from the source book involve hacking into C and getting the ID that way.
This also carries over into Street Sammys (who don't want their Cyberware hacked) and other people who just carry a lot of expensive electronics around. Those types of signals really couldn't be spoofed, cause all the signal ratings for those types of equipment would be 1.
And yes, it is hideously broken and I would kick a player in the nuts if he tried it, but it might be handy for a really Uber GM character to do.
All of a street sam's *really* critical gear should probably be skinlinked to an implanted comlink which has no wireless. Then a set of earbuds, contacts, and a subvocal mike can be connected to a completely separate comlink for communications with the team and other more "normal" comlink stuff. That way even if the external comlink is hacked, your skinlinked PAN (including your cybereyes and smartgun, presumably) is still okay.
Cheezy Crap like this is simply dealt with:
Schemes like this create unacceptable delays in the massages between the rigger and the drone. If you are simply issuing them commands it might work, but I would add significant dice modifiers if you tried this kinda crap while jumping into a vehicle. Say... -1 die for every additional node.
Plus, communication with a drone is inherently 2-way. No "this comlink can only transmit" BS. When sending a command there is an automatic acknologement message, and a confirmation message. If they all don't line up, then the command is canceled. If you want to write a non-standard drone control protocol be my guest, but you won't be compatible with anything.
Another thought: Once a hacker hacks the first comlink in the chain you can effectively pretend to be legitimate traffic from that comlink, so if your "working" comlink (the one at the "inner" end of the chain) accepts traffic from the next, which accepts traffic from the one the hacker just hacked, then your chain defense is no defense at all.
Example:
Assume all traffic must be bi-directional. (see above)
Assume security-level accounts are required to handle drone traffic.
connection diagram:
A <-> B <-> C <-> Drone
A to B and B to C are hard-wired.
C's wireless is enabled to allow drone communication.
B is configured to pass all traffic from C to A and vice versa. This is done by having an account of some time on B that A can log into, and an account on C that B can log into.
Nasty hacker Lebo breaks into C with Admin-level access. (It has wireless on, so it can be hacked, and only has Admin accounts normally.) He then sees that B is connected into a Security level account to which all drone traffic is routed. Since he has Admin access he can alter this data. B recieves the altered data and per it's programing, passes it to A.
Let's say the owner of this setup is Cheezebag Bob. Cheezebag Bob is presently jumped into a Steel Lynx combat drone that's shooting up a bunch of Lone Star HTR troopers (he is using hot-sim so he can shoot them faster). Hacker Lebo decides to insert a Black Hammer into the stream. Neither B nor A's firewall provide any protection (if they are even running). Why? Because B passes all traffic to A, and A explicitly allows traffic from B. If the Cheezebag Bob has a biofeedback filter running on A that woudl help, but other then that, he is toast.
Similar arguments can be made for non rigger <-> drone communications. Unless the PC wants to manually authorize every data operation on every comlink in the chain every time (1 extra simple action per link!), the chained comlink provides limited protection if the hacker snags Admin on the outermost comlink. If the scheme allows connections to be initiated from "outer" to "inner" then it's a simple matter of opening a connection through any intermediaries (and relying on the automation that will invariably be there to simplify things for the runner). If the "outer" comlinks can't initiate connections, then he has to wait until the "inner" comlink creates a connection, then hijack it for his own uses.
If Lebo want's to seize the Drone and turn it's machine gun on someone else, he can spoof C's comcode and issue the commands that way. (would still need to hack in...)
From the previous example, if hacker Lebo wanted to get some data from A, he would first hack admin on C (as above) then generate a login request intended to go to A informing it of something non-threatening, like an incoming drone status message or something. This would first be sent to B, which would pass it along to A just like the programing says. (unless the guy was so paranoid that all incoming traffic was blocked, but then... he can't righ like that can he. see above) In order for this to be reported, some sort of access to A must be granted to C. I woudl model this as a user account. C must know the login for this account so it can effectively comunicate, or B has to know it and C knows an account on B, which is effectively the same thing.
So now Lebo can effectively send commands into a user account on A. Maybe he sends mal-formed commands that allow him to execute arbitrary code on A. (this is the hacking skill) In my game, serial comlink setups like this are made either useless or so cumbersome to use that they are quickly dispensed with. PARALELL strateys are encouraged however. By dividing the work you do across multiple systems in paralell you limit the impact of a hacker breaking into one. Any attempt to interconnect across these systems defeats the protection however.
For more information on this line of thought see the 2005 season of Battlestar Galactica. The toasters know how to play this game better then anyone. Only by useing isolated systems can you be protected.
Schemes like this create unacceptable delays in the massages between the rigger and the drone. If you are simply issuing them commands it might work, but I would add significant dice modifiers if you tried this kinda crap while jumping into a vehicle. Say... -1 die for every additional node.
Plus, communication with a drone is inherently 2-way. No "this comlink can only transmit" BS. When sending a command there is an automatic acknologement message, and a confirmation message. If they all don't line up, then the command is canceled. If you want to write a non-standard drone control protocol be my guest, but you won't be compatible with anything.
Another thought: Once a hacker hacks the first comlink in the chain you can effectively pretend to be legitimate traffic from that comlink, so if your "working" comlink (the one at the "inner" end of the chain) accepts traffic from the next, which accepts traffic from the one the hacker just hacked, then your chain defense is no defense at all.
Example:
Assume all traffic must be bi-directional. (see above)
Assume security-level accounts are required to handle drone traffic.
connection diagram:
A <-> B <-> C <-> Drone
A to B and B to C are hard-wired.
C's wireless is enabled to allow drone communication.
B is configured to pass all traffic from C to A and vice versa. This is done by having an account of some time on B that A can log into, and an account on C that B can log into.
Nasty hacker Lebo breaks into C with Admin-level access. (It has wireless on, so it can be hacked, and only has Admin accounts normally.) He then sees that B is connected into a Security level account to which all drone traffic is routed. Since he has Admin access he can alter this data. B recieves the altered data and per it's programing, passes it to A.
Let's say the owner of this setup is Cheezebag Bob. Cheezebag Bob is presently jumped into a Steel Lynx combat drone that's shooting up a bunch of Lone Star HTR troopers (he is using hot-sim so he can shoot them faster). Hacker Lebo decides to insert a Black Hammer into the stream. Neither B nor A's firewall provide any protection (if they are even running). Why? Because B passes all traffic to A, and A explicitly allows traffic from B. If the Cheezebag Bob has a biofeedback filter running on A that woudl help, but other then that, he is toast.
Similar arguments can be made for non rigger <-> drone communications. Unless the PC wants to manually authorize every data operation on every comlink in the chain every time (1 extra simple action per link!), the chained comlink provides limited protection if the hacker snags Admin on the outermost comlink. If the scheme allows connections to be initiated from "outer" to "inner" then it's a simple matter of opening a connection through any intermediaries (and relying on the automation that will invariably be there to simplify things for the runner). If the "outer" comlinks can't initiate connections, then he has to wait until the "inner" comlink creates a connection, then hijack it for his own uses.
If Lebo want's to seize the Drone and turn it's machine gun on someone else, he can spoof C's comcode and issue the commands that way. (would still need to hack in...)
From the previous example, if hacker Lebo wanted to get some data from A, he would first hack admin on C (as above) then generate a login request intended to go to A informing it of something non-threatening, like an incoming drone status message or something. This would first be sent to B, which would pass it along to A just like the programing says. (unless the guy was so paranoid that all incoming traffic was blocked, but then... he can't righ like that can he. see above) In order for this to be reported, some sort of access to A must be granted to C. I woudl model this as a user account. C must know the login for this account so it can effectively comunicate, or B has to know it and C knows an account on B, which is effectively the same thing.
So now Lebo can effectively send commands into a user account on A. Maybe he sends mal-formed commands that allow him to execute arbitrary code on A. (this is the hacking skill) In my game, serial comlink setups like this are made either useless or so cumbersome to use that they are quickly dispensed with. PARALELL strateys are encouraged however. By dividing the work you do across multiple systems in paralell you limit the impact of a hacker breaking into one. Any attempt to interconnect across these systems defeats the protection however.
For more information on this line of thought see the 2005 season of Battlestar Galactica. The toasters know how to play this game better then anyone. Only by useing isolated systems can you be protected.
i have always assumed that hacking in included a method of adding yourself as a subscribed node. it doesn't make sense otherwise.
| QUOTE (Lebo77) |
| If you want to write a non-standard drone control protocol be my guest, but you won't be compatible with anything. |
Now thats probably the best way to not get hacked, incompatiblity is the mother of all security measures.
there is one this i keep wondering about when jumping from comlink to comlink. does each comlink one jump to take up a slot on the active subscriptions list?
| QUOTE (Dewar) | ||
Except if you aren't in the subscriber list for C, you can't hack it directly. Using a sniffer on the traffic from C to the drones would bypass all of this, but I don't recall any rules for using the sniffer to hack into drones. The only ones I remember from the source book involve hacking into C and getting the ID that way. This also carries over into Street Sammys (who don't want their Cyberware hacked) and other people who just carry a lot of expensive electronics around. Those types of signals really couldn't be spoofed, cause all the signal ratings for those types of equipment would be 1. And yes, it is hideously broken and I would kick a player in the nuts if he tried it, but it might be handy for a really Uber GM character to do. |
Well yeah, hacking C would require the hacker to find the original "root" commlink and start there to get the Access ID's. If the hacker already had C's Access ID, then he could just spoof commands to the Drone.
I don't see how your wireless data could be understood without including souce and destination Access IDs since that's how the Drone is validating it's commands from C.
This does make sniffers really useful (as they actually are in the real world) when hacker want to do things they aren't supposed to and don't want to hack the internals (yet). It also means running a nova-hot Encryption package a must.
Lotta chaff in this post. Let me add to it.
With three commlinks, you have three different opportunities for a security breach. A hacker needs only to compromise one of them. What she does is gets the ID from one of the sending units, and uses it to spoof a command to the next unit in the chain. So you could have twenty comms lined up, and the security risk is the same. As such, I don't find it broke/munchkin/cheezeball - only useless.
Hacking the rigger's comm isn't any harder, either, because you only have to locate it. Nothing says you have to hack your way through all of the other links in the chain.
Next issue:
With three commlinks, you have three different opportunities for a security breach. A hacker needs only to compromise one of them. What she does is gets the ID from one of the sending units, and uses it to spoof a command to the next unit in the chain. So you could have twenty comms lined up, and the security risk is the same. As such, I don't find it broke/munchkin/cheezeball - only useless.
Hacking the rigger's comm isn't any harder, either, because you only have to locate it. Nothing says you have to hack your way through all of the other links in the chain.
Next issue:
| QUOTE |
| Except if you aren't in the subscriber list for C, you can't hack it directly |
I've seen people say this, and it doesn't make sense to me. There are two ways to compromise a drone.
One way is to steal the rigger's ID, pretend you're him and give it an order (spoofing).
1. Find the controling rigger )Detect hidden node)
2. Decrypt it.
3. Get the rigger's broadcast ID (Analyze)
4. Find the drone (Detect hidden node)
5. Issue new orders to the drone (spoof)
The other is to hack your way in. That is:
1. Detect node/drone in hidden mode (detect wireless node)
2. Hack in at admin level (hack on the fly)
3. Give it new orders
4. Deal with IC or whatnot
| QUOTE (wind_in_the_stones) |
| The other is to hack your way in. That is: 1. Detect node/drone in hidden mode (detect wireless node) 2. Hack in at admin level (hack on the fly) 3. Give it new orders 4. Deal with IC or whatnot |
Perhaps, but I think you can restrict what the local admin account on the drone can do to avoid someone just swooping in and stealing it.
my solution
http://forums.dumpshock.com/index.php?show...pic=12896&st=53
see also:
http://forums.dumpshock.com/index.php?showtopic=13294
(soon version 0.9, version 1.0 will then be fully balanced and ready for use)
http://forums.dumpshock.com/index.php?show...pic=12896&st=53
see also:
http://forums.dumpshock.com/index.php?showtopic=13294
(soon version 0.9, version 1.0 will then be fully balanced and ready for use)
| QUOTE (wind_in_the_stones) |
| The other is to hack your way in. That is: 1. Detect node/drone in hidden mode (detect wireless node) 2. Hack in at admin level (hack on the fly) 3. Give it new orders 4. Deal with IC or whatnot |
The way I understand it, if the drone has only the rigger's comlink in its subscriber list, it won't listen to communications from any other comlink, regardless of hacking skill. That's why you have to hack the rigger's comlink to spoof the ID.
| QUOTE (Dewar) | ||
The way I understand it, if the drone has only the rigger's comlink in its subscriber list, it won't listen to communications from any other comlink, regardless of hacking skill. That's why you have to hack the rigger's comlink to spoof the ID. |
I was just reading the section on Spoofing and acutally, all you need to do is a Matrix Perception test to get the commlink's Access ID, you don't even need to hack it.
yes
| QUOTE (Dewar) |
| The way I understand it, if the drone has only the rigger's comlink in its subscriber list, it won't listen to communications from any other comlink, regardless of hacking skill. That's why you have to hack the rigger's comlink to spoof the ID. |
Grinder is correct, you don't hack the comm, you just analyze the signal to gain the rigger's ID. Once you have that, you can pretend you're the rigger (spoof), and give orders to the drone.
That is the spoofing way. The other way is hacking. When you hack your way in, there is no spoofing. You just find the node and then hack it. Follow the rules on page 221, for hacking on the fly. Once you're in, your icon is present in the drone/node, and (if you got the proper clearance level) you can do anything the rigger could (except jumping) - such as change the suscription list. You just have to watch out for IC, or other things that could happen as a result of an alert.
| QUOTE (Dewar) |
| Is there anything to stop a hacker or rigger from chaining say five comlinks in a row between his actual broadcasting comlink and the rest of his equipment? In other words, if I were a rigger paranoid about my drones being hijacked, could I take comlink A (which I am connected to via the standard cyberware) connect it to comlink B (which has a subscriber list of Comlink A only) connect that to comlink C (which has a subscriber list of Comlink B only) and finally connect that to my drones, thus making a hacker go through three layers of comlinks to disrupt my control? |
since C is slaved to B which is slaved to A... and A is running open broadcast level.... the hacker would need only hack into comm A.... because anything subscribed to A is automatically now hacked... since now B's firewall and IC and stuff are openly slaved to A and thus not defending against it.
What you could do is have 3 seperate commlinks and all have the same subscriber's list.... and then you would now have a hacker who would have to hack all 3 different comms to effectively control your electronics.... although a simple area jammer may still stop you.
While chaining comlinks will not make your network un-hackable, it does have another posibility. You could attach a commlink to a drone and use it as a RRB (radio rebroadcast base) to extend the area of your network. The signal would come from you then you would have the drone do a pilot test to see if the signal went out to the "out stations" or drones outside your range but inside the RRB's range.
Another benefit is it makes it much easier to stock IC and other nastys inside a rebroadcast commlink like that, while still allowing your drone to run the autosofts it needs.
There's another way of taking control over drones as well. Lets assume that you do not have the programs needed for spoofing the signal or that you do not have the ability to hack it.
Intercept Wireless Signal (Page 225)
With this you can intercept a signal from/to a drone by locating it first and then make an EDIT test to rewrite its orders.
This would work best with prewritten orders that you just send over to the drone.
"shutdown"
"New Subscriber list"
etc..
The best way to defend against this kind of attack would be to have a specifik order on your drones: "Confirmation of last order from Master Commlink"
The order would be for the drone to doublecheckl the order with the original commlink by a specifik passcode from it. This way the attacker editing the signal would have to know the codes as well or the drone would ignore the fake command.
Intercept Wireless Signal (Page 225)
With this you can intercept a signal from/to a drone by locating it first and then make an EDIT test to rewrite its orders.
This would work best with prewritten orders that you just send over to the drone.
"shutdown"
"New Subscriber list"
etc..
The best way to defend against this kind of attack would be to have a specifik order on your drones: "Confirmation of last order from Master Commlink"
The order would be for the drone to doublecheckl the order with the original commlink by a specifik passcode from it. This way the attacker editing the signal would have to know the codes as well or the drone would ignore the fake command.
| QUOTE (The Jopp) |
| The order would be for the drone to doublecheckl the order with the original commlink by a specifik passcode from it. This way the attacker editing the signal would have to know the codes as well or the drone would ignore the fake command. |
But then the Hacker would just have to listen in on confirmation call backs and he can accurately edit an order but has commlink access codes.
The convienence of wireless requires you to trust that your message will be received with perfect integrity. The only way to guarantee its integrity (since that information can be altered and duplicated) is to not use a wireless interface. The same argument applies to wired connections, however, there now exists a physical element to overcome by tapping the signal.
Interestingly in the field of Quantum Mechanics there is talk of being able to create a Quantum message that if observed destroys the message thus providing complete message integrity if it's intercepted.
Interestingly in the field of Quantum Mechanics there is talk of being able to create a Quantum message that if observed destroys the message thus providing complete message integrity if it's intercepted.
| QUOTE (GrinderTheTroll) |
| The convienence of wireless requires you to trust that your message will be received with perfect integrity. The only way to guarantee its integrity (since that information can be altered and duplicated) is to not use a wireless interface. The same argument applies to wired connections, however, there now exists a physical element to overcome by tapping the signal. Interestingly in the field of Quantum Mechanics there is talk of being able to create a Quantum message that if observed destroys the message thus providing complete message integrity if it's intercepted. |
There are many ways to ensure that the message is recieved correctly. If you are worried only about random coruption then a checksum is sufficent. If you are worried that someone is going to mess with your signal you can use digital signature technology to ensure the data gets passed correctly. Useing public-key crypto you don't even need a secure channel for key exchange. (But if you have your own drone you presumeably don't need this.)
Quantum Mechanichal comunication is interesting in theory, but I have not heard that it has been made cannon in SR-land. Doing so woudl make deckers fairly useless.
Why not just run a hight level encrypt/decrypt program for the authentication of orders. It may slow your response down a bit but you will have a more secure network.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.