Help - Search - Members - Calendar
Full Version: Power Levels and Balance
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2, 3, 4
BitBasher
QUOTE (Nikoli)
also, provided you haven't turned it off (which every runner almost always does) your ID ctredstick can be pinged to get all pertinent information for the local law enforecement contract holder. You could walk into a secure building, walk through a MAD and the system pings your stick, they see you have a permit for that hold-out and they let you on your way, without ever having to bother you, mr. nice-pays-his-taxes-wage-slave.

Turn that off, and you'll get questioned, as to why it's off, etc.

Unless you can provide a quote otherwise in SR credsticks are not RFID, they have to be physcially plugged into somehting to make a transaction. This is noted in the description of several devices that do credstick transactions.

If it was RFID, you can't "turn off" RFID, it's typically a passive system.
Kagetenshi
You can put it in an anti-RF bag.

~J
BitBasher
QUOTE (Kagetenshi)
You can put it in an anti-RF bag.

~J

grinbig.gif "Faraday-Union Brand Bags! When you want your privates to stay private, remember to say F-U!" grinbig.gif

Yep, but that's not exactly "turning it off" wink.gif
James McMurray
Oh yeah, if its out you're gonna get lots of cops interested in you.
Nikoli
I'll post it when I get home. I recall something about it in the Seattle book
BitBasher
QUOTE (James McMurray)
Oh yeah, if its out you're gonna get lots of cops interested in you.

If it was wireless yeah, because that would make it night impossible to have more than one credstick, and it's actually illegal (even today in most places) to not carry ID.
TheOneRonin
I could be wrong, but doesn't Sprawl Survival Guide have something about RFID credsticks. I don't have my book here at work, so I don't know for sure. Can anyone clarify?
James McMurray
QUOTE (BitBasher)
QUOTE (James McMurray @ Feb 17 2005, 02:30 PM)
Oh yeah, if its out you're gonna get lots of cops interested in you.

If it was wireless yeah, because that would make it night impossible to have more than one credstick, and it's actually illegal (even today in most places) to not carry ID.

I was talking about the gun from the prior post.
Nikoli
QUOTE (TheOneRonin)
I could be wrong, but doesn't Sprawl Survival Guide have something about RFID credsticks. I don't have my book here at work, so I don't know for sure. Can anyone clarify?

Checking that in about 2 hours
Kanada Ten
SSG calls the RFID in credsticks a Beacon.
Nikoli
Pg. 38
Beacon: Current models of registered credsticks also come with an optional beacon feature, easily activated or de-activated by the user. Beacons listen for a radio query and transmit an appropriate response. The default response includes your basic ID info, credit balance, issued permits and cookies logged by previous purchases; you can modify your response settings to fit your personal preferences.
BitBasher
In other words screw you no. Thats a really stupid implementation of a personal ID, to the point that it's ill-concieved to the poind of being dangerous. Some author jump on the bandwagon without thinking of the consequences?
Kanada Ten
Explain?

Somewhere I've already complained that it was implemented poorly, but, functionally, there is no issue. It's just voluntary ID sharing. It saves hassels when going places frequently.
Nikoli
Also, you can remove certain funtions. i can definitely see a civilian that carries a weapon allowing it to respond with permits, saves embarrasing hassles later. And, btw, certain companies are already working on something similair.
BitBasher
Because of the nature of the beast. You're letting your ID dangle in the air via a method not just legitimate places can access it. Get a small RFID transmitter and a reader with a recording capability and walk through a crowd... You juts stole the ID signature of every single bastard you walked past that left that function on for convenience.

That's all you really need to then use a transmitter, the likes of which are already available to duplicate the signatures you read. Now add that to the ability to purchase things on your credit via this ID, rent rooms, start your car... It sucks.

This exact plan was proposed for the new design of US Passports and came under HEAVY fire for this.

QUOTE
Also, you can remove certain funtions. i can definitely see a civilian that carries a weapon allowing it to respond with permits, saves embarrasing hassles later. And, btw, certain companies are already working on something similair.
That's even better! you're transmitting a weapon permit and I pass you? WOOHOO! Now I have a weapon permit!
Moirdryd
Depends exactly how it functions systematically, yeh i agreed BitBasher its a real bad idea IRL but SR does grant some leeway with a few things. One assumes that the Beacon is run via a system similar to those used for passport controls (SoE etc) to varify the information when its read and likewise the beacon/credstick itself varifies the signal its recieving. Which all comes down to electronics ratings.

Now a genuine Credstick and SIN autopasses any checks (or auto fails if there is any bad stuff on there) when read by any of the above styled sec systems but slot a stick into a `dodgy` machine or signal and you`ll get nothing unless its a very very good dodgy peice of illicit gear or the owner authorizes the transaction of information. Given the speed of Information in the Sixth world (many matrix referances stress this and perhaps this is one of the points of how important this is) you`d have to update your fake reader a hell of a lot for it to keep working (read keep in line with the SOTA) and it would have to be something like Rating 12 i would imagine to stand a reasonable chance of regular success. Also its entirely possible the Star (and other agencies) have their own ways of looking for bogus signals from fake readers etc...and so on.

Note: Nothing above is canon as i dont think all the angles have been presented in canon but its a logical set of ideas for the subject.
Kanada Ten
Except you still have to listen long enough to decipher the signal encryption. And, at most, the stolen beacon signal will get you through a mall. Anything with real security will still require a second part (PIN, Fingerprint, ect).
James McMurray
I would assume that any broadcast information uses 1024 or higher encryption.
BitBasher
QUOTE (James McMurray)
I would assume that any broadcast information uses 1024 or higher encryption.

Encryption is irrelevant in this case, we're not dealing with two solid systems that require direct intervention. We're dealing with a portable system replying autonomously with hardware that's cheap enough for a scammer to simply buy, and it's portable and works without direct contact. The accessibility of getting even legal hardware to do the read/record is pretty much 100%.

Credit cards online and in person are different because you have to swipe the physical card. Eliminating that causes fraudsters a field day. Encryption on a system like exists in SR with wireless authentication is freaking totally pointless.
Nikoli
Well, it doesn't have to necessarily have to broadcast the whole permit, rather it could simply broadcast some other signal or encrypted packet, the system receives it and runs a specific decryption to verify it's good.
BitBasher
QUOTE (Nikoli @ Feb 18 2005, 01:31 PM)
Well, it doesn't have to necessarily have to broadcast the whole permit, rather it could simply broadcast some other signal or encrypted packet, the system receives it and runs a specific decryption to verify it's good.

That doesn't solve anything, at all. Someone could have a legitimate reader and recording the info and there's no way for you to even know it, because it works wholly without your interaction. THAT's the problem. Encryption is irrelevant to the reason why it's so insecure, and will not solve that problem.
Nikoli
But, there is no way for you to get the cipher to read the packet, that's sealed within the building security system.
James McMurray
Why is encryption pointless? If the receiver has to have very specific algorithms to decipher the broadcast data, nobody without those algorithms is going to be able to get the data, all they'll get is ones and zeros.

I don't see why the availablility would be 100%. People nowadays can't just walk in somewhere and get something that will break 128 bit encryption. Bump that up to 128K (or some other astronomical number, even 1K) and even wouldbe thieves are going to have to find an actual reader.

And since every reader in the world has a homing beacon that cannot be removed or disabled without ruining the reader, it'll be hard to get and keep one.
Nikoli
Also, remmebr that according to the rules, regardless of the logic of it, you cannot "record" an encrypted transmission for later decryption. it's a one shot, during broadcast, chance.
Nikoli
Also, if the MAD can register the make of the gun, it's entirely possible it can register the serial number on the weapon. If that doesn't match the serial in your permit list, I don't care how many permits you can broadcast the guys with BF capable shotguns will be paying yo a visit.
BitBasher
Because we're talking about reader equipment that can be habdheld and cost less than 10k. Criminals can pretty easily get legitimate equiment to do the read!

There are already devices that will do this to hijack Mobil Speedpass systems which are basically today's equivalent of the same thing.

The catch is that finding an actual reader isn't an impressive hurdle!

QUOTE
And since every reader in the world has a homing beacon that cannot be removed or disabled without ruining the reader, it'll be hard to get and keep one.
Riiiight! just like the beacon that't can't be removed from cars, ect. Or the hardware copyright that can't be bypassed in home consoles. That's a pipe dream.
Kanada Ten
QUOTE
That doesn't solve anything, at all.

Yes it does becasue the encryption code changes every RND query and therefore having the permit code for a few scans will do nothing when the permit is verified. The code the scammer copied will come back as false, just like copy and paste on a PGP signature.
mfb
i really don't see how a criminal is going to get anything useful off the credstick RFID. all the RFID broadcasts, basically, is your name, a list of your recent purchases, and a list of what permits you have. it's not transmitting the actual permits, or the actual financial data used for the purchases, or even your actual SIN.
BitBasher
QUOTE (mfb)
i really don't see how a criminal is going to get anything useful off the credstick RFID. all the RFID broadcasts, basically, is your name, a list of your recent purchases, and a list of what permits you have. it's not transmitting the actual permits, or the actual financial data used for the purchases, or even your actual SIN.

Which if is accurate then really accomplishes nothing for the user, but it is secure if he has to physically plug it in to use it.
James McMurray
QUOTE (BitBasher)
Riiiight! just like the beacon that't can't be removed from cars, ect. Or the hardware copyright that can't be bypassed in home consoles. That's a pipe dream.

Should I make a list of all of the things in Shadowrun that are pipe dreams in reality? biggrin.gif
Crimsondude 2.0
Saw this. Might be interesting, or not.

Cracking car keys and Exxon Mobil's SpeedPass
Kanada Ten
Not unexpected, but one should note that those are static encryption codes, which I feel would become dynamic by SR times. There are already rules for breaking credstick level encryption, and the Beacon certainly doesn't make it harder.
toturi
The first time I saw the Mobil Speedpass, I thought "Credstick" too.
mfb
QUOTE (BitBasher)
Which if is accurate then really accomplishes nothing for the user, but it is secure if he has to physically plug it in to use it.

it does plenty--it does the same thing that cookies do. when you walk into Barnes and Nobles, the cashiers all know your name. they know what books to suggest to you, because the system brings up a list based on your past purchases. the security guard at the door knows not to bother you about the holdout in your shoulder holster, because your credstick certifies that you've got a permit for it. you've personalized your credstick, so the coffee bar recieves a message to draw up your usual cup of mocha. etcetera, etcetera, yadda yadda.
Kanada Ten
The security risks in my mind are more for con artists and runners sizing up a mark. If you're lucky, you can discover what the bodyguards are packing, magical permits, and so on. But most security types will be aware of these weaknesses and carefully cover for them (excess permits, low credit balances, dead-end cookies). Still useful stuff.
mfb
true. but if you're the type that leaves your RFID on all the time, you're probably the type that never goes into any area rated lower than B or maybe C.
Kanada Ten
Agreed, which is why I mentioned con artists. "Oh! Kelly Clarkston, is that you?" <WMI look-up high school, maybe even view the digital yearbook> "It's me, Mark Imbriaco, from Valley Dome High." "Yeah, I had plastic surgery after that accident..." "No, nothing much. Just looking for work in the area" "You work for Shiawase? Wow, nice benefits I hear." "Know of any good places to stay?"
BitBasher
QUOTE (mfb)
true. but if you're the type that leaves your RFID on all the time, you're probably the type that never goes into any area rated lower than B or maybe C.

Just like all the folks in the world that leave cookies on in the real world? Those that don't click yes to all installers and instead check the EULA's to protect themselves? Just like all the folks that educate themselves to the gangers of whishing scams so they don't get swindled?

Educated proactive persons are in the minority, most people don't know any better and worse, don't WANT to know any better... Even if you try to tell them.
mfb
indeed. which, to me, sounds really cool--i'd probably give a -2 TN on the fast talk test, or something.

what would be interesting to know is, how bulky/common are the RFID readers? i mean, it'd be kinda neat if you could carry them around with you, maybe as a part of your pocsec. for one, it'd make personal security easier; Kelly Clarkson just has to take a peek at her pocsec to see if Mark's RFID matches his spiel. if it's off, she'll be suspicious; if it's wrong, she'll probably use her pocsec to send a text message to security. for two, it opens up a whole new set of social cues; you could turn your RFID off if you don't want to be spoken to, or even set it to an "away" message. when you go clubbing, you could set your RFID to "let's dance" or something like that.

QUOTE (BitBasher)
Just like all the folks in the world that leave cookies on in the real world? Those that don't click yes to all installers and instead check the EULA's to protect themselves? Just like all the folks that educate themselves to the gangers of whishing scams so they don't get swindled?

i'm not sure what you're saying, here. yes, both cookies and idiocy can be a security risk if not managed properly. RFIDs, i think, are the same way.
Kanada Ten
QUOTE (mfb)
indeed. which, to me, sounds really cool--i'd probably give a -2 TN on the fast talk test, or something.

what would be interesting to know is, how bulky/common are the RFID readers? i mean, it'd be kinda neat if you could carry them around with you, maybe as a part of your pocsec. for one, it'd make personal security easier; Kelly Clarkson just has to take a peek at her pocsec to see if Mark's RFID matches his spiel. if it's off, she'll be suspicious; if it's wrong, she'll probably use her pocsec to send a text message to security. for two, it opens up a whole new set of social cues; you could turn your RFID off if you don't want to be spoken to, or even set it to an "away" message. when you go clubbing, you could set your RFID to "let's dance" or something like that.

Hell yeah! I have no idea how big the readers are, but that's some coolness.
BitBasher
This can't really be RFID, as RFID is static. It has no power source, a radio signal bounces off it and it reads the return data. That's it. This would have to be some kind of radio beacon.

And my point, mfb, was that just cause the option is there you canot assume that all, most or even anyone will use it responsibly.
Moirdryd
Well, there was a curious and intriguing discussion smile.gif

Which leads me to another sub-topic question

"If these credstick systems are utilised in game, how unbalancing can they be?"

mfb
true, BitBasher. i just don't think that'd keep it from being used.

and, yeah, this isn't RFID. if that term was used in the SSG, it shouldn't have been, especially since it later calls it a beacon thingy. minor detail, though.
Kanada Ten
QUOTE (Moirdryd @ Feb 18 2005, 08:27 PM)
"If these credstick systems are utilised in game, how unbalancing can they be?"

Combined with Wireless Matrix, or even without really, the Beacon could be used to tag people and monitor their movements though various areas. With enough time and effort, one could "barrow" someone's identity as long as both Beacons aren't on at the same time. And you can learn a significant amount about purchasing habits of a mark. All in all, pretty dangerous, but nothing that can't be dupicated without Beacons with a little more time.

Did the Spell Check just go dead? frown.gif
Fortune
QUOTE
Did the Spell Check just go dead?


Good ... then it isn't just me.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012