[Ground-station] "Lab Call" - uplink transmit and receive - discussion on packet format

Bruce Perens bruce at perens.com
Thu Feb 28 19:45:47 PST 2019 

Remember that ARRL runs its own worldwide cryptographic certification
authority as part of LOTW, and we can make use of it if the security
situation gets bad enough.

On Thu, Feb 28, 2019 at 6:23 PM Paul Williamson via Ground-Station
<ground-station at lists.openresearch.institute> wrote:

> The purpose of the authentication scheme is not to prevent any possible
> misuse. It’s to prevent bulk misuse that can’t be traced. If a bad actor
> has to physically visit an authorized user’s station frequently, that’s
> probably good enough. We could lock it down more securely, but not without
> extra round trips on each access.
>
> At least, that’s our thinking so far.
>
>   -Paul
>
> On Feb 28, 2019, at 5:50 PM, Douglas Quagliana via Ground-Station <
> ground-station at lists.openresearch.institute> wrote:
>
> > Since it is fairly difficult to intercept an uplink transmission, this
> makes it difficult for an impostor to hear another station's authenticated
> callsign:SSID and start using it.
>
> Hmmmm.... I would think that if you drove over (or near to) their house
> you could hear their uplink and get their token. It's pretty easy to look
> someone's address on QRZ.com, and chances are there will be at least one
> legit station that isn't too far away from the bad actor. Presumably the
> bad actor will get blocked from sending through the transponder when they
> fail the authentication, but until then the data would go through and
> couldn't they just start up again after a short time?
>
> Douglas KA2UPW/5
>
>
> On Thu, Feb 28, 2019 at 12:12 PM Michelle Thompson via Ground-Station <
> ground-station at lists.openresearch.institute> wrote:
>
>> Something we must produce is an end-to-end demo of Phase 4 Ground.
>>
>> We've got a few of the hardest and largest pieces solved, but there is a
>> lot else that must come together for a demonstration to happen.
>>
>> Paul KB5MU is writing a document of the steps required from here to get a
>> demonstration working.
>>
>> This week I've been working on uplink transmit. There isn't anything that
>> exactly matches up 4-ary minimum shift keying (MSK). There are advantages
>> to using this scheme. It's constant modulation, has reduced sideband power,
>> and is spectrally efficient.
>>
>> There are some disadvantages. Both MSK requires more power to transmit
>> compared to QPSK, an adaptive equalizer is probably going to be needed at
>> the receiver, and more inter symbol interference may occur.
>>
>> The GMSK blocks are what GNU Radio people say to use for MSK. The G
>> stands for Gaussian filtering. This is done before modulation stage. GMSK
>> is used in GSM.
>>
>> If we can't just use the GMSK blocks and remove the filter, then we'll
>> need to customize some blocks for this.
>>
>> So far this week I've gotten back up to speed with phase shift keying,
>> reviewed timing recovery, constant modulus types of equalization, and
>> frequency and phase recovery. This is on the receiver side and is important
>> in the downlink.
>>
>> There's been some improvements over the past year in the mainline code
>> base of GNU Radio for clock recovery.
>>
>> More soon - I'll share all the flowgraphs and I'll undoubtedly have a lot
>> of questions.
>>
>> Paul is working on getting the test plan published.
>>
>> David Viera and David Fanon were looking to help with this, and of course
>> we'll need more people digging into the uplink. If you're adept with the
>> GMSK blocks already, then your help will be appreciated here.
>>
>> Uplink packets will have content that supports authorization and
>> authentication.
>>
>> Stations that comply with the air interface can transmit through the
>> satellite. The station is configured with an amateur radio callsign, plus a
>> Secondary Station Identifier (SSID) of TBD bits to allow a particular
>> licensee to operate multiple simultaneous stations, and with the
>> ARRL-issued private key and certificate for that callsign. In addition, the
>> station must generate a token of TBD bits chosen at random. Every
>> transmitted uplink frame contains in its header the callsign, SSID, and
>> token.
>>
>> The callsign and SSID will be retransmitted in the downlink frame header,
>> but the token is never transmitted on the downlink. Since it is fairly
>> difficult to intercept an uplink transmission, this makes it difficult for
>> an impostor to hear another station's authenticated callsign:SSID and start
>> using it.
>>
>> The satellite/Groundsat stores the token, the claimed call sign, the
>> claimed SSID associated with the call sign, and a time stamp. This is a
>> tuple that forms the rows of a database.
>>
>> (satellite time stamp : callsign : SSID : token)
>>
>> When each uplink frame is received by the satellite, it decides whether
>> to accept it for retransmission on the downlink, or discard it. It may also
>> choose to initiate an authentication transaction with the ground station.
>> Alternately, or in addition, a Ground Control Station may initiate an
>> authentication transaction with any or all active station(s). Unless and
>> until an authentication transaction with a given station has been attempted
>> AND FAILED, the satellite must accept its frames for retransmission (unless
>> that station has already been blacklisted for another reason).
>>
>> This achieves two important goals. Communication is unimpeded, and the
>> loss of Ground Control Stations can be well-tolerated. When Ground Control
>> Stations are not required for normal communications, system durability and
>> reliability is greatly increased.
>>
>> When authentication is not frame-by-frame, or required to initiate the
>> process of accessing and transmitting through the satellite, efficiency and
>> performance are greatly increased. In particular, the very first message
>> from a station is not delayed for formalities or blocked entirely; in an
>> emergency situation this could be essential.
>>
>> The risk of bad actors is recognized, but management of bad actors is
>> achieved through Black Listing known bad actors after complaint or system
>> statistics or some other method reveals that the problem is Misuse.
>>
>> More soon!
>>
>> -Michelle W5NYV
>>
>>
>> _______________________________________________
>> Ground-Station mailing list
>> Ground-Station at lists.openresearch.institute
>> http://lists.openresearch.institute/mailman/listinfo/ground-station
>>
> _______________________________________________
> Ground-Station mailing list
> Ground-Station at lists.openresearch.institute
> http://lists.openresearch.institute/mailman/listinfo/ground-station
>
> _______________________________________________
> Ground-Station mailing list
> Ground-Station at lists.openresearch.institute
> http://lists.openresearch.institute/mailman/listinfo/ground-station
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openresearch.institute/pipermail/ground-station-openresearch.institute/attachments/20190228/819e3a3e/attachment.html>

More information about the Ground-Station mailing list