On Jun 24, 2010, at 1:36 PM, ra3apw wrote:
We can assume that a weak place in security is an air interface of
local
repeater (at confidence links between Gateways).
Therefore:
- authentication can work locally on a concrete repeater
- authentication takes place only at process of registration
- It is not required distribute authentication data base on all
network
- It is not required send keys over the air.
If the database is not available at all repeaters, then the user must
re-register at each repeater they want to use. Some users travel both
frequently and randomly between repeaters (Today I am in Moscow,
tomorrow in Paris, the next day in Atlanta) - pre-registration becomes
burdensome to the point of making the system unusable.
For me, the callsign of the station is the registration, no other
registration of RF units should be required.
For realisation of authentication - the simple mechanism is used that
does not demand PGP and its administrations.
- secret K value in the hidden memory of radio
- secret K value used by the authentication module
- only radio owner and repeater owner know K value
- K value cannot be read from radio but can be rewrite by special
software
Current radios have no way of storing or modifying the K value, so
would require an external device. How is the K value communicated to
the repeater? If on air, then it is no longer secret and can be used
by the "man-in-the-middle" pirating the callsign.
Radio and repeater should have a software authentication module which
provides performance of D-Star Authentication Algorihm.
Function of authentication can be switch on/off in radio and repeater
according local law.
In practical terms, in places where no law exists, it is unlikely to
implemented (or switched on) -- users in these locations visiting
other locations where it is in use will need to register at each
repeater. Also, in some countries, such as the US, Amateur Radio is
used to support disaster and humanitarian response -- the operators
bring their radios with them, but would not be able to use local
repeaters if not part of the authentication system.
Many of us do not see the need or want such a system. We know there
will be some abuses, but we aren't talking national security here, its
a hobby, we deal with the abuses when they arise. The solution
really becomes one where the local repeater operator turns networking
on and off to individual repeaters or the entire network based on
observed abuse. E.g. if a bunch of abuse is coming from repeater XYZ
then as administrator I block repeater XYZ from relaying through my
repeater or reflector until the keeper of repeater XYZ resolves her
local issue. Better yet, the keeper of repeater XYZ turns off
networking until the local issue is resolved.
I propose that it is the responsible of the local repeater licensee to
insure their repeater is in compliance and not a responsibility of the
network.
This is why we need a gateway design with open interfaces (if not open
source) to permit the addition of traffic filters and services.
John D. Hays
Amateur Radio Station K7VE
PO Box 1223
Edmonds, WA 98020-1223 VOIP/SIP: [email protected]
Phone: 206-801-0820
801-790-0950
