Pages: 1 2 3 4

 

2009-12-17 08:54:09
steelie34
pub hero!
+603|6668|the land of bourbon

FEOS wrote:

1. The video link goes to ground forces, many/most of whom do not carry crypto gear with them
2. Cost/benefit analysis: what's the likelihood of the adversary intercepting it and being able to use it to their purposes (it took 6 years)
3. How much benefit does it really give the bad guys? Jury's still out on that one

It's kind of like the other "hacking" stories in the news: So what? The relevance of the story (to the reporter) is that it happened...the true impact/value of what was taken is never really questioned/investigated by the reporter.

Edit: FEOS' opinion: it should've been encrypted with at least non-mil encryption. By the time the bad guys decrypted it, it wouldn't have any value and the ground forces could use commercially-available IT encryption tools.
1. crypto gear?  any encryption/decryption would be done at the connection level between the drone and receiver.  it would most likely just be firmware built in to the system to encrypt the data link.  encryption is no longer a time-consuming process, especially with the speed of today's processors.  there would be no need to carry anything extra.

2. cost/benefit?  if the insurgents can download software from the internet to intercept our feeds, what do you think china has the capability to do?  this is a major oversight on the part of whomever made the decision not to use encryption.  it's flat-out embarrassing to be honest.  our billions of dollars of research has been foiled by 25 dollar shareware. 

3. it could be a huge benefit to an enemy!  did you not read the article?  it has already provided an advantage to the insurgents, giving them the ability to know where we are and see the advance of friendly forces. 

all low altitude, surveillance uav flights need to be grounded until they encrypt the video feed.
https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png
2009-12-17 08:55:43
SenorToenails
Veritas et Scientia
+444|6417|North Tonawanda, NY

JohnG@lt wrote:

Commercial airliners can land the plane with the autopilot turned on. They don't do it because people are afraid of technology and trust a human more (for some reason). I know for a fact that UAVs have an advanced auto-pilot system because they fly via waypoints until they reach the target area. Would be no different.
Yes, they do have autopilot.

And the degree of sophistication to make them do it autonomously is fast approaching:

http://www.popsci.com/military-aviation … e-landings
2009-12-17 09:04:17
13rin
Member
+977|6766

Hurricane2k9 wrote:

JohnG@lt wrote:

Hurricane2k9 wrote:

Does Raytheon make any of these systems? Wouldn't surprise me. They want to put a fucking battlefield information system on god damned iPhones:

http://www.engadget.com/2009/12/16/rayt … real-time/

edit: THe UAV controllers are in Tampa? Shit sign me up for the USAF now!
They can be anywhere in the world. The UAV's are controlled remotely via satellite.
I know. But Tampa is nais.

Navy would be cool too but then I'd have to be in a ship.
Tampa was nice.  Now it's bloated and overpopulated.  Takes 45min-2hours to go anywhere.  I grew up (off/on) in the area.  Over the last 30 years, every time I returned -I didn't recognize it.
I stood in line for four hours. They better give me a Wal-Mart gift card, or something.  - Rodney Booker, Job Fair attendee.
2009-12-17 09:40:04
Hurricane2k9
Pendulous Sweaty Balls
+1,538|5988|College Park, MD
Oh. Damn. Are there still tons of thunderstorms though? I fucking love thunderstorms.
https://static.bf2s.com/files/user/36793/marylandsig.jpg
2009-12-17 09:41:09
Jay
Bork! Bork! Bork!
+2,006|5645|London, England

Hurricane2k9 wrote:

Oh. Damn. Are there still tons of thunderstorms though? I fucking love thunderstorms.
Every day at 4 pm.
"Ah, you miserable creatures! You who think that you are so great! You who judge humanity to be so small! You who wish to reform everything! Why don't you reform yourselves? That task would be sufficient enough."
-Frederick Bastiat
2009-12-17 10:42:20
ROGUEDD
BF2s. A Liberal Gang of Faggots.
+452|5675|Fuck this.
Nice derail gais.
Make X-meds a full member, for the sake of 15 year old anal gangbang porn watchers everywhere!
2009-12-18 03:45:02
Dilbert_X
The X stands for
+1,817|6392|eXtreme to the maX
Awesome - AQ Jihadoodles r teh winz0rs!

But really, you'd think the Pentagon could come up with a codec. which would at least make it a little trickier.
Fuck Israel
2009-12-18 03:55:35
FEOS
Bellicose Yankee Air Pirate
+1,182|6697|'Murka

steelie34 wrote:

FEOS wrote:

1. The video link goes to ground forces, many/most of whom do not carry crypto gear with them
2. Cost/benefit analysis: what's the likelihood of the adversary intercepting it and being able to use it to their purposes (it took 6 years)
3. How much benefit does it really give the bad guys? Jury's still out on that one

It's kind of like the other "hacking" stories in the news: So what? The relevance of the story (to the reporter) is that it happened...the true impact/value of what was taken is never really questioned/investigated by the reporter.

Edit: FEOS' opinion: it should've been encrypted with at least non-mil encryption. By the time the bad guys decrypted it, it wouldn't have any value and the ground forces could use commercially-available IT encryption tools.
1. crypto gear?  any encryption/decryption would be done at the connection level between the drone and receiver.  it would most likely just be firmware built in to the system to encrypt the data link.  encryption is no longer a time-consuming process, especially with the speed of today's processors.  there would be no need to carry anything extra.
Worked with real mil-spec crypto gear much? Clearly not. Hence my last point.

steelie34 wrote:

2. cost/benefit?  if the insurgents can download software from the internet to intercept our feeds, what do you think china has the capability to do?  this is a major oversight on the part of whomever made the decision not to use encryption.  it's flat-out embarrassing to be honest.  our billions of dollars of research has been foiled by 25 dollar shareware.
Again, mil-spec crypto gear is highly expensive, integrating it onto a UAV is highly expensive (and drives other tradeoffs in weight/space), fielding and managing keymat is time-consuming/expensive... It's not like you can just walk out your door with a laptop, turn it on, and see the Pred porn a la MW2. It's a proprietary signal that must be found, decoded (as opposed to decrypted), etc. Again, it took 6 years in Iraq, took 10 years overall.

Without knowing what (if any) benefit the adversary gets from it--can they exploit it to their gain--to say "billions of dollars of research has been foiled by 25 dollar shareware" is more than just a tad overdramatic. Since dudes are still getting rolled up pretty regularly, I'm guessing they can't do much with it...

steelie34 wrote:

3. it could be a huge benefit to an enemy!  did you not read the article?  it has already provided an advantage to the insurgents, giving them the ability to know where we are and see the advance of friendly forces. 

all low altitude, surveillance uav flights need to be grounded until they encrypt the video feed.
Yes, I read the article. I also applied a bit of independent thought beyond the article. Our UAVs typically don't show our forces advancing--we know where our people are. All the bad guy can do is see the video feed--he can't control it.
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
2009-12-18 03:58:47
Catbox
forgiveness
+505|7003
the only benefit to the sky grabber software is that the insurgents get to see their own death on tv....
Love is the answer
2009-12-18 04:22:38
FEOS
Bellicose Yankee Air Pirate
+1,182|6697|'Murka

Catbox wrote:

the only benefit to the sky grabber software is that the insurgents get to see their own death on tv....
"Pull up the infidel video feed, Ali"

"Yes, Mustafa"

"That house looks familiar... Wave your arm, Ali"

"oh hai"

BOOM!
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
2009-12-18 04:24:23
Dilbert_X
The X stands for
+1,817|6392|eXtreme to the maX
Can't it just be encrypted in software? Wouldn't be too hard to change it daily either.
I have a bunch of stuff somewhere I still can't get the right CODEC for
Fuck Israel
2009-12-18 04:26:03
AussieReaper
( ͡° ͜ʖ ͡°)
+5,761|6439|what

Dilbert_X wrote:

Can't it just be encrypted in software? Wouldn't be too hard to change it daily either.
I have a bunch of stuff somewhere I still can't get the right CODEC for
But if you have to decode the transmission you won't get it in (close to) real time.
https://i.imgur.com/maVpUMN.png
2009-12-18 04:28:52
Dilbert_X
The X stands for
+1,817|6392|eXtreme to the maX

AussieReaper wrote:

Dilbert_X wrote:

Can't it just be encrypted in software? Wouldn't be too hard to change it daily either.
I have a bunch of stuff somewhere I still can't get the right CODEC for
But if you have to decode the transmission you won't get it in (close to) real time.
Wut? All (digital) cable TV goes through some kind of codec, same for streaming on the internetz AFAIK.
A few seconds delay would hardly be a problem.

Last edited by Dilbert_X (2009-12-18 04:30:23)

Fuck Israel
2009-12-18 04:29:51
FEOS
Bellicose Yankee Air Pirate
+1,182|6697|'Murka

Dilbert_X wrote:

Can't it just be encrypted in software? Wouldn't be too hard to change it daily either.
I have a bunch of stuff somewhere I still can't get the right CODEC for
That's what I was saying in my original response.

It's probably not a straightforward solution, though. When dealing with aircraft, it hardly ever is.
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
2009-12-18 04:31:17
Dilbert_X
The X stands for
+1,817|6392|eXtreme to the maX
Yeah, how is Lockheed going to charge zillions of dollars for a bit of code?
Fuck Israel
2009-12-18 04:37:51
FEOS
Bellicose Yankee Air Pirate
+1,182|6697|'Murka

Dilbert_X wrote:

Yeah, how is Lockheed going to charge zillions of dollars for a bit of code?
That is one way to look at it (Lockheed isn't the builder of the Pred, btw).

I was talking about just from an engineering perspective, developing and fielding that particular video link was fairly ingenious and certainly not easy to do. It wasn't originally part of the design, but was added in later when the UAVs started being integrated and providing more direct support to ground troops. So the video feed that originally went back via SATCOM to the control vans was now routed via line of sight radio to a special laptop on the ground (called ROVER). To account for bandwidth limitations for the radio types used, certain accommodations had to be made in the signal processing/transmission...probably why encryption via COTS and/or mil-spec solutions was problematic (bandwidth overhead, for one).
“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”
― Albert Einstein
Doing the popular thing is not always right. Doing the right thing is not always popular
2009-12-18 07:36:13
Jay
Bork! Bork! Bork!
+2,006|5645|London, England

steelie34 wrote:

i guess i just fail to see why software on the predator can't encrypt the data before sending it off, at which point the receiver can decrypt it.  maybe mil-spec is different, but why would they make something so horribly inefficient when they can use off-the-shelf software to do it?  ffs if i can host a vpn link over a wireless network you can't tell me a similar setup can't be devised for this.  all they need to do is encrypt the data before it's sent across the air.  if it's intercepted, it doesn't matter because it can't be easily decrypted, and this can happen quickly, on the fly.
Because ComSec keys change on a weekly basis and there's no guarantee that the people on the ground will have the updates. The military does not do OTAR updates unless absolutely, absolutely necessary. It's a security thing.
"Ah, you miserable creatures! You who think that you are so great! You who judge humanity to be so small! You who wish to reform everything! Why don't you reform yourselves? That task would be sufficient enough."
-Frederick Bastiat
2009-12-18 07:42:06
steelie34
pub hero!
+603|6668|the land of bourbon
i think the military is making it more difficult than they need to.  even a simple encryption protocol makes this system secure.  by the time it was intercepted/decrypted, the terrorists would be dead.

basically it wouldn't need to be re-keyed over the air, it could be done as part of a monthly update.  it doesn't have to be some crazy complex encryption algorithm.  bottom line is that even weak encryption is better than no encryption.

Last edited by steelie34 (2009-12-18 07:45:05)

https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png
2009-12-18 07:50:02
Jay
Bork! Bork! Bork!
+2,006|5645|London, England

steelie34 wrote:

i think the military is making it more difficult than they need to.  even a simple encryption protocol makes this system secure.  by the time it was intercepted/decrypted, the terrorists would be dead.

basically it wouldn't need to be re-keyed over the air, it could be done as part of a monthly update.  it doesn't have to be some crazy complex encryption algorithm.  bottom line is that even weak encryption is better than no encryption.
More difficult than they need? Lol. You need a Secret security clearance to even touch a ComSec device and need to be vetted once again when you apply for a ComSec Carrier card. I have mine if you want to see it :p
"Ah, you miserable creatures! You who think that you are so great! You who judge humanity to be so small! You who wish to reform everything! Why don't you reform yourselves? That task would be sufficient enough."
-Frederick Bastiat
2009-12-18 09:07:57
S.Lythberg
Mastermind
+429|6733|Chicago, IL
I can just imagine some Taliban guys booting up their laptop to check the feeds and seeing an aerial view of themselves...  boom

Hardcore cold war style encryption is too slow though, but a simple encryption is probably warranted here.
2009-12-18 09:28:49
mikkel
Member
+383|6888

JohnG@lt wrote:

steelie34 wrote:

i think the military is making it more difficult than they need to.  even a simple encryption protocol makes this system secure.  by the time it was intercepted/decrypted, the terrorists would be dead.

basically it wouldn't need to be re-keyed over the air, it could be done as part of a monthly update.  it doesn't have to be some crazy complex encryption algorithm.  bottom line is that even weak encryption is better than no encryption.
More difficult than they need? Lol. You need a Secret security clearance to even touch a ComSec device and need to be vetted once again when you apply for a ComSec Carrier card. I have mine if you want to see it :p
I think what steelie is trying to say is that applying off-the-shelf encryption solutions at what would likely be little expense could mitigate this vulnerability almost entirely. It seems odd to leave these feeds in cleartext.
2009-12-18 09:41:13
Jay
Bork! Bork! Bork!
+2,006|5645|London, England

mikkel wrote:

JohnG@lt wrote:

steelie34 wrote:

i think the military is making it more difficult than they need to.  even a simple encryption protocol makes this system secure.  by the time it was intercepted/decrypted, the terrorists would be dead.

basically it wouldn't need to be re-keyed over the air, it could be done as part of a monthly update.  it doesn't have to be some crazy complex encryption algorithm.  bottom line is that even weak encryption is better than no encryption.
More difficult than they need? Lol. You need a Secret security clearance to even touch a ComSec device and need to be vetted once again when you apply for a ComSec Carrier card. I have mine if you want to see it :p
I think what steelie is trying to say is that applying off-the-shelf encryption solutions at what would likely be little expense could mitigate this vulnerability almost entirely. It seems odd to leave these feeds in cleartext.
COTS means the bad guys can buy it and reverse engineer the code.
"Ah, you miserable creatures! You who think that you are so great! You who judge humanity to be so small! You who wish to reform everything! Why don't you reform yourselves? That task would be sufficient enough."
-Frederick Bastiat
2009-12-18 10:59:26
mikkel
Member
+383|6888

JohnG@lt wrote:

mikkel wrote:

JohnG@lt wrote:

More difficult than they need? Lol. You need a Secret security clearance to even touch a ComSec device and need to be vetted once again when you apply for a ComSec Carrier card. I have mine if you want to see it :p
I think what steelie is trying to say is that applying off-the-shelf encryption solutions at what would likely be little expense could mitigate this vulnerability almost entirely. It seems odd to leave these feeds in cleartext.
COTS means the bad guys can buy it and reverse engineer the code.
I think you're greatly misunderstanding encryption if you think that all publicly available encryption schemes are trivially defeated simply by virtue of being public. This is absolutely not the case. Almost all encryption schemes are publicly available with ample documentation and sample implementations.

Last edited by mikkel (2009-12-18 11:01:14)

2009-12-18 11:01:18
Jay
Bork! Bork! Bork!
+2,006|5645|London, England

mikkel wrote:

JohnG@lt wrote:

mikkel wrote:


I think what steelie is trying to say is that applying off-the-shelf encryption solutions at what would likely be little expense could mitigate this vulnerability almost entirely. It seems odd to leave these feeds in cleartext.
COTS means the bad guys can buy it and reverse engineer the code.
I think you're greatly misunderstanding encryption if you think that all publicly available encryption schemes are trivially defeated simply by virtue of being public. This is absolutely not the case.
I am undervaluing them, yes, and so does the military.
"Ah, you miserable creatures! You who think that you are so great! You who judge humanity to be so small! You who wish to reform everything! Why don't you reform yourselves? That task would be sufficient enough."
-Frederick Bastiat
2009-12-18 11:02:22
mikkel
Member
+383|6888

JohnG@lt wrote:

mikkel wrote:

JohnG@lt wrote:

COTS means the bad guys can buy it and reverse engineer the code.
I think you're greatly misunderstanding encryption if you think that all publicly available encryption schemes are trivially defeated simply by virtue of being public. This is absolutely not the case.
I am undervaluing them, yes, and so does the military.
No cryptologist, military or civilian, would "undervalue" them in the manner that you seem to do. On the contrary, the federal government mandates the use of 3DES, an entirely public and open algorithm, for many financial transactions such as ATM transactions, and considers it safe for use in securing sensitive government communication through to at least 2030. Seen in this context, I'm not entirely certain that your argument against encrypting cleartext video streams holds up to scrutiny.

Last edited by mikkel (2009-12-18 11:09:25)

 

Pages: 1 2 3 4

Board footer

Privacy Policy - © 2025 Jeff Minard