Digital Telephony Act
Whats going to happen when direct satellite phone service becomes a reality ( as in the joint Loral/Qualcomm effort ) ? When one notes that it is difficult to impossible to prevent service stealing in the cellular environment, how will it be prevented in direct broadcast? It might not be possible to detect unauthorized encryption schemes without direct monitoring. Do the Feds think this is can be won?
David Koontz writes:
Whats going to happen when direct satellite phone service becomes a reality ( as in the joint Loral/Qualcomm effort ) ?
And don't forget "Teledesic," the 800-satellite (or something huge) project of Bill Gates and McCaw Cellular. Graham Toal discussed this recently in a post on software key escrow and Microsoft's possible involvement in SKE. Teledesic plans to enter the data/voice market, so any mandate for wiretapping would impinge on them. (End-to-end encryption, as with PGP, bypasses this....the great Unresolved Question has always been how all these proposed schemes will deal with end-to-end encryption, aka "superencryption.")
When one notes that it is difficult to impossible to prevent service stealing in the cellular environment, how will it be prevented in direct broadcast?
It might not be possible to detect unauthorized encryption schemes without direct monitoring.
Do the Feds think this is can be won?
Should the Surveillance State not be thwarted (via contributions of technology from groups like ours), I can imagine all sorts of draconian laws about encryption, demands that cleartext be produced on demand, etc. Suspicion of "structuring" communications to evade the intent of the law may be enough to trigger sanctions. But this is what we're here to fight. Deploying technology ubiquitously is more important than writing letters to Congressrodents. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
On Aug 9, 12:37pm, Timothy C. May wrote:
And don't forget "Teledesic," the 800-satellite (or something huge) project of Bill Gates and McCaw Cellular. Graham Toal discussed this recently in a post on software key escrow and Microsoft's possible involvement in SKE.
One of the things which has to be worrying the spooks right now is that communications in general is swiftly becoming an international business, and much less susceptible to parochial arm-twisting. The days of the Black Chamber when the cable companies bosses could be talked into releasing telegrams for the good of their country are receeding into the distance, and this really must worry the TLA's we all have come to know and love. None of this is news for any of us. I have often felt that bills like Digital Telephony have a much deeper motive, in that although they seem a lot less than justifiable now, it may be that the spooks are trying to beat the technology and have a surveillance infrastructure in place simply so that it's existance can either frustrate or influence the structure of international communications infrastructure. It would he hard for any country to demand the inclusion of monitoring facilities in a new system, but it is MUCH easier for them to point out that the new system really should be able to provide the same "law enforcement" facilities as the existing infrastructure does. Just an idle thought. Ian.
Whats going to happen when direct satellite phone service becomes a reality ( as in the joint Loral/Qualcomm effort ) ?
[...]
Do the Feds think this is can be won?
There is a clause in the Digital Telephony Act that states that the wiretapping requirements are waived if the technology is fundementally unable to provide this service to law enforcement due to it's design. This little bit leads me to believe that we might see telco designers putting a bit of effort to make the designs untappable from the start to get around such requirements if there is a market for it. It was probably put in for sats and wireless services, but in the right hands it might be a useful loophole to drive a crypto truck through... jim
On Tue, 9 Aug 1994, David Koontz wrote:
Whats going to happen when direct satellite phone service becomes a reality ( as in the joint Loral/Qualcomm effort ) ?
When one notes that it is difficult to impossible to prevent service stealing in the cellular environment, how will it be prevented in direct broadcast?
It might not be possible to detect unauthorized encryption schemes without direct monitoring.
Do the Feds think this is can be won?
I am currently working on the IRIDIUM(r) effort. IRIDIUM is an international consortium which will fly 66 (+spares) satellites in polar orbits to achieve a global space-based cellular phone system. It is significant that *ALL* government involvement from *ANY* government or agency is being avoided by the IRIDIUM consortium. This is just good business: Who in another country wants to use a system that they know will be monitored in some secret way by their own or some other country's intelligence service? Instead, no encryption will be included in the mission (telephone) data portion of the IRIDIUM system. If a subscriber wants to use their own crypto-system on top of the basic communication service provided by the system, that is up to them. On the other hand, if no encryption is provided by the subscriber, anyone can listen into their conversations. As to preventing unauthorized use of the system, I know less. While it would be relatively easy and cheap to use any of our well known authentication protocols with strong crypto to prevent such crimes, I don't know if its use as a standard part of the system is planned. Finger lrh@crl.com for PGP 2.4 Public Key Block.
Whats going to happen when direct satellite phone service becomes a reality ( as in the joint Loral/Qualcomm effort ) ?
When one notes that it is difficult to impossible to prevent service stealing in the cellular environment, how will it be prevented in direct broadcast?
My understanding of both IRIDIUM and the Loral effort are that the satellite will be used to directly connect a remote user to a ground based MTSO (switch) which will actually route the call out over land lines or another satellite link. This implies that the satellite is not being used as a classical bent-pipe repeater linking the transmitter of one satellite phone to the receiver of another, but rather as a space born cell-site linked to the MTSO via a separate radio system on a completely different frequency band not unlike the terrestrial microwave links that link most cell sites to the current MTSOs. This means that there is no way for a mobile satellite user to bypass the switch and use the satellite directly to relay his communications to another satellite phone, just as there is no way in the current analog AMPS/NAMPS cellphone system for a user on one cellphone to talk directly to another cellphone without going through a cell site relay and the MTSO switch. Thus the switch can always serve as a gateway authenticating users, and providing billing and access control services. Even in the more advanced concepts in which the satellite actually does some measure of on-board switching between the mobile terminal uplinks and downlinks, this switching is almost certainly going to be controlled and managed from the ground even if the actual traffic path goes only through one or more satellites. And hopefully, someone has already thought of the problem of a user of a satellite switched link having his direct satellite link taken over by a higher powered bad guy perhaps only for a few seconds to transmit a burst of data to a confederate monitoring the downlink. Thus the problem of satellite phone access security is not very different from the problem of current terrestrial cell phone access security - namely that a remote user coming from somewhere out there and preporting to be a legitimate subscriber requests a connection over a very unsecure link subject to both easy monitoring and various kinds of spoofing. Obviously this is a very natural place to apply cryptographic authentication technology such as zero knowlage proofs. As most of you are no doubt aware, the problems with fraud in the current AMPS cellular system in the US are due to a very bad design decision 15-20 years ago to not use some form of strong encryption of the authentication exchanges between the mobile phone and the switch. Instead all of these take place completely in the clear, including transmission of the ESN (electronic serial number) which is the only trully unique ID a cellphone contains. Thus anyone with trivially simple equipment (basically a scanner and a PC and a very simple interface card) can determine the ESN and MIN (telephone number) of someone elses cellphone by listening in to its tranmissions and use these to make fraudulant calls charged to that number. Had the designers of the system simply cbc DES encrypted these messages under a fixed cell or system wide key, most of this fraud would have been too difficult for all but those with much better things to do with their time and resources to attempt (assuming some elementary common sense in the design of the message formats to thwart simple replay attacks). One suspects that these kinds of fraud in a cellphone system designed using the concepts well known now for proper crytographic authentication and resistance to spoofing and replay attacks would be so rare as to be unimportant compared to other losses. In such a system security of the authentication information would no doubt be the major risk, as the designers of the European GSM system seem to indicate with their choice of a removable smartcard security module (token) that can be carried on one's person.
It might not be possible to detect unauthorized encryption schemes without direct monitoring. Do the Feds think this is can be won?
I don't imagine it is ever possible to detect unauthorized encryption without direct monitoring. And for data transmission as opposed to voice, this is a very hard problem since some considerable fraction of data transmitted is such things as compressed binaries and images and things in unusual formats which don't lend themselves to easy automatic recognition at low cost. Dave Emery
On Wed, 10 Aug 1994, Dave Emery wrote:
My understanding of both IRIDIUM and the Loral effort are that the satellite will be used to directly connect a remote user to a ground based MTSO (switch) which will actually route the call out over land lines or another satellite link. This implies that the satellite is not being used as a classical bent-pipe repeater linking the transmitter of one satellite phone to the receiver of another, but rather as a space born cell-site linked to the MTSO via a separate radio system on a completely different frequency band not unlike the terrestrial microwave links that link most cell sites to the current MTSOs.
This means that there is no way for a mobile satellite user to bypass the switch and use the satellite directly to relay his communications to another satellite phone, just as there is no way in the current analog AMPS/NAMPS cellphone system for a user on one cellphone to talk directly to another cellphone without going through a cell site relay and the MTSO switch. Thus the switch can always serve as a gateway authenticating users, and providing billing and access control services. Dave Emery
Your understanding of how IRIDIUM(r) will work is incorrect. It most certainly WILL be the NORMAL operating mode for a subscriber unit (cell phone, if you will) to talk to another subscriber unit by only going through satellite links. The caller will be authenticated via a "home" equivalent to the MTSO switch, but the call itself will NOT go through the switch (or any other) unless it is to a phone number which is not a subscriber unit. ONLY in that case will the call be routed through the MTSO equivalent. Your thoughts about caller authentication are correct. I don't know if IRIDIUM is planning to do this correctly or not. Lyman Finger lrh@crl.com for PGP 2.7 Public Key Block.
On Wed, 10 Aug 1994, Dave Emery wrote:
Dave Emery
Your understanding of how IRIDIUM(r) will work is incorrect. It most certainly WILL be the NORMAL operating mode for a subscriber unit (cell phone, if you will) to talk to another subscriber unit by only going through satellite links. The caller will be authenticated via a "home" equivalent to the MTSO switch, but the call itself will NOT go through the switch (or any other) unless it is to a phone number which is not a subscriber unit. ONLY in that case will the call be routed through the MTSO equivalent.
Thanks for the correction - there is not a lot published about the system that I'm aware of (at least in technical journals I see) so I'm apparently out of date on how the current system works. But your qualification about going to a phone number which is not a subscriber is a very big one. No doubt IRIDIUM service will cost more per minute than some current ripoff prime time AMPS cellular costs and even perhaps in the outrageous INMARSAT ($>6.00 minute) range and is unlikely to replace all but a small fraction of current wired phones and terrestrial cell phones, let alone the hordes of PCS and cable company phone connections coming in the near future. So on a statistical basis an IRIDIUM subscriber is rather unlikely to be calling another IRIDIUM subscriber. I will grant you that if IRIDIUM becomes competitive in remote areas that a certain amount of remote area to nearby remote area traffic will be IRIDIUM transported, but my guess is that nevertheless most IRIDIUM traffic will be to numbers outside the system and thus go via the MTSO equivalent. This does raise the point, however, about what the IRIDIUM system plans to do about pirates who wait for an IRIDIUM to IRIDIUM call to set up and then take over the uplink with higher power (probably just using high gain steerable antennas would do this fine) and talk on someone else's nickel. I imagine that if the satellite actually demodulates the digital voice/data stream to baseband and switches it as digital data rather than rf that it would be possible to incorperate cryptographic authentication of the packets and have the satellite borne switch check all its packet streams for valid user id. But of course this adds a weight and power penalty to the satellites... Do you know if this problem been thought of and addressed or is it being assumed to be as impossible as AMPS cellular spoofing apparently seemed to be to the developers of that system ?
Your thoughts about caller authentication are correct. I don't know if IRIDIUM is planning to do this correctly or not.
It had better. Dave Emery
participants (6)
-
die@pig.jjm.com -
Ian Farquhar -
koontzd@lrcs.loral.com -
Lyman Hazelton -
mccoy@io.com -
tcmay@netcom.com