Hacker News new | ask | show | jobs
by londons_explore 2 hours ago
Your satellite doesn't want to be sending out lots of different signals - due to a limited power budget.

So you have to send out one (or maybe a couple) of signals protected by a key.

Yes, you can distribute that key individually to clients using public key cryptography over the same link (and many services like pay TV do exactly that).

But fundamentally any client who is able to decrypt the main stream can also share the key with someone evil who can use that info to jam the same stream.
1 comments
mjmas 2 hours ago
> jam the same stream.

To add to that, other people won't be able to spoof the original stream (as that needs the private key), but instead only jam it.

It would be the same failure mode as SSL certificates.

link
londons_explore 52 minutes ago
In the case of gnss systems, you can also spoof the stream, since the interesting bit of the stream is not the data contained inside, but instead the relative time of arrival of different streams from different satellites.

An attacker can record the streams and replay them milliseconds later.

A client can protect against this if they have an atomic clock, but that's only for clients willing to pay a decent amount.

link