Yep. Especially because Traveller canon offers only two basic grades of computer -- TRS-80 and malevolent AI -- current cryptographic approaches should still work just fine in the 57th century. :)

James, I like the idea of baking in the transmit time as a proof of freshness. As a supplement, you can do a handshake, where traffic control transmits an encrypted challenge containing e.g. a list of numbers, with the encrypted reply containing e.g their sum and product. (The real system would be more sophisticated, but that's the basic idea.) If you handshake back and forth on each transmission -- each side gives the other side a problem to solve as part of each encrypted transmission, and each reply contains the solution plus a new problem to solve -- you can completely eliminate replay attacks. This simple design requires half-duplex communication (one side talks at a time), but there are relatively straightforward ways to extend that idea to cover full-duplex communication.

However, you do also need the shipping registry with public keys for known ships. Otherwise, you can jump in and say you're anybody. I can easily imagine distribution of the shipping registry Imperium-wide as being one of the functions of the XBoat network. Presumably this information is shared across friendly borders, too. Anybody who shows up in a reasonably capable system with an unknown public key is going to get lots of extra attention from traffic control, and possibly other agencies. :>

On Tue, Apr 2, 2019 at 1:12 PM Bill Rutherford <xxxxxx@comcast.net> wrote:

Catherine, James,

++Good!

My going in position was that whatever the improvements in cracking things, improvements in security would keep pace and in Traveller they MUST have kept pace or the sanctity of a transponder in normal play wouldn't exist.

And you've provided good 21st century arguments to support it.

Tx!

- Bill

At 01:48 PM 4/2/2019, you wrote:

Beat me to it! ;^D

I was going to suggest a similar system where the transponder holds the key pair, encrypts a block of information including the ship's ID, registered name, any other relevant information and the current date and time. It then broadcasts the public key and the encrypted data. The transponder would automatically synchronise its clock with the master clock at any star port when you docked thereÂ (and a simple addition to the standard information block would be when and where that had last been done).

You can record the signal if you want, but any recipient would be immediately aware that it was an out-of-date one and therefore suspect.

On Tue, 2 Apr 2019 17:38 Catherine Berry, <xxxxxx@gmail.com> wrote:

It would be pretty easy to design a hard-to-spoof system using public key cryptography. Each ship and traffic control system broadcasts its public key. Signals in either direction are encrypted using the public key, and decrypted using the private key. Combine that with a wide distribution system for known public keys (presumably as part of the shipping registry) and it's trivial to authenticate that anyone is either (a) who they say they are, or (b) obtained the private key of the entity they're pretending to be. Grabbing private keys and outrunning their invalidation update message might be a good motive for piracy or espionage.

Note that this removes the need for a sealed black-box transponder. Everything can be open and accessible. The private key and the subsystem that handles encryption/decryption are the only things that need to be carefully protected.

On Tue, Apr 2, 2019 at 6:14 AM Bill Rutherford <xxxxxx@comcast.net> wrote:

All,

In canon, can a ship record another ship's transponder broadcast, and

rebroadcast it, essentially taking over that ship's identity?

I've found very little online and the only printed reference that

discusses it much at all is the Starship Operator's Manual Vol 1,

published by Digest Group back in 1988.Â Their "short version" is

that the transponder is in an essentially unbreakable black box that

requires a licensed technician to reprogram (i.e. change the signal

being sent).

One of my players is intent on sending a bogus transponder signal but

doesn't want to go so far as altering the black box.Â His plan is

"harvest" a transponder signal sent by a random ship after turning

off his own ship's black box.

So - back to my original question, would this work?

One obstacle I can think of would be if the transponder sends some

sort of authentication code based on a "seed" of some sort (kind of

like the way a Symantec cybertoken uses a random number seed only

elsewhere held on a Symantec server somewhere) which would be more

difficult than most would be willing to deal with - to duplicate.

What other obstacles, other than saying "That's now how they

work!Â You cannot rebroadcast somebody else's transponder signal

because the Imperium, in their wisdom, incorporated handwavium into

the transponder that precludes this sort of thing" might there be?

In advance, thanks!

Bill Rutherford

xxxxxx@comcast.net

-----

The Traveller Mailing List

Archives at http://archives.simplelists.com/tml

Report problems to xxxxxx@simplelists.com

To unsubscribe from this list please go to

http://archives.simplelists.com

--

"What is now proved was once only imagined." - William Blake

-----

The Traveller Mailing List

Archives at http://archives.simplelists.com/tml

Report problems to xxxxxx@simplelists.com

To unsubscribe from this list please go to

http://archives.simplelists.com

-----
The Traveller Mailing List
Archives at http://archives.simplelists.com/tml
Report problems to xxxxxx@simplelists.com
To unsubscribe from this list please go to
http://archives.simplelists.com

Bill Rutherford
xxxxxx@comcast.net

-----
The Traveller Mailing List
Archives at http://archives.simplelists.com/tml
Report problems to xxxxxx@simplelists.com
To unsubscribe from this list please go to
http://www.simplelists.com/confirm.php?u=PltOdItWBSgOP4y0Q6abkGbDI1eus0lz