Ok, thanks for that Corey. Very interesting. We may not be susceptible to the length extension attack vulnerability though. If I understand correctly, then a message sent as: Hash( key + "Watch the enemy") could be manipulated to Hash(key + "Watch the enemy and attack them after 5 mins"), without knowing the key. But our commands are fixed at 18 bytes length (for now at least). So any extra appended message would be ignored. With that said, it may not be much harder to implement the scheme as described.
Burms, just FYI. We discussed the authentication approach a bit last night and the fact that I could get the SHA hash function to work but could not get the AES encryption to work (in the ground station). Probably because I don't understand the exact flavor of AES that has been used.. Corey has seen another scheme in other projects that does not use encryption. It appends the key to the message and then calculates the hash. The message and hash are then sent without the key. The satellite then appends its own copy of the key to the message and calculates the hash to make sure it is an authentic message.
The possible advantages of that scheme are that there is less calculation on the satellite (no AES) and it may not need the carve out to allow encryption of part of the Amateur Radio message - given that no encryption is used. It might then allow the satellite to be used in other settings, such as by a local club, without needing the carve out for encryption. Of course perhaps the regulators would still see the SHA hash function as "encrypted". I don't know.
73 Chris
On Fri, Sep 15, 2023 at 10:06 AM Corey Minyard via pacsat-dev < pacsat-dev@amsat.org> wrote:
I was going through my head trying to remember stuff about this, and I realized that just combining the key and message has some weaknesses. That nagging feeling in the back of your brain. Here's the more secure way to do it:
https://en.wikipedia.org/wiki/HMAC
-corey - AE5KM
pacsat-dev mailing list -- pacsat-dev@amsat.org View archives of this mailing list at https://mailman.amsat.org/hyperkitty/list/pacsat-dev@amsat.org To unsubscribe send an email to pacsat-dev-leave@amsat.org Manage all of your AMSAT-NA mailing list preferences at https://mailman.amsat.org