Most US Drones Still Beam Video Unencrypted 138
An anonymous reader writes "Four years after discovering that militants were tapping into drone video feeds, the U.S. military still hasn't secured the transmissions of more than half of its fleet of Predator and Reaper drones, Danger Room has learned. The majority of the aircraft still broadcast their classified video streams 'in the clear' — without encryption. With a minimal amount of equipment and know-how, militants can see what America's drones see."
So what? (Score:2, Insightful)
So what if the video is transmitted in the clear? What does that get you...
- against a sophisticated enemy? They already know you're there (radar, DF on the transmitted signal). You're flying around in a racetrack centered on your target, so even without the video they know roughly what you're looking at. Problem is solved by an enemy air-to-air missile, or they ignore you and watch you watching them.
- against an unsophisticated enemy? They don't even know to look for the signal in the first place.
- against an enemy marginally capable of receiving the video signal? Use more channels, change encoding schemes so that COTS equipment can't pick it up so easily. Or yeah, encode it. But encoding video is fairly difficult considering the need to do it in realtime with limited processing capability and no tolerance for latency (and this is the real reason video is still transmitted in the clear - it's expensive to do anything but!). Or embrace it. Maybe your enemy can see you watching him - that can be played to an advantage.
Re:Any technical details? (Score:5, Insightful)
Encryption, real time, and noisy signals don't mix well. This isn't a youtube video in which the client can request that the server resend a packet that contained an error. Unencrypted video streams are fairly error tolerant as an error will only manifest itself as a slight artifact for a few short frames. Strong encryption schemes are not error tolerant, a non-correctable error would result in one or more blocks of data being entirely unusable.
A stream cipher could be used instead of a block cipher but a stream cipher presents added difficulties in that not only would the bitwise/bytewise encrypted transmission (as opposed to blockwise) have to be tracked, but it would have to be tracked in sync with a key. If the key repeats, it can be determined with a little bit of work in the same fashion that an RC4 key can be determined to break into WEP protected networks.
Breach of Privacy! (Score:3, Insightful)
You misunderstand (Score:5, Insightful)
You misunderstand. Pinhedd is saying that with an unencrypted signal .. unlike a digital encrypted signal .. if the signal is weak and lossy you can still see usable information.. it may have image noise .. but you'll be able to make out rough outlines. But if the signal is encrypted .. with most forms of encryption you either get a perfect imagery or nothing. Either you will see a clear image or random total image noise. If you make the signal more resilient to noise, the weaker the encryption quality. This also means you lose out on range too since you need a clear strong signal.
We need better ways to encrypt.
Re:Breach of Privacy! (Score:4, Insightful)
We've always been at war with Eurasia.
Freedom is slavery.
Weakness is strength.
Re:You misunderstand (Score:5, Insightful)
Use a reliable strongly encrypted side-channel for controlling crypto of the primary channel.
Use a "one-time pad" for the video channel used as a "multi-time pad instead", XOR each block by a random value preloaded on both sender and receiver, each block also XOR'ed by a value negotiated over an encrypted control channel protected with a shared key, pick a new XOR value every 10 - 20 seconds to transmit over the encrypted channel, for the next N seconds of video, and a number of One time PAD bits to skip in the transmission, also transmit a value indicating a pattern for a certain number of 'extra' bits of noise or false signal to be included --- possibly a FALSE unencrypted video stream transmitted alongside the real one.
Include enough "one time pad" / random data stored on a memory card, for 18 - 24 hours of video, then recycle the pad.
One time pads are resilient against 'noise' because they result in the same number of bits noise in the output.
The non-sophisticated adversaries are not likely to defeat even an imperfect implementation. Strictly speaking, any reuse or multiple use of a one time pad makes the stream immediately decipherable by a potential adversary, who has successfully recorded enough ciphertext encoded with the same pad bits, in that they can determine parts of the one time pad.
The possible range of original plaintext for video are much larger than readable human language -- any arbitrary value. Even with simple 'scramble every bit by XORing it with a fixed value' will be extremely tough for unsophisticated adversaries, trying lots of XOR values to decrypt is easy -- ANALYZING the output of every value that you try, requires an adversary to have some serious computer vision technology, to decide if the output of each attempted value is the video stream being searched for or not.
However, 'skipping' a certain number of pad bits, for every transmission, introduces unpredictability, and means only a proportion of bits in a frame might be reused, that requires an adversary not only have more than 48hours recorded data but also conduct complex difficult matching, in the process of trying to figure out which bits might be reused --- only a percentage of bits in the transmission may be reused, and by the time they have conducted the search, the drone's mission is done.
XOR'ing every block over a period of time by the same reference block, is also immediately decipherable by an adversary, who can conduct an analysis to figure out what the XOR block is.
However, combining XOR with a "one time" or "multi use" pad, significantly complicates the process of attempting to figure out the XOR key. No analysis of that is possible without first figuring out the random pad data of a block.
And the simple / militant adversaries, are not likely to break any level of encryption. Or at least, if they do, by the time they were able to decode the video stream: again, the mission will already be over by the time they get it.
And they are in no better position to decode the next video stream (assuming new keys and random pads are loaded on every drone, before its next mission).