Cracking the GPS Galileo Satellite

Glyn writes "Newswise is reporting the the encryption in the Galileo GPS signal has been broken. The pseudo random number generator used to obscure the information stored in the Galileo GPS signal has been broken. From the article: 'Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.'"

Galileo != GPS

[matt4077 (581118)]

Galileo is the European System, GPS is the American. "GPS" is kind of generic, so I guess it's going to be the name for the whole category, but I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.

Re:Galileo != GPS

[by Anonymous Coward]

> I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.

There is: the "American GPS" is named NAVSTAR according to this site [kowoma.de]

Well, don't forget the third "GPS"

[Tavor (845700)]

Not many people remember it, but there was a third competing system for Global Positioning.
GLObal NAvigation Satellite System [wikipedia.org]
Started by the Soviets, cont. by the Russian Federation, and now with India on board,it is expected to be fully operational again in 2008. (Like all things expected to be complete in 1991, the money situation made them push it back further than Vista.)

Re:Galileo != GPS

[Tugrik (158279)]

If you want to get technical, the "American" system is called NAVSTAR GPS, which stands for NAVigation Signal Timing And Ranging Global Positioning System.

Re:Galileo != GPS

[Professor_UNIX (867045)]

I'd be nice if we could use something different to distingish between "some" GPS and the "American" GPS.

To paraphrase Michael Bolton, "Why doesn't he change his name, he's the one that sucks!"

Re:Galileo != GPS

[HuguesT (84078)]

Actually NAVSTAR is not the only one available. The Russians also have a satellite navigation system called GLONASS [wikipedia.org]. GLONASS is purely military, AFAIK, but has been in operation since the 80s.

Encryption

[by Anonymous Coward]

AFAIK the PRNs are not really encryption keys. They're merely a technical detail that can be kept secret. GPS and Galileo are spread spectrum applications and the PRNs define the way the signal is spread. If you don't know the spreading function, you can't tell the (unencrypted) signal from the noise. It's really security by obscurity.

Re:Encryption

[FireFury03 (653718)]

It's really security by obscurity.

It's not really intended to be security anyway - everyone knows the normal NAVSTAR, WAAS and EGNOS PRNs (you have to in order to use the services) - the PRNs are used to differentiate between individual satellites, which all transmit on the same frequencies. I guess they just decided not to publish the Galileo PRNs until they'd got further into the project.

Re:Encryption

[cptgrudge (177113)]

The paper is wrong. It says so on Slashdot.

Offtopic but....

[rolfwind (528248)]

Afraid that cracking the code might have been copyright infringement, Psiaki's group consulted with Cornell's university counsel. "We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the encryption used by a navigation signal is fair game," said Psiaki.

Sigh, how did READING the bits on your own CDs/DVDs ever become illegal? Freedom of speech implies a freedom to read what you want. (Yes, I understand the DMCA, but I'm still in shock - I always considered laws making it illegal to read "signals", etcetera "not intended for you" very British but very unAmerican. And I say British because I'm getting those quotes from British laws circa WW2 and probably before.)

Props to Cornell.

much ado about nothing

[tonigonenstein (912347)]

The article is inacurate and makes a big deal about nothing (BTW did you notice it was written by a guy from Cornell ?) First, Galileo is not ready yet. The article claim they plan to charge for the keys. This is plain wrong, the base precision signal (which is the one we are talking about) will be available free of charge. The system is simply in testing phase right now and they don't want anyone playing with it, that's all. Second, this PRN sequence is not supposed to be difficult to crack at all, since it will actually be made public in time. This is in no way an achievement. It is was the high precision signal, this would be another matter.

Two Interesting Points

[FrankDrebin (238464)]

1. The Cornell team anaylzed signals from a demonstration satellite that by itself is not useful for navigation, and according to the documentation transmits the same power-envelope, but not the same PRN's, as the operational system.
2. According to Cornell's lawyers, the DMCA was not a concern because navigation data is not, and cannot be, copyrighted.

Get your filthy American hands off our data!

[by Anonymous Coward]

If a European tried doing something like this with a US GPS satellite, they'd get arrested for being a terrorist long before they had chance to write a paper on it.

Re:Nope

[FireFury03 (653718)]

No, the US doesn't like the Euro Gallileo, because as far as we know, they lack the ability to block, or change the signal.

This is not true (anymore). ISTR the sequence of events went something like:

1. EU announced Gallileo
2. US started complaining that they didn't see why the EU wanted to do this since there was an already perfectly good GPS system in operation.
3. EU pointed out that NAVSTAR is under the control of the US millitary and they didn't trust the US not to turn it off or "adjust" it
4. US said that this wou

Re:Nope

[FireFury03 (653718)]

I would venture to say that disabling GPS, at this point, would cause more economic damage in the short term than a medium-sized war.

I dare say that turning off or seriously degrading GPS would cause a few deaths too. That said, it wouldn't be the first stupid thing governments and millitaries have done. I would much prefer to get my positining data from a variety of sources, not just a single millitary system, that way no one organisation could decide to pull the plug. Also, ESA aren't millitary, so usi

What about firmware upgrade ?

[i-neo (176120)]

Cornell demonstration is pretty useless.

First Galileo is only in testing phase, therefore nothing tells you the signal encryption they are using is the definitive one. I would rather think they are testing and they don't care if someone is getting it.

Second have you ever heard of firmware upgrade ? I guess encryption will be updated when the satelites will be in production, and there will not be any problem since it is not being used in any device yet.

Thank you Cornell people for this useless article. Another Cornell box ?

Amateur Galileo receiver?

[Goonie (8651)]

If I read this, and the GPS [wikipedia.org] article in the Wikipedia, it would now be possible to build a Galileo system out of off-the-shelf parts and some moderately clever software. Is this the case, or is there something I'm missing?

Re:Amateur Galileo receiver?

[HuguesT (84078)]

Yes, you are missing the fact that there is only one Galileo satellite in orbit right now, and this one doesn't include all the technology that will make Galileo an interesting system, namely the high-precision onboard atomic clock. In all generality you need timings from at least 4 different satellites visible from everywhere to be able to locate a point in 3D. This means about 12 at a base minimum must be in orbit for the system to be useful. The final system will have 30.

The current sole Galileo system in orbit is a test system. The final systems will be significantly different.

 

How about the US GPS encrypted channels?

[KDN (3283)]

The US GPS system also has two encrypted channels, P1 and P2, which use undocumented PRN generators (or at least I've never found them). Has anyone ever cracked them? The CA signal is what the civilian systems use.

Re:How about the US GPS encrypted channels?

[steve_l (109732)]

I think the US encryption system changes on a regular (monthly?) basis; you need new keys in your receiver. So even if you manage to pick up an military GPS rx on ebay or somewhere else, you wont get the military fix.

which is a pity -apparently it works better under tree cover than civilian GPS.

Re:How about the US GPS encrypted channels?

[Vreejack (68778)]

NAVSTAR encryption serves two purposes, reduction of precision for outsiders and anti-jamming. Bill Clinton removed the precision constraints, but the anti-spoofing/jamming codes are changed very often.

Two caveats: the anti-jam/spoof feature can improve reception in areas of high interference caused by physical geometry (reflective surfaces, for example), and the US gov. can always cripple precision in local areas if it wishes (e.g., Baghdad).

Isnt That Illegal?

[omegashenron (942375)]

Given that these codes are in place to sell premium products to consumers and recoup the investment made with putting the satellites in orbit - how is this any different to breaking codes for satellite TV and/or DRM?

I really hope the folks at Cornell start working on something that would have a legitimate use such as the ability to make a backup of a legally purchased HD-DVD movie... oh wait... that would be illegal :-(

Legal second opinion (from an engineer)

[justthisdude (779510)]

I'm no big fan of copyright, but I think Cornell needs a better lawyer. Clearly, no one can copyright a location (although this would make for a great scene: "Where am I?" "I can't tell you; it's copyrighted." I bet Dick Cheney is already drooling, but I digress). What they are protecting is the output signal from their satellites' atomic clocks, and measurements of their exact orbits. A mobile device computes its own position by comparing path delays to themselves from many satellites' known locations. The timing signal and satellite ephemeris are creative content that can be protected just like a map or satellite picture can be copyrighted, while the location depicted isn't. TFA compares decoding the timing signal to looking at a lighthouse and deducing your own position, which is clearly free. That same arguement would support decoding satellite signals of CNN to deduce world events. World events are clearly free, but the video isn't.

A stronger arguement can be made: since they have agreed to make the codes open source they have no right to enforce copyright. You just can't say they aren't creating anything.

Algorithm is being replaced

[joshua42 (103889)]

Acoording to a friend working on the Galileo project they came up with a new encryption algorithm specification a week ago. Quite annoying with such changes this late in the project, they thought. I guess this news kind of explains it.

Re:and North Korean rocket scientists appreciate t

[by Anonymous Coward]

Why? So they know where exactly their rocket was when it failed? Don't you think that positioning a nuclear bomb with sub meter precision is a little too control-freakish?

Accuracy not critical with nukes on soft targets

[Goonie (8651)]

You don't need sub-metre accuracy to be lethal with an ICBM tipped with a nuclear warhead. Land a rocket with a nuke within five miles of here [google.com], here [google.com], or here [google.com] and you kill tens, probably hundreds of thousands of people.

Or, alternatively, you could just about hit here [google.com] with a trebuchet from North Korea, and there are 11 million people there.

North Korean nuclear strategy is likely to revolve around killing lots of people, not taking out hardened military targets with precision weapons. For that, accuracy me

Re:Accuracy not critical with nukes on soft target

[Znork (31774)]

"North Korean nuclear strategy"

Actually, like most such strategies, North Korean nuclear strategy is most likely to revolve around not having to actually fire such weapons; if you at any point need to actually launch, you've already lost, they can only be used to make the enemy and the rest of the world lose too.

Taken to the natural conclusion, see the Dr Strangelove version of Doomsday Machine. No precision needed at all, and you dont even need a trebuchet.

Re:Accuracy not critical with nukes on soft target

[Jah-Wren Ryel (80510)]

The assumption is that the North Korean government is sane.

Lol! I was just going to post a joke about how we are suppossed to believe the standard demonization that our enemy is a "madman."

I seriously doubt any government that systematically starves its own people to death over a few decades would have any trouble watching the same people die in a "glorious" fire.

You should doubt it.

Only in movies do insane people end up runnning countries. Letting the population starve is not a symptom of insanity - it is a symptom of a ruling class lacking accountability to the citizens.

The North Koreans are not insane, they just have a different perspective than the one our news media feeds us. Were Bush and Rumsfeld insane because they ignored counsel from the pentagon about how securing Iraq would require 2x-3x more troops than they wanted to allocate? No, they just saw the facts differently - incorrect they were, but not insane.

Same thing goes for North Korea's government. For example - they still consider themselves to be at war, no truce was ever signed - only an armistice which is just a little bit stronger than a "cease fire." To an American, 10,000 miles away, it sure seems like the korean war is over - but anyone who gets near the DMZ and sees the patrols on both sides (or has even just seen the movie Joint Security Area), it isn't so clear any more. North Korea has always felt like it needs to be prepared for an attack at any time and has thus kept its military at a full state of rediness.

North Korea has made a lot of dumb decisions, but that doesn't mean they are insane any more than Bush's (mis)handling of the war in Iraq means he is insane.

Re:and North Korean rocket scientists appreciate t

[Zemran (3101)]

They have to learn to make them fly before they worry about where they land...

Re:and North Korean rocket scientists appreciate t

[feyhunde (700477)]

For a nuclear warhead, traditional GPS' 5m-accuracy should be quite sufficient. It's not like they'd be trying to avoid "collateral damage"

In wartime the US can, will and does turn off the GPS in the warzone. Galilieo isn't under the same controls, and for that reason is popular with some governments for their guided weapons programs. Further, the civilian GPS receivers still have certain height and velocity restrictions artificially put in by the US to prevent guided missile uses. Only recently was an ag

Re:uncrackable encryption

[Groo Wanderer (180806)]

"But anyway, there is no such thing as an encryption scheme that cannot be cracked. It is just a matter on how much time it will take to crack it.
Encryption will always be crackable, we are just playing with the fact it would take 512 or so years to crack a particular scheme with the actual technology."

Actually, there is almost no encryption scheme that can stand up for a weekend to the 'suitcase full of cash' cracking methodology.

                -Charlie

Re:uncrackable encryption

[Gorath99 (746654)]

I fact, that is pretty much the only attack that will work against a correct implementation of OTP [wikipedia.org], an encryption scheme that actually is unbreakable (though rather unpractical for most applications).

Re:uncrackable encryption

[Nutria (679911)]

I fact, that is pretty much the only attack that will work against a correct implementation of OTP

Rubber-hose decryption works well, too.

Re:uncrackable encryption

[arivanov (12034)]

So does Sodium Pentothal though sometimes there are decryption errors. If there is more time there is a guaranteed decryption scheme known as "heroin once a day for a week, followed no more heroin until you tell the key".

Re:uncrackable encryption

[Gorath99 (746654)]

Actually, there is no way to proof there is an encryption scheme that cannot be cracked.

There isn't? Proof it! ;-)

Seriously, there are ways. The reason most encryption schemes can at least be brute forced is that for any given ciphertext, there are very few possble sensible (non-garbage) plaintexts. So, if you try all possible keys and look at all the resulting plaintexts, the one that is sensible will almost certainly be the original plaintext.

With OTP this won't work as there is a simple proof that for any given ciphertext, every single message of the same lenght is a possible plaintext. So if you have a ciphertext of 1k characters and you try every possible key, you'll end up with every possible text of 1k characters. This includes bits of Shakespeare, Britney Spears porn, texts describing who killed JFK (at least one of which will be amazingly be true :-) ), quotes from the Bible, excerpts from the linux code and much, much more. There's no way of knowing what was the original message.

Oh, and since you'll end up with 256^1000 messages of 1k length, you'll need a bigger harddisk ;-)

Re:uncrackable encryption

[tacocat (527354)]

Hate to make a plug for myself but I came up with a one time pad authentication method for logging into websites. It's as secure as can be socially accepted. Key words there.

http://www.tacocat.net/

The idea is to get your password sent to you by some method and upon successful authentication, the password is reset and retransmitted. The socially accepted part is sending the password to you in such a way that you'll actually be able to use it. The most common form of sending new passwords today is via e

Re:uncrackable encryption

[by Anonymous Coward]

And before you go running off to make a patent, white papers exist on the internet dating back to 1990 on using One Time Pads for internet/computer authentication mechanisms. And the fact that I wrote all this up here also serves as prior art.

This is laughable. You are trying to use the only perfectly secure encryption scheme, while breaking the rules which allow it to be the only perfectly secure encryption scheme.

So your mechanism is only as secure as the weakest parts, which in this case is plain text email or maybe SSL encrypted email, in which case, just use SSL and have the user provide their own strong password. You are getting NO GAIN for something which is MORE of a PAIN.

BTW, specifically in regards to GSM mobile phones (I don't know about others), GSM phone crypto uses a small Linear Feedback Shift Register configuration (40bit equivalent) for Pseudo Random Number Generation. To make matters worse, it is seeded (partially or fully?) with the IMEI number of that phone. IMEI numbers can be broken down a great deal if you know the make of the phone and then more if you know the model. The bit depth of IMEI suddenly drops. In 1999 GSM could be cracked [lycos.com] in less than a second on a basic home PC. In addition to that, I personally know of a GSM eavesdropping/recording device being used outside of government/law-enforcement and I also know of someone who makes a similar device which is separate from the other I have mentioned. GSM at least, can hardly be considered to be providing strong comms. GSM crypto only "protects" the wireless link between the mobile phone and base station, NOT the wired link between cells or landlines, etc, so you trust your Telco? BTW, do you trust the French? This is their crypto scheme (A5) and they intentionally made it weak. Germany, try as they might, being so close the then Soviet Union, wanted it to be strong. The fact is, most governments don't want their people having strong crypto and you are essentially providing nothing.

Why bother? You are taking the strengths of OTP, weakening them to something ranging from plain text to strengths we already have (SSL) and yet you are keeping the impracticalities of OTP. I have to wait to have my password broadcast to the World before I can log in? What exactly are you providing again?

Really, why bother?

Hate to make a plug for myself but I came up with a one time pad authentication method for logging into websites. It's as secure as can be socially accepted. Key words there.

Every single time, in the past 11 years or so that I've been into crypto and crypto forums, that I heard someone say something like, "I think I have a good scheme", it has turned out to be a complete joke. I now get a chuckle whenever I read something like that, before I go on and read the "good scheme". So thank you for the chuckle. By the way, you can't have prior art when someone before you has it. It's not yours, it's thiers. Even if it does suck.

Re:uncrackable encryption

[tacocat (527354)]

Really, why bother?

I was hoping that the website would explain this. Did you RTFM? Assuming you did not. The advantage that still exists is that OTP, even over SMS is much harder to intercept than standing behind someone at an airport kioske or sniffing wireless networks... I didn't say it was 100% secure, in fact I think I even make mention that it is still not perfect. But it's a hell of a lot better than common practice today.

I would think it would be preferred if someone would be willing to move

Re:uncrackable encryption

[YGingras (605709)]

But anyway, there is no such thing as an encryption scheme that cannot be cracked. It is just a matter on how much time it will take to crack it.
Encryption will always be crackable, we are just playing with the fact it would take 512 or so years to crack a particular scheme with the actual technology.

Are you really that clueless? I would not take 512 years to bruteforce a 320 bit key, it would take simply longer than the current age of the universe. Assuming of course that you are required to put a single

Re:uncrackable encryption

[YGingras (605709)]

Asymmetric schemes like RSA are a lot easier to crack than 3DES and other symmetric. A solid scheme would use very large (~4096 bits) asymmetric to exchange a symmetric key. If that sounds like SSL, well now you know why.

Re:uncrackable encryption

[SillyNickName4me (760022)]

2^128 is a very big number. If the entire planet was turned into a vast computer with circuits an atom across it would take longer than the life of the universe to break an AES key by brute force.

First of all, yes, 2^128 is a very big number indeed. The rest of your statement however makes absolutely no sense whatsoever.

The size of a computer and the circuits within have little to do with how capable that computer is of performign the specific operations for breaking AES efficiently. Neither does your statement take into account the potential of weaknesses in the algorithm that might eliminate part of the keyspace. Do I have proof of such weaknesses? Nope, but the question is if I need that, the large majority of algorithms turns out to have such flaws. so unless you have mathematical proof that they do not exist in this case, the assumption that they exist is a safe one.

I vaguely remember people arguing that breaking DES was not feasable only some 25 years ago, and at the time they were probably somewhat right. Yet, nowadays it is breakable in hours by the kind of technology that private civilians can afford.

So all in all, it is safe to assume that AES is safe for the moment, but there is no telling what future technology will do. The likelyhood however is that both a breach of AES will be found, and hardware will be made that makes the AES problem relatively simple to solve.

Re:uncrackable encryption

[dnoyeb (547705)]

Beautiful. I have tried to explain for a time that this is not just the measure of encryption but the measure of security itself.

Security is the difference in access-pain for those with permisison vs. those without. Putting something where nobody can get to it is not ultimate security, thats no security at all.

As for the satellite, I presume the European one is offering more accuracy and that it can't be shut off by the US Government. Well not because they unilaterally decide to.

Also I'm surprised if anyone in US would be able to use this cracked satellite data in the US due to DMCA. But everyone else in the world can, lol.

Re:uncrackable encryption

[nojayuk (567177)]

"...the cluelessness of the Gallileo business model. Charging for something someone else is giving away is so 1990s. It only makes sense if there is something going on here we have not been told about."

Galileo makes high-precision access available to paying customers, the US NAVSTAR reserves that level of accuracy only for US and allied military systems. Some of the Galileo cluster will orbit at higher inclinations than the existing NAVSTAR cluster, making GPS more usable in the far North and far South (although I understand some planned future NAVSTAR satellite deployments will fill in the gaps here too). Galileo can't be switched off or degraded on a whim by a single government unlike the NAVSTAR system, allowing it to be trusted to control civilian aircraft in crowded skies.

The users of GPS will end up with multi-function receivers that can work interoperably with NAVSTAR and Galileo since it would be pointless commercially to do otherwise. Unless NAVSTAR goes commercial or the DoD stops degrading the signal the high-precision customers like airlines and such will use Galileo and pay for the convenience and predictability.

Re:uncrackable encryption

[NormalVisual (565491)]

Unless NAVSTAR goes commercial or the DoD stops degrading the signal the high-precision customers like airlines and such will use Galileo and pay for the convenience and predictability.

Selective availability (intentional degradation) was turned off on the Navstar system back in 2000, although there's nothing that says it won't get turned back on again sometime in the futures. In addition, differential GPS transmitters cover a large portion of the U.S., and DGPS is quite a bit more accurate than the data you get directly from the satellites, and works even when selective availability is active.

Re:Encryption Doesn't Work

[Linker3000 (626634)]

Netcraft? That you?

Re:Never Understood the Logic of Galileo

[by Anonymous Coward]

It's obvious that the EU will force all mobile phones, cars, planes, etc. sold in Europe to use Galileo. The free market would never adopt a new alternative that is not technically or functionally superior, is going against an entrenched competitor with a huge install base, and costs money where the alternative is free.

You need to check your assumptions.

The EU doesn't mandate GPS/Galileo in anything. The US does.

Galileo is functionally superior. The free precision will be better than with just GPS.

There is no installed base in high precision applications because there is no product on the market. Only the US military has global high precision positioning.

Galileo's normal precision code will be free, just as the base level precision of GPS is free.

Galileo's high precision code will be available commercially, whereas the GPS high precision codes are not available to non-military users.

me-too project [...] A380

The A380 is not a me-too project. Americans only even know that name because it is a real threat to Boeing, who chose not to build a plane of that capacity. It's not someone else's plane, only slightly bigger, either. It's the continuation of Airbus engineering, which is very different from Boeing's.

In other words, we just added an entire China

Unfortunately for you, that "China" you added belongs to foreign investors.

what non-military use?

[r00t (33219)]

I'm not seeing to many peaceful uses that aren't already covered by one of:

a. standard GPS
b. standard GPS plus a differential signal (good for airport approaches)
c. carrier-phase (sub-centimeter but slow, for surveying)

I'll grant that differential signals can make airports easy targets. :-)

For what are you needing the combination of precision, accuracy, fast measurements, and a location that hasn't been set up with a differential transmitter?

Re:Never Understood the Logic of Galileo

[Concerned Onlooker (473481)]

The free market would never adopt a new alternative that is not technically or functionally superior...

I suppose a free market wouldn't, but it's hard to say, given how we don't really have a working model of a free market to study. Except perhaps the truly lawless places on the planet.

And that GDP growth you're talking about? It's gone mostly to the people who are already wealthy. To the average American that statistic is a lie.

Regarding job creation:

• Private-sector jobs created by defense spendin

Re:Never Understood the Logic of Galileo

[DrPepper (23664)]

Your comments are pretty much just troll, fortunately you only make a few points really:

1. Galileo is not just a copy of the GPS system. It has higher precision than GPS and so opens up new applications that simply aren't possible at the moment. It also works better in some countries where GPS simply doesn't work very well. In fact the two systems will coexist, and future receivers are likely to support both which will give even better accuracy.

2. The A380 isn't just a "me-too" project - there isn't a si

Re:Digital road tolling

[alphakappa (687189)]

The Euro-peons are thinking about using the Galileo system as part of an electronic road tolling scheme... So, bearing in mind the surveillance potential of such a scheme, I'd think the best way to "crack" one of the Galileo satellites would be an ASAT missile...

Ohh, those silly Europeans... that kind [engadget.com] of thing [blueoregon.com] would never [gpsworld.com] happen in the US [xpd8.net]!