you can’t have authentication in a one way system. satellites send days, planes receive it, but never send anything.
Comment on Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do
jormaig@programming.dev 11 months agoBut if they had authentication you would know that the message doesn’t come from a legitimate satélite.
Creat@discuss.tchncs.de 11 months ago
nailbar@sopuli.xyz 11 months ago
You can have a digital signature, so the recievers know it’s legit
x4740N@lemmy.world 11 months ago
[deleted]randombullet@feddit.de 11 months ago
That’s not how PKI works?
Unless you know how digital signatures work better than me
zalgotext@sh.itjust.works 11 months ago
If you’ve figured out how to do that, a lot of governments would pay you a lot of money for your solution
nailbar@sopuli.xyz 11 months ago
You can’t copy a signature, since it is different every time the signed content is different. You need to have the correct key in order to make a valid signature.
Creat@discuss.tchncs.de 11 months ago
yes of course, but that isn’t authentication.
nailbar@sopuli.xyz 11 months ago
Playing with semantics a little, it can be thought of as the satellite authenticating with the client using the signature as password.
Gormadt@lemmy.blahaj.zone 11 months ago
If their isn’t then there’s a big problem with implementing that now, which would require a retrofit of every single GPS system currently in use and likely a replacement of all GPS satellites
lolcatnip@reddthat.com 11 months ago
I would hope whoever designed the satellites had the foresight to allow remote software updates.
Ilovethebomb@lemm.ee 11 months ago
They’re talking about the millions of receivers around the world, not the satellites.
Restaldt@lemm.ee 11 months ago
Nah we just need a satellite mechanic astronaut
x4740N@lemmy.world 11 months ago
Software updates become useless if you hit hardware limitations