GPS As a Key Distribution Platform

This is interesting:

The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch…

That means every device that uses GPS has been receiving hidden government information for years, and nobody outside the military knew it until now.

[…]

Murdoch discovered that this particular sentinel was transmitted by all 31 operational satellites within a window of a few hours on May 26, 2011, potentially heralding the activation of a new operational system. He confirmed that this timeline coincided with the rollout of the military’s Over-the-Air Distribution (OTAD) and the Over-the-Air Rekeying (OTAR) by cross-referencing declassified documents, including a 2015 presentation about the dates of the operation.

“There was a perfect match between the timeline and that presentation and the change points that were automatically identified from the data,” Murdoch said. “That was the smoking gun that made me think: This is what it’s for.”

These automated systems replaced the cumbersome manual distribution of cryptographic keying material, allowing military GPS receivers around the world to be rekeyed remotely through satellite broadcasts rather than through onsite procedures.

Tags: , ,

Posted on June 9, 2026 at 11:06 AM14 Comments

Comments

Clive Robinson June 9, 2026 11:37 AM

@ Bruce, ALL,

A thought to think on…

The modules that go into military GPS units are supposed to be,

1, Secure.
2, Tamper proof.

But… They are like all embedded systems “finite in capacity.

This means there is only so much Key Material (KeyMat) that can be securely stored within them.

Which means they will eventually either have to “reuse KeyMat”, be “reloaded with KeyMat”, or cease to function as the KeyMat is exhausted.

For various reasons this kind of precludes the use of “Shanon Perfect Secrecy” type systems (one of which is the OTP).

Thus the question arises of when will these secure modules “be beyond their shelf life”.

Vesselin Bontchev June 9, 2026 1:16 PM

I very much doubt that these are “keys”. More likely, they are ciphertext; a codebook-based one, where one code can mean a whole phrase.

Didier Frick June 9, 2026 1:27 PM

@clive robinson

isn’t the whole point of the article about remotely sending key material to those devices ?

Rontea June 9, 2026 1:56 PM

Fascinating to see how decades-old GPS signals quietly carried the backbone of military key distribution right over our heads the whole time.

Anonymous June 9, 2026 3:09 PM

The natural conclusion here is to use this for an RNG seed (joking of course, but…)

Clive Robinson June 9, 2026 3:18 PM

@ Didier Frick, ALL,

With regards your note of,

“isn’t the whole point of the article about remotely sending key material to those devices”

No it’s actually about “updating of KeyMat in use”.

Which is not quite the same thing.

Look at it this way,

If I was to send you a new AES use-key as a plaintext “broadcast message” –which all GPS transmissions are– it would not be secure.

Further if I was to send the new use-key encrypted, each new use-key would need to be encrypted under the same update-key. So although more secure would not be sufficiently secure for quite a few applications [1].

Thus to be secure the actual use-key would need to be stored in advance in the secure module in a look-up table or similar and what would be sent encrypted would be an ID number or Pointer into the lookup table.

So if the unit is also “tamper proof” which it should be, then the table would be stored in “battery backed up RAM” or equivalent such that any attempt to access the table would cause it to be destroyed, thus keeping all past present and future use-keys secure.

The usual indicator that a crypto-module is tamper resistant / proof is that it has a “fill gun / device” access port (usually a 6-pin connector of the sort used for “green radio” audio ports. It is a serial device where a COMSEC Custodian / Guardian can put new crypto keys into the RAM table.

[1] Whilst not as secure as it could be OTAR is now a NATO standard[2] and also used in civilian emergency networks such as “Project 25″(P25). Implementations used for P25 have unfortunately been quite insecure with one actually capable of sending the use-key in plaintext.

[2] The history behind OTAR is somewhat interesting. It was designed and implemented by “David Winters” in London back nearly 40years ago. The real reason it was widely implemented was not security but cost reduction. Sending out COMSEC Custodians / Guardians or returning equipment under guardianship was eye wateringly expensive during the mid 1980’s. Worse was the cost of Key Management (KeyMan) covering just KeyGen and KeyMat audit. The fact that there was no known KeyMat loss for three decades shows that it at least was better than using some bloke called Walker and family, who apparently had a profitable line in Second Hand KeyMat sales.

Jon (a different Jon) June 9, 2026 4:50 PM

@Clive Robinson

I must disagree with you there. See, you’re presuming that everything is in the GPS device, which as you accurately noted is limited in space (but not by that much – NVRAM storage chips are vast these days).

Imagine a side channel, in which the actual encrypted data is transmitted in another way – and then the key to decrypt the data is sent separately over GPS.

This has a few other advantages – you can’t beat the key out of the possessor of the encrypted data because they don’t have the key until it’s transmitted. A failure to ‘check in’ will result in the key never being transmitted. &c.

And once the key is used, that entire batch of encrypted data (and the key) is considered trash, and discarded.

No need for more space on your GPS device.

Others have mentioned other ways – that they’re not keys, they’re merely encoded into memorized translations, and so on. And if you want to transmit encrypted data, what the GPS is broadcasting could be considered as a ‘public key’ – for another side channel.

Thanks anyhow: Your commentary is usually interesting and on-topic. Carry on! J.

Harry Potter June 9, 2026 5:30 PM

I wouldn’t get too excited. For example, keymat is updated for ETCS over GSM-R every now & then, cycling the symmetric keys using variant of good old TLS.

GregW June 10, 2026 6:36 AM

If the GPS numbers emitted used to change daily to replace/augment courier keymat rotation, but have slowed to once a week in recent years the question is ‘Why?’

Why would reducing automated keymat rotation cadence be an improvement, why not leave it daily?

Possibly;
A) You might be switching to a new (non-GPS) mechanism for daily OTA but want to keep GPS keys more as a fallback mechanism where a reduced cadence might make certain operational scenarios easier to handle.
B) You are cutting costs of a courier network you still run so need over the air to similarly reduce frequency to match the reduced courier cadence?
C) You have new critical use case consumers of keys that can’t keep up with daily rotation for some operational reason.

I’m guessing B but are there other possible reasons?

Sheilagh Wong June 10, 2026 9:05 PM

That’s impressive! The United States would be unbeatable except for their politicians are so stupid. Trump only hires people dumber than him; hence Signalgate.

ATN June 11, 2026 3:45 AM

Why is nobody talking of satellite Cosmos 2546 (NORAD ID 45608) able to disrupt GPS signals in this context, stopping distribution of that info?

Science Paper: https://arxiv.org/pdf/2606.03673

Journalist Short version: https://eandt.theiet.org/2026/06/09/russian-satellites-may-be-capable-continent-wide-gps-jamming-scientists-warn

And GPS receiver have to be powered-on to receive the info, what about the spare device still in its packaging?

Unless the are already other satellites able to knock such Cosmos 2546 and its brothers out…

Didier Frick June 11, 2026 4:52 AM

@Clive Robinson looks like you are assuming a private key system, there’s nothing wrong with broadcasting a public key is there ?

Weather June 12, 2026 2:06 AM

Aes
A sbox 256*256 as unsigned int. The first sqrt and random data is added, then 2 to 4 characters is xor withe the next ,rinise repeat.
The box is shifted by the password 1 row lsr, then 2 row down shift, add 1 repeat.
There is something you have codebook, and something you know password.

Just at the wrong part of the cycle, will sort out C code later.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.