Galileo Satellite Code Cracked

Anyone know more?

Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.

Security by obscurity: it doesn't work, and it's a royal pain to recover when it fails.

Posted on July 11, 2006 at 11:30 AM • 48 Comments

Comments

LogiJuly 11, 2006 12:09 PM

As I understand it, Gallileo uses broad spectrum broadcasting and the PRNG is used to spread the signal over the spectrum and is not neccesarily a security device. Presumably it would be made public when the system goes live, but right now is simply undocumented.

JakeSJuly 11, 2006 12:16 PM

As I understand it, the codes that Cornell have cracked are from a prototype satellite - the final Galileo codes will be different.

I don't get the feel from this that the GPS camp is yet working to undermine the European competitor, but no doubt that will come.

ViggenJuly 11, 2006 12:28 PM

More info can be found here (excerpt below):
http://www.physorg.com/news71554227.html

Afraid that cracking the code might have been copyright infringement, Psiaki's group consulted with Cornell's university counsel. "We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the encryption used by a navigation signal is fair game," said Psiaki. The upshot: The Europeans cannot copyright basic data about the physical world, even if the data are coming from a satellite that they built. "Imagine someone builds a lighthouse," argued Psiaki. "And I've gone by and see how often the light flashes and measured where the coordinates are. Can the owner charge me a licensing fee for looking at the light? … No. How is looking at the Galileo satellite any different?"

Interesting... with that mentality wouldn't descrambling a scrambled cable TV or satellite signal be legal?

Joe BuckJuly 11, 2006 12:33 PM

Viggen: the difference is that there is a specific law, the DMCA, that forbids trafficking in technology that descrambles cable TV, but has no language that covers GPS services, because no copyrighted work is being protected.

jayhJuly 11, 2006 12:42 PM

Interesting irony here, because years ago a friend had wildlife recordings of various birdcalls and the recordings were boldly marked "copyright by Cornell University".

Now, since the animals in question have not claimed copyright isn't this essentially attempting to copyright data about the physical world?

Andy DingleyJuly 11, 2006 1:07 PM

"The Europeans cannot copyright basic data about the physical world" This is completely untrue, and really is almost the first paragraph in any first lecture on UK copyright law.

You can't copyright the data (the usual example is a telephone number) but you certainly can copyright the "creative work" that is assembling it into a database (the telephone directory), broadcast, or contentful message.

Pat CahalanJuly 11, 2006 1:39 PM

As I'm reading the UK law, breaking the signal's crypto isn't a copyright violation, but building a device that would interpret the "contentful message" would be a violation.

In other words, you can crack the crypto and give everyone a key, but anyone who builds a device to use that key to get free access would be guilty of copyright infringement.

Is that right?

mdfJuly 11, 2006 2:03 PM

Galileo, like GPS, uses very short period PRN's for its "gumby" users. These are very easy to aquire as they are transmitted in the clear. Basically, a little integration and out pops the sequence.

Had the signal been encrypted (cf. GPS P(Y) signal) aquisition would have been out of the question by this approach.

Joe PattersonJuly 11, 2006 2:12 PM

"cannot copyright basic data about the physical world"

Shucks, and here I wasted $100 on the CRC Handbook of Chemistry and Physics, when little did I know that all the basic data was free. </sarcasm> That said, I don't know if this particular issue is a copyright issue, or something else entirely. Nonetheless, I'm shocked than any University lawyer would ever say that it's OK to do anything, ever. I'd always thought their function was to wait for someone to ask a question and then reply with "I'm sorry, but I don't think that's advisable."

another_bruceJuly 11, 2006 2:52 PM

if it's legal to crack the european prn codes to get free access to their satellite, why wouldn't it be legal to break the encryption on american satellites to get free services? they're just lighthouses in space too. the dmca extends the reach of copyright law to situations beyond just the theft of copyrighted content. just because you have a bar card in your wallet doesn't mean you're always right (as i can attest from experience).

AnonymousJuly 11, 2006 3:29 PM

Regarding the Cornell bird recordings mentioned above, while an individual bird call isn't copyrightable, if someone collects and records a number of bird calls, then organizes them in a non-trivial creative way, and then adds description (the cornell CDs do have descriptive voice content as well), then (1) the voice content is copyrightable, and (2) the recorded bird calls are copyrightable as a compilation even if not individually copyrightable.

BjornJuly 11, 2006 3:47 PM

The reference to 'Security by Obscurity' is hardly appropriate in this case. By this reasoning, having a secret key of any sort, is SbO as well.

This article reeks of pro American vs old Europe thinking and is obviously not writen 'for export', so to speak.

FredJuly 11, 2006 4:02 PM

@bjorn
"The reference to 'Security by Obscurity' is hardly appropriate in this case. By this reasoning, having a secret key of any sort, is SbO as well."
I'm not certain I understand this comment; why isn't a secret key that gains access to something you don't want access granted to Security by Obscurity?

BjornJuly 11, 2006 4:42 PM

@Fred
I mentioned this in the context of Bruce's comments: 'Security by obscurity: it doesn't work, and it's a royal pain to recover when it fails'.

A passwork, cryptographic key or any secret may well fall under SbO, but that renders the saying a bit toothless, doesn't it?

The usual meaning is that it's not an effective security measure to keep the design details of a system secret. It's better to assume the design to be public, although it's only proper not to broadcast the details about your system. Obscurity is fine to use as one of your security layers but not the only defence.

FredJuly 11, 2006 5:14 PM

@Bjorn
To me, it has to do with what you can do with your system when the obscurity layer fails. In the case of a password, you can change it, and presumably the attacker has the same order of problem as they did initially to obtain the new one. Furthermore, other accounts may not be accessable without simular amounts of effort. Simuarly, for a crypotgraphic key, you can use a new one in the future, forcing the attacker to spend roughly the same amount of effort obtaining the new one to read your future messages (or someone else's messages). In other words, once a particular secret fails, the system still can succeed.

If, on the other hand, you have a constant secret, and no way of recovery when that secret fails, I'd tend to classify that as a form of Security by Obscurity. A good example would be a hard coded backdoor password - once it's known, only replacing the software with a version without that backdoor password would resolve the issue.

Another way to put it (in a cryptological domain) is if the key cannot be realistically changed, it's no longer a key; it is part of the design of the security system.

I am not familiar with the domain (so I may well be missing something), but it sounds to me like this is a constant that is difficult or nearly impossible to change. If this is true, I think that Security by Obscurity is a reasonable description.

BjornJuly 11, 2006 5:35 PM

@Fred
Good point. It's late at night here so I'll give this a thought on my pillow.

I guess the questions are:

a) Is this code a critical part of the security and thereby the business model

b) It is hard coded into the system

If both are yes then they'll have to do some rethinking.

I suppose that changing codes could well be fesible. If the purpose of the security is to diffrentiate between paying premium service customers and the users of the free public service I suppose they could distribute new codes regularly to their subscribers as they are changed. They could even have a sliding window of a few codes that work, as to not leave airlines with sloppy procedures out in the cold (or worse!).

Fixed codes, would probably mean that the codes would also be present in the receivers. Having the codes buried in equipment in uncontrolled situations all over the world can't be expected to work.

One person named anonymousJuly 11, 2006 7:38 PM

Regarding the bird calls, n.b. also that sound recordings are copyrightable provided that they meet the across-the-board requirements in 17 USC 102 for originality. A perfectly recorded call might not, but creative decisions in how to record it (e.g. editing it here and there, tweaking the sound levels, adding a gratuitous doppler effect, or whatever) could qualify.

Andy--
The statement is quite true, because people at Cornell, in the United States, are bound by US law, not UK law. Our law absolutely does not permit the copyrighting of facts and absolutely does not permit copyright to protect mere effort such as you describe. Sweat of the brow is a thoroughly dead idea over here as you will find if you read the Feist decision by our federal Supreme Court. We protect creativity. If a compilation of unprotectable facts is creative in terms of the facts selected and how they are arranged, then the compilation (and not the facts within) might be copyrightable. The case dealt with a phone book, and it was found uncopyrightable. I would be very surprised if a case on GPS clock data came out any differently.

DanAJuly 12, 2006 2:17 AM

@JakeS: "I don't get the feel from this that the GPS camp is yet working to undermine the European competitor, but no doubt that will come."

No need, the European version is metric so we can't use it anyway! ;-)

wkwillisJuly 12, 2006 3:19 AM

patterson
CRC got the data from published papers and books, and can presumably document that they paid for the right to reproduce them.

David CantrellJuly 12, 2006 6:31 AM

Security by obscurity DOES work, and works very well, in conjunction with other security measures. For example, running Linux on PPC or Sparc protects you from the x86 code that most script kiddies try to inject into your machine. The worst that will happen if their code runs (naturally you try to prevent this from happening) is that it'll generate an exception and the process will fall over and die.

I found a Sparc/Linux box *most* useful for gathering such exploits "from the wild" so I could look at how they worked.

JimJuly 12, 2006 7:14 AM

Speaking of cracking. I was just reading that the Big Dig tunnel system in Boston is falling apart. They had leaks and now a big chunk of the drop ceiling fell down. This is a real security problem for Boston.

Clive RobinsonJuly 12, 2006 7:37 AM

"We were told that cracking the encryption of creative content, like music or a movie, is illegal, but the encryption used by a navigation signal is fair game,"

It is true that you cannot copyright the physical world but any reproduction or description of it is, and positional / mapping data is most definatly covered (as is any Standard like NEMA for instance).

For instance in the UK a home owner owns "title" to the physical property but not the address by which you would find it, either on a map or by posting a letter.

This problem has been highlighted by people feeling agrived that they cannot use the likes of StreetMap. For whatever reason (usually copyright related) they are not in the DB sold to StreetMap. StreetMap cannot add them without infringing any one of a number of copyrights held by such divirse organisations as "The Royal Mail" (or whatever it calls it's self this week) who have copyright on the post code (ie zip code), The "local Council" (state/county) who frequently have copyright on the assigned street/road name, "The Ordinace Survey" who have copyright on the mapping and co-ordinate information and last but not least the Government through "Her Majisty's Stationary Office" who also have part title on the reproduction of maps etc in the UK, that the UK Land Registry (who hold the property owners title) amongst other Government departments require to be used.

Once upon-a-time it was not realy an issue as the Government owned all the concerned parties and in-fighting was political/empire not financial in nature. However these days the various branches of Government have been told to make "best utilisation of assets" and send the money back to HM Treasury. To this end the Ordinance Survey (OS) realised it was sitting on a very very rich seam of gold and has been minning it ever since.

So the Tax payer ends up paying not once twice or thrice, but at every turn...

GlennJuly 12, 2006 8:01 AM

@Clive:

How interesting! I've read, perhaps in comments on this blog, that in the U.S. governments (and presumably government agencies) cannot own copyrights.

JakeSJuly 12, 2006 9:26 AM

Among the numerous spelling errors in Clive Robinson's post above, it's "Ordnance Survey" and "Her Majesty's Stationery Office".

The Ordnance Survey, and other organisations, don't have copyright of co-ordinate information.  Latitude and longitude were invented long before any of those outfits existed.  As noted above, they only have copyright of their collections of that information.  And Ordnance Survey has copyright of its own maps, of course, but it doesn't have copyright of the physical UK.  There's nothing to stop people making their own maps, and even setting up in competition with Ordnance Survey, if they care to put in the investment.

Jim MillenJuly 12, 2006 10:18 AM

There's even a project - called something like OpenMapping, if I remember correctly - that is attempting to use volunteers with GPS and altimeters to create accurate freely-available maps of the UK.

It wasn't too impressive last time I looked, but I guess given a few decades it could generate some pretty decent results.

Clive RobinsonJuly 12, 2006 10:29 AM

@JakeS

Yup I put my hands up to the spelling mistakes I can get quite creative in that respect, and I think I will reserve copyright ;)

With regards to copyright on Lat and Long no nobody has that as you say it goes back in time to when Kings ruled Nations and reliable clocks had yet to be invented etc etc.

However when was the last time you visited a person at 52.17657N 0.25736E?

The point I was making was positional data with respect to the physical world in general, if you design the mapping system you use than you have copyright on it, which you acknowledge in your last sentance.

However, as you point out the OS do hold copyright on their maps (along with HMSO) but you forgot to mention that you are required by the UK Government to use these maps for legal purposes (as the UK Gov effectivly owns them).

Unlike say 1:50,000 maps of Austria (which do not have grids) the OS maps all have positional grids on them which are often used along with the OS sheet number in Six Figure Grid References such as,

Sht:182,652453

The OS has the copyright on that system of sheet and grid numbers,

Likewise the UK postcode system which can be used with just the dwelling identifier (house/flat etc number) as,

Flat B 45, SW11 4NL

Can be used to send letters in the UK. The Post Office as was holds the copyright on the postcodes in use.

You do not need to use the postcode or grid reference to find a property you can use the name of the street etc.

Flat B 45,
Accacia Road,
Sit down,
Sussex.

However a lot of the street names are decided by the local council and they effectivly own the copyright on the street name combination.

However the fun starts with licencing of mapping data from the OS I cannot remember the exact details but the councils get a limited right to use the OS maps (which they are required to do by the Gov.). However they end up not owning the new data on the roads that are built the OS does, likewise with the post office and the post codes.

The problems some UK residents have had is that due to the arangments between local councils and the OS and Post Office, they could very well not end up on such sites as StreetMap etc. who licence the info from the OS. And much to the residents anoyance they cannot do anything about it as they have no rights to the address in whichever form you care to use, so they get nowhere when trying to get the DBs updated to include there address.

The result as I said means that the property owner has ownership of the title of the property but not the identifying address that effectivly ends up with the organisation that owns the mapping system.

ClaytonJuly 12, 2006 12:19 PM

@DavidC

I think Bruce's point is that relying on obscurity for system security is just generally a bad idea. Using an unpopular OS or platform just means you are a low-value target, hence, there will not be as many exploits for your system (cf Sophos' [puzzling] recent recommendation that PC users switch to Mac.) The reason he mentioned is that once a system that relies on obscurity for security has been compromised, it's usually a major pain in the arse to re-secure the system.

But the reason that I haven't seen mentioned yet in this thread that Bruce regularly stresses and is, perhaps, more important, is that the security of a system whose functionality is secret can only tested by a small group of individuals (those with access to the obscured functional details of the ostensibly secure system). But if it isn't tested, it's not secure! If it's only a little bit tested, it's only a little bit secure, which is really not secure at all. The most secure systems are those whose internal function can be tested by anyone.

JMDJuly 12, 2006 1:10 PM

In a way it really makes very little commercial difference if Galileo PRNs are cracked.
AIUI the intended or most likely business model for Galileo is to charge airlines for high-availability signal certified for commercial aircraft navigation use (i.e. exactly that which GPS does not provide). Having this data available on a black market does very little to undermine this business model: any airline that goes to some warez site to download PRN cracks for their new safety critical nav system deserves what they get!

alforaJuly 12, 2006 2:10 PM

@Clive: Sorry, I have to object. :-)

I am Austrian and right now looking at a 1:50.000 map of some part of Austria. I can assure you, it has a grid. Not as easily discernable as on the Ordnance Survey maps but it's there. There is also a diagram and an explanation how to use it printed on the back of every map.

Darryl SmithJuly 12, 2006 3:21 PM

Guys...

I think you have missed the idea of the Copyright in nature. The Galileo satellite just transmits a time signal, along with data on where the satellites are. The satellite positional data is not being encrypted, only the time signal.

And technically it is not encryption, but spreading. As you have just seen, spreading is fairly easy to reverse engineer. I read a student paper at the 1997 TAPR/ARRL DCC conference on how to do this. Not hard.

And what cornel was saying was that you cannot copyright the output of a computer sayig 00:00:01, 00:00:02, 00:00:03 since there is no creative input. And you know what time it is anyway, just not exactly when that time is. It would be possible to design a GPS receiver that does not actually use the time informaton, but just uses when it arrives.

As an example, it may be illegal to take a DVD your neighbour has hired for copying, but it is not illegal to record the EXACT time they get home from the store with the DVD

Darryl Smith
Radioactive Networks

Bob HJuly 12, 2006 4:31 PM

After a long time ignoring Bruce I've finally returned to find a juicy subject to my taste.

One small point on the GIS debate before going back on topic: the UK Ordinance Survey just document what they find, nothing original. That which they produce is original and thus someone cannot derive their own works from that. I don't believe that councils can own street names as many streets are old enough to be well out of copyright. Any additional problems people have with addresses are likely to be a result of lazy organisations not bothering to update information.

Darryl has it correct, there could be nothing wrong with cracking the code because the information within may not really be a creative work in its nature. BUT if the stream of data contained more than just timing, which it may, then decoding it could easily be illegal.

Additionally the process which they followed to get the decryption sequence means that they likely produced an original work, which is unlike that which was used to originally generate the data. Set two very different programmers at the same task and see if they come back with the same code.

The major point of contention, which has been alive for years in satellite broadcasting is the distribution of keys. A key could be determined to be a unique work and perhaps be copyright (as I believe some polynomials are). If the Cornell system was shown to negate the need for the key then that would be OK, extracting the keys might prove to be a DCMA issue.

Security by obscurity has always been about disguising the way you do something, true security isn't hiding its protecting securely. Keys aren't SbO, but hiding algorithms can be. So again back to the issue of the legitimacy of sharing keys.

MichaelJuly 12, 2006 4:43 PM

Wow, you guys really know your stuff. If anyone here wants to talk to me about employment opportunities in Cryptography, GPS or Telco/Satellite regulation or Open Source tech (In Europe/UK), please get in touch, as I am hiring in these areas right now for some cool clients.

Sorry for the blatant plug, feel free to remove me if it doesn't sit well with the forum etiquette.

Fascinating reading.

Michael Wright
Managing Director
Idealpeople

up-lateJuly 12, 2006 10:55 PM

Since the legality of what the clever folks at cornell managed to do has been called into question I felt like adding my 2 pence worth.
I have no idea if what they did was legal in the US but im fairly sure it isnt legal in the UK, I think it would fall foul of section 5(b)(i) of the Wireless Telegraphy Act, 1949.
I know this has been ammended but i cant find all the ammendments but the basic core of it is:
"Any person who...
(i) uses any wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of any message (whether sent by means of wireless telegraphy or not) which neither the person using the apparatus nor any person on whose behalf he is acting is authorised by the Postmaster General to receive; shall be guilty of an offence under this Act."
This is the same bit of law that was used to ban speed trap detectors untill a court found that speed trap detectors did not modulate any form of signal onto the carrier so no communications were being intercepted hence speed trap detectors became legal, however the GPS signal form gallileo does send data so it would probably be a message for the purposes of this act.
I say we should extradite the cornell crypto hackers to the UK then trade them for the Nat west three LOL

jJuly 13, 2006 3:03 AM

If some European Uni had broken the code of a US gov satellite and made the details available, would the reaction been the same as this? Would the USA immediately attempt to extradite the academic staff (like they are doing to the NatWest bankers in UK)? There is an imbalance in the way govmts, especially USA, treat security breaches.

CyclotronJuly 13, 2006 4:07 AM

One of the biggest planned uses of the Galileo is likely to be EU road pricing systems. Think "London Congestion Charge" but spread over Europe! Also if you read the related Cornell descriptions of how they decrypted the Galileo signals then at one point they mention using NORAD for determining some elements. This doesn't seem (to me) like a couple of undergrads doing the hacking!? Can I phone up NORAD (North American Aerospace Defense Command) for help or do they just open-source near earth objects?

Tom WomackJuly 13, 2006 5:11 AM

NORAD track satellites and publish orbital elements; you can google on, say, 'GIOVE-A orbital elements' and get elements from which you can compute the satellite position for pointing your dish.

They seem to publish orbital elements even for US spy satellites (google 'Lacrosse 4 orbital elements'), though I think the mapping from USSPACECOM satellite numbers to spy-satellite codenames is maintained by amateur satellite observers rather than officially by NORAD. Those spy satellites are among the larger and brighter things in orbit, so denying their existence is not obviously sensible, though of course their identity is denied.

[they *ought* to be imageable as several pixels across by the fancier amateur telescopes, given how much detail there is at http://www.space.com/php/multimedia/imagedisplay/... though in the current security climate I imagine posting photographs of spy satellites might draw undesirable attention]

MortFurdJuly 13, 2006 5:56 AM

Jimminy.
All Cornel has done is determine the codes that control the spreading of the data on the carrier. All this means is that it is now possible to capture the actual Galileo data stream - the Cornel folks even explicitly tell you that they cannot (as yet) actually read any data from the stream.

The data in the stream should be encrypted. Since the Cornel folks haven't decoded it, it would appear that the data really is encrypted.

What they've done would be comparable with using a frequency counter to determine which frequency the local police are using for their communications.

"Security by obscurity" does apply here, though. It actually applies to two separate points:
1. The Galileo folks aren't publishing the PRNs, which makes it look like they are relying on that as a "first line of defense" - which obviously is not going to help much. To be charitable, it is possible that those codes will change and that the Galileo folks aren't publishing to avoid confusion when the correct codes come out. Besides which, each satellite will have its own set of PRNs, so the ones from the test satellite probably won't be of much use later on.

2. The real weak spot, however, is the encryption of the data stream. This is the one likely to come back and undermine the whole Galileo scheme. The data stream must be encrypted - but the decryption key must be available to the Galileo receiver. Since they plan on selling access on a subscription basis, they will have to make sure that you can only get the key by subscribing. The receiver must have the key, and it must be kept secret. To make any money, though, you've got to have a big user base. How many consumer devices will there be that will have the key? How many of those devices will be built insecurely? How long will it take for the keys to become commonly known?

If the key can't be kept secret, then you must change it, right? Now what happens? The same thing that has happened with encrypted cable and satellite TV - the baddies pull out the new keys each time the Galileo system changes them.

This system depends on secrecy (the user's don't know the key) to prevent them from doing anything with the received data. Once the key becomes known, anyone can build a receiver to decode the data and determine a position.

The American GPS system actually has the same flaw. The high precision data stream is encrypted, and the key is kept secret. The difference here is that they have some capability to manage who the devices are built, and who gets to actually see the key in order to program it into a device. There are restrictions on who can build the units, and stringent hardware requirements to make key recovery from a current device difficult. None of that can be applied to a mass market consumer device.

Sorry for being somewhat disjointed and rambling. I really just wanted to point out that although the Cornel folks have pulled off a difficult analysis (just you try mathematically cleaning the GPS PRN signal out of a recorded RF signal,) what they've done is no where close to being enough to actually use the Galileo signal - and it will likely have to be redone for each Galileo satellite as it comes on line.

One person named anonymousJuly 13, 2006 6:27 AM

Glenn--
You're thinking of 17 USC 105, but that really only applies to the federal government. It's too bad, too, since no government ought to be able to be awarded copyrights for their own works, or to exploit them. Copyrights are meant to benefit the public, and part of the mechanism for doing so is acting as an incentive for authors. Governments don't need those incentives. They can fund themselves adequately anyway, and their responsibilities as a government require them to do things like making accurate maps. Copyright isn't a factor.

BobH--
I don't think that a copyrighted key will fly. Aside from facts and uncreative compilations of facts not being copyrightable in the US (regardless of what other countries might do) there is also the merger doctrine. When there is only one or a small number of works that express a particular idea, the work or works aren't copyrightable, lest the copyright on the work effectively control the underlying idea as well. Since only one key will work, it couldn't be copyrighted, at least with regard to its function as a key, since that would apply to more than the mere work itself.

Clive RobinsonJuly 13, 2006 8:48 AM

@alfora

"Austrian and right now looking at a 1:50.000 map of some part of Austria. I can assure you, it has a grid."

Interseting, the maps I have (up in the loft somewhere) I got whilst on a hill walking holiday there. When I got them I was very very surprised as there was no grid and I spoke to a resident hill walker about it. There comment was that no the maps did not need the grid, I asked about mountin rescue etc and they said it was not an issue for them.

I will dig them out and find out who printed them.

Clive RobinsonJuly 13, 2006 9:26 AM

As a foot note to all this, I live a few miles up the road from Guildford in Surrey, where the University of Surrey (UoS) has it's campus and business park. Ontop of one of the UoS buildings there was an old boffors gun turret which originally had a number of dishes and other arials.

If there are any amature radio bods with a memory they may remember the AMSAT sattelite that was developed there by a team under Dr. Martin Sweeting (now Sir Martin).

Well he developed the idea of micro and pico sized sattelites etc and went on to found Surrey Sattelite Technology Ltd in liason with UoS (http://www.sstl.co.uk) whilst still maintaining links with the UoS Surrrey Space Center (http://www.ee.surrey.ac.uk/SSC/)

Well Martin Unwin who was mentioned by the Cornell people as being a bit unhelpfull is head of the GPS group down there. Based on the web pages about GIOVE-A it has a 20 channel GPS unit designed by the folks there which recently showed you could use the GPS constelation for positional fixes above it.

And as for the DSS codes well as GIOVE-A is still undergoing engeneering testing it looks like they are test codes.

RvnPhnxJuly 13, 2006 12:19 PM

Ok, since only one person even hinted at what the PRNs in GPS and similar systems do, I'll put up the short version of the explaination. Due to the fact that it takes a certian time period to send the time signal out of the satellite and the fact that one needs a much more precise time comparison that can be provided by merely comparing the last time sent by each satellite and one's local time reference, another reference method is needed. This is true in part due to the effects of relativity--GPS cannot work (as spec'd) unless they are factored out. So, to this end, each satellite sends out a PRN as a long stream in part of each transmission (along with the actual time data and some other things as well). This PRN is compared to the PRN that the receiver expects to hear and the fine-grained time differential is calculated from the differential between the two signals. It has nothing to do with Spread Spectrum technology (in fact, using SS would make GPS LESS PRECISE, no matter what the given ACCURACY for any given receiver, at any given time). This PRN does increase the bandwidth of the signal, but one should really read up on Nyquist's and Shannon's Laws if he wants to know about that.
This has not been considered sensitive information for quite some time, BTW.

John BJuly 13, 2006 4:33 PM

One of two things have happened here... I'll start with the improbable scenario.

1) These researchers broke Galileo's encryption scheme. According to the story, it took them one week to locate the signals, capture them and identify the pattern. [sarcasm=on] If this is how the EU plans to make money off Galileo, they would be better off using Speed-Pass technology.

2) The researchers identified the (unencrypted) PRN code broadcast by a test satellite. PRN codes are repeating, somewhat-random-appearing bit streams used to unambiguously identify a satellite (and provide timing information as RvnPhnx points out.). It's interesting that it was easier for them to go to these lengths rather than ask and wait for the answer. But the story ends there.

According to another GPS World article, the Interface Control Documents for Galeleo are available for free download. I have not looked at the ICD, but PRN codes are exactly the kind of information an ICD would have. So clearly the EU must have other encryption plans in the works if they wish to sell subscriptions to their service.

Which leads to the question... why are they spending 4 Billion to replace what is already available for free? Will it be significantly better--probably not. Are they in fear we will shut down GPS--an irrational fear because it will take a war orders of magnitude greater than any we've seen in the last 20 years to shut down GPS. If we end up in such a war, civilian use of GPS will be the least of our problems.

MortFurdJuly 14, 2006 5:06 AM

Listen up folks:

The PRN code is NOT there as encryption, it is NOT there to provide a more accurate time signal.

The PRN code is what enables the GPS system to work using only a single carrier frequency for all of the satellite signals. It is also part of the reason that your GPS receiver can pick up the weak GPS signal with a really crappy antenna.

The PRN code is used to modulate the transmitted signal from each GPS satellite. Each satellite has its own code. All satellites transmit on the same frequency. In a standard radio system, this would cause a mess - you would receive basically just a noisy inteference signal. GPS is designed to work in just these circumstances, however.

The PRN signals cause the received signal strength to be nearly zero for the carrier frequency. What you end up with is two "lobes" of signal above and below the carrier frequency. If you mix the PRN of a satellite back into the "lobe" signal, you will recover the modulated carrier for that satellite.

For this to work, however, the PRN you mix in has to be exactly synchronized with the received signal. If they aren't synchronized to within the length of one bit in the PRN sequence, then the receiver won't be able to pick up a signal. Getting synchronized is a complicated business, and can take a very long time if the clock in the receiver is completely wrong.

Once the receiver locks onto the PRN sequence and can recover the data stream from the modulated carrier, it can decode the data stream. The data stream includes a lot of things, but also includes the exact time that each data packt was sent. The receiver compares that time mark to the time that it received the packet. The receiver measures the distance from the receiver to the satellite by measuring the difference in the time between transmit and actual receipt. This is done by seeing by how many PRN bits late the signal is received. That is to say, the recevier knows the correct clock time that the satellite sent the message, and the receiver generates the PRN code based on that. The clock in the recevier says (for example) 12:01:01.0000. If it tries to receive a signal from a satellite based on that time, it won't synchronize. This is because the signal that is received now was sent slightly before this time. The GPS receiver therefore has to use a PRN code based on a slightly earlier time. The number of PRN bits that the receiver has to "go back" to actually synchronize with the satellite is a measure of the time it took the signal to reach the receiver from the satellite. This "Pseudo Range" is used to calculate the position of the receiver.

The correlation process that uses the PRN to recover the carrier is a large part of the sensitivity of the GPS receiver. The RF receiver isn't actually all that great, and the typical recevier usually has a patch antenna that is nothing more than a couple of carefully shaped circuit board traces. The two together don't provide a terribly sensitive receiver, and certainly aren't enough to provide a useful signal given the typical received signal strength of -158dBm that can be expected at the earth's surface. For comparison, two way radio sensitivity is typically rated as 12 dB SINAD at -112dBm. 12 dB SINAD marks the point at which the recovered audio is still clearly understandable.

Modulating the carrier with the PRN makes the signal very distinct. Demodulaing the carrier with the PRN is then equivalent to using an extremely narrow band pass filter. The narrower the filter, the better the signal to noise ratio, and the easier it is to detect and decode the transmitted data.

The catch is that the data throughput is limited by the bandwidth of the filter. The narrower the filter, the lower the data rate. GPS and Galileo both use bit rates of 50 bit per second.

So:
PRN is used to spread the spectrum of the signal to 1) improve the signal to noise ratio 2) allow multiple satellites to use the same carrier frequency (GPL and Galileo both use the same carrier) and 3) to enable the distance measurement for the location process.

The PRN is NOT encryption.


Anyone interested can find the gory details of receiving a GPS signal here:
http://www.navcen.uscg.gov/pubs/gps/sigspec/...

hari dineshJuly 29, 2007 1:33 AM

sir i want to broke the encrypted satellite tv signals and how to broke the signal without paying money and some encrypted broking keys using ordinary satellite receiver system

LetchAugust 21, 2008 10:30 AM

Please i need information on how to decode encrypions like: Irdeto 2 on Free to air satelite.
Thanks

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..