[2759] in cryptography@c2.net mail archive
Re: DRUDGE-REPORT-EXCLUSIVE 5/20/98 (fwd)
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Wed May 27 16:01:51 1998
In-Reply-To: <Pine.BSI.3.95.980521042335.20362G-100000@kizmiaz.dis.org>
Date: Wed, 27 May 1998 14:47:09 -0400
To: William Knowles <erehwon@dis.org>, cryptography@c2.net
From: "Arnold G. Reinhold" <reinhold@world.std.com>
On 5/21/98, William Knowles reported on a Drudge Report claim that a
hardware encryption module from a US Satellite launched in China may have
fallen into Chinese Government hands. Others pointed out that nothing the
Chinese could have obtained from such a module would enable them to control
other satellites, which presumably use different keys.
I wonder what is the point of using hardware encryption in a satellite at
all. A satellite's onboard computer could decrypt and authenticate messages
as part of its own software using published algorithms. With public key
technology there is no need to have any secret information in the satellite
computer whatsoever, not even keys. All that is needed is assurance that
the computer and software launched is the computer and software that was
shipped from the factory. And if the computer can be tampered with, so can
the hardware crypto module. The threats that normally argue for hardware
encryption -- physical access, viruses, TEMPEST, multiple users -- do not
seem to apply in this case.
Incorporating a separate hardware encryption module adds cost, weight and
complexity to the satellite. And if the module's presence makes the
satellite unsuitable for launch on non-US boosters, it is a serious
commercial liability as well.
Arnold Reinhold
