Data Trafficking

[Jeff M. Hopper]

New from Studio Cat!

Data Trafficking

Every time a ship makes a jump, it takes about a week to get from its origin to its destination, be it one parsec or six parsecs away and the ship being Jump-1 to Jump-6. This is a cornerstone of Cepheus Engine, that communications can only travel as fast as the fastest available starship. This also makes it possible that information from off-world is a commodity to be bought and sold. These optional rules will allow you to engage in the trade of perishable information.

https://www.drivethrurpg.com/product/286864/Data-Trafficking

 

[Timerover51]

That is a very interesting concept. I am looking at something similar for the Rim Scouts in my Traveller/CE Universe.

The only comment I was make is to get rid of the -2 for information being one week old, as that is the newest possible information available. As you cannot get information any faster that a week, that first stop represents the most recent information available on the source planet.

I am not sure if any information on a planet would be considered old if it gave information on the planet's culture, products, and population. I might consider giving a bonus for Jump-4 and higher ships, for getting information out faster.

It is a very good idea and a way for a Trader to pick up some additional cash.

 

[Jeff M. Hopper]

That is a very interesting concept. I am looking at something similar for the Rim Scouts in my Traveller/CE Universe.

The only comment I was make is to get rid of the -2 for information being one week old, as that is the newest possible information available. As you cannot get information any faster that a week, that first stop represents the most recent information available on the source planet.

I am not sure if any information on a planet would be considered old if it gave information on the planet's culture, products, and population. I might consider giving a bonus for Jump-4 and higher ships, for getting information out faster.

It is a very good idea and a way for a Trader to pick up some additional cash.

That -2 modifier for one week old information is there to represent the possibility that another ship just one jump away has already arrived at the world and sold them the same information that the PCs ship is carrying.

Like trade in physical goods, the information trade is also competitive.

 

[flykiller]

seems like this would involve trust issues. there could be lots of motivation to tamper with the data, and no way to know it's altered for a week or two.

 

[coliver988]

seems like this would involve trust issues. there could be lots of motivation to tamper with the data, and no way to know it's altered for a week or two.

Theoretically there could be hash or CRC checks added, but then you are just moving the ball to verify that the checks themselves were not modified. I don't know enough about bit chain operations, and I believe that they are not 100% infallible either. Strong encryption could also work.

IMTU as discussed elsewhere, part of the black box system is used by starports to move data around: ship schedules, potential skipping info, that sort of thing. When you get to a port, part of the process is downloading all the data from the last port you were at. Part of leaving is getting a dump of the current info at this current port. Get enough ships in for correlation and you can find those who are somehow tampering with the black box.

It is how the banks, Navy and SPA keep up with things - sometimes faster than the X-Boat route depending on the trade routes.

 

[flykiller]

Strong encryption could also work.

some programmer with nothing to do for a week of jump but bust that black box just sitting there ... need more than mere encryption, need something else.

Get enough ships in for correlation and you can find those who are somehow tampering with the black box.

so ... trust everybody? I see your point, but dunno ... would you trust your bank account that way?

 

[whartung]

some programmer with nothing to do for a week of jump but bust that black box just sitting there ... need more than mere encryption, need something else.

No.

You don't.

That's kind of the entire point of encryption.

Safely handing your most sensitive data to the worst people and not worrying about it being exposed.

 

[flykiller]

Safely handing your most sensitive data to the worst people and not worrying about it being exposed.

heh ....

 

[ThornPlutonius]

In the old Alternity RPG Stardrive setting, if my memory serves me correctly, starships were required to carry data transfer systems that were isolated from ship systems and completely out of the influence of ship crew and passengers. They automatically interfaced with their counterparts in system, downloading and uploading when the carrying ship entered data transfer range. The system was fully automated and non-profit. If one wanted a licensed ship, one had one of the data transfer systems installed. This provided redundant data transfers (for the most part). Of course, there will always be special circumstances when some entity will want to move data outside of the official l"public" channels.

 

[coliver988]

heh ....

re: encryption. Properly done, encryption is really hard to impossible to get past within a reasonable time frame (or ever in some cases; bring in some Star Trek techno-babble and have rotating fractal encryption keys or something fun). Without dipping my toes in the pit, this is a current political/law enforcement issue now and we're not anywhere near a high TL (and yes, in general the bad guys are 1 step ahead, but encryption is more complicated to get past than most people realize despite what is shown in popular media).

Going with Thorn's (may I call you Thorn? ) memory of Alternity, MTU data transfer system is pretty much the same: fully automated, fully encrypted and tamper-proof in that changing anything would be known (perhaps entangled quantum particles or something interesting like that).

However - that is MTU.

 

[flykiller]

encryption is more complicated to get past than most people realize

it's all just ones and zeros. and if you have access then you have access. and really that's about it.

I've been told that russian intelligence agencies have ditched all their computers and do everything by manual typewriter now. that about sums up the viability of "data security".

now of course in a game you can talk about "quantum entanglement" encryption (or something like that), but then the PC's with computer 5* will have "quantum detanglement" kiddie scripts (or something like that) as well. and THAT would make for some good gaming. "hey, we have all this data aboard, maybe we can look at it!" "YEAH!" ....

 

[whartung]

it's all just ones and zeros. and if you have access then you have access. and really that's about it.

What you have access to is random noise.

I've been told that russian intelligence agencies have ditched all their computers and do everything by manual typewriter now. that about sums up the viability of "data security".

The problem isn't encryption per se, its key management. It always has been.

Modern ciphers, WITHOUT THE KEY, are effectively unbreakable.

They're are effectively unbreakable at higher tech levels, since we're talking fundamental information theory. The thing about the risk of quantum computers only applies to a specific style of encryption (which happens to be quite popular now, but is nonetheless replaceable).

It does not apply to the base, private key ciphers being used. Which can scale to a point where the energy involved in decrypting approaches heat death of the universe. We don't do it today, because we don't have too.

Consider Stuxnet, the attack on the Iranian nuclear fuel processing centrifuges.

It should be noted that encryption was abundantly used in these facilities. None of it was broken, but it was compromised.

Among other things, the attackers managed to break in to the manufactures of some of the equipment and replace the encryption keys that they were using with keys of their own. Long before the equipment even got to Iran. it's an incredible story of the means the attackers resorted to in order to pull off the attack.

But, if you have a blob of encrypted data, using anything close to modern ciphers, then, no, you're out of luck if you don't have any information about the keys.

Some of the risks today is that information can be leaked that weakens the key space used for encryption, however you have to be their, monitoring and recording when the encryption takes place. After the fact, it doesn't do you any good.

Finally, there's always the one time pad. Random noise producing a key length matching the length of the plaintext message. This is utterly unbreakable, there is zero chance of decoding it. The problem, again, is key management of transporting the key data to the station points.

Typically, we use dangerous people carrying weapons to move those things about these days.

 

[flykiller]

What you have access to is random noise.

it's not random.

 

[aramis]

Modern ciphers, WITHOUT THE KEY, are effectively unbreakable.

Not really. Massive computation clusters are becoming ever more affordable.

Typical use cannot rely upon massive parallelism, but bad actors can. which leads to the ability to brute force...

Plus the emerging quantum field...

And readily available open-source libraries for 64 bit CPUs to do 2048 bit math...

And 64 bit CPUs with ethernet can be had (including power adaptor, 16GB SD card and shipping) for under $20... beowulf clusters are readily doable on the cheap. If you need to do massive math, you no longer need the expensive hardware, just a lot of cheap hardware and the coordination software. (Which said software is also open-source.) The expensive part is the needed switches. ($200 for a 24 port 1Gb is available retail.)

Bad actors can brute force a 512 b cypher in an afternoon with cheap hardware.

Government labs are supposedly able to crack 1024b in under a week. For most intelligence purposes, that's good enough.

Once you have the list, the limit is how fast you can check each, and massive multi-processor parallelism is the answer for minimizing that time.

And that is just conventional.

 

[flykiller]

And 64 bit CPUs with ethernet can be had (including power adaptor, 16GB SD card and shipping) for under $20

will this be true after the us/china trade war really takes off?

 

[mike wightman]

Once you have the list, the limit is how fast you can check each, and massive multi-processor parallelism is the answer for minimizing that time.

And that is just conventional.

Shame that the Traveller computer modernists with their I-phone control stations don't have access to such hardware.

A good old CT 1t model 1 on the other hand... :CoW:

 

[whartung]

it's not random.

Modern ciphers are effectively random. The one time pad encrypted message IS random, which is why OTP is unbreakable.

Not really. Massive computation clusters are becoming ever more affordable.

Typical use cannot rely upon massive parallelism, but bad actors can. which leads to the ability to brute force...

Oh, good heavens.

From https://www.eetimes.com/document.asp?doc_id=1279619#

If you assume:


Every person on the planet owns 10 computers.
There are 7 billion people on the planet.
Each of these computers can test 1 billion key combinations per second.
On average, you can crack the key after testing 50% of the possibilities.


Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years!

This is a discussion about the 128bit AES key. We routinely use 256bit keys currently.

Plus the emerging quantum field...

The quantum field is specifically concerned with attacking the reliance of current public key system being based on very large prime numbers. The consideration is that a quantum computer will be particularly adroit at factoring large prime components.

But, you don't need prime numbers for public key systems, we just use them since they're commodity and effective. As the threats to prime factoring rise, the wind will shift towards systems that do not rely on them any more. For consumer stuff, however, it's not a problem.

 

[aramis]

Whartung

RSA 512's have been brute forced.
https://arstechnica.com/information...azon-ec2-is-a-cinch-so-why-all-the-weak-keys/

AES 256 has been exploited multiple times.
https://www.theinquirer.net/inquirer/news/3012648/aes-256-encryption-keys-cracked-by-hands-off-hack

Certain 1024 bit protocols also have been broken:
https://arstechnica.com/information...of-crypto-keys-is-worse-than-first-disclosed/

I double check this stuff before posting. You might try doing likewise.

When I said 512 are able to be hacked in an afternoon with the right hardware, I was basing it off of multiple hits, and watching various White Hat discussions on youtube. Less than a year after your cited article, which claimed 512 was going to be very secure for a long time, RSA 512 was shown to be hackable.

Now, the other thing is... you don't have to break the whole cypher at once, either. (multiple articles).

If the protocol leaves one byte weak, that can break the whole cypher, dividing the chunks.

Then there's the laziness/computational-efficiency of reusing the same key, giving mutiple samples with the same key.

No encryption system is truly secure other than a 1 time pad. And even that is subject to human (and programmer) laxity in use.

 

[coliver988]

But aren't those side channel attacks now being corrected (re: specter alerts I think) they were based on timing the signals while decoding. Now MS and other OS have updated the software to randomize the timing in decryption,

I am not a security expert (just write business software, yay accounting software?) but I read about these things a lot. Just because they are interesting in an abstract way.


Wiki

While DES the AES one sounds similar - based on timing.

 

[whartung]

The problem isn't encryption per se, its key management. It always has been.

Modern ciphers, WITHOUT THE KEY (double plus good emphasis by me), are effectively unbreakable.

The thing about the risk of quantum computers only applies to a specific style of encryption (which happens to be quite popular now, but is nonetheless replaceable).

It does not apply to the base, private key ciphers being used. Which can scale to a point where the energy involved in decrypting approaches heat death of the universe.

But, if you have a blob of encrypted data, using anything close to modern ciphers, then, no, you're out of luck if you don't have any information about the keys.

Some of the risks today is that information can be leaked that weakens the key space used for encryption, however you have to be their(sic), monitoring and recording when the encryption takes place. After the fact, it doesn't do you any good.

Whartung

RSA 512's have been brute forced.
https://arstechnica.com/information...azon-ec2-is-a-cinch-so-why-all-the-weak-keys/

This is public key encryption. Using RSA. Which relies upon prime numbers. I covered all of that.

AES 256 has been exploited multiple times.
https://www.theinquirer.net/inquirer/news/3012648/aes-256-encryption-keys-cracked-by-hands-off-hack

Bad implementations under observation can be exploited, I covered that too.

Certain 1024 bit protocols also have been broken:
https://arstechnica.com/information...of-crypto-keys-is-worse-than-first-disclosed/

Again, these are key attacks. Not attacks on the cipher text directly.

I double check this stuff before posting. You might try doing likewise.

You bet, +1!

When I said 512 are able to be hacked in an afternoon with the right hardware, I was basing it off of multiple hits, and watching various White Hat discussions on youtube. Less than a year after your cited article, which claimed 512 was going to be very secure for a long time, RSA 512 was shown to be hackable.

Folks brute forced the TI Calculator RSA 512 signing key back in 2009 with 73 days of computing.

The prime factorization problem is a particular issue with the RSA style public key system, and, again, is considered at risk notably by quantum computing. However, RSA is simply entrenched in the community, but there are alternatives that do not suffer from that kind of weakness. They're simply not wide spread (and it's not necessary).

The underlying premise of this thread was that someone had unrestricted access to a blob of encrypted data. This is effectively uncrackable, even beyond today. That fact that folks can exploit conversations and other weaknesses just highlights that there are weaknesses in exchange, not with the algorithms themselves. And, you'd like to think, after a few thousand years of commodity work on fundamental information theory, that the bugs will be worked out. Every day "best practice" is changed to make this harder, and harder, and harder. And it's only been a couple of years.

Imagine after 1000's of them, even with a Dark Night.