OK, so you initially split a secret into pieces. How do you initially send the pieces to the individual people? How do you use your own part of the secret to send someone a message?
This has the added bonus of being reusable. If you encrypt every one time pad with the same one time pad, you only have to give one one time pad to everybody!
Drones are a way to deliver encryption keys for one time pads without fear of interception.
How do you verify that the drone doesn't get intercepted?
The drone has a camera and a GPS. You can verify the recipient of the drone based on that data. This assumes that the GPS and camera data itself hasn't been compromised. The camera is an easier problem to solve since you built the drone yourself, you should be able to make it secure. The GPS is harder because the GPS system itself is beyond your control. You just have to trust it.
You can always check nav the old fashioned way, using maps that you verify and starting from a known landmark coordinate, then track your distance and directions traveled until you hit the indented drop coordinates, referencing ground landmarks when possible.
That's how pilots did it pre GPS or radio (LORAN/VOR/etc) and they traveled all over the world.
And really I would think radio in general should be fairly reliable enough if it's in use at the time/place unless someone is moving radio towers without your knowledge.
Drones are a way to deliver encryption keys for one time pads without fear of interception.
How do you verify that the drone doesn't get intercepted?
The drone has a camera and a GPS. You can verify the recipient of the drone based on that data. This assumes that the GPS and camera data itself hasn't been compromised. The camera is an easier problem to solve since you built the drone yourself, you should be able to make it secure. The GPS is harder because the GPS system itself is beyond your control. You just have to trust it.
Can't guarantee the camera's secure. You may have built the camera yourself, but there's no way to know if the camera components have been backdoored and are therefore insecure. Unless you have your own chip fab, using equipment you built yourself, you can't be 100% certain.
Drones are a way to deliver encryption keys for one time pads without fear of interception.
How do you verify that the drone doesn't get intercepted?
The drone has a camera and a GPS. You can verify the recipient of the drone based on that data. This assumes that the GPS and camera data itself hasn't been compromised. The camera is an easier problem to solve since you built the drone yourself, you should be able to make it secure. The GPS is harder because the GPS system itself is beyond your control. You just have to trust it.
Can't guarantee the camera's secure. You may have built the camera yourself, but there's no way to know if the camera components have been backdoored and are therefore insecure. Unless you have your own chip fab, using equipment you built yourself, you can't be 100% certain.
You could also be looking at a high rez video of your friend's face while someone else grabs the payload.
In other words, opsec is hard. If you're doing something where you need extreme opsec and you're not an opsec professional, maybe you're better off not doing it.
Unless you have your own chip fab, using equipment you built yourself, you can't be 100% certain.
It's even worse than that, even if you have your own fab you might have compromised silicon. Go to a beach, need to mine your own sand.
Okay, now you're being a bit ridiculous. :P However, given that the NSA has been shown to backdoor hardware while in transit (though maybe not at the individual chip component level) and one of the earliest examples of software backdoors involves backdooring the C compiler so that Ken Thompson (one of the inventors of Unix) will always have an account on any Unix machine compiled with said compiler, it demonstrates that true opsec is very hard.
FWIW, Thompson's backdoor was ingenious. First, the compiler would see if you were compiling the Unix login program. If so, it would put a backdoor into login so that Thompson would have access to said machine. "Ah," you say, "but what if I compiled the compiler myself after removing said backdooring code from it!" No dice -- because the compiler knows if it's compiling itself and re-inserts the backdoor generation code into the binary if it's missing.
Sure, some things can be faked. But the goal is that the practical implementation of said fakery is nearly impossible.
Sure, you could hack the video of the route from takeoff and fake the whole exchange. But, that requires doing just that. The ENTIRE ROUTE, including the pickup with your friend, all in real time.
By adding lots of metadata (like video of the drone flying to its destination, passcodes, GPS coordinates, etc...), it becomes exponentially more difficult to fake ALL of these elements. If there are ANY discrepancies, the game is up.
Make your systems such that clever alone is not good enough to break them. It's clever to hack the camera, but the implementation of a live accurate video of the entire transaction is basically impossible. (Also, if it WERE possible, you were fucked before you even began).
I guess the question is what happens when the game is up.
Case 1: A perfect fake job is done. You're fucked no matter what, as Rym said.
Case 2: An imperfect fake job is done. You know the drone was intercepted, but what happens next? Can any useful information be extracted from said drone? Did the methods used to do the faking also allow for information leakage that allows the interloper to go after you or your friend?
In the case of the one time pad you mentioned, I suppose it just means that you burn the old pad, generate a new one, and try again to send it to your friend (or give up trying to send via drone as it's not reliable enough). This is the best case scenario in that we assume the drone has no information on who the two parties exchanging the pad are and/or there are no legal penalties against attempting to exchange a one time pad and only a one time pad.
Of course, if someone cares about you enough to intercept your drone carrying your one time pad, then it may be time to upgrade from the tin foil hat to something more substantial.
Comments
http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
That's how pilots did it pre GPS or radio (LORAN/VOR/etc) and they traveled all over the world.
And really I would think radio in general should be fairly reliable enough if it's in use at the time/place unless someone is moving radio towers without your knowledge.
Use a touch pad or radio back to the pharmacy with social security numbers and date of birth to verify recipient.
Also to deliver urgent supplies in rescue situations.
FWIW, Thompson's backdoor was ingenious. First, the compiler would see if you were compiling the Unix login program. If so, it would put a backdoor into login so that Thompson would have access to said machine. "Ah," you say, "but what if I compiled the compiler myself after removing said backdooring code from it!" No dice -- because the compiler knows if it's compiling itself and re-inserts the backdoor generation code into the binary if it's missing.
Sure, you could hack the video of the route from takeoff and fake the whole exchange. But, that requires doing just that. The ENTIRE ROUTE, including the pickup with your friend, all in real time.
By adding lots of metadata (like video of the drone flying to its destination, passcodes, GPS coordinates, etc...), it becomes exponentially more difficult to fake ALL of these elements. If there are ANY discrepancies, the game is up.
Make your systems such that clever alone is not good enough to break them. It's clever to hack the camera, but the implementation of a live accurate video of the entire transaction is basically impossible. (Also, if it WERE possible, you were fucked before you even began).
Case 1: A perfect fake job is done. You're fucked no matter what, as Rym said.
Case 2: An imperfect fake job is done. You know the drone was intercepted, but what happens next? Can any useful information be extracted from said drone? Did the methods used to do the faking also allow for information leakage that allows the interloper to go after you or your friend?
In the case of the one time pad you mentioned, I suppose it just means that you burn the old pad, generate a new one, and try again to send it to your friend (or give up trying to send via drone as it's not reliable enough). This is the best case scenario in that we assume the drone has no information on who the two parties exchanging the pad are and/or there are no legal penalties against attempting to exchange a one time pad and only a one time pad.
Of course, if someone cares about you enough to intercept your drone carrying your one time pad, then it may be time to upgrade from the tin foil hat to something more substantial.
Kamarov: Stop pissing, Yuri. Give me a stopwatch and a map, and I'll fly the Alps in a plane with no windows. It's the only way to be sure.