[Skimmertalk] skimmer security

Joe Hetrick kc0vkn at bitjanitor.net
Thu Apr 22 12:18:42 PDT 2010


So, I guess we're talking about 2 or more real issues with regard to skimmer security:

1) avoiding skimmer spots populating into the packet cluster
2) some form of authentication for *users* of the spots that the skimmers reap.

With regard to #1, controlling what goes in to the cluster network from skimmers is difficult at best.  It doesn't seem to me to be any great challenge to code something that would shove spots into the global cluster.

With regard to #2 and echolink style auth; Does anyone have any real numbers as to how effective the echolink mechanism is?  I'm not really a user, but, I'm aware of the framework in place.  I still stand by my original wording that anyone that wants to cheat, can find a way.  That isn't to say we shouldn't try.

A further thought is that there is perhaps a third scenario, one where there is trust between skimmer operators.  In effect a closed network maintained by "honest" or, at the least, "authenticated and trusted" purveyors of skimmer spots.  How you evaluate that is likely a debate in and of itself.  I'd argue that anyone willing to give in to an authorized and authenticated token deeming that a spot came from them, or passed through their aggregation, is someone that would likely be a trustworthy participant.

I'm kind of thinking of it in a aggregation of aggregators of individuals sense.  You'd have a core network that would be a group of spot aggregators that trust spots coming from one another.  Those spot aggregators would in-turn be trusting spots incoming from other sources, maybe smaller aggregators, maybe individual skimmers.  The protection would be that one could kill a source at any level.  If a single "rogue" were to appear at some leaf in the tree, everyone, or the core, could choose to suppress data originating from that source.  This brings into how you authenticate and identify sources, but, that could be done with keys, etc.  The reality is that I think in order to provide a "secure" aggregation of multiple skimmer hosts, we need to look at making the network less free and more accountable.  Now, I don't know much, if anything, about how the packet network is regulated, so, maybe somebody can slap me if this isn't new in that realm, I doubt that it is very novel in this context, as it certainly isn't any any other.

This only really addresses a way to handle the formation of a global skimmer network, like I see the internet packet cluster network to be arrange.  That may be near sighted of me.  In the sense of how you secure the network from individual *user* abuse (people that are watching the skimmer-cluster for spots) is another matter.  Whether or not you make users submit to an authentication/authorization scheme is another facet of implementation.  I'd argue that if the goal is to attempt to limit the potential for cheating by tying users (calls?) to their tokens for *using* the network, it is one step that may help filter out cheaters.

Joe KC0VKN


More information about the Skimmertalk mailing list