#Training 2221 Authentication With DRYAD #training

C. Matthew Curtin


This week's training task gets beyond basic functionality and goes to reliability. In amateur radio, it's common for us to gather information and to rely on operators to follow the rules prohibiting false messages and identification. [47 CFR 97.113(a)(4)]

While this usually works, we know that there are malicious actors on the airwaves and especially in operations that support the allocation of scarce resources, having assurance that we are working with a known station can help us to make a more viable system.

 1. Watch Radio KD8TTE Episode 65, "Authentication on Radio Nets with DRYAD." https://youtu.be/sloV7O3L8SM
 2. BLACK SWAN Net operators: Email me (not Winlink - kd8tte@...) to get the training table if you didn't already after seeing KD8TTE message 4479 on BLACK SWAN Net.


The BLACK SWAN Net hereby introduces a procedure for station authentication, the process of proving identity.

AUXCOMM functions of agencies including those using the amateur radio service provide valuable service in times of greatest need. Services can include relaying requests for resources, providing warnings and other information for broadcast, and gathering ground truth information.

Malicious actors can disrupt these services in a number of ways. One way we've faced is denial of service, such as jamming a critical circuit. We saw such attacks in the early days of developing what has become the BLACK SWAN Net. We developed defenses for that and have been able to continue operations.

We now turn our attention to the matter of AUTHENTICATION to address disruption by malicious actors from impersonation.

 IDENTIFICATION is "saying who you are." We do this on the net with the proword THIS IS, e.g., "THIS IS KD8TTE." In telegraphy we use the prosign DE, e.g., "DE KD8TTE."

If the other station recognizes the operator's voice, fist, or signal, there might be some assurance that the identification is legitimate. Such identification might not be possible where stations are multi operator or unfamiliar with one another.

 AUTHENTICATION is the process of proving your identity. Many techniques can be used for this. The procedure that we introduce to BLACK SWAN Net is station authentication using the KTC 1400 D ("DRYAD") table. The proword we use to challenge a station, initiating the procedure is AUTHENTICATE followed by the challenge. Authentication is answered with the proword I AUTHENTICATE followed by the authentication. Corresponding prosigns are INT ZNB to challenge and ZNB to answer. (See ACP 125(G), par. 619.)

The system works by having a "shared secret" among the stations and a technique for them to refer to particular elements of it.

For regular training operations for calendar year 2022, we will use a common DRYAD. Request your copy by Internet email to kd8tte@.... You are to hold the DRYAD confidential and not to share it with others, including other BLACK SWAN stations. Each station that wants it must request it individually.

(The lifespan of this training table is wildly inappropriate for real-world cases. For any particular operations, you should expect that the procedure will be in use but with tables of a much shorter lifespan, measured in hours, not weeks. Pay attention to Paragraph V [Control] in Activation documentation for details.)

C. Matthew Curtin KD8TTE

Sent with ProtonMail secure email.