We have discussed it in the irc a bit but, it is nice to have it here. Open for everybody’s comments.
-First, repeaters must have their own private key. Which is only known by repeater owner, maybe even less.(just repeater itself, if we find a secure way to distribute personal keys)
-Repeater owner or repeater itself should generate personal keys for each callsign using a hash function. ie. sha(callsign+repeater_key)
-Radio’s should include this personal keys in their air data packets using another hash function. sha(data_itself+personal_key+session_id/date/time etc.)
Pros:
-Repaters do not have to keep userid/key pair. Just a banned list is enough.
-Users can be added without programming repeater.
-Callsign theft is prevented.
-When session id in the hash function is used, injection attacks are prevented.
-When time/date used, replay attacks are prevented.
-Further, repeater sourced session id will solve both problems.
Cons:
-Real time hash calculation for each packet is required.
-If some of users share their own key accidentally and insist on using exactly same callsign, repeater key must be changed. So, all users have to update their keys.