I am making a Rigger type character for our table's SR4 game, and one aspect of the SR4 Matrix rules has been bugging (heh) me; how do you defend against spoofed commands?
The way I read the rules, to spoof a command you need an authorized users Access ID (page 236, SR4A). This can be obtained by either a) performing a Matrix Perception Test on the the authorized user's icon, or b) tracing legitimate orders to their source.
Before you can spoof, you must have an access ID from which the target accepts commands. This can be done by finding an authorized user in the Matrix and making a Matrix Perception test on her icon to get her access ID. You can also use the Capture Wireless Traffic action to find legitimate orders and then Trace the communication back to its source, which will net you the access ID.
As a Rigger, the only way I can think of to defend against the former is to have a high Hacking skill and be running a high rating Stealth program, or to have a high firewall, or to have an Agent run it for you (though I'm not confident about this last one, as I believe it would hide the Agent and not the node).
If your target is running a Stealth program, the Matrix Perception test becomes an Opposed Test, with the target rolling Hacking + Stealth (or Firewall + Stealth for programs or nodes) as the opposing dice pool. The hits from this test reduce your hits and consequently the amount of information you get. If you garner no net hits, the target is not invisible as such, but its icon has melded into the background of data traffic, escaping your notice.
OK, so if a hacker can't see you in the Matrix directly, the other option for him is to track you. This is where it becomes tricky. He first has to intercept your traffic.
You eavesdrop on wireless traffic going to and from a device. You must be within the device’s Signal range to capture the traffic. You must succeed in an Electronic Warfare + Sniffer (3) test to start the capture, and then you may copy, record, or forward the traffic without another test as long as you remain within the target device’s Signal range and keep the Sniffer program running.
There is no way for other parties to detect your capture (without access to your commlink, of course). If the traffic is encrypted, you must break the encryption before it can be captured."
Straight forward enough; it's reasonable to expect that any rigger (at least PCs) will be running signals encryption, however.
Now, the SR4A core book describes decryption as only viable on Nodes and Files; Unwired to the rescue.
Most of the time, encrypted subscriptions, files, and nodes are decrypted with a key. Often they are decrypted by hackers who crack the encryption with the Decrypt program. Using the Decrypt program requires a Complex Action to start the process, but thereafter the program continues the Extended Test (p. 225, SR4) autonomously. Once a file is decrypted by any user, it remains decrypted, but when a subscription or node is decrypted by a user, it remains decrypted only for that user. However, the encryption may be re-instated under certain circumstances:
Signals encryption may be restored by closing the subscription (a Log Off action), re-establishing the subscription (a Log On action), and then re-encrypting the subscription (a Simple Action from each side of the link).
File encryption is restored merely by encrypting the nowdecrypted file.
Node encryption is restored by rebooting the node (a Complex Action, plus boot time), and re-encrypting it (a Simple Action).
OK, seems reasonable. But one thing is missing from this; how do you, as the target, detect a decryption attempt? It seems to me there is no reliable way for this to occur, with the possible exception of performing a Matrix Perception Test on your own subscription links. And there does have to be a way for this to happen, or parts of the Dynamic Encryption paragraph seems fairly useless.
It is possible to perform continuous re-encryption by monitoring a decryption attempt and adjusting the encryption algorithm accordingly. Doing so does not make the encryption safe, but it can delay an attacking hacker. Like strong encryption, dynamic encryption takes extra time and processing power. It
has the additional disadvantage that it requires awareness of an attacker for it to be effective.
Dynamic encryption is only effective against an attacker that has been detected with a Matrix Perception Test and that is currently decrypting a link, file, or node. The user makes an Opposed Computer + Encrypt Test against the attacker’s Electronic Warfare + Decrypt; for every net hit on this test, the threshold for the attacker’s attempt to break the encryption is increased by one. This requires a Complex Action.
The extra threshold applies only to the attacker against which it is directed. The attacker may clear the threshold penalty by restarting his decryption attempt, but this causes him to lose any hits already accumulated against the encryption.
Once an attacker has fully decrypted a subscription, node, or file, this technique may no longer be used. Dynamic encryption is not compatible with strong encryption.
This to me indicates that a Matrix Perception Test on your own subscribed links (Is decryption being attempted?) would allow you to initiate Dynamic Encryption.
Other than using Dynamic Encryption, the rigger can also detect the trace attempt as a last resort, and use redirect trace and/or trace the tracer to go attack him directly.
Am I understanding this correctly? Are there other ways to guard against spoofing?