Understood. One thing for sure - an encryption key is not in my future.
Encryption Key
- Thread starter BKF
- Start date
now you guys are making me want to put that firmware on my SDS200 and test it with my radios.
You should. The demo will give you plenty of time to evaluate, you can roll back to official simply. It works flawlessly - at least on my 436/536 that I have demo'd it on. And 40 bucks isn't a big deal if you happen to be able to put it to real use. For me, it was a matter of "why not give it a try".
But the key must be saved and identified in some way. Otherwise, how do you know what key is being used, if it's the correct one, or if it contains errors?
Despite me having said "nope" at the beginning I had forgotten I actually have the FW and it works (Motorola BP w/RAS is hit and miss though). I guess I forgot because it's seamless.
To others, no this doesn't make encryption any less secure. You need the key variable to use it and if you have that (and shouldn't) it's already compromised.
Each key is identified by a CRK/SLN number and is a physical slot in the key loader and the more up to date key loaders tag the key with an alias. There is no reason at all to know or have access to the key material. Also the keyloader can create random keys automatically that won't have errors, so this isn't an issue either.
kayn1n32008
ØÆSØ Say it, say 'ENCRYPTION'
It doesn't. Once disclosed, in plain text, the rest is irrelevant, the key is compromised.
kayn1n32008
ØÆSØ Say it, say 'ENCRYPTION'
It is identified, generated, and saved in the KMF. It won't have errors and it will be the correct one.
As badly as the anti-encryption folks that inhabit this forum want to believe, that encryption=inability to interoperable, or that encryption hampers the ability to interop. This is NOT true.
There are thousands upon thousands of encrypted interop PTT's every day, between different agencies that understand what is needed to be able to do this. Egos and attitudes are left at the door, and these agencies work together to make sure they have secure comms.
If two agencies that need to talk to each other can't do it securely, it is not the fault of encryption, or the technology. It's a human failure. Either they can't cooperate, or don't have the skills to do it.
Locally, 2 such agencies, that are both encrypted, interop on a daily basis when events cross jurisdictional boundaries, and end up involving units from both agencies. None of their interop comms are done unencrypted. These comms are never disclosed on unencrypted talkgroups.
It all falls back to basics
1. Planning
2. Training
1. Planning
2. Training
Project25_MASTR
Millennial Graying OBT Guy
It's probably worth noting that there are also interoperable encryption keys available in the US. Almost all state level public safety users and many local public safety users have those keys loaded into their radios and some even use them for their day to day operations (to get around having to coordinate yet another CKR/SLN with a coordinating agency).
RFI-EMI-GUY
Member
- Joined
- Dec 22, 2013
- Messages
- 7,626
The federal agencies now have this all worked out centrally. They have no interoperability problems with respect to key management.
- Joined
- Dec 19, 2002
- Messages
- 2,513
Keys usually KEY ID to identify them. DSD+ will give you the type of encryption and key ID it sees. In the receiving radio, the KEY ID is used to look up the matching key. In the case of the KEY ID, it gives the user of DSD+, which will show P25 KEY IDs (NOT the actual key!) the ability to know which encrypted talk groups have the same KEY ID (so same key) so the units (when on the same talk group) can talk to each other. A typical configuration might say have a PD using one KEY ID for almost all communications, with a separate KEY ID used for internal affairs. So although the KEY ID does not reveal the actual encryption key, it does
kayn1n32008
ØÆSØ Say it, say 'ENCRYPTION'
Sorry, I didn't see this reply.
2. The memory is volatile. If a KVL is left with out a power source(battery) for a defined period of time, the key(s) will be erased(think of disconnecting a car battery, and then having to reprogram your preset buttons once you reconnect the battery).
3. The KVL has the ability to detect if it's memory is being tampered with, and will self zeroize it's key storage memory.
4. Physical access control and vetting those that have both physical access to and a legitimate need for the use of the KVL.
Depending on the policies of a given agency, pretty secure. Or not.
The security of the contents of the KVL is truly is dependent on the last point. Physical device security.
If you don't have tight physical security of the KVL, then there is a VERY real chance of unauthorized radios being keyloaded, that shouldn't be. Once that unauthorized radio is key loaded, the key is compromised(even if you can't actually recover the key in plain text).
Not every radio will be authorized to have every single key, even radios with in the same agency.
Departments like internal affairs(cops that investigate cops), organized crime, domestic terrorism, surveillance and intelligence gathering are usually restricted access with in the agency, where members that are not assigned, can not just walk into these groups work areas.
Members of these groups are going to be vetted and background checked to a much greater degree.
These work areas that are usually a secured, limited access environment, with in a secure, limited access environment. Radios they use will all have unique encryption keys, that ONLY each group has, that NOBODY else will have.
Every radio used by these groups will be inventoried, and specially provisioned with in the KMF, potentially to the extreme of having a unique UKEK, to ensure that ONLY their department radios get rekeyed with their unique keys, in addition to the 'regular' keys used in the over all agency.
Properly securing an agencies communications is a job all on its own. Even a department for a city of a million people, could easily have dozens, or more, unique encryption keys in use.
A ficticous agency could easily have a potential talk group line up something like:
NW Command
NW Tac
NE Command
NE Tac
SW Command
SW Tac
SE Command
SE Tac
Records/Warrant Inquiry North
Records/Warrant Inquiry South
Interop
Pursuit
SRT
K-9 Services
Air Services
Marine Services
Organized Crime Taskforce
Auto Theft Taskforce
Drugs and Guns Taskforce
Warrant Taskforce
Surveillance
Internal affairs
Admin
Simplex(radio to radio, no repeater or trunk system)
If the ficticous agency wanted 100% secure comms, that list is 25(also a common patch key for when encrypted talkgroups, with unique keys are patched together) unique encryption keys alone. Not every radio would have every key, but every radio would be a mix of keys with some being unique, and some being common to all.
For interoperability there could be multiple Interop talkgroups with either the same key, or multiple keys. Agencies that this fictional agency communicate with on a regular basis can have THEIR radios provisioned in the fictional agencies KMF and have their KVL securely loaded with the fictional agencies interop UKEK, and securely receive the key(s) for the interop talk groups. This would require coordination of radio ID's, CKR and talk group ID so that all three are not duplicated to prevent potentially serious issues with duplicate Radio ID's, duplicate CKR's and duplicate Talk Group ID'S.
As you can see, having secure communications is complex, it needs to be planned out, it requires people that are skilled, trained and competent. It requires cooperation and communication at not only a high administration level, but also with the people that are going to actually make it happen. The not only ones planning the fleet map, but the people that are planning the employment of encryption. Each person in that chain is as critical as the other, regardless of the pay grade.
Yet every single day, agencies are doing this, with out problems. Even talking to other agencies securely.
If you don't check the box, you have a short period of time where the UCM/MACE/Key storage will retain the key. More than enough time to swap batteries, or reattach a battery that becomes accidently separated, but not a significantly long period of time to be useful to an adversary trying to attempt to somehow extract the keys.
1. The KVL will NOT display the key(s), you can ONLY select the CKR/SLN of the key(s) you wish to load into a radio.
2. The memory is volatile. If a KVL is left with out a power source(battery) for a defined period of time, the key(s) will be erased(think of disconnecting a car battery, and then having to reprogram your preset buttons once you reconnect the battery).
3. The KVL has the ability to detect if it's memory is being tampered with, and will self zeroize it's key storage memory.
4. Physical access control and vetting those that have both physical access to and a legitimate need for the use of the KVL.
Depending on the policies of a given agency, pretty secure. Or not.
The security of the contents of the KVL is truly is dependent on the last point. Physical device security.
If you don't have tight physical security of the KVL, then there is a VERY real chance of unauthorized radios being keyloaded, that shouldn't be. Once that unauthorized radio is key loaded, the key is compromised(even if you can't actually recover the key in plain text).
Not quite. In a properly designed system, the KVL has the key(UKEK) used to unlock the keys(TEK) that unlock the the 'doors' the radio is authorized to unlock.
Not every radio will be authorized to have every single key, even radios with in the same agency.
Departments like internal affairs(cops that investigate cops), organized crime, domestic terrorism, surveillance and intelligence gathering are usually restricted access with in the agency, where members that are not assigned, can not just walk into these groups work areas.
Members of these groups are going to be vetted and background checked to a much greater degree.
These work areas that are usually a secured, limited access environment, with in a secure, limited access environment. Radios they use will all have unique encryption keys, that ONLY each group has, that NOBODY else will have.
Every radio used by these groups will be inventoried, and specially provisioned with in the KMF, potentially to the extreme of having a unique UKEK, to ensure that ONLY their department radios get rekeyed with their unique keys, in addition to the 'regular' keys used in the over all agency.
Properly securing an agencies communications is a job all on its own. Even a department for a city of a million people, could easily have dozens, or more, unique encryption keys in use.
A ficticous agency could easily have a potential talk group line up something like:
NW Command
NW Tac
NE Command
NE Tac
SW Command
SW Tac
SE Command
SE Tac
Records/Warrant Inquiry North
Records/Warrant Inquiry South
Interop
Pursuit
SRT
K-9 Services
Air Services
Marine Services
Organized Crime Taskforce
Auto Theft Taskforce
Drugs and Guns Taskforce
Warrant Taskforce
Surveillance
Internal affairs
Admin
Simplex(radio to radio, no repeater or trunk system)
If the ficticous agency wanted 100% secure comms, that list is 25(also a common patch key for when encrypted talkgroups, with unique keys are patched together) unique encryption keys alone. Not every radio would have every key, but every radio would be a mix of keys with some being unique, and some being common to all.
For interoperability there could be multiple Interop talkgroups with either the same key, or multiple keys. Agencies that this fictional agency communicate with on a regular basis can have THEIR radios provisioned in the fictional agencies KMF and have their KVL securely loaded with the fictional agencies interop UKEK, and securely receive the key(s) for the interop talk groups. This would require coordination of radio ID's, CKR and talk group ID so that all three are not duplicated to prevent potentially serious issues with duplicate Radio ID's, duplicate CKR's and duplicate Talk Group ID'S.
As you can see, having secure communications is complex, it needs to be planned out, it requires people that are skilled, trained and competent. It requires cooperation and communication at not only a high administration level, but also with the people that are going to actually make it happen. The not only ones planning the fleet map, but the people that are planning the employment of encryption. Each person in that chain is as critical as the other, regardless of the pay grade.
Yet every single day, agencies are doing this, with out problems. Even talking to other agencies securely.
Potentially. There is a check box in XTS/XTL 2500/5000 series (I am most familiar with) CPS, called 'Infinite Key Retention'. If you check the box, the radio, in theory, won't lose its keys, even when left with out power.
If you don't check the box, you have a short period of time where the UCM/MACE/Key storage will retain the key. More than enough time to swap batteries, or reattach a battery that becomes accidently separated, but not a significantly long period of time to be useful to an adversary trying to attempt to somehow extract the keys.
- Joined
- Dec 19, 2002
- Messages
- 2,513
I do not know why my post got cut off. That last sentence "so although the KEY ID does not reveal the actual encryption key, it does reveal who can talk to who with their encryption." The next sentence was " A typical use with two keys on a PD system is sometimes one key (so one KEY ID) for normal operations, and a more restricted key (so KEY ID) for internal affairs.
OK, I have to say you flooded my brain here, let go in simple mode will be better
in simple mode we have
- From the main crypto store a key is created for a specific radio
- The new key is probably encrypted and loaded in the transport device
- The transport device is connected to the radio
- here I assume the transport encryption is removed from the key, how it this is done is the big question ?
- Uploaded in the secure storage of the radio
- Any other derivative crypto performed for normal operation will go here.
- I assume the key loader used by the tech contain a encrypted key and not a plain text key ?
- Is the key loaded encrypted in the radio or is transport encryption is removed to upload a plain text key in the radio ?
- In ether case how is the plain key end on the radio to be use ?
Similar threads
