Legally Breaking Encryption

[peepoop]

Please do the research on encryption in radio communications from the earliest WWII systems to the advanced 3DES, AES, and future technologies and youll very quickly see just how hard this "simple" task is. If these systems were so easy to "hack/crack/jack/break" then please show us factual information on it.

Blu-Ray DRM is mainly 128 bit AES. More info on how it was done. The key was grabbed from memory, not from brute-forcing. This is despite millions in dollars of research spent by members of AACS to develop a protection scheme based on AES.

It would take the discovery of a similar exploit or weakness in Motorola handheld firmware to ever open up P25 decryption to the masses. And right now there's a lot more people who want to liberate the data they already own on their high-def discs than people who want to listen in on encrypted radio communications. I'm not saying it's easy. I'm saying it's been done before.

 

[jrholm]

It is impossible. If you want to monitor E channels you would have a better chance finding a radio tech and courting them with love notes or whatever until you get a radio programmed to the system. Just dont key up.

Heck, most goverments find this the easier way to compromise secure communications, instead of trying to actually crack code.

 

[DonS]

Blu-Ray DRM is mainly 128 bit AES. More info on how it was done. The key was grabbed from memory, not from brute-forcing. This is despite millions in dollars of research spent by members of AACS to develop a protection scheme based on AES.

Despite those "millions in dollars of research", it appears they still violated a fundamental tenet of encryption: don't send or include the key in cleartext. (It looks like they have to do that - if the key(s) aren't in an unencrypted format at some point, an off-the-shelf player will never be able to decrypt the data).

It would take the discovery of a similar exploit or weakness in Motorola handheld firmware to ever open up P25 decryption to the masses.

Where, in this case, "similar exploit or weakness" must mean "P25 key is sent in cleartext or is otherwise discoverable by somehow examining memory". It's not (or, if it is, the handheld manufacturer needs some new engineers).

P25 keys are either programmed into the radio at the "radio shop", or are sent as OTAR (over-the-air-rekeying) messages. These "OTAR messages" should be in Packet Data Units in the CAI - sent within data units, and encrypted, just like voice.

Keys programmed into the radio should never be discoverable "from the outside" - it should be impossible to read the unencrypted RAM, ROM, or other programmable-memory contents of the radio except by the radio's own firmware. If keys are so discoverable, see the "needs some new engineers" comment above.

 

[INDY72]

Precisely Don, both "hard wired" keys, and OTAR are impossible to decode unless you are privvy to use of the system. There is no "clear" transmission of any kind involved except one user saying say "go secure" lol. The rest is digital garble of the most annoying kind! To reiterate,... Radio telecommunications technologies are vastly different than the tech in VCR's, DVD players, even your PC's.... Though the encryption ability of a PC is just as hard to break as "broadcast" radio network encryption. And to kill the idea of even trying on an analog system, its still A- Illegal, B- impossible. Though you don't see a lot of analog systems using encryption, it does happen. Though encrypted analog has horrible sound quality.. This was shown by a comparison years ago using an XTS3000 on I believe it was the Canadian TRS.. Both analog clear, analog encrypted, digital clear, and digital encrypted were sampled and the comment made.. "you get what you pay for" made... Refferring to the lovely sound of the digital, both clear, and encrypted....

The whole point being that no matter how much you dream, encryption on modern radio systems is very much secure.

 

[N_Jay]

This argument makes sense if you're assuming a brute-force approach is is involved, I agree. But it doesn't need to be so complex.

When HD-DVD and Blu-Ray were cracked by 'arnezami' their keys ware obtained through an exploit/bug in a Windows Blu-Ray player, not through some supercomputer genius feat of engineering.

If anything like this were to happen to P25 encryption it would more than likely start with a thorough examination and memory dump of an authorized P25 radio on an encrypted system. Anyone who has one of those is not likely to sacrifice their radio just to help a bunch of scanner listeners.

Again, this is based on the INCORRECT belief that the keys are static.

1) The radios are well secured against attacks of this type.
2) That would give you one key that would be changed relatively quickly.

 

[KB9LIQ]

The agency I'm with uses encryption all the time and 99.9% of what they talk about is nothing that needs to be, so why? This makes poeple think they are talking about super secret stuff when they are not. Should the public be able to hear what they are saying? I think so the taxpayers paid for every piece of radio equipment they have.

 

[INDY72]

Whether or not full time encryption in some areas has merit or not is a whole other ball game. I believe that certian instances, especially narcotics invests, SWAT ops, and OCD ops especially, should always be secure transmissions. Yes they are the "juicy" things to hear but officer safety is first in that... Encrypting fire ops is in my opinion retarded to the point of infinity. But thatsa whole other forum thread. The way that encryption would be kept to a minimum on NON Federal systems is called actively participate in your local government. City Council meetings. Go often. Get loud. Make the public aware. Information is a powerful tool in the right hands. The old saying of info being a weapon are way off... Knowledge isn't power... The power and weaponry of information is what you do with it.

Rambling on about hacking encrypted radio systems is a poor way to get things changed, and at worst just makes the case for making it harder for the public to have access to thier government because they will just want to hide deeper.

 

[MattSR]

Further to my previous post - here is the link to EFF's book. Note that several chapters were unavailable back in 1998 due to the crypto export restrictions that no longer exist (Though most Americans selling ****ty old DES crypto gear think its illegal to export it - these restrictions were lifted in 2000 as a result of EFF"s efforts)

Another myth that people keep perpetuating is that cracking two-way radio encryption requires voice recognition software. It doesn't. I won't spell it out but theres simple mathematical checks to see if a P25 voice vector is valid or not. Reading the TIA.102 specs will explain it all if you know how to read between the lines.

Link for EFF's DES cracker --> http://jya.com/cracking-des/cracking-des.zip

It's a cracking good read

Cheers,
Matt

 

[N_Jay]

Another myth that people keep perpetuating is that cracking two-way radio encryption requires voice recognition software. It doesn't. I won't spell it out but theres simple mathematical checks to see if a P25 voice vector is valid or not. Reading the TIA.102 specs will explain it all if you know how to read between the lines.

All very interesting, but assuming the input file contains multiple bit errors as typical for a signal transmitted over an LMR system, would you not have to attempt to recover the vocoder frame using the FEC and then test.

Not impossible, but still one or more steps per test than using a simple ascii text file.

And this is all well and good with broken and discarded DES.

I don't know of a new system that is not being deployed with AES or better encryption.

 

[INDY72]

Agian N_Jay is correct,.. No system is being put om the air with less than AES currently in the PS world... In the business and SMR world there is still 3DES, and a few ancient systems that use DES. Heck even some of the business systems have AES, for example Budwieser's TRS's are all being upgraded to use AES. Can't let Coor's spies know that secret formula. WEG

 

[specop]

Let me preface this by saying I have no intention of cracking anyones encryption. My question is this, what is the most basic type of equipment you would need to even recieve, record, and analyze a transmission to determine what type of encryption you were looking at? It seems to me even this first step would present difficulties.

 

[INDY72]

Extremely fast extremely powerful computers, Systems monitoring hardware... Professional software.... So your starting out at around a couple hundred grand to really even look at the real profile of the system.

 

[N_Jay]

Let me preface this by saying I have no intention of cracking anyones encryption. My question is this, what is the most basic type of equipment you would need to even recieve, record, and analyze a transmission to determine what type of encryption you were looking at? It seems to me even this first step would present difficulties.

Nope, all that is easy.

 

[specop]

Back in the mid 90s I was in a US Army signal unit at Ft. Bragg. On a couple deyployments I got to see a some eavesdropping and direction finding equipment belonging to another US group. I dont know if they were doing any code breaking, but one piece of equipment could be tuned to a transmission and would give a full page of data on that TX. I dont know if that piece alone cost $200K, but all the other equipment on that platform together, I cant imagine.

 

[TetraGuy]

As N_Jay said capturing and determining the type of encryption is easy and straight forward. At some layer or some point of a transmission, a portion of the transmitted signal has to be in clear.
Typically a registration or cell broadcast signal.
Once you know the modulation type and frequency to scan a receiver and signal analyser can capture some traces. You would probably need to decode the captured data by hand following a pdu description of the packet (or write up some scripts) - you could also have obtained a signal analyser from the manufacturer that would do the signal analysis automatically, and somewhere in the outpout you would be able to find the type of encryption being used.
It's the easiest part, because it's a pointless part. If I want to know what encryption algorithms are used I phone up the manufacturer or look at a data sheet all the info is in there anyway.

 

[gmclam]

My question is this, what is the most basic type of equipment you would need to even recieve, record, and analyze a transmission to determine what type of encryption you were looking at? It seems to me even this first step would present difficulties.

You need to capture the data stream from the receiver and save it. It could be saved to a hard drive, Flash memory or whatever. Have you ever looked at a binary file on your computer? Can you look at a binary file and tell if it is ASCII text, an EXE, WAV or ??? Since we don't know the specific protocol of the data, this would be worse. Anyway you'd capture some data (that you hopefully know is encrypted voice) and then examine it. The theory is that because of the number of bits used for encryption, testing each possible combination would take a very long time with the fastest computer.

 

[N_Jay]

Extremely fast extremely powerful computers, Systems monitoring hardware... Professional software.... So your starting out at around a couple hundred grand to really even look at the real profile of the system.

Nope, Nope, Nope.

 

[DaveNF2G]

I'm amazed that this conversation is still continuing. Then again, maybe it's not so surprising.

The relevant content of the thread can be summed up in one sentence - there is no legal way for a private citizen to decrypt scrambled communications that are not directed to them. The technological discussion is interesting but irrelevant. It is a federal crime to make the attempt at all.

 

[specop]

Technical difficulties aside, what about breaking an unfriendly nations encyption, is that legal? Is there a mandate that says NSA can, but Billy Bob cant?

 

[N_Jay]

I'm amazed that this conversation is still continuing. Then again, maybe it's not so surprising.

The relevant content of the thread can be summed up in one sentence - there is no legal way for a private citizen to decrypt scrambled communications that are not directed to them. The technological discussion is interesting but irrelevant. It is a federal crime to make the attempt at all.

I see it the other way.

The legal discussion is irrelevant. If there was a practical way to break encryption then legal or not it would be commonplace. The technical discussion is where most people have significant misunderstandings leading to the wrong conclusions that;

1) The law,
2) Difficulties in analysis,
or,
3) Other "hidden" technical issues,

are what keeps the information secure.

The truth is it is simply the KEY applied to the ALGORITHM!