• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

P25 Link Level Encryption

Status
Not open for further replies.
S

ScannerSK

Member
Joined
Mar 6, 2005
Messages
1,436
Location
Weld County, Colorado
This is not good at all...

If the control channels become encrypted then properly monitoring/following conversations of even non-encrypted talkgroups will be impossible for all scanners.

I assume encrypted control channels will make P25 systems even worse in areas with less than ideal coverage. However, my concern is loosing the ability to properly follow non-encrypted conversations on our scanners.

Shawn
 
B

balibago

Completely Banned for the Greater Good
Banned
Joined
Jan 13, 2008
Messages
220
Location
New Iberia
Will this effect all the old P25 equipment or just new manufacture? Will this effect the non encrypted systems? I'm looking at a home patrol 2 and would like to get at least 3 years out of it. This will be a horrible development for those who monitor mundane things like public works, utilities etc. Since when have we become the enemy?
 
T

trumpetman

Member
Database Admin
Joined
Mar 24, 2007
Messages
1,881
Location
Charlotte, NC
ScannerSK said:
This is not good at all...

If the control channels become encrypted then properly monitoring/following conversations of even non-encrypted talkgroups will be impossible for all scanners.

I assume encrypted control channels will make P25 systems even worse in areas with less than ideal coverage. However, my concern is loosing the ability to properly follow non-encrypted conversations on our scanners.

Shawn
Click to expand...

Encryption on P25 doesn't decrease range like it does in the old analog SecureNet days, so that's a moot point. Plus I imagine if a system is using an encrypted control channel there won't be any non-encrypted talkgroups in use, but that's just my two cents.

I seem to recall a while back when looking at the documentation there was a flag/packet that indicated the data stream was encrypted but was unable to find any literature on encrypted the control channel...I guess that was the precursor to this new ability.
 
krokus

krokus

Member
Premium Subscriber
Joined
Jun 9, 2006
Messages
6,128
Location
Southeastern Michigan
ScannerSK said:
This is not good at all...

If the control channels become encrypted then properly monitoring/following conversations of even non-encrypted talkgroups will be impossible for all scanners.

I assume encrypted control channels will make P25 systems even worse in areas with less than ideal coverage. However, my concern is loosing the ability to properly follow non-encrypted conversations on our scanners.

Shawn
Click to expand...

The only way that comes to mind, for use at that point, would be to scan the discrete repeater outputs. Assuming the encryption would be implemented after going TDMA, I wonder how well the scanners will process the time slots.

Sent via Tapatalk
 
B

balibago

Completely Banned for the Greater Good
Banned
Joined
Jan 13, 2008
Messages
220
Location
New Iberia
I assume that only new equipment will have this capability. Louisiana at this time can barely pay their electric bill.
 
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,946
I don't do much P25 monitoring but have read some security papers regarding it. I believe there already exists a way to scramble TG and RID numbers. So they would just be adding encryption to the CC.
If the voice is already well encrypted, encrypting the CC too wouldn't add much more security.

Sure, by not being able to read TG and radio ID's you wouldn't be able to do traffic analysis, but that is limited anyway. And if the CC encryption is being done at the repeater, couldn't you just scan the repeater inbound for TG and RID info?

Anyway, the local FBI shop is P25 AES 256 voice encrypted 24/7 and even they dont scramble TG's or RIDs.

Even if they did, not really a big deal. Can't hear wha'ts going on anyway.

I don't see this becoming a widespread issue. A few new systems "might" pay extra for it.
 
S

slicerwizard

Member
Joined
Sep 19, 2002
Messages
7,698
Location
Toronto, Ontario
RayAir said:
I don't do much P25 monitoring but have read some security papers regarding it. I believe there already exists a way to scramble TG and RID numbers.
Click to expand...
Pretty sure that isn't available yet.


So they would just be adding encryption to the CC.
If the voice is already well encrypted, encrypting the CC too wouldn't add much more security.

Sure, by not being able to read TG and radio ID's you wouldn't be able to do traffic analysis, but that is limited anyway.
Click to expand...
It would let one see when a canine officer switched to a given dispatch channel (manhunt in progress) or when the ETF did (barricaded suspect) or when those special event groups start loading up with radio affiliations at 4 am (drug raids at 5 am); these are all very useful things to know when you're the overnight ENG.

I'm sure others can find uses.


And if the CC encryption is being done at the repeater, couldn't you just scan the repeater inbound for TG and RID info?
Click to expand...
If the outbound CC is encrypted, why wouldn't the inbound also be?


Anyway, the local FBI shop is P25 AES 256 voice encrypted 24/7 and even they dont scramble TG's or RIDs.
Click to expand...
Pretty sure that isn't available yet.


What additional Security Interfaces and Services are being worked on in TIA/P25?

Key Fill Interface to the KMF, Authentication Facility and between Key Fill devices.

Link Layer Encryption for protection of Control signaling and group/individual IDs on the trunking control channel, trunked and conventional voice channels and trunked and conventional data channels.
 
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,946
Read (attached) 3.2 about P25 metadata. They mention some of the identifier fields can already be optionally encrypted?
 

Attachments

  • Screenshot_2016-03-15-15-33-41.jpg
    Screenshot_2016-03-15-15-33-41.jpg
    55.7 KB · Views: 516
S

slicerwizard

Member
Joined
Sep 19, 2002
Messages
7,698
Location
Toronto, Ontario
Link Control Words have a protected bit - as do control channel TSBKs. Those bits are there to support signalling encryption when it arrives. It hasn't arrived yet, has it?
 
RayAir

RayAir

Member
Joined
Dec 31, 2005
Messages
1,946
I saw an algorithm for P25 called AES-GCM.

From what I could find it seems to be a 128 bit key used as an authentication to a P25 system.

Is this the cipher they might use for CC encryption?

Do you happen to know about AES-GCM in regards to P25?

Thanks.
 
kv5e

kv5e

T¹ ÆS Ø
Premium Subscriber
Joined
Dec 19, 2002
Messages
273
Location
127.0.0.1
RayAir said:
I saw an algorithm for P25 called AES-GCM.

From what I could find it seems to be a 128 bit key used as an authentication to a P25 system.

Is this the cipher they might use for CC encryption?

Do you happen to know about AES-GCM in regards to P25?

Thanks.
Click to expand...

https://en.wikipedia.org/wiki/Galois/Counter_Mode

This method is used for packet data and authentication of sending party.

Embedded authentication to thwart MITM attacks for packet data is the reason for GCM.

Control plane encryption will likely use a symmetric key method and could have some attributes of Galois Counter Mode.

Due to the amount of traffic on a CC, keys would be changed very frequently on the control plane encryption, perhaps daily.
 
Status
Not open for further replies.

Similar threads

k2hz
Monroe County Towns North
Replies
16
Views
821
k2hz
k2hz
dave3825
DSDPlus DSD+ FL 2.505 released
4 5 6 7 8
Replies
151
Views
7K
dave3825
dave3825
J
Hospital encryption?
2
Replies
26
Views
2K
NewJerseyOldListener
NewJerseyOldListener
E
Marion County going encrypted, but process seems confused
Replies
6
Views
1K
RFI-EMI-GUY
RFI-EMI-GUY
AngWay
SDS100/SDS200: Just bought a SDS100 got a couple questions.
2 3 4 5
Replies
94
Views
3K
WX9RLT
WX9RLT
Top