• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

P25 Link Level Encryption

Status
Not open for further replies.

kk6yus

Member
Joined
Nov 19, 2016
Messages
29
Location
Central Valley, CA
One of well known security flaws (if you'll call it that) is the ability to monitor talkgroup/user IDs even on encrypted systems. As the article quoted states, Link Level Encryption is in the works. (http://www.project25.org/images/stories/ptig/P25_Standards_Updates/TR8_2016_summary_6.09.16.pdf)

My questions to you all are,

Does anyone have an updated progress or timeline report?

What do you suppose the financial costs for such a change would be?

Would implementing this be likely for current encrypted systems, or something for when the system upgrades way after P25 Phase 11?

Would it require new equipment?

Would it make it essentially impossible to monitor any talk groups, encrypted or not?


Many questions I know but its a concern when purchasing future scanning equipment.


It appears that the P25 standard has encrypted control channels proposed.

Updates on P25 Security, Wireline Interfaces Among January Work


Sent via Tapatalk


-73
 

jim202

Member
Joined
Mar 7, 2002
Messages
2,670
Location
New Orleans region
One of well known security flaws (if you'll call it that) is the ability to monitor talkgroup/user IDs even on encrypted systems. As the article quoted states, Link Level Encryption is in the works. (http://www.project25.org/images/stories/ptig/P25_Standards_Updates/TR8_2016_summary_6.09.16.pdf)

My questions to you all are,

Does anyone have an updated progress or timeline report?

What do you suppose the financial costs for such a change would be?

Would implementing this be likely for current encrypted systems, or something for when the system upgrades way after P25 Phase 11?

Would it require new equipment?

Would it make it essentially impossible to monitor any talk groups, encrypted or not?


Many questions I know but its a concern when purchasing future scanning equipment.


-73
What difference does it make if the control channel gets encrypted? You can't listen to the talkgroup if the talkgroup is already encrypted.

End user customers have been asking for the control channel to be encrypted for well over 10 years now.

If encrypting the control channel will require new user equipment and maybe the tower radio equipment may depend on just how new it is and how much free memory the radio has left to incorporate the new feature. I am sure we will see it coming down the pipe sometime in the future.
 

kk6yus

Member
Joined
Nov 19, 2016
Messages
29
Location
Central Valley, CA
Thank you for your response. I am curious because it eliminates the possibility traffic analysis. While it is considered a passive attack by some, it is a hobby of others. I had never considered the memory constraint.

Edit- Some trunked systems also have both encrypted and unencrypted talkgroups, so I imagine an encrypted CC would not allow monitoring of even unencrypted talkgroups I.e. Public works, animal control
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
4,532
Encrypted control channels might be the end for hobbyist scanning . The security flaw is serious. If an adversery can determine that secure voice activity is occurring and can link that to specific talk groups or units it is a tactical deficiency.

Sent from my SM-T350 using Tapatalk
 

kk6yus

Member
Joined
Nov 19, 2016
Messages
29
Location
Central Valley, CA
Encrypted control channels might be the end for hobbyist scanning . The security flaw is serious. If an adversery can determine that secure voice activity is occurring and can link that to specific talk groups or units it is a tactical deficiency.

Sent from my SM-T350 using Tapatalk
You're certainly right. Technology is an interesting thing.
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
4,532
Any speculation on how conventional operations would be effected, such as simple repeater or simplex channels?
The P25 control codes for encryption are wide open in conventional mode. There was a paper published that described a cheap and simple method of jamming just those bits so that radio users would find themselves forced to turn encryption off simply to be heard. Also the TG and user ID info is in the clear.

Sent from my SM-T350 using Tapatalk
 

kk6yus

Member
Joined
Nov 19, 2016
Messages
29
Location
Central Valley, CA
The P25 control codes for encryption are wide open in conventional mode. There was a paper published that described a cheap and simple method of jamming just those bits so that radio users would find themselves forced to turn encryption off simply to be heard. Also the TG and user ID info is in the clear.

Sent from my SM-T350 using Tapatalk
I've just read this puplication. There is also a less informative YouTube video. It seems link level encryption is just one of many serious security flaws in the P25 suite, albeit all systems have them.

A glimmer of light for hobbyists may be that conventional modes will remain unobscured by an encrypted control channels. Time shall tell it seems, so I'll keep listening!
 

toastycookies

Member
Joined
May 29, 2010
Messages
726
Location
the far east
The P25 control codes for encryption are wide open in conventional mode. There was a paper published that described a cheap and simple method of jamming just those bits so that radio users would find themselves forced to turn encryption off simply to be heard. Also the TG and user ID info is in the clear.

Sent from my SM-T350 using Tapatalk

It can be done with a $25 toy.



https://www.cnet.com/news/security-flaw-found-in-feds-digital-radios/

https://www.youtube.com/watch?v=NW-jRRTPCuw

Project 25 Digital Radios (law enforcement grade) vulnerable to the IM-ME | Hackaday
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
4,532
Scary isn't it? The best minds designed P25 and it is fundamentally flawed. A low probability of intercept jammer from Target.

Sent from my SM-T350 using Tapatalk
 

nrf

Member
Joined
Dec 17, 2000
Messages
65
Location
Ohio
it would definitely be a blow to the hobby if they decided to encrypt cc for channels that are not encrypted, But I am not seeing how it is such a big deal...If a certain channel is always 'protected', what benefit / intelligence can be gained from knowing it is active at a certain time? talk about a low bandwidth channel.

and if it is only sometimes protected, what is the danger of someone knowing they decided to encrypt it for a minute?
 

kk6yus

Member
Joined
Nov 19, 2016
Messages
29
Location
Central Valley, CA
it would definitely be a blow to the hobby if they decided to encrypt cc for channels that are not encrypted, But I am not seeing how it is such a big deal...If a certain channel is always 'protected', what benefit / intelligence can be gained from knowing it is active at a certain time? talk about a low bandwidth channel.

and if it is only sometimes protected, what is the danger of someone knowing they decided to encrypt it for a minute?
Pretty sure that isn't available yet.


It would let one see when a canine officer switched to a given dispatch channel (manhunt in progress) or when the ETF did (barricaded suspect) or when those special event groups start loading up with radio affiliations at 4 am (drug raids at 5 am); these are all very useful things to know when you're the overnight ENG.

I'm sure others can find uses.


If the outbound CC is encrypted, why wouldn't the inbound also be?


Pretty sure that isn't available yet.


What additional Security Interfaces and Services are being worked on in TIA/P25?

Key Fill Interface to the KMF, Authentication Facility and between Key Fill devices.

Link Layer Encryption for protection of Control signaling and group/individual IDs on the trunking control channel, trunked and conventional voice channels and trunked and conventional data channels.

Traffic analysis could alert potential adversaries that a narcotics units is active, for example, because they've gathered the data and done the foot work to know. Especially with FOIA at state and local levels, one could easily match TG and Radio IDs to particular units.

It is scary, Id agree.
 

TDR-94

Member
Joined
Mar 30, 2014
Messages
597
I can see the scanner 'rights' advocates throwing a fit already.

"It's your 'right' to be able to perform radio traffic analysis in order to find out the Radio ID's of your public safety officials and know which TG's they are active on!!!"

"You paid for this radio system as individual tax payers and it's your right as an 'individual' to keep tabs on them!"

Makes you wonder how much longer (if it ever comes to widespread adoption) it will be possible for certain companies to make money providing the public with the ability to monitor trunked P25 systems.
 

kk6yus

Member
Joined
Nov 19, 2016
Messages
29
Location
Central Valley, CA
I can see the scanner 'rights' advocates throwing a fit already.

"It's your 'right' to be able to perform radio traffic analysis in order to find out the Radio ID's of your public safety officials and know which TG's they are active on!!!"

"You paid for this radio system as individual tax payers and it's your right as an 'individual' to keep tabs on them!"

Makes you wonder how much longer (if it ever comes to widespread adoption) it will be possible for certain companies to make money providing the public with the ability to monitor trunked P25 systems.
I believe the dedicated hobbyist and adversary alike will always be able to glean some sort of information, however minute, from such a system. With SDR applications I imagine P25 will also become less supported as it's progressively being encrypted, but still contain extractable information for more knowledgeable folks.
 

Priority-One

Member
Joined
Nov 22, 2014
Messages
458
Location
Queens, NY
Would this also be similar to "whiting out" a system?

I've heard that in D.C there are systems where everything is "Whited out" to prevent any kind of signal from being received. I am unsure of the validity behind that, but i heard that here on RR years ago.
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
4,532
Would this also be similar to "whiting out" a system?

I've heard that in D.C there are systems where everything is "Whited out" to prevent any kind of signal from being received. I am unsure of the validity behind that, but i heard that here on RR years ago.
Are you talking about the National Radio Quiet Zone in Virginia? That is to protect a radio-telescope. A great place to live if you are afraid of radio waves or are a SWL!

As far as areas where there might be no radio coverage. I can tell from experience that the US Customs area of Orlando International Airport has absolutely no cellular service. They have signs posted to prohibit it and even then, there is no Verizon coverage. I am sure this is intentional to prevent conspiracy among travelers passing customs. Creating diversions etc. Not sure if they are jamming or have heavy shielding. I suspect they went out of their way to shield the rooms.
 
Status
Not open for further replies.
Top