Scanning Encrypted When Authorized

Status
Not open for further replies.

joeyperillo

Adrift in an analog world
Premium Subscriber
Joined
Aug 4, 2020
Messages
126
Location
Yardley, PA
You could always ask the techs and system manager that when they are ready to get rid of an old radio, if they could change it to receive only, leave the key in, and let you sign it out (basically get issued another older radio, that they wont have to maintain, and that has limits)... or a second new radio that they can recall whenever needed.....

Just an idea...
Thanks
Joel
Great idea - thanks.
 

MUTNAV

Active Member
Premium Subscriber
Joined
Jul 27, 2018
Messages
1,297
Knowing the radio room involved, they likely won't.
I don't know the radio guys involved, or their policies,

On the other hand, if there is no problem with asking, then why not at least give it a shot?

Thanks
Joel
 

iMONITOR

Silent Key
Premium Subscriber
Joined
Sep 20, 2006
Messages
11,156
Location
S.E. Michigan
I'm thinking because you already have a "fire company issued APX 6000 that legally decodes encrypted talk groups", they would be suspicious that you might be trying to find a way for you to help a friend or family member to monitor what you already have the ability to monitor. What would be the argument for justification for the redundancy?
 

joeyperillo

Adrift in an analog world
Premium Subscriber
Joined
Aug 4, 2020
Messages
126
Location
Yardley, PA
I'm thinking because you already have a "fire company issued APX 6000 that legally decodes encrypted talk groups", they would be suspicious that you might be trying to find a way for you to help a friend or family member to monitor what you already have the ability to monitor. What would be the argument for justification for the redundancy?
I see your point of what might be suspected, but I was simply asking the assembled cognescenti if they knew of any such device.....I'd like to have a stationary device that I own.....not so nefarious......I'm sorry I asked.....
 

iMONITOR

Silent Key
Premium Subscriber
Joined
Sep 20, 2006
Messages
11,156
Location
S.E. Michigan
I see your point of what might be suspected, but I was simply asking the assembled cognescenti if they knew of any such device.....I'd like to have a stationary device that I own.....not so nefarious......I'm sorry I asked.....
I don't mean to criticize what you want or asking for, we would all love to have similar capabilities, I'm just pointing out what to expect from them and the reasons why they would refuse your request. There is a very good reason in their mind why they closely monitor and control who can listen to what.
 

GTR8000

NY/NJ Database Guy
Database Admin
Joined
Oct 4, 2007
Messages
16,056
Location
BEE00
I'm sorry I asked.....
No need to be sorry, just skip over those posts.

Anyway, before you start wondering about the device itself, first ask the powers that be in charge of the system and encryption keys if it would even be possible/permissible for you to have a second radio or receiver with the keys in it. If the answer to that is "no" (which it may well be), then this entire thread is moot. They may balk at loading it into anything other than an officially sanctioned subscriber radio that registers on the system so that they can keep track of it to some degree, and can inhibit it if lost/stolen/misused.

Keep in mind that encryption keys are normally very well protected and are often loaded using a secure hardware device such as a KVL (Key Variable Loader), which no system admin in their right mind is simply going to let someone borrow. Without the key the receiver is useless on secure talkgroups.
 

AF1UD

Member
Premium Subscriber
Joined
Feb 28, 2022
Messages
325
No need to be sorry, just skip over those posts.

Anyway, before you start wondering about the device itself, first ask the powers that be in charge of the system and encryption keys if it would even be possible/permissible for you to have a second radio or receiver with the keys in it. If the answer to that is "no" (which it may well be), then this entire thread is moot. They may balk at loading it into anything other than an officially sanctioned subscriber radio that registers on the system so that they can keep track of it to some degree, and can inhibit it if lost/stolen/misused.

Keep in mind that encryption keys are normally very well protected and are often loaded using a secure hardware device such as a KVL (Key Variable Loader), which no system admin in their right mind is simply going to let someone borrow. Without the key the receiver is useless on secure talkgroups.

A little off topic, but... How does a KVL work?
 

a417

Active Member
Joined
Mar 14, 2004
Messages
4,669
A little off topic, but... How does a KVL work?
A KVL takes the encryption key used for the protocol chosen, and loads it into the radio. It's a standalone piece of hardware that's much more portable than a full programming suite.

it sets the secure keys in the radio in a controlled physical environment (point to point, via wire between it and the radio being loaded) and gets the radio on the system. After that, sane people use OTAR (over the air rekeying) provisions of the network to update keys.
 

AF1UD

Member
Premium Subscriber
Joined
Feb 28, 2022
Messages
325
A KVL takes the encryption key used for the protocol chosen, and loads it into the radio. It's a standalone piece of hardware that's much more portable than a programming suite.
Does it automatically generate keys too?
 

joeyperillo

Adrift in an analog world
Premium Subscriber
Joined
Aug 4, 2020
Messages
126
Location
Yardley, PA
No need to be sorry, just skip over those posts.

Anyway, before you start wondering about the device itself, first ask the powers that be in charge of the system and encryption keys if it would even be possible/permissible for you to have a second radio or receiver with the keys in it. If the answer to that is "no" (which it may well be), then this entire thread is moot. They may balk at loading it into anything other than an officially sanctioned subscriber radio that registers on the system so that they can keep track of it to some degree, and can inhibit it if lost/stolen/misused.

Keep in mind that encryption keys are normally very well protected and are often loaded using a secure hardware device such as a KVL (Key Variable Loader), which no system admin in their right mind is simply going to let someone borrow. Without the key the receiver is useless on secure talkgroups.
Thank you very much. I like to keep the radio peak charged and locked in the car with my gear. I thought it would be great to have a light Unication or similar on my person or in the house. I simply wanted to know if such other radios existed. What I have learned from this thread is that the Powers Above may not take kindly to my inquiry and may even suspect my motives. For that understanding I thank the participants in this thread. I will take your advice and just ask the techs if it is even possible or permissible to have a second radio at all. Better yet, I may leave everything as it is and ask no one anything. I have certainly learned from this discussion. Thanks again, GTR.
 

ofd8001

Member
Premium Subscriber
Joined
Feb 6, 2004
Messages
8,072
Location
Louisville, KY
Bear in mind that Unication radios have the capability of decrypting (as I understand) certain types of encrypted communications. However, you need to be provided with the encryption key. Radio system managers/administrators will likely be very reluctant to reveal keys. It is a security matter, plain and simple.

It's possible, that you may have very friendly Radio shop folks who might program a Unication for you, but lock it down so you cannot see what they key is. I would not count on this happening though and you might be unceremoniously tossed out of the radio shop for even asking.
 

N4DES

Retired 0598 Czar ÆS Ø
Joined
Dec 19, 2002
Messages
2,464
Location
South FL
Yes, I was wondering about a professional, authorized receiver. Reckon I'll ask the radio techs...though this is where I find the best RF brains!

Don't bother the Radio Techs, start with your Chain-of-Command first to see if they would even allow a secondary personal device programmed with an agency encryption key.
 

ElroyJetson

Getting tired of all the stupidity.
Joined
Sep 8, 2002
Messages
3,890
Location
Somewhere between the Scylla and Charybdis
Any radio tech that would sneak a key into a radio as a favor for a friend would soon not be an (employed) radio tech anymore, and with luck he would NOT be charged with a crime.

Any time you start dealing with an encrypted environment, all people involved get very uptight about it. VERY. To the point that it's doubtful that they'd even give their own honorably retired Sheriffs and Chiefs of Police the authority to have system encryption keys in their own radios that they bought with their own money...assuming they'd done that.

Give it a few years and the lastest edition of the quantum computing version of a Raspberry Pi will be able to decrypt the signal....
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
25,382
Location
United States
Any radio tech that would sneak a key into a radio as a favor for a friend would soon not be an (employed) radio tech anymore, and with luck he would NOT be charged with a crime.

Any time you start dealing with an encrypted environment, all people involved get very uptight about it. VERY. To the point that it's doubtful that they'd even give their own honorably retired Sheriffs and Chiefs of Police the authority to have system encryption keys in their own radios that they bought with their own money...assuming they'd done that.

Years ago our chief decided I needed to be background checked since I was handling encryption keys, working around the CJIS terminals, in the equipment rooms at the PSAP with all this equipment, and generally had unrestricted access 24x7 to the PD building.
He looked at the various levels of background checks:
General IT guy background check was not sufficient.
Police officer background check was too high and costly.
He finally decided that running me through the POST background check process as a 911 dispatcher was the right path. Not an easy process and most cannot pass it (I think our PSAP manager said 70% of the applicants fail out at this point).
I passed, I still have access to all this stuff.

But there's an expectation of integrity and trust involved. I'm expected to maintain the ability to pass that background check at any point in time. No idea what sort of checking they do when I'm not looking...

I like my job, and I want to keep it. Doing something stupid with encryption keys or the other systems would not only get me fired, but would probably result in some level of charges being levied against me. I'd be out of a job and looking for a new one. Next agency would do the background check and discover all this. I'd still be looking for a job. Probably end up selling CCR's to hobbyists and lamenting the loss of my cushy gubbermint job….

I've been working with our county on sharing encryption keys. Even between radio guys we do not directly share keys. They load my radios, I load theirs. We trust each other, but we know that the integrity of the system is more important. Both of us like our cushy government jobs* and want to keep them.



* I'm still looking for the cushyness of this job, been looking for 26 years now. I get called out in the middle of the night, weekends, holidays, birthdays, vacations, days off. I've worked 36 hours straight once, and many 24 hour days. Saying "No" isn't an option.
 

iMONITOR

Silent Key
Premium Subscriber
Joined
Sep 20, 2006
Messages
11,156
Location
S.E. Michigan
Years ago our chief decided I needed to be background checked since I was handling encryption keys, working around the CJIS terminals, in the equipment rooms at the PSAP with all this equipment, and generally had unrestricted access 24x7 to the PD building.
He looked at the various levels of background checks:
General IT guy background check was not sufficient.
Police officer background check was too high and costly.
He finally decided that running me through the POST background check process as a 911 dispatcher was the right path. Not an easy process and most cannot pass it (I think our PSAP manager said 70% of the applicants fail out at this point).
I passed, I still have access to all this stuff.

But there's an expectation of integrity and trust involved. I'm expected to maintain the ability to pass that background check at any point in time. No idea what sort of checking they do when I'm not looking...

I like my job, and I want to keep it. Doing something stupid with encryption keys or the other systems would not only get me fired, but would probably result in some level of charges being levied against me. I'd be out of a job and looking for a new one. Next agency would do the background check and discover all this. I'd still be looking for a job. Probably end up selling CCR's to hobbyists and lamenting the loss of my cushy gubbermint job….

I've been working with our county on sharing encryption keys. Even between radio guys we do not directly share keys. They load my radios, I load theirs. We trust each other, but we know that the integrity of the system is more important. Both of us like our cushy government jobs* and want to keep them.



* I'm still looking for the cushyness of this job, been looking for 26 years now. I get called out in the middle of the night, weekends, holidays, birthdays, vacations, days off. I've worked 36 hours straight once, and many 24 hour days. Saying "No" isn't an option.
Yea but you get to play with all the cool toys! :cool:
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
25,382
Location
United States
Yea but you get to play with all the cool toys! :cool:

Maybe.

Or maybe I should have had more fun when I was younger.

Back on the topic,

Everyone I work with is extremely careful with encryption keys. No one I know of would give encryption keys to anyone else, or load them into an unauthorized radio. That's a career ending decision for those in the field. Not just "lose your job", but a black mark on your record that would likely prevent one from getting hired anywhere else where integrity was required/expected.

The correct solution to this problem is:
A Unication owned by the shop/agnecy that has been programmed/keyloaded by the radio shop.
-or-
An authorized radio on the system that can take OTAR if needed, or at least be stunned/killed if it falls into the wrong hands.

I'd be surprised if a reputable shop/technician/agency did anything different than that.
 

ten13

Member
Premium Subscriber
Joined
Aug 13, 2009
Messages
673
Location
ten13
Keep this in mind:

An FD I'm involved with which has most of their channels encrypted was asked by an adjacent FD who responds routinely on mutual aid to supply them with the encryption codes when the adjacent FD got dual-band radios recently.

They were told emphatically NO. Instead, they un-encrypted a channel and told them to use that channel when responding in, despite the fact that that "solution," under heavy fire activity, would be cumbersome.

Under no circumstances would they release the codes. Not only because doing so would defeat the "security" the FD sought for their radios (why an FD requires such "security" is a question for another time), but after spending the money for a entirely new system which including encryption, they were not going to willy-nilly give out the codes.

Encryption is not just some flash-in-the-pan situation. It's here to stay, and the use of it will definitely expand.
 

ElroyJetson

Getting tired of all the stupidity.
Joined
Sep 8, 2002
Messages
3,890
Location
Somewhere between the Scylla and Charybdis
Same old song and dance. Everybody sings the "interoperability! We must have interoperable communications!" song, but watch their feet. Their feet are dancing the "We must encrypt everything and keep all our communications secure so the unwashed masses that pay for all of this including our paychecks can not monitor our daily activities on the job! dance.

It's all so tiresome.

And certainly I don't believe that fire department communications, at least relating to an actual fire scene, should EVER be encrypted.
I've also heard many firefighter's in-SCBA transmissions, and it's appalling how very nearly or completely unintelligible they area. What, nobody ever came up with an in-mask microphone that doesn't completely suck?
 
Status
Not open for further replies.
Top