Security Weakness in P25

[MattSR]

Thats kinda the point of security research - find flaws and propose solutions.

The DES-OFB attack was quite easy actually, and the findings are already published. We also presented them at a computer security conference that some friends from the US flew out to see, not so mention or local federal and state police departments.

 

[Hooligan]

We successfully cracked DES-OFB and one other P25 based encryption algorithm that we are yet to release the details on. We have proven that P25 DES-OFB key recovery can be performed in less than a day.

Regards,
Matt
VK2TVK

I think everyone here but that poor Jackj guy understands that we've kinda been talking about AES, not DES. Cracking DES is somewhat impressive, but then DES was never established as a crypto scheme secure enough to protect classified data. If you want to get people's attention, publish a peer-reviewed paper on cracking AES.

 

[TrenchFeeder]

I'm gonna say it once and not argue about it

Encryption is not a fail safe shield. It can be broken with a little time effort and money no matter how many algorythms you're using

 

[MattSR]

If you want to get people's attention, publish a peer-reviewed paper on cracking AES.

Hooligan, I agree with your points - and I can only dream of being able to publish a paper on breaking AES - that would be a major feat indeed!

Our DES cracking effort is really a case of "standing on the shoulders of giants" since its been done several times previously. Our work is novel and worthy of an academic paper because its the first time its been done in the context of P25.. Breaking DES in itself isn't really newsworthy, but breaking DES-OFB is fun because of the sheer number of "radio tech" type experts that say it can't be done..

 

[DJX]

I'm still interested in seeing anything.

We (or at least I) don't even know what any given radio is encrypted with.
How do you know what you're hearing, or not hearing, is encrypted with DES or AES.

Maybe more people have DES then you think?
...it's probably cheaper and as MattSR stated "the sheer number of "radio tech" type experts that say it can't be done.."

 

[MattSR]

DJX - The details on the attack are in the slides from the presentation. Its in the same place as the link already posted above. You'll need Office 2010 to look at it.. http://vk2tvk.org/final-ruxcon.pptx

Also, P25 DES-OFB is very commonly used (at least it is over here) since its well established and most people are using it just to block out scanner listeners anyway.

As far as determining what type of algo is in use, it's easy in P25 - the ALGID field is transmitted in the clear of every HDU and LDU2 packet. $81 = DES-OFB, $84 = AES-256.

 

[Hooligan]

Cool, thanks for the info!

 

[DJX]

Thanks, I'll take a look.

 

[ff-medic]

AES is Type III not Type I and is not certified for Top-Secret information

Thats what I thought. AES is for info up to and including "Secret".

FF - Medic !!!

 

[ff-medic]

I'm still interested in seeing anything.

We (or at least I) don't even know what any given radio is encrypted with.
How do you know what you're hearing, or not hearing, is encrypted with DES or AES.

Maybe more people have DES then you think?
...it's probably cheaper and as MattSR stated "the sheer number of "radio tech" type experts that say it can't be done.."

It can't be done...most likely..unless you got real lucky, It would take years to break AES encryption.

Unless you are a hard core radio tech, or scientist , mathmatician..Again with the right equipment...You are not going to hear AES. Equipment, scanning and search electronics, and computer..and absolutely know what you were doing...I would not worry much about it. Even DES is sufficient in my belief for the regular user / Public Safety entity ; " Joe Scanner " is not going to hear you..and DES might be cheaper. The U.S Govt, last track I had when i got out in 1997 , on a regular basis changes encryption anyway..and sometimes freqs.

"Tommy Terrorist" is not going to bother to listen in to Anytown Police&Fire , as well as County "X" Agencys. P25 , and other digital transmissions were for the purpose of clearer voice as well as data communications..and yes, partially so it can't be monitored on scanners. I have my disagreements with digital radios..but that is just me. I belive simple DES and or AES comms are suitable , but eveyone wants to jump on the Digital bandwagon for some reason. I belive digital comms , unless it is a data transmission, to be more of a hassle and weight more than a benefit..But again that is just my opinion.

Simply put..breaking an AES code , is difficult , time consuming, and the right equipment and programming is needed.

FF - Medic !!!

 

[grem467]

the thing that alot of people seem to overlook is it doesnt matter if the encryption is 256 bits or 2 bits. The minute you get caught decrypting something you have no business decrypting, you have opened yourself up to legal trouble.

These agencies can get away with lesser encryption such as ADP and DES knowing full well that if you go running your mouth about being able to listen, or god forbid you are dumb enough to put a web feed up, they will have a slam dunk case against you.

 

[jackj]

It can't be done...most likely..unless you got real lucky, It would take years to break AES encryption.

Snip

Simply put..breaking an AES code , is difficult , time consuming, and the right equipment and programming is needed.

FF - Medic !!!

It all depends on the key size. 40 bit keys are pretty easy while 128 bit keys are almost impossible in any reasonable amount of time.

 

[ff-medic]

the thing that alot of people seem to overlook is it doesnt matter if the encryption is 256 bits or 2 bits. The minute you get caught decrypting something you have no business decrypting, you have opened yourself up to legal trouble.QUOTE]

If you get caught. Commit an illegal act, and use info for your own private use..gain, ect..so long as you don't get caught you do not open yourself up to legal trouble. NOW , If you divulge info..and it is found out that you divulged privledged / sensitive / personal commo info..Then yes , You have opened yourself up to legal trouble.

FF - Medic !!!

 

[ff-medic]

It all depends on the key size. 40 bit keys are pretty easy while 128 bit keys are almost impossible in any reasonable amount of time.

Everything, as I belive is 128 or 256...with 256 being the standard. AES is surpassing DES in almost any communication

FF - Medic !!!

 

[MattSR]

It's all AES-256 when you're talking about P25.

 

[instrumentphilip]

. . . but eveyone wants to jump on the Digital bandwagon for some reason. I belive digital comms , unless it is a data transmission, to be more of a hassle and weight more than a benefit..But again that is just my opinion.
FF - Medic !!!

I know I do not understand why everyone is jumping on the more expensive and I think lesser efficient using digital for normal 2 way radio voice communications. I just don't get it, and to tell you the truth it is kinda driving me nuts.

 

[MattSR]

How did we get from dicussing security weaknesses to the old "digital versus analog" debate.......!?!?!?!?!

 

[instrumentphilip]

Isn't it inevitable? Hahaha, okay I am done with that I just had to get that out of my system.

 

[Astrak]

Thanks so much for the link to this information DJX. I use Pro96com to get a vast amounts of information from the P25 control channels and also directly from the portables and mobiles. The site affiliation and other events tabs show the best information. You can see who is around and know how close they are and know when they leave the area. Even when the talkgroups are encrypted you get to see all this information.

You mean you can see what radio ID's affiliate and deaffiliate with the current site you're monitoring. It doesn't show how close they are or any of that............anyway back to the encryption thing.

 

[MarMatthias]

Interesting stuff, especially about the encryption weaknesses.

Strictly from the level of a professional programmer (I have 30 years experience), any algorithm can be broken. The limiting factor is how useful and repeatable the technique is for the decryption to be done several times.

For example, PGP can be broken with brute force and is repeatable as long as the key doesn't change. That is the important part, the key has to remain static, which is most often the case simple because adding a changing key adds a layer of complexity that can be horrendous.

The Amazon Product API has a 1 second resolution for any given key, i.e, it changes every second. While it adds to the security dramatically, it causes a lot of packets to be resent repeatedly due to the latency of the internet and missing that 1 second window. Also slight shifts in time between two different clocks will have an added impact.

While a static key does away with the extra complexity, it means the algorithm only has to be broken once, that the process can be repeated in real time with accurate results every time.

There are many examples of brute force decryption techniques used everyday that are required to be used. In my programming career, I can not count the times I've been hired to break an encrypted file by the owner because they forgot the key or because they locked themselves out of their laptop (proof of ownership was, of course, required).

If it can be made, it can be broken... Relying on encryption alone is a bad approach to security. Security by obscurity will always fail.