P25 Security

[citabria]

And plenty of Aussie federal agencies were at our P25 talk at last years RUXCON.

The AFP even had a friendly dig at us in their presso

[Bass Junkie]

Any plans to present at AusCERT too?

[Bass Junkie]

Also, just out of interest, since the transmissions are public it would be perfectly legal for the encrypted data that contains the key to be made public, wouldn't it? If the op25 project had decryption of P25 when the key is known, that would potentially mean that an encrypted stream could be broadcast and decoded on end users' PCs.

It also means that if an effort was made to make the decrypted key to those systems public knowledge, that minimal legal ramifications could be expected - i.e. the string for decoding is isolated, key is sent to foreign third party for breaking, foreign third party makes key public, then nobody can be held legally responsible.

I am not a lawyer etc.

[ivahri]

Oh I love posts like that... sorry but you are a deadset airhead to write that. Many of us in the industry are trying to resist the march of TETRA but when responsible people read posts like yours they immediately become fans of TETRA... white collar anarchists who think they have the right to listen to transmissions that are encrypted in order to prevent unauthorised reception will cost this state's taxpayer megabucks in years to come- all so they can get their pathetic jollies (or flog their expertise to organised crime...).

Wanting to better understand security limitations in P25 should be about wanting to improve it, not exploit it. If that is what people like you want to listen to Matt for... well I think it makes Matt's presentation not in the interests of the community (whose welfare depends on the ability of emergency services to function safely).

Cheers,


Richard

[Bass Junkie]

Not really up for a debate on the morals side of things, but can I ask why you're resisting TETRA? I know very little about the system, but if the result of public exploitation is the leaders looking at redesigning the systems, then that's good for security, right? (Plus, do you really think anyone in NSW government could actually get the big $ for TETRA? )

Criminals will always have access to the comms networks, no technology can prevent that, making access free to all is taking the power away from the criminals, and it makes the services accountable.

I don't believe I have a right to listen, I'm just like everyone else - curious. You've gotta remember that for most of us, this is a hobby, not a career; hobbies are about challenging yourself and the boundaries of your hobby.

[cartman]

My recall of a slide at the original presentation that appeared in pdf format, suggested that the brute force approach on a punters pc would take 9 or so years, but it was more high level grunt, such as available at a University, that makes it is possible to knock over the common DES-OFB in use .... surely employing higher level encryption such as AES (which from my limited understanding is secure) would render such attempts futile for the time being.

Grant

[Bass Junkie]

I'd say processing power is advancing at a greater rate than cryptography, but most people still use some method of distributed processing. Crowd sourcing processing power or through outsourcing to providers like Amazon or Pico Computing would be the most common. In the end, any encryption is only as strong as people are willing to pay to break it. Stronger encryption means higher level of security, but it also means that only those who stand to make a profit from it would bother breaking it.

[citabria]

There are no politics, hidden agendas, or "best interests" in that paper.

It simply consists of scientific facts that represent the state of the art.

15 years ago, public safety agencies believed that unencrypted P25 was safe and secure, in much the same way that people think TETRA is silver bullet solution in terms of security now. I can say that from a security point of view that TETRA encryption will be sorely lacking (even more so that P25 DES-OFB) should anyone ever put the effort into reverse engineering it.

Matt

[Longreach]

Ok so why persist with TETRA?

[ivahri]

Matt,

You need to balance risk against cost. You may disagree, I'm not sure, but at this time the risk of significant numbers of individuals being able to get past P25 encryption (in an RF environment) is not proven or demonstrated. The fact that it has been done by individuals is a concern, but I'd suggest the greater concern is the loss/theft of radios combined with very poor cycling of keys. Frankly, I think much of this is a bit of an intellectual wank- most problems are caused by low tech, human weaknesses, not high tech issues.

The issue with TETRA is cost, pure & simple. While the Police have supported TETRA for its greater inherent security how NSW could ever hope to fund a state wide TETRA network is something no-one can get past. For example to do the North Coast in P25 requires 70-80 sites. In TETRA you could probably multiply that by 3 or 4. Alternately you opt for TETRA in Sydney, P25 elsewhere... again to just cover Sydney in TETRA is very expensive, and the need for a dual TETRA/P25 radio is another challenge (I believe such a radio is available).

Cheers,

Richard