NSW Police Encryption key rollover

Post by **citabria** » Sun Jul 31, 2011 9:16 pm

Hi All,

Was running OP25 against a NSW Police channel and it appears the Encryption Sync metadata carried across the channel in the HDU and LDU2 fields has changed. The algorithm is still DES-OFB (type 0x81) however the KID (Key ID) has changed from 0x7001 to 0x8000.

Interesting stuff!

Cheers,
Matt

Mike Alpha · Post by **Mike Alpha** » Sun Jul 31, 2011 11:06 pm

Yes Matt, it's especially interesting that the key rollover happened the day after this story came out.

http://www.smh.com.au/national/police-s ... 1hlqx.html

"The Herald investigation found one NSW chapter of a national bikie club had obtained technology to intercept police communications, and access to secret codes to break encrypted police communications."

Mike

Post by **citabria** » Mon Aug 01, 2011 12:15 am

Good bit of timing there by the Police Media Liason unit!

Post by **matthewn1983** » Mon Aug 01, 2011 4:06 pm

Hacked keys or stolen portables?

rustynswrail · Post by **rustynswrail** » Mon Aug 01, 2011 4:47 pm

matthewn1983 wrote:Hacked keys or stolen portables?

Probably safer not to ask, given recent events.

R

Scotty · Post by **Scotty** » Tue Aug 02, 2011 1:43 pm

I asked a mate (whose in the know) about the change of encryption keys. He says it wasn't done due to any specific incident and is something that is planned to be done 'every now any again'.

Aparently they had been loading the new keys into radios for at least 2 months prior to the switch. It can't be done over the air, so each radio had to be done individually. I can image that would have taken a while.

ivahri · Post by **ivahri** » Tue Aug 02, 2011 4:23 pm

It could have been done over the air- if they had been on the GRN- but we better not go there...

Cheers,

Richard

cartman · Post by **cartman** » Tue Aug 02, 2011 9:43 pm

According to the IPART documents they have 15000 radios - just under 12000 radios in regular use and an additional 3000 odd radios for major ops.

Grant

Scotty · Post by **Scotty** » Thu Aug 04, 2011 8:35 pm

ivahri wrote:It could have been done over the air- if they had been on the GRN- but we better not go there...

Cheers,
Richard

Yeah true, although I'm led to believe there was a small profile change as well. No idea what channels as obviously they can't be monitored anymore. I don't think it would really be feasible to do a key change to all radios over the air, let alone a key change and profile update - even on the GRN. Surely it would simply take too long, and there would be too much chance of missing radios, therefore having to attend a station in person for the missed ones anyway. I guess doing it in person also allows the radios to be given a 'once over' by a tech, which I can't imagine would happen very often.

cartman wrote:According to the IPART documents they have 15000 radios - just under 12000 radios in regular use and an additional 3000 odd radios for major ops.

Grant

That would probably be all their radios, not only the ones on the digital network. But even if that number was cut in half (and it's likely a lot more than half) that's still a lot of radios to reprogam!

Post by **citabria** » Fri Aug 05, 2011 10:27 am

They need to make sure they have the "Multikey/OTAR" option flash into their radios too. A key change is totally feasible over the air - even for a fleet that big. Keysets and multiple keys make it possible to do a staged approach - exactly the same way that they manage to do a manual rekey with guys spending months running around manually updating keys with a KVL.

scanSydney

NSW Police Encryption key rollover

NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover

Re: NSW Police Encryption key rollover