P25 Security

citabria
Site Admin
Posts: 1064
Joined: Thu Aug 14, 2008 8:22 pm

Re: P25 Security

Post by citabria » Mon Sep 26, 2011 10:57 pm

God, that thread on that other forum reads like a scene out of "dumb and dumber" or "dude, wheres my car" or even and Adam Sandler movie..

It's just a whole bunch of CB radio type morons sprouting irrelevant and totally unrelated facts in a blithe attempt to appear smart :D

Research into cryptanalysis and possible backdoors of AES is for people far far far FAR FAR smarter than i'll ever be (that means people with maths/stats Phd degrees) 20 years after DES was ratified as a standard, some new crypto techniques were published, such as differential cryptanalysis. The teams that discovered it looked at some of the decisions that IBM and NSA made in 1976 which didn't make sense at the time, but, after the public rediscovery of the new techiques it was perfectly clear that they were hardening the algorithm against such attacks. I won't comment on AES, but given that its happened before with DES's S-boxes, who knows ;)

http://en.wikipedia.org/wiki/Differential_cryptanalysis

SKEYGEN
Posts: 90
Joined: Sun Oct 02, 2011 2:22 pm

Re: P25 Security

Post by SKEYGEN » Tue Oct 04, 2011 11:16 pm

Bigfella237 wrote:There's also a claim over on that forum that AES256 has a "back-door" built in and I was wondering if Matt R has ever done simular work on AES? I suspect it's a case of "conspiracy theory" but there again, it wouldn't surprise me if the yanks wanted this to eavesdrop on the various secret squirrel agencies?
Not in AES, given that NSA have certified AES-256-GCM (on evaluated hardware using with suitable key material generated by NSA, as part of an accredited TS system) for passing U.S. Government information classified up to TOP SECRET.

http://www.nsa.gov/ia/programs/suiteb_cryptography/

SKEYGEN
Posts: 90
Joined: Sun Oct 02, 2011 2:22 pm

Re: P25 Security

Post by SKEYGEN » Tue Oct 04, 2011 11:31 pm

If you want to nitpick, technically it's illegal to monitor the GRN, the NSW Police network, and most other major radio networks as far as the Telecommunications (Interception and Access) Act 1979 (Cwth) is concerned.

TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979 - SECT 7 wrote: Telecommunications not to be intercepted
(1) A person shall not:

(a) intercept;

(b) authorize, suffer or permit another person to intercept; or

(c) do any act or thing that will enable him or her or another person to intercept;

a communication passing over a telecommunications system.
TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979 - SECT 105 wrote:
Contravention of section 7 or 63
(1) A person who contravenes subsection 7(1) or section 63 is guilty of an offence against that subsection or section.

(2) An offence against subsection 7(1) or section 63 is an indictable offence and, subject to this section, is punishable on conviction by imprisonment for a period not exceeding 2 years.

(3) Notwithstanding that an offence against subsection 7(1) or section 63 is an indictable offence, a court of summary jurisdiction may hear and determine proceedings in respect of such an offence if, and only if:

(a) the proceedings are brought in the name of the Attorney-General or the Director of Public Prosecutions;

(b) the defendant and the prosecutor consent; and

(c) the court is satisfied that it is proper for the court to hear and determine proceedings in respect of the offence.

(4) Where, in accordance with subsection (3), a court of summary jurisdiction convicts a person of an offence against subsection 7(1) or section 63, the penalty that the court may impose is imprisonment for a period not exceeding 6 months.
From the Definitions section of the Act:

"telecommunications system" means:

(a) a telecommunications network that is within Australia; or

(b) a telecommunications network that is partly within Australia, but only to the extent that the network is within Australia;

and includes equipment, a line or other facility that is connected to such a network and is within Australia.


[...]

"telecommunications network" means a system, or series of systems, for carrying communications by means of guided or unguided electromagnetic energy or both, but does not include a system, or series of systems, for carrying communications solely by means of radiocommunication.

Which means: Did the communication you intercepted take a path other than radiocommunication? For example, did it hit a leased line between VKG and your local repeater, or between the audio switch at the GRN NOCC and your local site? If so, you have probably committed an indictable offence under the TIA Act. I suspect this is not within the original spirit of the legislation given the specific exemption given to communications carried solely by means of radiocommunication, but I'd still hate to be the test case 8-)

system_tech
Posts: 263
Joined: Mon Aug 18, 2008 5:28 pm

Re: P25 Security

Post by system_tech » Wed Oct 05, 2011 3:59 pm

I think you will find that Telecommunications System = Public Switched Telephone Network but does not include leased lines.

I work in a large teleco that has radio systems and thus exposed to both type of comms

so, for example

listen to a GRN call radio to radio, or radio to console = no problems

listen to a GRN call, radio to PSTN = illegal

(in the old days listening to GRN, when a Rail person or Sydney Water person was making a Telephone Interconnect call, and your scanner found it, you were immediately meant to cease listening!)

I have worked with radio systems that can connect, by user control to the PSTN for 17 years so have documentation on the "rules", and have the results of a legal advice as we were monitoring radio traffic on behalf of a customer, and so have it in black and white what we could and couldn't do. The customer did not use PSTN interconnect so was easy. On a different project, we could only monitor Radio to PSTN calls if there was a reported fault specifically related to the interface, or for reasonable routine quality / performance montoring. There is non-diclosure aspects, and what was said over a phone line, comes under the Telecommunications Interception Act, even if part of the call path is over a radio system.

I don't have the references but did look into encryption, and the end story was that it was meant by design to provide privacy, and that unauthorised decryption was a breach of privacy, and this illegal.

SKEYGEN
Posts: 90
Joined: Sun Oct 02, 2011 2:22 pm

Re: P25 Security

Post by SKEYGEN » Wed Oct 05, 2011 4:47 pm

Not in this case. Telecommunications system and telecommunications network are specifically defined in the Act, and I posted those definitions above. An offence occurs when the communication was not carried solely by radiocommunication; that's why listening to a PSTN call on the GRN, or for that matter a GSM mobile call is illegal. If at any stage between point A and point B it hit cable, it's protected by the TIA Act.

For network maintenance, there's a specific get out of jail free clause in section 7 for monitoring communications etc for troubleshooting purposes and the like by the network owner, that's what allowed you to do that sort of thing at work.

Scotty
Posts: 739
Joined: Sun Dec 20, 2009 2:50 am
Location: Sydney and surrounds

Re: P25 Security

Post by Scotty » Wed Oct 05, 2011 6:55 pm

SKEYGEN wrote:If you want to nitpick, technically it's illegal to monitor the GRN, the NSW Police network, and most other major radio networks as far as the Telecommunications (Interception and Access) Act 1979 (Cwth) is concerned.
Not entirely correct.

A commucation is only considered to be passing over the telecommunications system to the point that it becomes accessible/is received by it's intended recipient. So if a communication is intercepted between the sender and the intended recipient then an offence may have been committed.

But if the communication is intercepted after the point where it had been received by/is under the control of the intended recipient then, under the Act, no offence has occurred.

In regards to radio systems (GRN, police network, most other networks, etc) any communications sent over a telecommunications system reach their intended receipient and are in control of the receipient before they are re-broadcast over the radio frequency and received by a scanner. As such it would be my belief that s7 of the Act does not apply to any those systems.

matthewn1983
Posts: 1532
Joined: Sat Feb 06, 2010 9:41 am

Re: P25 Security

Post by matthewn1983 » Wed Oct 05, 2011 7:35 pm

If at any stage between point A and point B it hit cable, it's protected by the TIA Act.
Is fiber counted?

SKEYGEN
Posts: 90
Joined: Sun Oct 02, 2011 2:22 pm

Re: P25 Security

Post by SKEYGEN » Wed Oct 05, 2011 7:45 pm

matthewn1983 wrote:
If at any stage between point A and point B it hit cable, it's protected by the TIA Act.
Is fiber counted?
Yep. If it's anything other than radio all the way, it's counted.
Scotty wrote:A commucation is only considered to be passing over the telecommunications system to the point that becomes accessible/is received by it's intended recipient. So if a communication is intercepted between the sender and the intended recipient then an offence may have been committed.
Yep.
Scotty wrote:If the communication is intercepted after the point where it had been received by/is under the control of the intended recipient then no offence has occurred.
It'd be difficult to demonstrate that you received the communication after it had been received by/is under the control of the intended recipient. If the intended recipient didn't hear the radio call, for example, they haven't received the communication and it isn't under their control.
Scotty wrote:In regards to radio systems (GRN, police network, most other networks, etc) any communications sent over a telecommunications system reach their intended receipient and are in control of the receipient before they are re-broadcast over the radio frequency. As such it would be my belief that s7 of the Act does not apply to these systems.
Only if the originator of the communication addressed the communication to the operator of the radio network, rather than the specific person they were attempting to contact.

Scotty
Posts: 739
Joined: Sun Dec 20, 2009 2:50 am
Location: Sydney and surrounds

Re: P25 Security

Post by Scotty » Wed Oct 05, 2011 8:41 pm

SKEYGEN wrote:
Scotty wrote:If the communication is intercepted after the point where it had been received by/is under the control of the intended recipient then no offence has occurred.
It'd be difficult to demonstrate that you received the communication after it had been received by/is under the control of the intended recipient. If the intended recipient didn't hear the radio call, for example, they haven't received the communication and it isn't under their control.
The recipent doesn't need to be a physical person who hears the communication.

If a telecommunication is received by a radio transmitter of the recipient, and is then re-broadcast over a radio frequency by that transmitter, then it would be reasonable to say the telecommunication is in control of the recipient as they have chosen to re-broadcast the communication.

SKEYGEN
Posts: 90
Joined: Sun Oct 02, 2011 2:22 pm

Re: P25 Security

Post by SKEYGEN » Wed Oct 05, 2011 9:47 pm

The recipient does indeed need to be a person as far as section 5G is concerned.

This particular hangover from 1979 is the first thing that needs to be fixed if they rewrite the Act. It causes all kinds of trouble when you start talking about things like automated machine to machine communications, where because there's no recipient in the form of a person, there is no communication. (Work that one out!)

Post Reply