SIGINT and Traffic Analysis for the Rest of Us

Presented at DEF CON 20 (2012), July 29, 2012, 10 a.m. (50 minutes)

Last year, we discovered practical protocol weaknesses in P25, a "secure" two-way radio system used by, among others, the federal government to manage surveillance and other sensitive law enforcement and intelligence operations. Although some of the problems are quite serious (efficient jamming, cryptographic failures, vulnerability to active tracking of idle radios, etc), many of these vulnerabilities require an active attacker who is able and willing to risk transmitting. So we also examined passive attacks, where all the attacker needs to do is listen, exploiting usability and key management errors when they occur. And we built a multi-city networked P25 interception infrastructure to see how badly the P25 security protocols do in practice (spoiler: badly). This talk will describe the P25 protocols and how they failed, but will focus on the architecture and implementation of our interception network. We used off-the-shelf receivers with some custom software deployed around various US cities, capturing virtually every sensitive, but unintentionally clear transmission (and associated metadata) sent by federal agents in those cities. And by systematically analyzing the captured data, we often found that the whole was much more revealing than the sum of the parts. Come learn how to set up your own listening-post.


  • Matt Blaze - Professor and Lab Director, University of Pennsylvania
    Matt Blaze directs the Distributed Systems Lab at the University of Pennsylvania, where he teaches hackers to be scientists and scientists to be hackers. Twitter: @mattblaze
  • Sandy Clark / Mouse - University of Pennsylvania   as Sandy Clark
    Sandy 'Mouse' Clark Sandy Clark (Mouse) has been taking things apart since the age of two, and still hasn't learned to put them back together. An active member of the Hacker community, her professional work includes an Air Force Flight Control Computer, a simulator for NASA and singing at Carnegie Hall, and a minor in history. She is (still) at the University of Pennsylvania. A founding member of Toool-USA, she also enjoys puzzles, toys, Mao (the card game), and anything that involves night vision goggles. Her research explores human scale security, modeling the attacker/defender ecosystem and the unexpected ways that systems interact. Twitter: @sa3nder Google Plus: Sandy_Clark


Similar Presentations: