Practical Insecurity in Encrypted Radio

Presented at HOPE Number Nine (2012), July 14, 2012, noon (60 minutes)

APCO Project 25 (“P25”) is a suite of wireless communications protocols used in the United States and elsewhere for public safety two-way (voice) radio systems. The protocols include security options in which voice and data traffic can be cryptographically protected from eavesdropping. This talk analyzes the security of P25 systems against passive and active adversaries. The panel found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. They found new “selective subframe jamming” attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. And, more significantly, they found that even passive attacks represent a serious immediate threat. In an over-the-air analysis conducted over a two year period in several U.S. metropolitan areas, they found that a significant fraction of the “encrypted” P25 tactical radio traffic sent by federal law enforcement surveillance operatives is actually sent in the clear - in spite of their users’ belief that they are encrypted - and often reveals such sensitive data as the names of informants in criminal investigations. Aside from being important practical vulnerabilities in their own right, the problems in P25 secure radio represent an example of a class of problem that the security and cryptography community has largely ignored. Radio protocols typically do not fit the negotiated two-way communication model under which most security protocols are designed (and to which our community devotes most of its attention). One-way protocols, like P25, in which there is no negotiation or exchange between the transmitter and the receiver are actually rather unusual, and relatively little is known (or written in the literature) about robust design principles for them. In this talk, new approaches to protocol design will be suggested that might allow us to do better.

Presenters:

  • Sandy Clark / Mouse as Sandy Clark
    Sandy Clark (Mouse) has been taking things apart since the age of two, and still hasn’t learned to put them back together. An active member of the hacker community, her professional work includes an Air Force flight control computer, a simulator for NASA, and singing at Carnegie Hall. She is currently fulfilling a childhood dream, pursuing a PhD in computer science at the University of Pennsylvania. A founding member of TOOOL USA, she also enjoys puzzles, toys, Mao (the card game), and anything that involves night vision goggles. Her research explores human scale security and the unexpected ways that systems interact.
  • Matt Blaze
    Matt Blaze directs the Distributed Systems Lab at the University of Pennsylvania, where he teaches academics to be hackers and hackers to be academics.

Links: