Monday, October 27, 2008

Secure communication within a limited user group

Introduction
Police and other emergency services in South-Africa require reasonably secure communication, in order to discourage the abuse of the information transmitted for personal gain or criminal activities.

Traditionally police use their own frequencies (sometimes with an unusual modulation for the frequency) to ensure privacy. Integrated wide-band capable radio receiver chips has made these analogue measures ineffective. This could be expected, since it is based on a "security through obscurity" approach, which relies on no one figuring out the frequency or obtaining a radio, which is impossible to prevent in the long term. Scanners are available that allow anyone in possession of one to receive a wide range of radio signals, including police communication. In addition someone skilled in electronics can build/modify their own radio capable of receiving a wide range of frequencies.

Legislation often exist banning the possession, sale and/or use of scanners, but this does not prevent people from obtaining/building them. Scanners do not transmit significant signals, which make them hard to detect. (Tempest-like methods, as possibly used for the detection of pirate TV viewers for the enforcement of TV license legislation, might work from nearby.) When used by criminals, who is probably committing crimes far more serious than owning / using a scanner, the scanner is can be used for actively avoiding the police, in which case the benefits far outweighs the risks.

Digital communication can solve these problems by utilizing encryption. With proper error-correction codes, the range of the radios can also be extended. The design of such a system can be based on a conditional access system, such as those used for satellite TV. While I'm not familiar with any specific system, it is not hard to design a system based on a mixture of public key and symmetric encryption systems that would be relatively secure.

The basics
Using a purely public-key system is not practical, since radios need to keep track of the public keys of all radios that they want to communicate with. A symmetric-key method is a much more practical solution. It has the problem that only a single key need to be compromised in order to gain access to all encrypted communication. In order to ensure that a compromised key or device do not grant an attacker long term access to the encrypted information, it is critical that the key changes often (at least a few times a day). For a pair of devices, securely exchanging keys is not really a problem (Diffie-Hellman key exchange can be used). This is where the public-key system comes in.

Key distribution
The keys are much smaller than the data protected by them. This makes it practical to distribute a large number of copies of the keys, each encrypted with the public key of the recipient. The recipient needs a private key in order to decrypt the symmetric-cypher's keys. It is preferable that these keys are stored in the hardware used to decrypt the data. A smart card is the ideal vehicle for such a purpose (provided that the key is stored securely and not easily exposed or cloned). Several keys, each marked with the time they come into effect need to be distributed, since the radios may be out of range of the key distribution system for some time (This reduces security somewhat by increasing the time that a stolen device / smart-card is useful). The encrypted keys can be transferred to the devices using several methods such as in-band distribution, central distribution from the police station, GSM modems, etc.

Security of the system
The system is kept secure by strictly keeping track of the smart cards in use. If a smart-card is lost or stolen, the distribution of keys encrypted with its public key is simply discontinued. Strict procedures, such as weekly / daily automated audits of the smart cards should be used. (The system should require the smart card to be physically present to verify its identity.)

Weaknesses and countermeasures
The basic weaknesses in the system is similar to those in pay-TV systems: It is possible to modify a device to share the decrypted keys or the hardware used to decrypt the keys with other devices. This can result in unauthorized devices gaining access to the encrypted signal.

The hardware decryption device can be modified to allow a limited amount of decryption operations in a certain time-frame in an attempt to limit the risk. Hardware modification or caching of the decrypted keys can bypass such measures.

The difficulty of properly managing devices that go missing increase with the number of devices. The system should therefore be managed on a relatively small scale, such as within a city.

Conclusion
Regulatory methods of controlling access to private radio signals are ineffective and only provide for reactive management of the security of the system by destroying unauthorized receivers if they are found.

It is possible to provide a much higher level of security to communication within an exclusive group of users, such as a police department or the subscribers of a pay-TV system. This method also allow for central manageability and access revocation.