Is king crypto's crown secure? The blending of civil and military technologies in the first decade of the 21st century has created new military applications for encryption. Users are realising that there is more than one way that a potential enemy can glean unprotected secrets.Just over a month after the start of the ceasefire that ended the 34 days of war between Israel and Hezbollah in the summer of 2006 came first suggestions that the guerrillas had been able to intercept and decipher Israeli tactical radio communications, an intelligence breakthrough that had helped them respond to and counter Israeli attacks. << Using technology most likely supplied by Iran, special Hezbollah teams monitored the constantly changing radio frequencies of Israeli troops on the ground >>, reported Newsday, citing unidentified Hezbollah and Lebanese officials. Hezbollah personnel able to speak Hebrew were able to translate intercepted Israeli transmissions and relay the information to local commanders. An unidentified Hezbollah commander involved in the battles was quoted as saying, << We were able to monitor Israeli communications, and we used this information to adjust our planning >>. He declined to say how this has been achieved, but admitted that the guerrillas were not able to break into Israeli communications at all times. Like most modern armies, the Israel Defense Forces use frequency-hopping tactical radios whose signals are hard to intercept, and encryption devices to make any intercepted signals difficult to exploit. These reports raised immediate speculation that Iran has supplied Hezbollah with sophisticated sigint systems able to intercept or even decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. frequency-hopping radio signals. The Covert Crown So has the citadel of encryption fallen? Has some breakthrough nullified nul·li·fy tr.v. nul·li·fied, nul·li·fy·ing, nul·li·fies 1. To make null; invalidate. 2. To counteract the force or effectiveness of. the huge investments that many armed forces have made in frequency-hopping encrypted communications? Despite Hezbollah's claims, the answer is almost certainly 'no'. It's hard to envisage that Iran has mastered the art of intercepting frequency-hopping signals and decrypting encoded voice and data transmissions, let alone that it would have passed such ground-breaking technology to Hezbollah. If any nation manages to decipher the transmissions of an enemy or potential enemy, this achievement needs to be kept secret for as long as possible so that the newly gained advantage can be exploited. Nevertheless, if the Hezbollah claims were not mere propaganda, it seems that the group enjoyed some success in eavesdropping Secretly gaining unauthorized access to confidential communications. Examples include listening to radio transmissions or using laser interferometers to reconstitute conversations by reflecting laser beams off windows that are vibrating in synchrony to the sound in the room. on Israeli communications--the unanswered questions are 'what communications?' and 'by what means?' The Newsday report may provide a clue. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. an unidentified senior Lebanese security official, << Hezbollah invested a lot of resources into eavesdropping and signals interception. >>, As a result it was able to monitor tactical radio communications as well as cell phone calls made by Israeli troops. Some observers suggested that mistakes made by inexperienced reservists in following secure radio procedures might have provided Hezbollah with a breakthrough against Israeli frequency hopping A wireless modulation method that rapidly changes the center frequency of a transmission. See spread spectrum and 802.11. and encryption. Another possibility is that Hezbollah units managed to capture one or more Israeli tactical radios complete with the then-current keys. This might have given them short-term access to encrypted radio traffic until the crypto scheme was changed--a procedure that should have been carried out fairly quickly if the net was known to have been compromised. It seems more likely that Hezbollah was able to direction-find against Israeli units equipped with frequency-hopping radios, then resort to traffic analysis techniques to ascertain the likely shape of Israeli tactics. The Unassailable Voice The Israel Defence Forces' Tadiran Communications CNR-9000 tactical combat radio system, which uses digital encryption for voice and data and incorporates full-band frequency-hopping techniques, enjoys a good reputation for security. However it is possible that a breakthrough was made against older radios, the short key lengths of which could be attacked by brute force (programming) brute force - A primitive programming style in which the programmer relies on the computer's processing power instead of using his own intelligence to simplify the problem, often ignoring problems of scale and applying naive methods suited to small problems directly methods. A more likely scenario, given the problem that Israel has in finding the money to equip its reserve units with up-to-date equipment, is that the lowest-level frontline units were equipped with older radios such as the PRC-77 or PRC-624. These sets do not use frequency hopping, and have no built-in encryption capabilities. Many armies could face the same problem in future combat operations and will have to decide how far down the chain of command encrypted communications should be used. For example, when faced with delays to its Bowman tactical radio programme, in 1999 the British Army The British Army is the land armed forces branch of the British Armed Forces. It came into being with unification of the governments and armed forces of England and Scotland into the United Kingdom of Great Britain in 1707. adopted the Selex Communications (then Selenia Communications) 2.4 GHz band H4855 Personal Role Radio (PRR PRR Pennsylvania Railroad PRR Prairie (street suffix) PRR Production Readiness Review PRR Policy Research Report (Worldbank) PRR Pattern Recognition Receptor (immunology) ) at squad level and below, but this provides only unencrypted communications. One traditional view is that in fast-moving mobile warfare For various forms of wars based on mobility, see Maneuver warfare. For the specific military methods of Mao Zedong, yundong zhan, see Mobile Warfare. Mobile Warfare is the correct English term for Mao Zedong's main military methods. the intelligence that an enemy can glean from eavesdropping on front-line communications is minimal. But if the campaign is slow moving or bogs down, as was the case during the recent Israeli operations in Lebanon, such a simple rule may no longer apply. Until about 1970, combat radios were analogue devices that were largely used for voice communications only. Data could only be sent at a very slow rate using techniques such as Frequency-shift Keying Frequency-shift keying (FSK) is a modulation scheme in which digital information is transmitted through discrete frequency changes of a carrier wave. The most common form of frequency shift keying is 2-FSK. (FSK (Frequency Shift Keying) A simple digital modulation technique that uses two frequencies for 0 and 1. See frequency modulation. ) modulation. Next-generation hardware such as Sincgars and the Thomson PR4G were digital radios that combined voice and low data-rate (typically under 9.6 kbit/s) transmissions, and used frequency hopping. Digital modulation The altering of a carrier by a digital signal. See modulation and carrier. offers many advantages over the older analogue modulation. Since the voice or data signals were both digital data streams, sophisticated encryption techniques could be used. In the 1990s the US Department of Defense found that its Etacs (Enlisted Terminal Attack Controllers Tactical air party member who assists in mission planning and provides final control of close air support aircraft in support of ground forces. Also called ETAC. See also close air support; mission; terminal. ) forward air controllers needed one radio to talk to the Army, second to talk to the close-support aircraft, and a third to talk to higher echelons via either a satellite-communications or high-frequency (HF) link. Not only were these radios incompatible, but each also needed its own add-on encryption device, antenna, audio subsystem and power supply. This electronic chaos ended with the fielding by the late 1990s of multifunction radios able to handle the different transmission modes and different encryption of the various services, and offer higher data rates. For example, radios such as the PSC-5D, PRC-117, and PRC-148 MBITR MBITR Multiband Inter/Intra Team Radio (US military) offer multi-mode operation. The Raytheon PSC-5D is a multi-band, multi-mission manpack communication terminal for UHF/VHF (Ultra High Frequency/Very High Frequency) Line-of-Sight and Satcom voice/imagery/data communications capability. It combines the capabilities of the AN/PSC-5 Spitfire Spitfire or Supermarine Spitfire British fighter aircraft in World War II. A low-wing monoplane first flown in 1936, it was adopted by the RAF in 1938. terminal, but has Have Quick I and II and Sincgars (Single Channel Ground and Airborne Radio System) modes. Its built-in comsec facilities are compatible with the KY-57/58, the KY-99/99A/100, KYV-5, KG-84A, and other crypto systems. The Thales AN/PRC-148 can handle the Sincgars-style frequency hopping used by the US Army and the Have Quick II standard used by the US Air Force, and can use software to simulate a range of existing external encryption devices. The Harris RF Communications PRC-117F radio adopted by the US Special Operations Forces Those Active and Reserve Component forces of the Military Services designated by the Secretary of Defense and specifically organized, trained, and equipped to conduct and support special operations. Also called SOF. community is a software-controlled radio that can be assembled into manpack, vehicular, marine craft and base-station configurations. Interoperable with Sincgars and Have Quick, it is also compatible with systems that rely on the KY-57, KYV-5, KG-84C and other external encryption devices. By the early 1990s, advances in digital electronic technology allowed the creation of a radio in which the incoming signal was converted to digital form as early in the signal path as practical, allowing software to handle tasks such as waveform generation and processing, signal processing See DSP. , encryption and most other major functions. The characteristics of these radios would be defined by their internal software and not by the hardware. The US Department of Defense's Joint Tactical Radio System (JTRS JTRS Joint Tactical Radio System JtRS Just The Right Shoe JTRS Just the Right Size JTRS Johnson Technical Reports Server JTRS Joint Tenancy with Right of Survivorship JTRS Jefferson Township Rescue Squad ) was expected to create a family of software-based radios able to meet the demands of all the US military services. Such an ambitious scheme proved difficult to implement. Rising costs and delays in timescale timescale Noun the period of time within which events occur or are due to occur timescale n → délais mpl timescale time (Brit) n forced a restructuring of the programme in 2005 and the setting up of a single Joint Program Executive Office to manage the programme. Instead of being expected to cope with 32 different waveforms and be compatible with 26 major weapon systems, the revised JTRS would handle nine waveforms and work with 13 weapon systems. The restructured programme also had to face a central conundrum posed by modern network-centric operations--the more a radio is expected to communicate seamlessly with other combat resources, the greater the difficulty of creating a secure system. This is not just a matter of being able to handle the different waveforms and encryption systems; how can one radio and its user be sure that the other systems it is communicating with are authorised to talk with them? Many of these problems were first identified during the development of what had been known as the Cluster 1 radios. These were intended to be used in vehicles, and by US Air Force Tactical Air Control Parties A subordinate operational component of a tactical air control system designed to provide air liaison to land forces and for the control of aircraft. Also called TACP. (Tacp), and Army rotary-wing aviation. << National Security Agency officials do not expect the other JTRS radios will encounter the same design problems experienced by the Cluster 1 radio as contractors now have a greater understanding of security requirements, >> said a General Accounting Office report released last year. << Nevertheless, because of the complex software encryption and networking requirements, security will continue to be a challenge for all JTRS components. >> While earlier radios often used add-on external crypto units, similar functionality can now be provided in small modules that can be incorporated within the radio, allowing radio designers to adopted proven crypto solutions. In August 2005 Harris Corporation Harris Corporation NYSE: HRS is an international communications equipment company that produces wireless equipment, electronic systems, and both terrestrial and spaceborne antennas for use in the government, defense, and commercial sectors. received certification from the US National Security Agency (NSA NSA abbr. National Security Agency Noun 1. NSA - the United States cryptologic organization that coordinates and directs highly specialized activities to protect United States information systems and to produce foreign ) for its new AN/PRC-152 multi-band Falcon III handheld tactical radio, clearing the set to handle voice and data traffic up through the top secret level. The PRC-152 was the first application for Harris' Sierra II software programmable encryption module, which had received NSA certification in 2004. This can handle various forms of encryption, including the US government's high grade security (Type 1) system, but the latter can be removed to allow its use in lower-grade applications. In December 2006, the company announced that it had won a US Army contract to develop an encryption device to meet the communication security needs of a variety of ground-based satellite terminals expected to be operational by 2010. Its solution will be based on the Sierra II module. Add-in encryption units are also available for analogue radios. For example, Transcrypt International developed its plug-in style voice-privacy security module to be customisable in size to suit specific models of radios. Selected as a supplier of voice-security modules for the US Army, it has created a package known collectively as the Military Bundle, which was extensively tested by the Army's Battle Lab. This includes a radio, voice privacy modules, a headset and other accessories. Although traditionally associated with radio links, encryption is also required to protect voice and narrowband data services over any type of network, including radio, PSTN (Public Switched Telephone Network) The worldwide voice telephone network. Once only an analog system, the heart of most telephone networks today is all digital. In the U.S. (Public Switched Telephone Network), ISDN ISDN in full Integrated Services Digital Network Digital telecommunications network that operates over standard copper telephone wires or other media. (Integrated Service Digital Network), and VoIP (Voice over Internet Protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. ). The Secure Communications Interoperability Protocol SCIP is the U.S. Government's standard for secure voice and data communication. The acronym stands for Secure Communications Interoperability Protocol and was adopted to replace the FNBDT (Future Narrowband Digital Terminal) title in 2004. (Scip) is intended to meet this demand. Originally developed by the US, it has evolved into a major multi-national programme. Scip projects are under way in Bulgaria, Canada, France, Germany, Italy, Netherlands, Norway, Poland, Romania, Spain, Turkey, UK and the US. Products are being developed by companies such as Cisco, Eads, General Dynamics General Dynamics Corporation (NYSE: GD) is a defense conglomerate formed by mergers and divestitures, and as of 2006 it is the sixth largest defense contractor in the world[1]. The company has changed markedly in the post-Cold War era of defense consolidation. , Harris, Kongsberg, L-3, Qualcomm, Rohde & Schwarz, Selex and Thales. Terminals from all manufacturers will be interoperable and able to share a common key management system. When Type 1 security is needed (the level that the US Government uses to protect classified information), Scip uses the Baton algorithm but for coalition operations, it can use publicly available civilian encryption algorithms such as AES (Advanced Encryption Standard (cryptography, algorithm) Advanced Encryption Standard - (AES) The NIST's replacement for the Data Encryption Standard (DES). The Rijndael /rayn-dahl/ symmetric block cipher, designed by Joan Daemen and Vincent Rijmen, was chosen by a NIST contest to be AES. ). For some communication tasks, cell phone technology is a potential low-cost solution, particularly for peacekeeping and disaster recovery operations Operations conducted to search for, locate, identify, rescue, and return personnel, sensitive equipment, or items critical to national security. . However, military operations other than war Operations that encompass the use of military capabilities across the range of military operations short of war. These military actions can be applied to complement any combination of the other instruments of national power and occur before, during, and after war. Also called MOOTW. may involve elements of both combat and non-combat operations, so such civilian technology must be teamed with good encryption if the enemy is to be denied an intelligence bonanza. Tadiran Communications' portable MobileNet system is designed for fast deployment and provides an << out-of-the-box >> cellular mobile network that combines commercial off-the-shelf Commercial off-the-shelf (COTS) is a term for software or hardware, generally technology or computer products, that are ready-made and available for sale, lease, or license to the general public. (Cots) cellular handsets and end-to-end snap-on encryption. In today's world, tactical radios are not the only communications links that need crypto protection. The personal computer--particularly in its laptop or notebook forms--has become a security nightmare. News reports regularly tell how civilian executives or military officers have lost laptop computers that contained sensitive information. In August 2006, Federal Computer Week reported that the US Army had launched a pilot programme to make data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign mandatory on all the service's laptop computers and mobile devices. Each laptop was to be designated for either stationary or mobile use. Those in the latter category would receive commercially available encryption software Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, email messages, or in the form of packets sent over computer networks. as a short-term solution until a definitive solution--probably based on the new Windows Vista The current version of Windows for the desktop. It was released in late 2006 for businesses and early 2007 for consumers. Vista adds numerous features, including improved security and advanced multimedia capabilities. operating system--is devised. Wireless local area networks allow communications between computers and other devices within a limited area, accessing network resources from nearly any convenient location within their primary networking environment such as a home or office. Public businesses such as coffee shops or malls have begun to offer wireless access to their customers; some are even provided as a free service. This creates a new security problem for military forces. Non-secure networks on military installations present a big operational security risk. << Any information that travels over a wireless network can be accessed by anyone on that network, >> says Steve Carlson, wireless security manager of the US Air Force's 99th Communications Squadron. << Even if you're accessing a secure Web site, your information is only secure between the Internet and your wireless router A network device that combines a wireless access point (base station), a wired LAN switch and a router with connections to a cable or DSL service. Wireless routers provide a convenient way to connect a small number of wired and any number of wireless computers to the Internet. . Everything travelling between that wireless router and your laptop is visible. >> In early January 2007 a quick drive through Nellis Air Force Base's housing area, with a laptop searching for wireless networks revealed many non-secure networks. Part of Carlson's job is to test wireless networks on base to ensure none of the residential networks are infringing on any of the government ones. He estimates more than half of the networks he has found are not secure. << If you're accessing [Web-based government e-mail] through an non-secure wireless connection, anyone could connect to that network, and, with the right software, monitor every one of your keystrokes >>, says Special Agent Randy Bond, of the US Air Force Office of Special Investigations The Air Force Office of Special Investigations (AFOSI) is a Field Operating Agency (FOA) of the United States Air Force that provides professional investigative services to commanders throughout the Air Force. . << They could have your login [information] and even password information and you would never know it. >> Personnel located near the outer wall of a military base risk their network being accessed by someone off base. From the visitor's centre parking lot at Nellis AFB AFB abbr. acid-fast bacillus AFB Acid-fast bacillus, also 1. Aflatoxin B 2. Aorto-femoral bypass , use of a standard laptop found three wireless networks, two of which were non-secure. The secure network was from a business located outside the base, but both of the non-secure networks were within the base. The ability of networks to operate without relying on cables obviously makes WLan technology attractive to the military, but such wireless links need to be secure. Encryption has allowed WLans to go to war. Harris has developed two families of secure wireless local area networks (WLan). Launched in 2003, SecNet11 is an eleven mbit/sec NSA-certified type 1 wireless card that plugs into the standard PCM-CIA slot of a laptop computer allowing secure communications via the standard 802.11b wireless-networking protocol. The newer SecNet 54 is based on the Sierra II module, and provides the same functions for the 802.11 a/b/g-based protocol. Both cards allow information classified at up to top secret level to be transmitted via unsecured private and public networks. Although originally developed for civil applications, since August 2005 the newly upgraded Northrop Grumman Northrop Grumman Corporation (NYSE: NOC) is an aerospace and defense conglomerate that is the result of the 1994 purchase of Grumman by Northrop. The company is the third largest defense contractor for the U.S. VRC-106 Secure Wireless Local Area Network (SWlan) radios have been used in Iraq by Stryker Brigade Combat Team The brigade combat team (BCT) is the basic deployable unit of maneuver in the US Army. A brigade combat team consists of one combat arms branched maneuver brigade, and its attached support and fire units. Three (SBCT-3) vehicles. These combine commercial off-the-shelf equipment with National Security Agency-approved encryption capabilities and are intended to establish local area networks among tactical operations centre (TOC) vehicles used for battlefield command and control. The Key to Success The key to keeping the secrets secret is to keep the key secret. The key is the code to disarranging the message contents and one that the reader must have to rearrange the message into a readable (viewable, understandable) message. Key strength demands are still debatable and depend upon the key style, be it a one-time key with 128 bits or a public key of the same bit length, the strength (of 128 bits or above) is only as good as the key management. Austrian company Mils Electronic views message protection as a continuous exercise; from creation, to transmission, storage and archiving. The company uses one-time key cipher cipher: see cryptography. (1) The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. systems that are based on true random noise sources to guarantee the integrity of each message. One-time keys are one of the strongest and most secure methods of stream cipher An encryption method that works with continuous streams of input rather than fixed blocks. Bytes of plaintext go into the stream cipher, and bytes of encrypted text come out the other end. RC4 is an example of a stream cipher (see RC4). Contrast with block cipher. encryption for text files and messages. Stream encryption is where the plain text is encrypted in whole with a key and transmitted or stored as one message. Another method is with block encryption, which is where a message is broken up into blocks and each block receives a separate encryption algorithm. The Advanced Encryption Standard (AES), designed by the US government, is one of the most widely used algorithms in symmetric key cryptography (cryptography) symmetric key cryptography - A cryptography system in which both parties have the same encryption key, as in secret key cryptography. Opposite: public-key cryptography. . AES, also known as Rijndael, works both quickly and easily with low hardware, software and memory requirements. Mils uses the random noise generator that is integrated into the company's Milscard hardware security module to produce the one-time key. Each bit of a message text is mixed with one bit of the key stream, which results in a cipher text that cannot be broken--at all. The true power of a one-time key is in its longevity, or rather lack of it. Once used for encrypting one message the key is destroyed. This is the strongest method of key management. One key, used once, and immediately destroyed thereafter. Keeping the Doors Locked Key management and distribution practices depend on the type of keys involved. Either physical or software encryption methods, or both, must be developed, implemented and religiously followed to ensure the encryption, whether for text, voice or data, is to be effective. Hardware-based key protection includes key cards, chips, USB keys, PCM/CIA PCM/CIA Personal Computer Memory / Card International Association (usually seen as PCMCIA, now PC Card) cards and logs--all which require the extra levels of physical protection and all of which have their own levels of compromise-ability. An encrypted storage area could be on a computer, in a locked office, on a secure network, or in an encrypted file on a Toughbook in the field that sports a key-based password system. The shorter the life of the key the tougher is the algorithm to break, and therefore the more secure the communication system. Switzerland's Omnisec has developed its 711 Key Management Center, which is a combination of hardware and software for developing and maintaining security networks and for programming security modules. The cryptographic master keys are generated from a random noise source, and stored in the write-only memory 1. (jargon, humour) write-only memory - (WOM) The obvious antonym to "read-only memory" (ROM). Out of frustration with the long and seemingly useless chain of approvals required of component specifications, during which no actual checking seemed to occur, an engineer of the security modules. The symmetric one-time session keys are generated within the security modules at each end of a communication channel and destroyed after use. Also from Switzerland is the company aptly named Crypto, which suggests that the secret to foolproof key management is to have the cryptographic processes run shielded in a tamper-proof hardware module. This ensures that no security data is ever visible and remains within the module, therefore the operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. and algorithms cannot be exposed to viruses or hackers. Crypto also states that the company's security architecture is based on secret proprietary and customer-specific algorithms, which demands that the cipher process be defined not only by keys and their length but also << by the secrecy and complexity of the underlying algorithm structure and comprehensive security architecture >>. Cryptographic technologies are steadily taking front row in other realms, as evidenced by General Dynamic C4 Systems' recent contract award from BAE Systems BAE Systems British manufacturer of aircraft, missiles, avionics, naval vessels, and other aerospace and defense products. BAE Systems was formed (1999) from the merger of British Aerospace (BAe) with Marconi Electronic Systems. to provide embedded interrogation/transpond (as well as Modes 4 and 5) modules for Identification Friend or Foe The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. systems used by military airborne, maritime and ground-based platforms. Bypassing any of the required security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security for any type of transmission could very possibly result in the scenario described in the opening paragraphs of this article. If all measures are followed then surely king crypto's crown will remain secure. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion