One if by land ... (Communications).Efforts to conceal certain communication elements from unauthorised eavesdroppers is a practice that can be traced as far back as the Roman Empire and Julius Caesar's shift key cipher--and yet further back to the 5th and 6th centuries BC. Today's battlefield offers challenges of unrivalled proportions, most decidedly due to the problems inherent in such an electronically saturated environment. Managing the flow of landline and wireless information beamed around a battlefield, shuffled to and from headquarters and relayed by drones and satellites to control centres tens of thousands of kilometres away is a monumental task in itself. To ensure the integrity of such communications, dodging jamming, interception, spoofing and intrusion attempts, requires a multi-tiered management system that must be adhered to at all levels else all is for nought. Couple these worries with the fact that hacking, denial of service attacks and virus creation is the hobby of today's teenagers (and others), and one is confronted with an environment that could give any warfighter sleepless nights. But there are weapons with which to effect a graceful parry. Craftier than Thou Communications security (comsec) covers cryptography and its key management practices, query and response, authentication, intrusion detection and other methods. Technology has driven this market to such an extreme that AuthenTec, a semiconductor company serving the biometrics industry (security via fingerprint and retina, as well as facial and voice recognition), now provides a secure fingerprint sensor with a contact surface area of only 0.4-inches square, and sees its future application in computer keyboards, mice and mobile devices. This technology is still at the leading edge and not yet practical for battlefield application. But cryptography is, and in wireless communication it is gaining ground on the futuristic biometric field. ITT, for example, co-developer of the Software Communications Architecture (SCA) for the JTRS programme, recently introduced its Spearhead set. The company labels this unit `the world's smallest handheld tactical radio' designed for the international market. Much interest has already been received domestically and from Asian countries, Singapore in particular. The Spearhead covers 30 to 512 MHz with a modular, snap-off back module that converts the unit's transmission frequencies from RF to UHF. At only 500 grams, the network-ready Spearhead uses country-unique Comsec and Transec (Communications/ Transmission Security), frequency hopping and software programmability. To dissect a phrase, frequency hopping is a common practice that entails dividing certain transmission information into small packets that are then broadcast individually via a pre-determined combination of radio frequencies, thus making it rather challenging to follow throughout the spectrum. With today's radios hopping at 1000 frequencies per second, separating these packets from background noise and other transmissions is, as mentioned, virtually impossible--with a bit of stress on the virtually. Companies designing these frequency or channel hopping radios are working in tandem (but not necessarily together) with those developing follow-on or follower algorithms (and jammers) that chase these signals throughout the spectrum. A game of cat and mouse as it were. On the opposite end of that spectrum, Rohde & Schwarz produces a range of signal detection, direction finder and system monitoring equipment, along with cryptographic and communication systems. The German company's DDF0xM direction finder utilises digital signal processing through filtering, bearing calculations and signal demodulation data to lock on to a burst or hopping signal. An industry-standard algorithm for correlating the signal's position through a method named the Watson-Watt DF is then applied. The DDF0xM also uses an advanced correlative interferometer method for signal processing, whereas the antenna voltages of the signal received are compared with stored reference values giving a difference that can be accurately measured. Even short-burst signals are not immune to such a search method. Moreover, a main problem inherent with most wireless communication stems from the fact that interception cannot be detected. One exception to this rule is with free-space optical transmissions, wherein a beam of optical energy (laser) is focused on a receptacle within the line-of-sight of the transmitter. Any system compromise would result in a noticeable loss of power (attenuation) throughout the communication network. But that doesn't help in the rest of the wireless world. Changing My Name Cryptography is the communications technique that translates information into an apparently random series of characters, which are to be reverse-translated at the reception end. This is a world inhabited by mathematicians, analysts and interpreters, those who create their own cipher `languages' and try to decipher those of others. The cipher process involves the use of a mathematical algorithm that substitutes each symbol (including punctuation and spaces), letter or a combination of these within a plain text message for a different letter or group, resulting in a message written in jabberwocky. To those units authorised to receive specific communications is distributed the `key' that will match the combination to the corresponding letters or packets, returning the gibberish to a readable message. Once developed, these algorithms are written to computer chips and embedded in radio equipment. The development and dissemination of crypto algorithms in the US is governed by the dictates of the US National Security Agency (NSA), who keeps a sharp eye on the domestic use of cryptography and, even more stringently, on that being exported. This is where the security of a nation, and not the wishes of a manufacturer, come into play. Harris, for example, has recently received NSA certification for its Sierra cryptographic module for use by the US military forces. To receive this certification, Harris had to prove that its `military grade' algorithm (received from the NSA) was integrated into its on-board chips in compliance with NSA standards. These chips are used, for example, in the Harris Falcon II series of tactical radios, which will also feature prominently in the JTRS military communication environment; a software-defined tactical radio programme for worldwide defence forces. Harris developed its Citadel module for the Falcon II series radios supplied to US allies. The Citadel is another military grade-chip that includes country-unique algorithms customised by the company; an operation that ensures no single country has access to the complete algorithm. Omnisec, of Switzerland, like other non-American companies, is not as restricted as its US counterparts in algorithm development; Omnisec therefore has a more open hand to custom-build solutions for its military offerings. The company designs and develops encryption solutions for facsimile, landline communications, VPN connections and e-mail, to name but a few. The ability to provide a truly unique crypto solution, complete with a one-off algorithm, gives an edge to companies outside the envelope of America's NSA. The Key is the Key During World War II, the United States recruited over 400 Navajo Indian Code Talkers to speak in their native tongue and pass along sensitive information. The Navajo language is based on tonal sounds, which made it extremely difficult for others to understand and decipher. The Japanese and Germans hardly knew how to handle this new form of code for which the only key was to capture a native Navajo and somehow force him to decipher the message traffic. Today, algorithm and key management is paramount to maintaining a secure base of communications. But, as elsewhere, "Nobody wants to spend money on security", mentions Giuliano Otth, Chief Executive Officer of Switzerland's Crypto, "until one's system is compromised." Then it's a mad dash to close the doors and windows and call the experts. Crypto specialises in algorithm design and the implementation of key management solutions, which the company sees as an overall strategy to maintaining communication and information security. Key management involves, among other things, developing `need to know' lists, the physical management of sensitive materials, performing cipher checks, tamper-proofing hardware and designing equipment to surpass Tempest (radiation leak) standards. Crypto was established in 1948 by Boris Hagelin, a Swedish inventor who offered his ciphering device to the Americans at the start of World War II, when cryptographic hardware was in great demand. His successful prototype was then mass-produced at the SmithCorona typewriter factory, where over 140,000 units were manufactured. His M-209 model, nicknamed "Hag" by US forces, was used in large numbers during the invasion of Normandy. Crypto has also developed a high-level security system of systems labelled TIS, Total Information Security. The TIS programme encompasses tamper-proof hardware, unique software solutions, Tempest control and access and key management. When asked which part of the system would most contribute to a compromise, Mr Otth replied, "Our solutions are complete solutions, where each member of the system is as important as the next. Therefore, no single organ's compromise can severely affect the whole. But if I were to pick the single most important element it would, of course, be the key". Yet the company claims the trend has changed from the chase for the key to the deciphering of the complete system. In this vein, Crypto's offers its HC-6950 emission-protected workstation, which guards against the electromagnetic emanation of compromising information and includes virtual memory protection, file, disk and message encryption and solid encryption of Virtual Private Network connections. A much-needed soldier-proof asset when dealing with a nation's secrets. Rohde & Schwarz has long been a market leader in cryptographic solutions for Nato forces, offering the services of its 100 mathematicians, computer scientists and engineers for the development of communication and encryption equipment. The company's Sit division has developed its TopSec line of solutions for voice and data encryption via GSM and ISDN. Using the Back Door The process isn't as easy as just deciphering, changing and re-transmitting a `caught' signal (known as spoofing), as Dick Rzepkowski, Vice President, Communications Security Products at Harris RF Communications Division explains, "Most crypto systems include certain checks and verifications. An error extension, for example, amplifies a system error when it notices even one bit has changed. Time stamping is another method--one that `stamps' the time code into the message so any deviation of real-time reception (if the message is caught, changed and retransmitted) flags the message as not authentic". This is all well and good for radio-transmitted signals, but what about land-based networks? Sending and receiving voice, data, even something as simple as e-mail, which is actually one of the most non-secure communication methods we use today. The Internet is host to a plethora of parasites, viruses, hackers and those generally interested in what a soldier or sailor is doing and where he or she is and will be. Even "secure" military Internets and intranets are not immune. For example, the author did a simple search on the Internet and scored with a copy of the US National Security Agency's security guidelines. It is not hard to find hackers who have taken control of or compromised sites and networks and advertise their work. A common hacking thread is to enter through e-mail systems and drop a `bomb' into someone's system or computer. Therefore, by programming a `watcher' to record and transmit the users' keystrokes (or transcript of websites visited), the hacker has a record of usernames and passwords to e-commerce sites, for example, complete with the credit card information. That same hacker's access could be gained directly through a firewall simply to retrieve database information for later use. On the battlefield this creates a more serious situation where, once an e-mail or `instant' message has been intercepted, any combination of scenarios can manifest themselves. The impact of troop movement or surveillance information being compromised speaks volumes in itself. The solution is to implement some sort of e-mail and/or file encryption system. From the pioneer in e-mail encryption--Pretty Good Privacy (PGP)--to any of several military-grade encryption programmes, the field from which to select is both broad and deep. Omnisec has developed an e-mail and file encryption bundle, the Omnisec 320-E, which consists of a plug-in for MS Outlook and Exchange, therefore embedding encryption into normal e-mail usage. The 320 File Encryption application ensures secure data storage on local or remote media; it works with Windows 95/98/2000 and NT 4.0, and shares a master key with the 320-E version that is generated by yet another application, Omnisec 320 K. The master key-sharing applications rely on hardware-based encryption that is housed in the company's Omnicard, which is access and tamper protected. Omnisec has also developed a hardware key management centre, Omnisec 710, designed to support the company's Omnicrypt Security Architecture. The 710 generates master keys, programs security modules and calculates authenticated key agreement data. The Harris FR-6750W Wireless Gateway and RF-6710W Wireless Message Terminal combine to provide a secure wireless e-mail solution for tactical radios. These products work seamlessly with MS Outlook and deliver error-free e-mail messages with ASCII, binary and image file attachments from one wireless node to another across a wide swath of the electromagnetic spectrum (HF to UHF, satellite, etc). The e-mail system is compliant with Nato Stanag and it uses the Compressed File Transfer (CFTP) and HF Mail Transport (HMTP) protocols. The RF-6750W software package connects directly to an Ethernet TCP/IP local area network and operates as a radio mail server and, oddly enough, is even compatible with software running on Linux and Macintosh operating systems (Windows taken for granted). The System 200 package from Austrian firm Mils Electronic contains a tamper-resistant security PCI module, the MilsCard, that provides secure storage of cryptographic keys and executes one-time key algorithms in a sealed, protected environment. Further in System 200 is the MilsMail message exchange application that extends MS Outlook functionality by adding encryption and decryption. The MilsAdministrator manages key generation and distribution, and MilsFile is a secure storage application that works through Windows Explorer. MilsFile can be applied to single files or entire folders on either local or remote storage devices. Of significance is that the cryptographic keys in System 200 are either protected by being stored on MilsCard or by being encrypted with a specific key algorithm. Access is completely restricted to users in possession of a valid MilsCard and the corresponding password. Mils Electronic has developed its proprietary stream cipher algorithm with high cryptographic security standards with regard to cycle and key length and degree of non-linearity. The encryption technology operates with a random key that is generated by a noise source and used only once, therefore, as the company illustrates, impossible to break. Deft Fingers--Tuned Ears Although not an e-mail application, but just as likely to be subject to attack is the Tri-sector Access Point from AI Wireless. An 11Mbps Ethernet broadcast service which pushes full motion video and other data over the company's proprietary 802.11b protocol at 6.2 Mbps with a 448-bit Blowfish encryption. The bit count in encryption refers to the total number of possible keys that can be used to encrypt the information. The principle here is similar to that of a combination lock on a safe. If the lock is well designed so that a burglar cannot hear or feel its inner workings, a person who does not know the combination can open it only by dialling one set of numbers after another until it yields. The sizes of encryption keys are measured in bits and the difficulty of trying all possible keys grows exponentially with the number of bits used. Adding one bit to the key doubles the number of possible keys; adding ten increases it by a factor of more than a thousand. It is a property of computer encryption that modest increases in computational cost can produce vast increases in security. Encrypting information very securely (e.g., with 128-bit keys) typically requires little more computing than encrypting it weakly (40-bit keys). In many applications, the cryptography itself accounts for only a small fraction of the computing costs, compared to such processes as voice or image compression required to prepare material for encryption. Most crypto-developing companies believe that a 128-bit key is more than sufficient to thwart a timely attack. Only by the purest luck and the world's greatest computing power can one break a 128-bit key in one lifetime (rhetorically-speaking). The 448-bit key used in the Tri-sector Access Point video encryption may seem like overkill, but to what level of security does one assign UAV or forward observer battlefield video feeds? An Ounce of Prevention This leads us back to the notion of encrypting one's message. Communicating through secure e-mail is convenient, but products, such as L-3 Communications-Ilex Systems' 895-SF Secure Office Fax and the 595-TSF Tempest Facsimile add to the spectrum of crypto-based communication equipment. No stone left unturned--fax, e-mail, radio, telephony and computer-based communications, all are vulnerable to intrusion, jamming, interception, spoofing and the ubiquitous virus. Virus protection programs are standard kit on almost every computer--but virus developers seem to get craftier each day and are passing along their viruses at an alarming rate. With this in mind, the US Army has selected Harris' Stat vulnerability assessment software to protect its global computer network from cyber threats. Under a multi-million dollar contract, Harris is deploying its Stat Scanner on more than 1.5 million workstations. Stat Scanner travels through a computer network--including strategic, tactical, MSE and the Army's tactical Internet--and provides the network administrator with a comprehensive analysis of all vulnerabilities, with specific details on the risk level of each. Harris also provides its Stat Analyzer to analyse and identify both internal and external security vulnerabilities. BAE Systems has developed a firewall that protects against a newly-discovered vulnerability in the SNMP V1 Internet standard protocol. This open door allows cyber attackers to gain control of, or even take down, commercial and military networks. The Midass firewall, developed in conjunction with QinteiQ, ensures that only traffic approved by a security policy can transit the firewall. Raytheon recently dedicated a $14 million, 70,000 [ft.sup.2] satellite communications, integration and operations centre designed to promote hands-on customer involvement in the development of new systems. The diagnostic equipment and testing laboratories are state-of-the-art--but will some inquisitive organisation hire their 13-year-old neighbour to slip in through the cracks? Anyone Can Get In Tactical Internets are as vulnerable as the Internet the rest of the world uses. A sample of recent information copied from hacker sites throughout the Internet illustrates how easy it is to either become proficient in hacking civil, government or military sites and networks or how one can acquire the services of one who already possesses the talents--more often than not, teenagers. Some Freely Available Online Hacking Tools Include:
PW-Gen a password generator,
DisCard checks and generates credit card numbers
Web Bug Locator a web bug can track your movements throughout the
Internet
Codice Fiscale calculates Italian Fiscal Codes (similar to US
Social Security numbers)
OurBiz an online personal encryption tool for private
communications
Browsinfo tool that shows all possible collectible
information about a person browsing the Internet
(Browser, system, documents on hard drive)
DialTone provides all types of dial tones used in the US
phone system (pay phone, telecom-specific and
keypad tones)
A Few of the Available Hacking Guides Include: * How to Bypass BIOS Passwords * FAQ and Guide to Cracking (hacking) * Sniffer FAQ (What a sniffer is and how it works, where sniffers are available and how to stop a sniffing attack.) |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion