Radio encryption

Brad · June 30, 2013, 08:50:27 PM

Looks like CAP isn't the only one shaking the encryption tree:

QuoteFCC is currently processing a request for rule-making, RM-11699, that would allow the use of Amateur frequencies in the U.S. for private, digitally-encrypted messages.

http://hams.com/encryption/

A fair argument, although in the Request For Rule-Making, we find that it would have language specifically allowing encryption only for EMCOMM situations, and it also mentions that encryption is already allowed within ham radio under certain situations and the world hasn't blown up, plus Australia already has the EMCOMM provision for encryption and they still plod along quite fine.

SarDragon · June 30, 2013, 09:26:23 PM

The biggest hassle with encryption has always been key security. How do you adequately maintain that in a civilian environment?

a2capt · June 30, 2013, 09:30:26 PM

Yes, look how well the DVD encryption key thing worked out.

Brad · June 30, 2013, 09:51:13 PM

Quote from: SarDragon on June 30, 2013, 09:26:23 PM
The biggest hassle with encryption has always been key security. How do you adequately maintain that in a civilian environment?

Given that the proposed rule focuses on the EMCOMM environment, I'd wager the key would likely be maintained at the state or county EMD level or whomever is responsible for maintaining the larger public safety radio systems, giving the keys out for the duration of the event, then recalling them when done to prevent unauthorized redistribution.

Here in SC for example we have the Palmetto 800 system which is a statewide linked trunked system maintained by Motorola and governed by a committee representing agency users. My employer is the largest user of the system and so our Communications Officer is the contact point for a lot of the mutual aid channels for example. There are encrypted channels that my agency uses and I'd wager he maintains custody of them as well as far as flashing them onto the radios.

SarDragon · June 30, 2013, 10:14:29 PM

Quote from: a2capt on June 30, 2013, 09:30:26 PM
Yes, look how well the DVD encryption key thing worked out.

True, but the comms situation is a bit different. The DVD algorithm was very complex, used on every single DVD and player. It was hard to crack, and once done, invalidated the whole scheme.

A comms key is less complex, and is changed periodically. Therein lies the problem - there's more than one key in the users' hands at one time. They all need to be changed at the same time (usually 0000Z), and old keys need to be properly destroyed.

Fubar · June 30, 2013, 10:33:24 PM

Quote from: SarDragon on June 30, 2013, 09:26:23 PM
The biggest hassle with encryption has always been key security. How do you adequately maintain that in a civilian environment?

Something like the PGP approach with public and private keys might work. I agree with the website though, there's no place or reason for encryption in amateur radio.

SarDragon · June 30, 2013, 11:03:01 PM

Quote from: Fubar on June 30, 2013, 10:33:24 PM
Quote from: SarDragon on June 30, 2013, 09:26:23 PM
The biggest hassle with encryption has always been key security. How do you adequately maintain that in a civilian environment?

Something like the PGP approach with public and private keys might work. I agree with the website though, there's no place or reason for encryption in amateur radio.

PGP isn't suitable for real-time stuff like voice comms.

Another consideration is that encryption and analog transmission do not get along well. Military radios were built to interface with the security unit, but there were operational issues, and audio quality was not very good. Everyone sounded like Donald Duck.

Digital encryption and transmission are better, but that's a whole different discussion.

Eclipse · July 01, 2013, 12:55:46 AM

What on earth do we need encryption for?

Brad · July 01, 2013, 01:45:39 AM

Quote from: Eclipse on July 01, 2013, 12:55:46 AM
What on earth do we need encryption for?

My argument is from an ICS point of view. Let's say there's a large incident like a hurricane or whatnot, and existing comms infrastructure has failed and so now the incident is running on paper forms and ham radio. Not wanting to get into the logistics of it let's just assume for argument that it's working.

Now, the incident is over and the objective has shifted into Recovery. So there's teams being told to deploy to various locations to setup recovery sites for food, water, clothing, etc. Some gung-ho scanner hound or worse, news reporter, hears that the recovery site is being set up at the corner of X St and Y Av, and tells his friends, or in the case of the news person, broadcasts it to everyone watching TV/hearing the broadcast. So now there's a large group of angry people wanting to swamp the relief workers, or worse getting mad at them for being slow or not having such-and-such in the supplies and it potentially turns violent.

Sure there's National Guard and law enforcement but they can potentially be overwhelmed too. Look at Katrina. Encryption would be a good use in this scenario in order to prevent things like this getting to the public before it is vetted and ready to safely be advised to the public. I get enough as it is at work with nosy reporters trying to find out about fatalities that we're still investigating and haven't even notified next of kin on for example.

Eclipse · July 01, 2013, 01:52:37 AM

That's the argument that is made on a regular basis, and I don't buy it, your example is a big stretch at best. I don't understand why ham guys are so fixated on
Armageddon.

The cops, and fire guys aren't likely using encryption, and we're not using HAM radios, during Katrina we used open frequencies with no issues.

If we have something uber-secret to set up or do, then we simply don't transmit it on the open channel.

Brad · July 01, 2013, 01:54:42 AM

I know, I'm just offering an argument for the sake of point v. counter-point.

We do have an encrypted channel at work, but ironically enough the dispatch center, at least the one I work at, can't received or transmit on it because we don't have the key loaded in, haha! How's that for planning?

Eclipse · July 01, 2013, 02:00:33 AM

Quote from: Brad on July 01, 2013, 01:54:42 AM
I know, I'm just offering an argument for the sake of point v. counter-point.

We do have an encrypted channel at work, but ironically enough the dispatch center, at least the one I work at, can't received or transmit on it because we don't have the key loaded in, haha! How's that for planning?

Personally I don't care either way, I'm of the "big button, small instructions crowd", so I just expect to be handed a radio that is programmed and working, but I know the
key management alone will be a daunting task (as it stands it takes 6-months to a year just to get a wing's radios reprogrammed when change is made to the channel plan). It will
also take a fair number of personal radios out of service for that function, though I'm less sympathetic on that issue, which affects me personally, buy should not be a major factor in
CAP's comm plans.

And of course all it will take is one or two key players, or an aircraft without crypto working to scuttle it's use for a whole mission.

tribalelder · July 02, 2013, 06:37:05 PM

If the radio traffic is sensitive enough to require encryption, does CAP really have sufficient security awareness to keep the secret? Intercepted radio traffic is not the only way the story can get out.

At a former federal civilian employer, we were taking security awareness of some kind probably 4 times/year.

JoeTomasone · July 10, 2013, 02:45:17 PM

Me: Ham, FLWG/DC, Crypto-Guy for the day job.

Crypto in radios when you own them all and can get to them immediately when needed is complex enough.

Crypto in radios where you can't get to them all - especially in an urgent situation (radio lost/key compromised) is unworkable.

For COMSEC for sensitive data (HIPAA, etc) in the Ham world, we should be looking more towards DATA encryption - which can be point-to-point and dynamically generated. So, type the data up, and encrypt it before transmission over whatever data mode you like - packet, PACTOR, etc. Of course, that will require software/firmware work to make it happen, but that would be cheap-n-easy, and would work with existing hardware. Alternatively, use some public/private key based encryption scheme to encrypt the message itself and send over unsecured channels where the recipient decrypts it.

COMSEC in the CAP world is a tad more complex in that we don't allow data transfer any longer for whatever reason. It's also easier in that we have funded large quantities of AES-capable equipment, but we still have large issues to overcome such as the lack of AES-capable aircraft radios. If a gun was put to my head today and I was told that I had to blanket-encrypt comms for a combined ground/air mission, I'd have no choice but to have the aircraft carry a tactical repeater and an AES handheld. Forget about HF, too; there's no solution in the works for HF that I am aware of. IIWIC, I'd be working on getting CAP active on Winlink both on HF and VHF, with messages encrypted as needed. We'd need more HF allocations and some money for hardware, but neither are insurmountable. Winlink would also be a significant comms force-multiplier for us all by itself.

wuzafuzz · July 10, 2013, 11:28:57 PM

The case for encryption in amateur radio is a non-starter IMHO. People love to throw HIPAA regulations out there as a justification but HIPAA rules don't apply to amateur radio groups (or to CAP for that matter). I work for a health & life insurance company in my day job, where HIPAA, HITECH, Graham Leach Bliley, and an assortment of other privacy laws and regulations apply. It's hard to fathom why the amateur ARES/RACES crowd would voluntarily subject themselves to such rules when common sense would serve them better. I'm an ARES guy myself and have never felt the slightest need for encryption.

The ARRL response crushes the argument for voice encryption in amateur radio.
http://www.arrl.org/files/file/FCC%20Documents/Comments%20RM-11699%20FINAL%20Version%202.pdf

As for CAP, in 2 years as DC I've only heard of one request for encryption. We couldn't satisfy that request since we didn't have the right equipment in the right assets. Admittedly it would be nice to encrypt find reports and a few other mission types. Someday we'll be required to encrypt all AF missions and our opinions will be moot.

Generally though I think too many people are simply encryption happy for little to no good reason. When I was a cop the idea of encryption was limited to something the super-feds could do. No way we could have it. We got along just fine without it. Now my local cops think it's an officer safety issue to write parking tickets without it.

wuzafuzz · July 10, 2013, 11:45:04 PM

Quote from: Eclipse on July 01, 2013, 01:52:37 AM
I don't understand why ham guys are so fixated on
Armageddon.

Some of them are still watching Red Dawn (1984) and Dawn of the Dead (1978) in their mom's basement / command center, and recently discovered World War Z (it's still possible!!!) in book form. basement

OK, I gotta admit I grew up in So Cal and was "totally" prepared for earthquakes and possibly a few commies.