https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Security


Keeping secrets

Keeping secrets

The need for privacy spurs widespread use of cryptography in radio systems
  • Written by Urgent Communications Administrator
  • 1st October 2007

The need to communicate privately has existed since ancient times. Julius Caesar, for instance, employed a secret code to communicate with his generals where each letter of his original message was replaced by the letter three positions to the right in the alphabet. Thus the “key” was the number 3, and the cipher algorithm to decrypt the message was “shift to the left.” To be useful at all, the key must have been a secret known only to Caesar and his army, but it is hard to imagine that the code existed for long before being broken.

In more recent times, cryptography played a pivotal role in World War II thanks to Allied code breakers. In the European theater, first Poland and later the United States and Great Britain broke the main German cryptosystem, Enigma. Many historians believe the Allies' ability to read Enigma-enciphered messages and act on that information shortened the war by two years.

Perhaps the single greatest code-breaking success was Midway. In 1942, the Japanese planned to surprise the American military on Midway Island, but their plan was thwarted in large part because U.S. Navy cryptanalysts in Hawaii had partially broken the Japanese Navy Fleet Code. Despite breaking fewer than 15% of Japanese messages, Cmdr. Joe Rochefort, the officer in charge of the cryptanalysts, believed the Japanese were planning to attack a target codenamed “AF.” Rochefort also believed AF referred to Midway, but Adm. Chester Nimitz needed more evidence. With Nimitz's approval, the Marines on Midway were told to send a plaintext message complaining about a lack of fresh water. Two days later, on May 12, 1942, a Japanese message was decoded stating: “AF is short of water.”

Knowing Midway would be attacked, the U.S. Navy and Marines were able to adjust their forces and eventually claim victory. Midway was the turning point in the war in the Pacific, in no small part thanks to the Navy cryptanalysts.

Today, cryptography is used in nearly all forms of modern communications to provide authentication and privacy. However, radio lags most other forms of electronic communication in the adoption of cryptosystems. Despite the use of digital transmission in nearly all cell phone traffic and a good portion of public-safety radio traffic — the Project 25 digital radio standard, for instance, supports several encryption methods, including the Digital Encryption Standard (DES) and the Advanced Encryption Standard (AES), plus several lesser known ciphers — only a tiny fraction of calls are encrypted.

Encryption is perhaps the most important element of cryptography. It is the process of converting ordinary information, called plaintext, into unintelligible gibberish, called ciphertext. A cipher is a pair of algorithms, one to perform encryption and another to perform the reverse operation, decryption. The operation of the cipher is controlled by the algorithms and by a key that is a secret parameter ideally known to only the sender and the receiver.

The goal of any cryptosystem is to provide an easy and inexpensive means of encryption and decryption to all authorized users who possess the key. Simultaneously, the cryptosystem must make it difficult and expensive to discover the plaintext message from the ciphertext without access to the key.

Modern cryptography falls into two fields of study:

  • Symmetric-key, also called private-key cryptography, and
  • Asymmetric-key, also called public-key cryptography.

Private-key systems require that both the sender and the receiver share the same key. The main drawback of private-key systems is key management. To minimize damage caused by loss of a key or a successful cryptanalytic attack, it is necessary to change the key frequently. Distributing the key via secure means may require a courier or some equally expensive means. Military organizations often change the key daily, but public-safety agencies and commercial companies rarely do so for cost reasons. Private-key encryption was the only type publicly known until 1976, when Whitfield Kiffie and Martin Hellman published the first paper on public-key cryptography.

Public-key systems employ two keys, a public key and a private key. The idea behind public-key cryptography is that the calculation of one key (the private key) is computationally impractical from the other key (the public key), even though the two are necessarily related. The two keys are generated secretly, as a pair. The public key can be freely distributed while its paired private key remains secret. Typically, the public key is used for encryption and the private key is used for decryption. In addition to encryption, public-key systems can be used to create digital signatures, which are a common form of authentication.

The main advantage of public-key cryptography is that users can safely communicate without having met or communicated previously. It is commonly used on the Internet for Web browsing and e-commerce using a protocol called Transport Layer Security (TLS).

Another use of cryptography in radio can be found in the IEEE 802.11 series of standards for wireless local area networks (LANs). Wireless LANs are inherently vulnerable to intrusion and attack because the wireless link allows the attacker to operate in the open with little fear of discovery. Unlike the wired network, there is no traceable path to a fixed location. Because wireless LANs are simply an extension of the wired Ethernet, they can create vulnerability in the wireline network that did not exist previously.

The original 802.11 standard employed three basic security mechanisms: Service Set Identifier (SSID), MAC address lists, and Wired Equivalent Privacy (WEP).

Privacy was achieved in 802.11 with the WEP protocol. WEP is an encryption algorithm. Many early press reports documented the security vulnerabilities of wireless LANs, particularly WEP, which originally used a 40-bit key. Today, 64-bit and 128-bit keys are used, but hacker software is available on the Web that, with sufficient time, will crack these encryption schemes.

Flaws in WEP and the initialization vector make the algorithm vulnerable no matter what length key is used. In particular, the static nature of the keys and the manual process of key management make the network vulnerable to attack. For example, the longer a key is in use, the more opportunities exist for a hacker to obtain a copy of a plaintext message and its equivalent ciphertext. Armed with these two pieces of information, the hacker's job is orders of magnitude easier, and the chances of successful attack are quite high.

The IEEE 802.11 committee developed a new security standard to correct these security shortfalls. The committee's efforts were published as IEEE 802.11i in the summer of 2004. The 802.11i standard implements a set of protocols called Wi-Fi protected access (WPA) through two main techniques:

  • Temporary Key Integrity Protocol (TKIP), an algorithm that varies the crypto key.
  • The Advanced Encryption Standard (AES), used widely by the banking industry.

It is believed that these two techniques, if implemented properly, will ensure security of 802.11 networks.


Jay Jacobsmeyer is president of Pericle Communications Co., a consulting engineering firm located in Colorado Springs, Colo. He holds BS and MS degrees in electrical engineering from Virginia Tech and Cornell University, respectively, and has more than 25 years experience as a radio frequency engineer.

Tags: Data Network Security

Most Recent


  • Tesla Model 3 hacked in less than 2 minutes at Pwn2Own contest
    Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own hacking contest in Vancouver. The attacks gave them deep access into subsystems controlling the vehicle’s safety and other components. One of the exploits involved executing what is known as a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla’s Gateway energy […]
  • House members introduce $15 billion NG911 funding bill
    Key U.S. House members introduced bipartisan legislation that would provide $15 billion in federal funding to support 911 centers nationwide as they make the transition from legacy technology to an IP-based next-generation 911 (NG911) platform. Standalone legislation that had not been assigned a bill number as of Friday night, the “Next Generation 9-1-1 Act of […]
  • Microsoft Outlook vulnerability could be 2023's 'It' bug
    Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation, accessing the victim’s Net-NTLMv2 challenge-response authentication hash and impersonating the user. Now it’s becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are […]
  • Getting to know the how—and why—of the telecom cloud
    A funny thing happened during the pandemic: The giant cloud hyperscalers burst into the telecom industry. And now it’s time for everyone to get acquainted with them. Why? Well, it seems increasingly inevitable that a certain percentage – ranging from “a little” to “most” – of telecom operators’ network functions are going to run in […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Keeping secrets
    Newscan: Feds recover millions from pipeline ransom hackers, hint at U.S. Internet tactic
  • Cyber is the new Cold War, and AI is the arms race
  • Microsoft patches 6 zero-day vulnerabilities under active attack
  • IoT connectivity spending climbs as COVID-19 cases decline

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

AT&T claims LTE coverage edge, FirstNet build more than 99% done dlvr.it/SlXZfr

27th March 2023
UrgentComm

Verizon Frontline supports U.S. Forest Service efforts against wildfires dlvr.it/SlX1g3

27th March 2023
UrgentComm

Autonomous-vehicle consequences could include more traffic dlvr.it/SlWr67

27th March 2023
UrgentComm

Tesla Model 3 hacked in less than 2 minutes at Pwn2Own contest dlvr.it/SlVJg9

26th March 2023
UrgentComm

SES: JP Hemingway on satellites’ role in the digital divide, D2D and disasters dlvr.it/SlTL4h

25th March 2023
UrgentComm

House members introduce $15 billion NG911 funding bill dlvr.it/SlS0Lr

25th March 2023
UrgentComm

ADRF: Sun Kim discusses company’s new hybrid in-building wireless solution dlvr.it/SlRtSQ

25th March 2023
UrgentComm

U.S. cell towers and small cells: By the numbers dlvr.it/SlRn6N

25th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.