Tips to Mitigate P25 Security Concerns
August 24, 2011
By Nick Tusa
While the 2011 Association of Public-Safety Communications Officials (APCO) International national convention was wrapping up in Philadelphia earlier this month, another conference held in San Francisco was making headlines. Researchers from the University of Pennsylvania presented the results of a two-year study partially funded by the National Science Foundation on the weaknesses and vulnerability of the Project 25 (P25) radio communications standards at the Usenix Security Symposium.
Researchers found a number of protocol, implementation and user interface weaknesses that routinely leak information to eavesdroppers. To prove their point, the researchers built a system to intercept P25 communications using less than $1,000 of equipment. Additionally, their published paper went on to describe the construction of an effective P25 radio system jammer using an integrated circuit RF transceiver device contained in a child’s toy, but with custom-designed jamming software. Needless to say, those report findings have been widely circulated throughout the public-safety community, and many owners of P25 radio systems have reached out for guidance in terms of enhanced security from eavesdropping and more resilient methods of jamming prevention.
In term of eavesdropping, the encryption schemes offered by P25 vendors are compliant with Data Encryption Standard (DES), Advanced Encryption Standard (AES) and National Security Agency (NSA) Type 1 cryptology. When properly employed by system owners, these forms of encryption are reliable and secure. Security breaches occur when encryption keys are improperly safeguarded or infrequently changed. Because users are often required to enable encryption, some forget to do so and sensitive information is unwittingly transmitted.
Problems of that sort can be mitigated through training. Unfortunately, many agencies fail to fund reinforcement radio user training. This failing often results in a gradual erosion of sound management and operational practices by short cuts that silently expose sensitive information to eavesdroppers. For example, instead of changing security keys every two weeks, it creeps out to every two months or, worse, never. Another aspect of system vulnerability is allowing too many user agencies the ability to field program radios. Inexperienced radio programmers can accidentally fail to enable important radio security parameters, exposing sensitive traffic to unauthorized personnel.
Vulnerability can also occur as a byproduct of operational design. How owners develop talk group structures and what level of freedom they allow users to determine when or if communications should be in the clear mode directly influence radio network security. An effective way to manage the encryption vs. clear dilemma is to force the decision via the talk group structure. It’s possible to develop talk group structures that automatically, when selected in the field or by a fixed user/dispatcher, cause activation of the secure, private mode. This eliminates the possibility of an errant operator decision; however, it restricts ad-hoc field decision making to some degree. Yet if experienced personnel are trusted to make talk group development/programming decisions, the talk group structure can simplify field operations for both routine and emergency needs.
What About Jamming?
Any communications that is transmitted via radio — LMR as well as point-to-point microwave — can be jammed by a bad guy as easily as a good guy searching for vulnerabilities. Contrary to popular belief, spread spectrum (frequency hopping) radio communications systems can be jammed as well; it just takes a bit more thought and inventiveness. Unless communications is contained within physically secured copper wires, coaxial cables or a fiber optic medium, it is vulnerable to unintentional and intentional interference.
The University of Pennsylvania researchers make the point that an appropriately configured device that requires little power could harm public-safety P25 radio systems. Well, the same laws of physics that allow radio system designers to accommodate low-powered handheld portable radios within dense building structures anywhere throughout a typical metropolitan area apply to harmful interferors as well. That is, if an FCC-licensable radio system is intentionally designed to accommodate the weakest of public-safety radio signals within a given geographic area, it will likewise be susceptible to those parties intent on malicious interference.
Single-channel radio systems are highly vulnerable to interference and easily disabled. Anyone who has operated a VHF/UHF analog or digital conventional repeater system knows what happens when a mobile unit’s mic push-to-talk (PTT) button gets jammed into the car seat. Project 16 or P25 trunked radio systems are significantly more difficult to jam — particularly those with many operating channels — because these systems randomly move their control channels whenever interference is present. An individual intent on disrupting communications in a large city served by many simulcast trunked tower sites having many operational channels would be physically and practically limited in terms of disruptive capability.
As the size of a system in terms of tower sites, geographic footprint and frequencies increases, the harder it becomes to cause disruptive interference beyond the nuisance level. Any good radio network design should include alternative systems to be used should the main/primary radio system fail catastrophically such as during hurricanes or floods where large geographic areas can be affected by damaging high winds.
No radio system can operate without antennas, electricity or tower site interconnectivity. Components represent the biggest set of vulnerabilities any radio system designer faces.
Dominic (Nick) Tusa is founding partner of Tusa Consulting Services, a public-safety radio consulting firm in Covington, La. Email comments to editor@RRMediaGroup.com
For more information on P25 security, visit this article
from John Oblak, EF Johnson vice president of standards and regulatory affairs.