6

I'm a student studying Electrical and Computer Engineering and a ham radio operator (i.e. my knowledge of encryption is basic). More and more, police and local government radio has become encrypted, this obviously prevents the average police scanner user from tapping in, but what about a better resourced organization?

A lot of systems use either 56-bit DES or a proprietary 32-bit motorola system to encrypt the audio stream which is then transmitted over a digital protocol. From what I can dig up, the systems use a fixed key, but can be over-the-air rekeyed daily, (based on my experience I doubt most organizations use the feature).

As someone familiar with modern encryption the 32 and 56 bit keys seems far short of the 128-512 bit systems available today. IIRC, DES was broken in the late 90s by the EFF.

So perhaps there's some "size doesn't matter (as much)" reason. Otherwise, is it that these systems are vulnerable but not worth anyone's time (Many police agencies still transmit analog voice and don't have a scanner related crime problem).

Here are some more specific references: http://www.batlabs.com/encrypt.html http://wiki.radioreference.com/index.php/Motorola_Encryption_Topics http://www.freepatentsonline.com/3639690.pdf http://www.freepatentsonline.com/4167700.pdf

lswim
  • 163
  • 3

1 Answers1

4

I agree with your analysis of the reasons why police departments and other agencies would use "weak" encryption products with their radios: simply because as of the current day encryption crackers are rarely used by common criminals that listen to radio transmissions of such agencies (they perhaps use analog/digital radio scanners, but such scanners can usually be defeated by using encryption of any kind, even if weak and/or proprietary).

It is true, however, that 32 or 56-bit encryption of any kind is pretty weak and can be bruteforced with proper knowledge of the radios and communications protocols used in them. This is why most agencies that process anything related to "national security" or "classified information" (think DHS or FBI) do not use such forms of encryption, but instead use actual strong encryption such as AES-256-GCM (see 1 and 2). That, or they use their own proprietary encryption algorithms (eg. Type 1*) and modules.

*Motorola (which is a common vendor) has boards/modules that support Type 1 encryption (see the FASCINATOR module in 3 and usage of Type 1 in the section "2.2 Security Features" of 2).

References:

  1. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1752.pdf
  2. http://www.crypto.com/papers/p25sec.pdf
  3. https://en.wikipedia.org/wiki/FASCINATOR
Nasrus
  • 1,250
  • 12
  • 13