

Why (special agent) Johnny (still) Can't Encrypt - packetlss
http://www.crypto.com/blog/p25/

======
travem
Really interesting article. One particular statement caught my eye "many P25
systems … are "rekeyed" at frequent intervals, in the apparent (and basically
erroneous) belief that changing encryption keys regularly improves security".
My belief was that rekeying was useful in order to limit the "blast radius" if
a key was compromised and thus improves security. I'd be interested in finding
out why that isn't the case, is it because, as in the article, it introduces
more problems that it solves or is there another reason?

~~~
capnrefsmmat
His guide to secure P25 deployment suggests simply rekeying whenever a radio
is lost, stolen, or compromised, since in a law enforcement context, key theft
is much less likely than in military operations. (Cops don't often get shot
down over enemy territory, for example.)

~~~
Duff
Cops are human, and thus vulnerable to exploitation. Do you seriously think
that some gang leader somewhere doesn't have local police radios given to him
by cops on his payroll?

Periodic rekeying is like physical inventory or periodic password changes --
it helps you identify compromised assets.

~~~
whomelse
If the rekeying protocol is performed over the air, how does rekeying help in
your corrupt cop/gang leader scenario? Wouldn't the gang leader's radio get
the new keys along with all the other radios?

~~~
quanticle
The article doesn't say that rekeying occurs over the air. It could very well
be the case that police departments are rekeying their radios at the end of
every shift, when, for all practical purposes, they'd be as safe rekeying once
a week.

~~~
whomelse
I just assumed a protocol called "over the air rekeying" would be performed
"over the air". But that's just me.

------
Duff
Cellphones and other out of band communications make police encryption a joke
anyway. Anything really sensitive or controversial will be communicated via
phone to avoid being recorded anyway.

The real reason for police agencies wanting encrypted voice traffic is to be
less transparent, especially from the press. Modern government wants
information to be dribbled out from the PR office.

~~~
tptacek
If the police can't keep informants protected, nobody will inform on violent
criminals. There are obviously plenty of reasons why law enforcement secure
comms need to be actually secure, not just "Motorola says it honored the
secure comms standard" secure.

The stuff that police organizations want to be obscurantist about are almost
invariably not encrypted; dash cam videos, disciplinary reports, things like
that. Yes, once upon a time some geeky reporters were able to get interesting
stories out of radio scanners. That's because we were living in the dark ages,
not because police tactical radio traffic should be open to anyone.

~~~
tonecluster
You guys are missing the modifier "once upon a time". It's true: once upon a
time, some (at the then once-upon-a-time time) geeky reporters got some
interesting stories out of radio scanners. And now, it's not geeky to own a
computer. But once-upon-a-time (as in when some of us, yer elders, were kids),
it was only geeky people what had them. Anyway, agreed with tptacek,
completely.

~~~
Duff
That's just not true!

Remember CB radios? They were hot in the seventies with consumers -- and many
of the bigger units had scanner functions as well. Any decent newspaper has
had a scanner running in the newsroom since the 1960's, although the older
models required you to set 5-10 frequencies using crystals.

Police radios are mostly used to dispatch and provide baseline information
about incidents. There's no chatter about confidential informants, etc. Take
10 minutes, go to any of the scanner webcast sites on the internet and listen
to the traffic for a few minutes.

~~~
whomelse
Duff, I don't think police dispatch radio is what the original article was
talking about with regard to encryption. It seemed to be about tactical radios
used by the FBI, etc.

------
shabble
Previous thread at <http://news.ycombinator.com/item?id=2874301> although not
a lot of comments.

------
Wistar
As usual, Matt Blaze is amazing.

~~~
marshray
Travis Goodspeed is a neat guy too. Here are some pics on the girl's toy that
defeats the secure radios. [http://travisgoodspeed.blogspot.com/2010/03/im-me-
goodfet-wi...](http://travisgoodspeed.blogspot.com/2010/03/im-me-goodfet-
wiring-tutorial.html)

~~~
calloc
Not sure if he still does it, but he used to send out GoodFET's free of charge
so long as you'd build them. I've used his programmer to program multiple
different chips and it is absolutely fantastic.

~~~
reemrevnivek
He still does, according to my experience getting a pair of GoodFET31s some
time ago, and according to <http://goodfet.sourceforge.net/>:

> Hardware and software are available under the BSD license, and free-as-in-
> beer boards will be given to those who ask politely. Email Travis Goodspeed,
> travis at radiantmachines.com, to get involved.

The hardware is very simple and cheap, and the software stack and community is
great. Travis is definitely a great guy.

------
feb
A big lesson from this post (at least for me) is how much user interface
affects security. He references an older paper "Why Johnny Can't Encrypt"
(<http://www.gaudior.net/alma/johnny.pdf>) where the negative impacts of the
user interface in PGP 5.0 are analyzed. This is an old lesson which was not
taken into account for the secured P25 handsets.

A similar analysis of the certs/SSL protection in browsers would be very
interesting too.

