

Security Flaws in Encrypted Police Radios - wicknicks
http://www.schneier.com/blog/archives/2011/08/security_flaws.html

======
tptacek
It's a cool paper and almost none of it depends on knowing much about low-
level crypto vulnerabilities.

Police tactical radios are an interesting case where denial of service and
traffic analysis are genuinely threatening scenarios. Most modern crypto
protocols aren't built to be secure from either. So right off the bat, you
have a paper saying they can shut police tactical radios off for entire metro
areas.

I'm not sure how true that is of digital domain RF in general, though.

The confidentiality flaws here seem to boil down to usability; the
configuration and metadata used by this system is so brittle that trivial
real-world setbacks preclude encryption; these happen so often that police
teams don't even notice when encryption isn't enabled.

~~~
iwwr
However, jamming apparatus can be tracked down just as well. Would we be
seeing anti-ECM trained triangulation teams of the police?

~~~
wglb
Triangulation of interference can be a time-consuming process. Like my EE
professor (who spent the war years building $100 radar jamming tools that
rendered million-dollar radar sets inoperative) said, the odds are stacked in
favor of the jammer.

A crude example is a ham-radio fox hunt. A radio is hidden somewhere in a pre-
agreed area and teams of foxhunters are set loose once the fox ready to go. If
the fox is exactly one transmitter and its power is steady, it can still take
the better part of an hour, for example, to locate a fox hidden within a one
block area.

So increase the ability of the trackers, say with doppler direction finders
mounted on roofs. Now the jammers can do the following things to continue to
wreak havoc.

1) Vary the power in 3db steps, perhaps in a loose random fashion. Fox-hunting
techniques include rotating an antenna and pinpointing where signal strength
peaks.

2) Using carefully time-syncronized jamming boxes, scatter three or four of
them around the area and have them turn take turns being on. Or have two out
of three on in some overlapping way.

3) Combine 1&2.

4) Oh, make them mobile.

------
ChuckMcM
When I first heard Sandy Clark (one of the authors of the paper) talk about
this I was pretty amazed. One would presume that "most" use of the system is
as designed but alas no.

