Print Friendly, PDF & Email

On August 17, 2011 at the 20th Usenix Security Symposium, Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze presented a paper Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System.  These noted experts conducted in-depth research on the numerous vulnerabilities of digital P25 radio systems when operated in the encrypted and clear mode.  Please read their work below.  How long will it be until emergency communication is intentionally disrupted during a critical incident?

According to these cryptography scientists, P25 systems are strikingly vulnerable to denial of service. Most radio systems have the property that an adversary must deliver to the receiver at least as much energy as the targeted transmitter to effectively “jam” a signal. Old-fashioned analog FM modulation, for example, requires the jammer to have a slightly more powerful signal than the legitimate transmitter, and also forces the adversary to broadcast more or less continuously to cause lasting disruption. (This also makes jammers relatively easy to locate.) Digital spread-spectrum systems can disadvantage a jammer even more, requiring far more energy, spread over a wide frequency range, to disrupt a targeted signal. Jamming in most radio systems is thus somewhat costly as well as somewhat risky, an arms race in which the legitimate users enjoy the upper hand.

But a peculiarity in P25’s error correction scheme reverses the defender’s natural advantage, especially for voice traffic. P25 voice transmissions are digitized as a sequence of 1728 bit “frames”, each encoding 180 milliseconds of audio. Because digital data sent over radio is subject to bit errors from fading and interference, frames include redundant data that allows a certain number of errors to be corrected automatically by the receiver, which makes P25 perform better under less-than-ideal conditions. Toward the beginning of each frame is a 64 bit field, called the “NID”, that identifies the type of frame. But the NID is error corrected separately from the rest of the frame. This makes it possible for an attacker to effectively prevent an entire voice frame from being correctly received by synchronizing a jamming transmitter to interfere only with the 64 bit NID field; it can remain silent for the rest of the frame. That means that a synchronized P25 jammer needs to itself transmit for only about four percent of the duration of the signal it wants to jam. In other words, it requires 25 times less energy to jam a P25 signal than the signal itself, giving the attacker an enviable advantage right from the start.

P25 Security Mitigation Guide

Analysis of the vulnerabilities of one-way cryptography