How To Decrypt Apco 25 Encryption Definition
An anonymous reader writes 'Two Australian security researchers, Stephen Glass and Matt Robert, have published a paper that details (PDF) in the, used by emergency services and police departments world-wide. The paper details flaws in the DES-OFB and ADP encryption that enable the encryption key to be recovered by traditional brute force key searching. Also detailed is a DoS attack that makes use of unauthenticated radio inhibit mechanism. The research is part of the, which uses to implement a P25 stack using software defined radio.
The vast majority of the National Security Agency's work on encryption is. APCO Project 25, MYK-85, Fortezza Plus. U-AYJ Flight Decrypt Chip (Cardholder.
With this solution in place, the researchers were able to do detailed analysis of the traffic coming from various radio systems and to transmit and receive to P25 radios in their lab.' Comparable equipment has traditionally cost in the 10s of thousands. Only in the last two or three years has it been in the home hobbyist range. Granted its not cheap, but its about the same as a good gaming rig. And its far less than car or shooting enthusiasts tend to spend.
That said, the $1700 only includes the motherboard (fpga and ADC/DAC) and enclosure, not the receiver. The receivers range from a hundred to almost five hundred depending on what you need. Same API to control all of them though. If you want to mess with the fpga instead of doing it all on the PC you probably want the slightly cheaper motherboard so you can use the free xilinx webpack ise instead of the crazy expensive one. Comblocks also has a nice SDR offering but getting it to the PC at a decent speed is still around $800 at least, and I don't know how clean the software interface is. Slapping an fpga and highspeed ADC onto a custom PCB is easy enough, you can get such things from knjn prebuilt, but you really need gigabit ethernet or faster to do software processing on significant bandwidth and those sorts of interfaces tend to need five and six layer PCBs which aren't DIY and jack up the price. Perhaps the USB3 interfaces will be more hobby friendly.
You still need a software controlled wideband receiver too, maybe heathkit will step up on that one. All in all, the USRP is reasonable, though its been getting more expensive due to more features, and NI buying them might be involved too, NI doesn't tend to make cheap stuff. Slapping an fpga and highspeed ADC onto a custom PCB is easy enough, you can get such things from knjn prebuilt, but you really need gigabit ethernet or faster to do software processing on significant bandwidth and those sorts of interfaces tend to need five and six layer PCBs which aren't DIY and jack up the price. Perhaps the USB3 interfaces will be more hobby friendly. You still need a software controlled wideband receiver too, maybe heathkit will step up on that one.
All in all, the USRP is reasonable, though its been getting more expensive due to more features, and NI buying them might be involved too, NI doesn't tend to make cheap stuff. Cypress already announced EZ-USB 3, if its anything like FX2LP implementing solutions will be a breeze cypress.com. Once a radio has been stunned by the receipt of an inhibit command the standard requires that it remains in-operational and unresponsive to the operator console or device programming interface until it receives an “uninhibit” XFC on the frequency it received the inhibit. The attack exploits the lack of any guarantee of authenticity for the frame Inhibit/Uninhibit types. Note that the XFC message payload may be sent either encrypted (P=1) or un-encrypted (P=0). Not a desirable property in a supposedly secure crypto system!
Based on the article, it seems the system is often restricted to a small common subset of security/authentication due to needing to maintain interoperability with legacy elements (e.g. DES-OFB encryption must be available where used, but others are optional). In other words, they (may not be able to) keep a secret because the other stuff doesn't understand HOW to. As to how effective their security would be otherwise, I couldn't say, although apparently authentication is a major problem that would need attent.
What I really like is the non judgemental approach. Yes, there are some pretty smart cookies on the forum.
Motorola was split into two different companies early in 2011. Motorola Solutions -effectively the old Motorola- makes the public safety and business radio equipment and some other things. They are the ones who make the P25 and TETRA and other radio gear. Motorola Mobility -effectively some non-core businesses which we basically spun off or shed, if you like- which makes the cellphones and cable boxes and some other things is the part Google has offered to buy.
While they share the Motorola na.
An anonymous reader writes 'Two Australian security researchers, Stephen Glass and Matt Robert, have published a paper that details (PDF) in the, used by emergency services and police departments world-wide. The paper details flaws in the DES-OFB and ADP encryption that enable the encryption key to be recovered by traditional brute force key searching. Also detailed is a DoS attack that makes use of unauthenticated radio inhibit mechanism. The research is part of the, which uses to implement a P25 stack using software defined radio.
With this solution in place, the researchers were able to do detailed analysis of the traffic coming from various radio systems and to transmit and receive to P25 radios in their lab.' Comparable equipment has traditionally cost in the 10s of thousands.
Only in the last two or three years has it been in the home hobbyist range. Granted its not cheap, but its about the same as a good gaming rig. And its far less than car or shooting enthusiasts tend to spend. That said, the $1700 only includes the motherboard (fpga and ADC/DAC) and enclosure, not the receiver. The receivers range from a hundred to almost five hundred depending on what you need. Same API to control all of them though.
If you want to mess with the fpga instead of doing it all on the PC you probably want the slightly cheaper motherboard so you can use the free xilinx webpack ise instead of the crazy expensive one. Comblocks also has a nice SDR offering but getting it to the PC at a decent speed is still around $800 at least, and I don't know how clean the software interface is. Slapping an fpga and highspeed ADC onto a custom PCB is easy enough, you can get such things from knjn prebuilt, but you really need gigabit ethernet or faster to do software processing on significant bandwidth and those sorts of interfaces tend to need five and six layer PCBs which aren't DIY and jack up the price.
Apco-25 Common Air Interface Exclusive
Apco 25 Digital Audio Decoding Scanner
Perhaps the USB3 interfaces will be more hobby friendly. You still need a software controlled wideband receiver too, maybe heathkit will step up on that one. All in all, the USRP is reasonable, though its been getting more expensive due to more features, and NI buying them might be involved too, NI doesn't tend to make cheap stuff. Slapping an fpga and highspeed ADC onto a custom PCB is easy enough, you can get such things from knjn prebuilt, but you really need gigabit ethernet or faster to do software processing on significant bandwidth and those sorts of interfaces tend to need five and six layer PCBs which aren't DIY and jack up the price. Perhaps the USB3 interfaces will be more hobby friendly. You still need a software controlled wideband receiver too, maybe heathkit will step up on that one.
All in all, the USRP is reasonable, though its been getting more expensive due to more features, and NI buying them might be involved too, NI doesn't tend to make cheap stuff. Cypress already announced EZ-USB 3, if its anything like FX2LP implementing solutions will be a breeze cypress.com. Once a radio has been stunned by the receipt of an inhibit command the standard requires that it remains in-operational and unresponsive to the operator console or device programming interface until it receives an “uninhibit” XFC on the frequency it received the inhibit. The attack exploits the lack of any guarantee of authenticity for the frame Inhibit/Uninhibit types. Note that the XFC message payload may be sent either encrypted (P=1) or un-encrypted (P=0). Not a desirable property in a supposedly secure crypto system!
Based on the article, it seems the system is often restricted to a small common subset of security/authentication due to needing to maintain interoperability with legacy elements (e.g. DES-OFB encryption must be available where used, but others are optional). In other words, they (may not be able to) keep a secret because the other stuff doesn't understand HOW to.
As to how effective their security would be otherwise, I couldn't say, although apparently authentication is a major problem that would need attent. Motorola was split into two different companies early in 2011. Motorola Solutions -effectively the old Motorola- makes the public safety and business radio equipment and some other things. They are the ones who make the P25 and TETRA and other radio gear. Motorola Mobility -effectively some non-core businesses which we basically spun off or shed, if you like- which makes the cellphones and cable boxes and some other things is the part Google has offered to buy. While they share the Motorola na.