August 11, 2011Security Flaws in Encrypted Police Radioshttp://www.schneier.com/blog/archives/2011/08/security_flaws.html"Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System," by Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze.  Abstract: APCO Project 25a (P25) is a suite of wireless communications protocols used in the US and elsewhere for public safety two-way (voice) radio systems. The protocols include security options in which voice and data traffic can be cryptographically protected from eavesdropping. This paper analyzes the security of P25 systems against both passive and active adversaries. We found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. We introduce new selective subframe jamming attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. We also found that even the passive attacks represent a serious practical threat. In a study we conducted over a two year period in several US metropolitan areas, we found that a significant fraction of the encrypted P25 tactical radio traffic sent by federal law enforcement surveillance operatives is actually sent in the clear, in spite of their users belief that they are encrypted, and often reveals such sensitive data as the such sensitive data as the names of informants in criminal investigations.I've heard Matt talk about this project several times. It's great work, and a fascinating insight into the usability problems of encryption in the real world.News article. http://blogs.wsj.com/digits/2011/08/10/security-flaws-in-feds-radios-make-for-easy-eavesdropping/?mod=WSJBlog&mod=The actual .pdf copy of the report ca be obtained at the folliwng clearnet link: http://online.wsj.com/public/resources/documents/p25sec08102011.pdfAfter looking it over, all I can say is: "What a clusterfuck!"Nightcrawler <Nightcrawler@SR>PGP-Key: 4096R/BBF7433B 2012-09-22Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433Bhttp://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090