Researcher eyes holes in Triple Zero radio
Emergency services are using weak and outdated encryption to secure digital radio communications, according to National ICT Australia researcher Steven Glass.
(Space profile image by Motorpsykhos, CC2.0)
Most emergency services use the 56-bit Data Encryption Standard (DES), which has been surpassed by much stronger levels of encryption and is considered unsafe, Glass told ZDNet Australia.
Glass is conducting a PhD on emergency systems at Griffith University and is investigating the security of existing and future communications platforms. He also works in NICTA's Queensland research lab on the Safe II Networks project, which is working to mitigate shortcomings as well as improve performance and reliability in emergency networks.
The mode of encryption the emergency services use is suggested, but not mandated, within the P25 communications standard, which is used by emergency services in Australia, New Zealand, the United States, Canada and across Asia, according to Glass.
While it would take about 20 years to crack the 56-bit encryption using a single computer, Glass said that time could be slashed to about a week with access to sufficient processing power.
According to Glass, if the encryption currently used by emergency services was cracked, an attacker could impersonate radio terminals on the networks.
"Because [encryption and authentication] aren't tied together, it is possible to pose as a legitimate node that is already signed in to the network," he said, adding that the issue has been presented to state and federal police.
"[Cracking into the encryption] is quite trivial with the software equipment we have."
He said that contrary to good security practice, Australia's emergency services reuse encryption keys, which decode scrambled communications, meaning a successful attack would compromise data across multiple channels and users.
But the system is still "reasonably secure", according to Glass, because of the processing requirements needed to conduct a brute force attack to crack the encryption. "There are no huge worries … brute force is the best attack for key recovery."
Glass has teamed-up with other researchers to develop open-source software for those who want to implement the P25 standard used by emergency services via a software-defined radio.
Software-defined radio has many benefits, according to Glass. Not only is it cost effective, but it also has increased functionality: for example, traffic can be logged onto a disk for later analysis.
Glass and fellow researcher Matt Robert will talk about software-defined radio at the Ruxcon security conference in Melbourne next week.