COMMUNICATIONS SECURITY: GETTING ELECTROMAGNETIC TRANSMISSIONS THROUGH SECURELY
What a change in communications over the last 99 years. In August 1920, when the UK’s Royal Corps of Signals was formed as a separate entity, independent from the Engineers, they chose the Latin motto “Certa Cito” which translates into English as “Swift and Sure”. As other Commonwealth countries formed their own signal corps, they too adopted this same Latin motto. At that stage and communications involved foot messengers, lamps, semaphore, despatch riders, telegraph lines for voice and morse (via Fullerphones), large clumsy battery powered valve radios and pigeons.
Swift and Sure” is still a great signal corps motto today. Messages, including all data types, need to get through swiftly and securely to their intended recipient(s) who must acknowledge safe receipt. Apart from protecting against unauthorised interception, the communications links need to be maintained in full working order, usually with some form of redundancy available at short notice, to pass their vital traffic.
Modern communication methods, whose security is frequently referred to as COMSEC, has had technology developments such as transmissions using frequency agile equipment for frequency hopping or direct sequence spread spectrum which can be understood accurately by their intended receivers but just sound like static to unintended third parties.
Sometimes the transmitters have widely varying modulation methods and power outputs. Information is routinely protected by a layer of cryptographic tools, based on sophisticated computer algorithms.
There is also widespread use of fibre optic cables which are impossible to intercept since they do not have an external electromagnetic field. The greatest threat to their security is having the cable cut, either on land or on the sea bed. This necessitates always having access to alternative cable routings, or to fall back to long distance high frequency radio traffic, also in place should satellite communications be denied.
Physical security of communications equipment often requires it to be separated into red signals (classified plaintext security) and black signals (encrypted information, often called cyphertext), together with current secure access codes, some of which could require the user’s biometric authentication.
A good example of modern communications security is Raytheon’s development of Identification Friend or Foe Mode 5 systems which allow crews to positively identify friendly aircraft using a secure, encrypted code, increasing situational awareness and reducing the potential for fratricide.
Raytheon said recently that it is preparing US and other partner military aircraft to meet a new Identification Friend or Foe (IFF) National Security Agency, Joint Chiefs of Staff, and NATO mandate which requires Mode 5 to replace Mode 4 by June 2020.
Mode 4 IFF uses Morse code-like signals and which has been in use since the mid-1950s for military identification. Mode 5 extends the range beyond Mode 4 and upgrades the signalling waveforms, making communication faster and more secure. Mode 5’s sophisticated modulation techniques changes its codes every few seconds to ensure rapid identification.
There is a tendency now to assume the term “communications” implies that the information being transmitted or received is confined to voice, data, images, and/or video, usually with computers involved at some stage, but this is an old-fashioned view. Sensor emissions from radars, sonar, magnetic influence sweeps, chemical weapon detectors, unattended ground sensors and thermal imagers, require varying levels of communications security.
It is now time to take a look at the four main elements of COMSEC for a military communications network.
The physical location of transmitters and receivers has an impact on the COMSEC measures which need to be adopted. Operating from a building obviously presents different challenges from working in a warship, moving armoured vehicle, or aeroplane.
Physical security covers all the physical measures necessary to deny unauthorised access to, or observation of, antennas and/or facilities including rooms containing classified communications equipment, media, transmission feeders, documents, safes, or other material. This covers both human access and the planting of detection or recording equipment in places from where it can subsequently be recovered for analysis.
A land communications centre needs cleared lawns or gravel around it so there is no cover for any attempt at unauthorised access. Physical security systems for these protected facilities are generally intended to:
• deter potential intruders by warning signs and perimeter markings, restricted access points, security lighting, implying successful access is unlikely because of strong defences,
• immediately detect intrusions by cameras or motion sensors and monitor/record intruders, and
• trigger appropriate incident responses by security personnel.
Methods used for legitimate access can include some or all of multiple layers of interdependent systems like CCTV or IP surveillance cameras, security personnel patrolling or specifically guarding entry to the communications facility, access control protocols, protective barriers, personal date limited ID cards with embedded chips, physical or electronic locks, biometric authentication by fingerprint or iris scanning.
Some of these access protections are also required to enter classified areas of military platforms, especially on warships.
The emission security element of COMSEC is to provide protection for information of value to unauthorised people or adversaries who seek to obtain it by intercepts of communication systems, including those messages transmitted by cable (wire or fibre optic) or radio based on the workings of cryptographic equipment. It is also very much concerned with emanations from information and telecommunications systems.
Most APDR readers will be familiar with US and NATO TEMPEST specifications which cover ‘spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and how to shield equipment against such spying.’ Most TEMPEST especially information is classified, for spying on computer emissions, as the author well knows from his former managerial responsibilities including an Australian state office of an international computer company with significant defence business, which included TEMPEST rated rooms. These mainly related to protecting equipment from spying by using distance, shielding, filtering, and masking.
However, there are some publicly released TEMPEST standards which ‘mandate elements such as equipment distance from walls, amount of shielding in buildings and equipment, and distance separating wires carrying classified vs. unclassified materials, filters on cables, and even distance and shielding between wires or equipment and building pipes. Noise can also protect information by masking the actual data.’
One APDR source states that ‘While much of TEMPEST is about leaking electromagnetic emanations, it also encompasses sounds and mechanical vibrations. For example, it is possible to log a user’s keystrokes using the motion sensor inside smartphones. Compromising emissions are defined as unintentional intelligence-bearing signals which, if intercepted and analysed (side-channel attack), may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment.
‘TEMPEST certification must apply to entire systems, not just to individual components, since connecting a single unshielded component (such as a cable or device) to an otherwise secure system could dramatically alter the system RF characteristics. ‘TEMPEST standards require “RED/BLACK separation”, i.e., maintaining distance or installing shielding between circuits and equipment used to handle plaintext classified or sensitive information that is not encrypted (RED) and secured circuits and equipment (BLACK), the latter including those carrying encrypted signals. Manufacture of TEMPEST-approved equipment must be done under careful quality control to ensure that additional units are built exactly the same as the units that were tested. Changing even a single wire can invalidate the tests.’
The Holy Grail tenets of transmission security (TRANSEC) are low probability of interception, low probability of detection and resistance to jamming.
Methods used to achieve transmission security include frequency hopping and spread spectrum where the required pseudorandom sequence generation is controlled by a cryptographic algorithm and key. Such keys are known as transmission security keys. Brand names for modern US and NATO TRANSEC-equipped radios include SINCGARS and HAVE QUICK
For example, L3Harris advise their ‘SINCGARS RT-1523 VHF Radio is a ruggedised system equipping soldiers with secure voice and data communications. Military personnel can manage multiple operations using flexible frequency selections and security options available on the front panel. This SINCGARS VHF radio is engineered to meet versatile mission needs—as a manpack to soldiers at dismount, and on-the-move with the Vehicular Amplifier Adapter (VAA). As a manpack, it allows a C2 application to access the Tactical Internet.
‘The RT-1523 enhances soldier safety and awareness with a radio-based combat identification (RBCI) capability, which can perform in an interrogator or responder role on the ground or in the air. When combined with the available embedded Selective Availability Anti-spoofing Module (SAASM) GPS receiver option, it provides secure voice, data and position location reporting in a single system.’
HAVE QUICK is an electronic countermeasures resistant/frequency-hopping system used to protect military aeronautical mobile radio traffic from jamming.
A description sourced by APDR states that ‘Aircraft and ground radios that employ HAVE QUICK must be initialized with accurate Time of Day (usually from a GPS receiver), a Word Of the Day, and a NET number (providing mode selection and multiple networks to use the same word of the day). A word of the day is a transmission security variable that consists of six segments of six digits each. The word of the day is loaded into the radio or its control unit to key the HAVE QUICK system to the proper hopping pattern, rate, and dwell time. The word of the day, time of day and net number are input to a cryptographic pseudorandom number generator that controls the frequency changes.
‘HAVE QUICK is not an encryption system, though many HAVE QUICK radios can be used with encryption, e.g. the KY-58 VINSON system. HAVE QUICK is not compatible with SINCGARS, the VHF – FM radios used by ground forces, which operate in a different radio band and use a different frequency hopping method; however, some newer radios support both’.
The reference above to different radio frequency bands is because SINCGARS VHF radios work in the 30-88 MHz Military VHF FM (frequency modulation) spectrum, while HAVE QUICK radios are typically harmonised on the 225–400 MHz UHF band (part of NATO B band).
Cryptographic security is achieved by proper use of technically sound cryptosystems with the aim of ensuring message confidentiality and authenticity, which includes non-repudiation of critical plans and orders.
Early codes were based on letter substitutions, but these were easily broken by applying alphabetic letter frequency analysis. World War 1 saw the introduction of basic crypto machines with revolving cylinders, which were developed further into the German Engima machines whose codes were first broken by Polish cryptographers. However, as the start of World War 2 appeared inevitable, these same cryptographers realised they were going to be over-run by German military forces so they described their decryption analysis techniques to two members of the British codebreaking group operating at Bletchley.
Alan Turing then devised an automated machine which simulated the workings of an Enigma machine, called a “bombe”. The most powerful, one christened Agnus Dei, was delivered to Bletchley in August 1940. By February 1942 there were 16 bombes in operation at Bletchley exploiting cribs, checking scrambler settings and revealing Enigma keys, each one clattering like a million knitting needles. On a good day they could find that day’s Engima code within an hour. Their work is claimed to have shortened the Second World War by up to two years.
During World War 2 the use of one-time pads afforded good Allied security, but as always, the challenge was to get the correct pads securely to their intended users. Codes based on words from a page of a selected book were virtually uncrackable unless one knew which book was being referred to. The problem with key based codes has always been secure delivery to their intended recipients, since detection of their interception would be highly difficult to achieve.
It has only been with the widespread use of fast computers, with their computational abilities for such techniques as factorising a very large number into two prime numbers, that has made it possible to make cryptographic algorithms very hard to break in practice. Most descriptions of how these work use the convention for Alice sending a message to Bob as the intended recipient (from A to B), without Eve (“the eavesdropper”) being able to successfully intercept and understand its contents.
On occasion, when being shown over RNZN warships, the author has seen the practical implementation of the red signal and black signal separation into separate communication centres. Obviously classified plaintext red signals pose a greater risk if intercepted than encrypted black signals, so TEMPEST standards insist on good separation and physical shielding between equipment and transmission cables carrying these two types of traffic. This can even apply to fibre optic cables.
Similar standards have to apply to the cryptographic keys being used. Black keys are already separately encrypted so do not present as many problems in secure handling as red keys which need to be handled as sensitive material.
The introduction of EA-18G Growler electronic warfare aircraft into the RAAF’s fleet allows these aircraft to neutralise adversary communications and sensors. They can do this by spoofing, narrow band and broadband spectrum jamming.
Spoofing is where the Growler inspects an incoming signal to understand its purpose, then responds with an apparently valid but misleading response designed to confuse the original sender.
Spectrum jamming can be just a small band of frequencies or across a wide range. Growler’s jamming pods can produce up to 34 KW of electricity which, when converted into electromagnetic signals, will drown out any or all radio ground stations in the focused area.
It is obviously not possible to delve much more deeply into the topic of communications security before starting to enter unwittingly into the realms of classified information. Better to stop at this stage.
However, the perceptive APDR reader will have noted that the author has not covered security challenges with military computer information system networks. The reason for this is that inter-computer communications are one form of the traffic covered, typically being text, data, video and images.
Computer networks do bring their own special problems with users inadvertently letting malware enter and propagate to target computers within the network. Because of the problems this can pose for communications security, there is a separate article in this APDR edition on the topic of cyber security.