[Ares-races] COMSEC

Jerry Reimer [email protected]
Sat, 21 Sep 2002 07:20:05 -0500 

I received a few replies to my previous post that require a general reply.

Here is the bottom line, if it is sent on a radio wave, then it CAN be 
intercepted.  If that intercept can be understood, then it can be 
exploited.   If you do not want someone else to hear the message, then 
do not send it on radio.  The goals of communications security are to 
deny unintended recipients from 1-intercepting the signal, and 
2-understanding what they receive.  Working on either goal will achieve 
the same result.  The important part is to deny them understanding only 
as long as necessary for the operation to be completed.  The message 
content does not need to be protected against years of NSA analysis.

Denying intercept may mean using uncommon frequencies such as 220, 1.2, 
2.4, 10 GHz, or frequently changing frequencies.  Short of using 
prohibited codes, denying access to the message content may mean nothing 
more than using an uncommon mode, or a mode not commonly used on that band.

IF you are limited to only using FM voice on 144-148 MHz, then there are 
not many good security measures, other than simplex on odd or little 
used frequencies.  Perhaps a pre-arranged rotating frequency change 
every few hours, updated each day.  Of course, most scanners would 
quickly pick up on this, so it might be considered as a futile effort. 
It may also be confusing to those who do not get the new frequency 
schedule. It is a technique that may provide just enough security to get 
a message through, before a someone finds where you moved.

POTS (plain old telephone system) is a VERY effective way to deny 
intercept of messages that would otherwise go via radio.  We also know 
that field telephones, like any system, they have limitations, which is 
mostly that they are not very portable, have a limited distance, and are 
usually only point-to-point.  The advantage they have over radio is that 
they are comparatively far more secure.

IF possible modes include digital, then several can be implemented with 
nothing more than a laptop computer running free software such as 
WinPack and AGWPE.  If the laptop sound card can run WinPack, then it 
can also run MixW and provide all sorts of other modes (Throb, fax, 
SSTV, RTTY), especially if you have a SSB transceiver.  How about 
running PSK31 on 2M SSB?  Clearly all these suggestions have the same 
objection as those I observed with military encryption gear, more stuff 
to haul around and keep running, but this is only a common laptop computer.

Any code will require training in how to use it, and there is also the 
issue of physically distributing the code to those who need it.  Most 
self-developed codes can easily be broken.  Even professional quality 
codes, if improperly used by those poorly trained, can be defeated.  
Codes are prohibited in Part 97, but may be possible on public safety 
frequencies, even though those frequencies may be intercepted.

My great concern is developing security methods that inadvertently delay 
or deny important information from getting to the intended recipients.
 
There are not easy nor simple answers, but there is a large range of 
potential solutions.

Jerry Reimer, KK5CA
District Emergency Coordiantor
Harris County, TX