We have reached
the age where advancements in radio technology make communicating easy,
widespread, and reliable. Now the security of the communication becomes
as important as the communication itself. In this chapter, we’ll discuss
communications security (COMSEC), that is, methods that keep important
communications secure. We’ll also talk about transmission security
(TRANSEC) — schemes that make it difficult
for someone to intercept or interfere with your communications.
scrambling or cryptographic techniques in order to make information unintelligible
to people who do not have a need to know or who should not know. We’ll
differentiate here between cryptographic or ciphering techniques applied
to digital signals and scrambling techniques applied to analog signals.
Cryptography is the process of encrypting (translating) infor-mation into
an apparently random message at the transmitter and then deciphering the
random message by decryption at
the receiver. Historically, sensitive information has been protected through the use of codes. The sender would manually encode the messages before transmission and the recipient would manually decode the messages upon receipt. Today’s electronic technolo-gies allow the coding/decoding process to occur automatically. The process involves using a mathematical algorithm, coupled with a key, to translate information from the clear to the encrypted state. If sensitive information is transmitted without the protection of cryptography and the information is inter-cepted, it would require little effort or resources to understand the transmittal. The US Government has established standards for the degree of protection required for different levels of classi-fied and sensitive information. In voice communications systems that do not require extremely high security, you can protect against casual eavesdropping by scrambling. Scrambling, as an analog COMSEC technique, involves separating the voice signal into a number of audio sub-bands, shifting each sub-band to a different audio frequency range, and combining the resulting sub-bands into a composite audio output that modulates the transmitter. A random pattern controls the frequency shifting. The technique of scrambling the pattern is similar to sending a message with a decoder ring, like the ones sometimes found in children’s cereal boxes. You can, for example, designate that the letter c be ciphered as g, a as n, and t as w, so that when you receive the message gnw, you decode it as cat. Descrambling occurs at the receiver by reversing the process. Harris’ Analog Voice Security (AVS) allows for easy entry into the
communications net because it does not require synchronization with other stations. In digital encryption the data, which may be digitized voice (as
described in Chapter 5), is reduced to a binary data stream. The cryptographic engine creates an extremely long, non-repeating binary number stream based on a traffic encryption key (TEK). The data stream is added to the cryptographic stream, creating the encrypted data, or cipher text. A binary stream created in this fashion is inherently unpredictable; it also provides a very secure method of protecting information. On the other hand, all analog signals are more predictable and thus less secure. The data encryption strength, which is the degree of difficulty in determining the message content, is a function of the complexity of the mathematical algorithm coupled with the key. The key is a variable that changes the resynchronization of the mathematical algorithm. Protection of the key is vital. Even if an unwanted organization gains access to the encrypted informa-tion and has the algorithm, it is still impossible to decrypt the
information without the key. The US Government has developed rigorous key management procedures to protect, distribute, store, and dispose of keys.
In the past, keys were manually loaded into a cryptographic device by using a paper tape, magnetic medium, or plug-in transfer device. Creation and secure delivery of keys to each user were significant problems in both logistics and record keeping. One type of key management system also used in the commer-cial sector is public key cryptography. Under this standard, each user generates two keys. One is the public key, “Y,” and the other
is the private key, “X.” The Y value derives from the X value. The strength of such a system lies in the difficulty of deriving X from Y; what is encrypted with the Y key can only be decrypted with the X key. By openly disseminating the user’s public Y key, and retaining sole access to the private X key, anyone can send a secure message to you by encrypting it with your public Y key. You are the only one, though, who can decrypt the message, since only you have the private X key. In a network using this public key system, two-way secure communications are possible among all network users. This is called an asymmetrical key system. The alternative is a symmetric key system, in which the same key encrypts and decrypts data. Because both the originator and all recipients must have the same
keys, this system offers the highest levels of security. Harris has led the way in developing state-of-the-art electronic means to secure and distribute key material for these symmetric key-based communications systems. A recent development applicable to radio networks employs Over-The-Air-Rekeying (OTAR). This technique nearly eliminates the need for manual loading of keys and provides a secure key management. OTAR is based upon a benign key distribution system. It includes a key encryption key (KEK) used to encrypt the TEK and any other operational COMSEC or TRANSEC keys. This process is referred to as “wrapping” so as to differentiate it from traffic encryption. The KEK is the only key that must be initially loaded into both the sending and receiving units. Usually, an initial set of operational keys are loaded at the same time. After wrapping, subsequent distribution can use any physical or electronic means. In an OTAR system, the wrapped keys are inserted into a message and sent over a radio link to the intended station using error-free transmission protocols (an error would render the keys useless). The link used for transmission is usually secured by the TEK currently in use. Thus, the key mate-rial is doubly protected when sent over the air, practically elimi-nating any possibility of compromise. For a higher degree of security, it is common to digitize the voice signal by means of a vocoder, as mentioned in Chapter 5. The resulting digital signal is then treated like any data stream.
a number of techniques to prevent signal detection or jamming of the transmission
path. These techniques include hiding the channel or making it a moving
target. Low Probability of Detection (LPD) systems transmit using very
low power or spread the signal over a broad bandwidth so that the natural
noise in the environment masks the signal.
A related strategy, known as Low Probability of Intercept (LPI), involves transmitting signals in short bursts or over a wide band-width to reduce on-the-air time. The most commonly used TRANSEC technique is frequency
hopping. In this system, the transmitter frequency changes so rapidly that it is difficult for anyone not authorized to listen in or to jam the signal. The receiver is synchronized so that it hops from frequency to frequency in a predetermined pattern in unison with the transmitter. Frequency hopping scatters the intelligence over several hundred discrete frequencies. A radio operator listening to one of these frequencies may hear a short “pop” of static. A broadband receiver could perhaps capture all of these little bursts; however, the task of picking these bursts
out of the other natural and man-made bits of noise would be daunting, requiring a team of experts several hours just to reassemble a short conversation. Jamming one channel would have minimal impact on the hopping communicator. To effec-tively jam a frequency-hopping radio, most or all of the frequen-cies that the hopping communicator uses would have to be jammed, thus preventing the use of those frequencies as well.
AN/PRC-138, and RF-5000 FALCON trans-ceiver series of products are highly
rated for their frequency-hopping capabilities.
Harris’ RF Communications Secure Products Line is a preferred supplier of information security for the US Government and the US Department of Defense. It is a leader in the development and production of US Government and exportable security products. The NSA-endorsed WINDSTER Key Generator Module and SKMM (Standard Key Management Module) line of products has full OTAR capabilities and meets NSA’s rigorous Commercial COMSEC Endorsement Program requirements.
Integrated Circuit (CTIC) and COMSEC/TRANSEC Integrated Circuit/DS-101
Hybrid (CDH) provide system embedders and US Government customers protection
of highly classified information using state-of-the-art TRANSEC/COMSEC
techniques. The company also provides a
comprehensive line of secure products for the export market. SUMMARY
• COMSEC uses cryptography or scrambling to make information unintelligible to people who do not have a need to know or who should not know.
- The security level of a COMSEC system depends on the mathematical soundness of the algorithms and the number of variables in the key.
- Protection of the key is vital to securing the transmitted information.
- Public key cryptography is widely used in the commercial sector.
• Over-The-Air-Rekeying (OTAR) eliminates the need for manual loading of keys and provides a more secure method of key management.
• TRANSEC protects the transmitted signal itself, to prevent signal detection or jamming of the transmission path.
- Low Probability of Detection (LPD) systems use spread-spectrum and other techniques to “hide” the signal beneath the natural noise level.
- Low Probability of Interception (LPI) radios transmit compressed digital data in short bursts or over a wide bandwidth.
radio systems jump rapidly in unison, from one frequency to another in
apparently random patterns, using a common timing reference.