We have reached
the age where advancements in radio technology make communicating easy,
widespread, and reliable. Now the security of the communication becomes
as important as the communication itself. In this chapter, we’ll discuss
communications security (COMSEC), that is, methods that keep important
communications secure. We’ll also talk about transmission security
(TRANSEC) — schemes that make it difficult
for someone
to intercept or interfere with your communications.
COMSEC
COMSEC uses
scrambling or cryptographic techniques in order to make information unintelligible
to people who do not have a need to know or who should not know. We’ll
differentiate here between cryptographic or ciphering techniques applied
to digital signals and scrambling techniques applied to analog signals.
Cryptography is the process of encrypting (translating) infor-mation into
an apparently random message at the transmitter and then deciphering the
random message by decryption at
the receiver.
Historically, sensitive information has been protected through the use
of codes. The sender would manually encode the messages before transmission
and the recipient would manually decode the messages upon receipt. Today’s
electronic technolo-gies allow the coding/decoding process to occur automatically.
The process involves using a mathematical algorithm, coupled with a key,
to translate information from the clear to the encrypted state. If sensitive
information is transmitted without the protection of cryptography and the
information is inter-cepted, it would require little effort or resources
to understand the transmittal. The US Government has established standards
for the degree of protection required for different levels of classi-fied
and sensitive information. In voice communications systems that do not
require extremely high security, you can protect against casual eavesdropping
by scrambling. Scrambling, as an analog COMSEC technique, involves separating
the voice signal into a number of audio sub-bands, shifting each sub-band
to a different audio frequency range, and combining the resulting sub-bands
into a composite audio output that modulates the transmitter. A random
pattern controls the frequency shifting. The technique of scrambling the
pattern is similar to sending a message with a decoder ring, like the ones
sometimes found in children’s cereal boxes. You can, for example, designate
that the letter c be ciphered as g, a as n, and t as w, so that when you
receive the message gnw, you decode it as cat. Descrambling occurs at the
receiver by reversing the process. Harris’ Analog Voice Security (AVS)
allows for easy entry into the
communications
net because it does not require synchronization with other stations. In
digital encryption the data, which may be digitized voice (as
described
in Chapter 5), is reduced to a binary data stream. The cryptographic engine
creates an extremely long, non-repeating binary number stream based on
a traffic encryption key (TEK). The data stream is added to the cryptographic
stream, creating the encrypted data, or cipher text. A binary stream created
in this fashion is inherently unpredictable; it also provides a very secure
method of protecting information. On the other hand, all analog signals
are more predictable and thus less secure. The data encryption strength,
which is the degree of difficulty in determining the message content, is
a function of the complexity of the mathematical algorithm coupled with
the key. The key is a variable that changes the resynchronization of the
mathematical algorithm. Protection of the key is vital. Even if an unwanted
organization gains access to the encrypted informa-tion and has the algorithm,
it is still impossible to decrypt the
information
without the key. The US Government has developed rigorous key management
procedures to protect, distribute, store, and dispose of keys.
In the past,
keys were manually loaded into a cryptographic device by using a paper
tape, magnetic medium, or plug-in transfer device. Creation and secure
delivery of keys to each user were significant problems in both logistics
and record keeping. One type of key management system also used in the
commer-cial sector is public key cryptography. Under this standard, each
user generates two keys. One is the public key, “Y,” and the other
is the private
key, “X.” The Y value derives from the X value. The strength of such a
system lies in the difficulty of deriving X from Y; what is encrypted with
the Y key can only be decrypted with the X key. By openly disseminating
the user’s public Y key, and retaining sole access to the private X key,
anyone can send a secure message to you by encrypting it with your public
Y key. You are the only one, though, who can decrypt the message, since
only you have the private X key. In a network using this public key system,
two-way secure communications are possible among all network users. This
is called an asymmetrical key system. The alternative is a symmetric key
system, in which the same key encrypts and decrypts data. Because both
the originator and all recipients must have the same
keys, this
system offers the highest levels of security. Harris has led the way in
developing state-of-the-art electronic means to secure and distribute key
material for these symmetric key-based communications systems. A recent
development applicable to radio networks employs Over-The-Air-Rekeying
(OTAR). This technique nearly eliminates the need for manual loading of
keys and provides a secure key management. OTAR is based upon a benign
key distribution system. It includes a key encryption key (KEK) used to
encrypt the TEK and any other operational COMSEC or TRANSEC keys. This
process is referred to as “wrapping” so as to differentiate it from traffic
encryption. The KEK is the only key that must be initially loaded into
both the sending and receiving units. Usually, an initial set of operational
keys are loaded at the same time. After wrapping, subsequent distribution
can use any physical or electronic means. In an OTAR system, the wrapped
keys are inserted into a message and sent over a radio link to the intended
station using error-free transmission protocols (an error would render
the keys useless). The link used for transmission is usually secured by
the TEK currently in use. Thus, the key mate-rial is doubly protected when
sent over the air, practically elimi-nating any possibility of compromise.
For a higher degree of security, it is common to digitize the voice signal
by means of a vocoder, as mentioned in Chapter 5. The resulting digital
signal is then treated like any data stream.
TRANSEC
TRANSEC employs
a number of techniques to prevent signal detection or jamming of the transmission
path. These techniques include hiding the channel or making it a moving
target. Low Probability of Detection (LPD) systems transmit using very
low power or spread the signal over a broad bandwidth so that the natural
noise in the environment masks the signal.
A related
strategy, known as Low Probability of Intercept (LPI), involves transmitting
signals in short bursts or over a wide band-width to reduce on-the-air
time. The most commonly used TRANSEC technique is frequency
hopping.
In this system, the transmitter frequency changes so rapidly that it is
difficult for anyone not authorized to listen in or to jam the signal.
The receiver is synchronized so that it hops from frequency to frequency
in a predetermined pattern in unison with the transmitter. Frequency hopping
scatters the intelligence over several hundred discrete frequencies. A
radio operator listening to one of these frequencies may hear a short “pop”
of static. A broadband receiver could perhaps capture all of these little
bursts; however, the task of picking these bursts
out of the
other natural and man-made bits of noise would be daunting, requiring a
team of experts several hours just to reassemble a short conversation.
Jamming one channel would have minimal impact on the hopping communicator.
To effec-tively jam a frequency-hopping radio, most or all of the frequen-cies
that the hopping communicator uses would have to be jammed, thus preventing
the use of those frequencies as well.
Harris’ AN/PRC-117,
AN/PRC-138, and RF-5000 FALCON trans-ceiver series of products are highly
rated for their frequency-hopping capabilities.
Harris’ RF
Communications Secure Products Line is a preferred supplier of information
security for the US Government and the US Department of Defense. It is
a leader in the development and production of US Government and exportable
security products. The NSA-endorsed WINDSTER Key Generator Module and SKMM
(Standard Key Management Module) line of products has full OTAR capabilities
and meets NSA’s rigorous Commercial COMSEC Endorsement Program requirements.
Harris’ COMSEC/TRANSEC
Integrated Circuit (CTIC) and COMSEC/TRANSEC Integrated Circuit/DS-101
Hybrid (CDH) provide system embedders and US Government customers protection
of highly classified information using state-of-the-art TRANSEC/COMSEC
techniques. The company also provides a
comprehensive
line of secure products for the export market. SUMMARY
• COMSEC uses cryptography or scrambling to make information unintelligible to people who do not have a need to know or who should not know.
- The security level of a COMSEC system depends on the mathematical soundness of the algorithms and the number of variables in the key.
- Protection of the key is vital to securing the transmitted information.
- Public key cryptography is widely used in the commercial sector.
• Over-The-Air-Rekeying (OTAR) eliminates the need for manual loading of keys and provides a more secure method of key management.
• TRANSEC protects the transmitted signal itself, to prevent signal detection or jamming of the transmission path.
- Low Probability of Detection (LPD) systems use spread-spectrum and other techniques to “hide” the signal beneath the natural noise level.
- Low Probability of Interception (LPI) radios transmit compressed digital data in short bursts or over a wide bandwidth.
- Frequency-hopping
radio systems jump rapidly in unison, from one frequency to another in
apparently random patterns, using a common timing reference.