<< Security of defence communications is a challenge for any armed force. In this article, the author talks about the importance of cloaking data transmissions in today”s electronic battlefield >>
In the world of science fiction, cloaking devices are used to conceal warships and weapons from enemy detection. In modern day electronic battlefield, information is the strategic asset concealed by cloaking technologies.
Throughout history — demonstrated vividly in the global war on terrorism — information transmitted between locations could expose vulnerabilities. With transmissions going on continuously, it is a struggle without beginning or an end.
Hence, information security is a core function of communication products, from digital multi-mode radios to mobile ad-hoc networks.
The Four Pillars of COMSEC
COMSEC addresses four closely related, but distinctly different security areas.
- Crypto-security refers to cryptographic systems – the hardware and software used to encode and decode information. This generally consists of a set of algorithms and keys used to encode and/or decode information and the processing hardware to execute the algorithms.
- Emissions security refers to measures taken to deny unauthorised interceptions and analysis of compromising emanations from cryptographic equipment. This is generally accomplished by minimising electromagnetic emissions from the equipment.
- Physical security refers to measures taken to deny access to the cryptographic equipment to unauthorised individuals and is ultimately controlled by the end user.
- Transmission Security (TRANSEC) refers to measures taken to prevent an encoded message from being intercepted by an adversary. Even though the intercepted message would still be encoded, decoding the message would be virtually impossible for an adversary without an example of an encoded message.
The many forms of encryption
At the core of COMSEC is the concept of crypto security – the use of a cryptographic system consisting of hardware and software to encrypt data, thereby preventing adversary from decrypting that data to the greatest extent possible.
Encryption is the act of translating a plain text message that can be understood by anyone into a cipher text message that can only be understood by an individual who knows how to decrypt it. The basic steps in the encryption process are as follows:
First, define an algorithm – a procedure or formula for translating plain text into cipher text. A simple example is a substitution algorithm, in which a different letter is substituted for each letter of a plain text message to produce a cipher text. Here is a simple example of how it could work:
UNENCRYPTED MESSAGE: My dog is brown
SUBSTITUTION ALGORITHM: Replace each letter of the alphabet with the letter immediately following it.
ENCRYPTED MESSAGE: Nz eph jt cspxo
A similar simplistic approach can be used to transmit numeric messages, using a key. The algorithm is addition, and the numbers in the message are added to the numbers in a key. In this case, the key is a repeating numerical sequence. It would look like this:
UNENCRYPTED MESSAGE: 6 3 5 4 2 1 8 0 5
KEY: 1 2 3 1 2 3 1 2 3
ENCRYPTED MESSAGE: 7 5 8 5 4 4 9 2 8
Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. Less commonly, their keys are different but related in an easily communicated way. The key management necessary is the chief disadvantage of symmetric ciphers. Ideally, each pair of communicating parties would share a different key, so that if one key is compromised, only one communication path would be compromised rather than the entire network.
The number of keys required in this type of scheme is equal to the square of the number of network members, and can easily become unmanageable.
One common way to solve this problem is an approached-based asymmetric key encryption. The key used to encrypt is different from the key used to decrypt.
The approach hinges on the fact that it is ‘computationally unfeasible’ to derive the private-key from the public-key, even though they are mathematically related. The public key used for encryption may be shared publicly without compromising the private key used for decryption. A message encrypted with a public-key can only be decrypted with a private-key.
Block ciphers such as the RSA Algorithm and the Advanced Encryption Standard (AES) took encryption in a new direction. Using a block of text and a key as inputs, they output a block of ciphertext of the same size.
Another approach is known as a stream cipher. Stream ciphers create an arbitrarily long stream of key material. It is combined with the plain text bit by bit or character by character, or using a hash function. The hash functions take a message of any length as input and ouput a short, fixed-length hash that can be used to create, for example, a digital signature.
In developing one type of encryption, we use Internet Protocol Security (IPSEC) in tunnel mode to communicate to the ground. IPSEC uses the public-key infrastructure (digital certificate) to authenticate with the RSA+SHA-1 algorithm, which ensures that we are communicating with the correct (authenticated) peer. Further, we use encryption algorithms to encrypt every message that goes from onboard to ground, implementing part of a module that encrypts the Internet Protocol (ipv4) packets transmitted to ground.
Even for adversary intercepts, during key exchange it will be computationally unfeasible to deduce the keys based on the messages. Once keys are exchanged, they will be used to do a symmetric encryption of the message using the AES 256 algorithm, after which it is computationally impossible to read the message even if it is intercepted.
In The Art of War, Sun Tzu said, “All warfare is based on deception.” That statement holds true for today’s electronic battlefield as well. One method we use to provide the element of deception is introducing proxy modules for filtering different protocols, which in turn protects the critical and safe area of the system. External unauthorised entities will have difficulty in identifying the critical and safe area. The critical and safe area is also protected by minimising the traffic from it to the outside world. A customised firewall allows only the required traffic to leave the system.
For software-based systems running on a device without a network connection, unauthorised access may occur without physical access. To prevent these kinds of intrusions, we ensure a strong access control framework at multiple levels. The firewall is customised to provide access control at the network layer.
Three Basic TRANSEC Approaches
TRANSEC refers to measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis. While COMSEC usually provides end-to-end protection of a transmission, TRANSEC provides hop-by-hop link protection.
The basic approaches to TRANSEC are three: low probability of detection (LPD), low probability of interception (LPI) and traffic flow security (TFS).
LPD covers measures to hide or disguise electronic transmissions. A LPD signal could, for instance, be a low power encrypted signal transmitted on the same frequency as a high power unencrypted signal. To a typical listener, the encrypted signal would have the effect of reducing the desired signal-tonoise ratio of the unencrypted signal. While this may result in a degradation of signal quality, unless the user knows that some of the additional ‘noise’ is actually a separate encoded signal, it may never be detected.
While the LPD signal aims to avoid detection, the LPI signal is only intended to avoid interception. If a signal is transmitted at a single known frequency, it would be easy for an adversary to determine the frequency of transmission and intercept it. An adversary who wants to prevent the transmission from reaching its intended destination could simply transmit a higher power signal at the same frequency as the original transmission.
ECCM: How to Defeat a Jammer
Techniques for jamming wireless transmissions are known as electronic counter measures (ECMs). ECMs reduces the desired signalto- noise ratio, overwhelming the desired signal with noise to the point that the signal cannot be received by its intended source.
Measures intended to defeat a jammer are termed anti-jam (AJ) measures or electronic counter counter measures (ECCM). The simplest narrowband AJ technique is frequency hopping – moving the frequency of transmissions quickly and randomly. In order to jam a broad range of frequencies, an adversary would have to transmit a large amount of energy over the entire band.
The power required by a broadband jammer is often prohibitive, making narrowband jammers, which transmit over a smaller range of frequencies, the only practical approach. The adversary, not knowing the next transmission frequency, must listen to a broad range of frequencies to determine the frequency of transmission at any point in time. Then, the adversary must tune their narrow jammer to transmit on the same frequency. This process takes time, allowing a small window of opportunity to transmit without the presence of noise.
Jammers which use this approach are called follower jammers. Knowing the power level and response time of the jammer defines the amount of time a frequency hopping system may dwell on a single frequency.
Frequency hopping rates are typically hundreds of hops per second for modern military systems. The random frequency hopping pattern can be controlled by an algorithm and key, as with crypto-security.
An alternative approach to defeating the narrowband jammer is to increase the bandwidth of the signal so that it is in essence transmitted on many frequencies. Since the narrowband jammer may defeat only a narrow frequency range, the frequencies outside of the range are successfully received. This approach is known as direct sequence spread spectrum (DSSS).
Finally, traffic flow security can be used to randomise data so that an adversary cannot tell which bits are real data and which are ‘fill’ data. This approach also can serve to sustain a constant traffic flow so that there is no apparent change of activity on a circuit, making it impossible to determine when a circuit is in use and when it is not. A time-based algorithm is used to add fill bits to the data stream, a function sometimes referred to as a cover/ decover function.
Rockwell Collins employs all of these approaches and many others in developing technologies to protect transmitted data. After all, it is a constantly evolving landscape of measures and countermeasures, requiring intermittent changes in approach.
