|
Since the dawn of recorded history, people have found ever more ingenious ways to try and keep their communications secure from prying eyes and ears. Over the past century or so, increasingly advanced technologies – often involving the cutting edges of mathematics, physics and engineering – have been deployed both by those looking to safeguard their secrets and those seeking to crack them. From the World War 2 codebreakers at the UK’s top-secret Bletchley Park military intelligence centre – whose work arguably saved millions of lives and laid the foundations for modern computing – to today’s use of the near-magical properties of quantum physics to distribute coding keys securely over fibre-optic networks, a quiet arms race has been constantly running in the background. Quiet, that is, until some high-profile event occurs that reminds everyone of the implicit vulnerabilities of once-trusted devices, services and systems. For anyone involved in designing or operating mission-critical communications networks, having a healthy sense of controlled paranoia is very probably a useful trait. Although TETRA benefits from having high-grade security options built into it from Day One, a number of changes are underway in the wider world that demand a constant awareness and reassessment of threats as conditions change. Human weaknessIf the history of cryptography teaches us anything, it is that human factors – such as complacency, poor training and exploitable human frailties – often pose more of a direct threat to security than any new technology. That said – and just as has happened in the world of Internet security – the ready availability of cheap processing power and the ability of hackers to share information across the Web is already challenging historically secure systems. When TETRA was first introduced, one of its attractive points for the emergency services was that it stopped criminals and the media in search of a hot story from listening in on scanners. While communications over TETRA using the TETRA Encryption Algorithm (TEA) family of standards do remain secure, projects such as Osmocom’s TETRA open source software initiative have already now made it possible to monitor unencrypted TETRA speech channels using only a laptop and an appropriate USB dongle. Unofficial reports suggest that hackers have already used this to listen in to and record tram drivers on Berlin’s BVG transport network. While not earth-shattering in its consequences, this exploit does simply demonstrate that as soon as you erect a wall, there will always be people with sufficient curiosity, time and energy to expend in trying to look over it – even if there’s nothing actually worth seeing on the other side. However, once those techniques become more widely shared, there is always a risk that more malicious uses may be made of them by so-called ‘black hat’ communities of criminal hackers. Managing riskIn many ways, the security issues facing the TETRA and mission-critical communications communities are a subset of wider issues facing the whole of the telecommunications industry. As a result of financial pressures, constant innovation and the continued erosion of once rigid boundaries between different technological and commercial domains, telecom operators around the world are having to find new ways of managing risk. Just as the creation of highly complex, intricately interlinked and poorly-understood financial products have helped to crash economies around the world over the last few years, so too is the increasingly rapid roll-out of advanced new services, applications and devices threatening the once highly stable world of telecoms. Already, public safety operators are looking to exploit new broadband paths for TETRA, using LTE. Cost and coverage considerations mean that in these situations they are likely to have to partner with existing cellular service providers and share at least some public networks and infrastructure. Cost and wider efficiency issues are also encouraging a take-up of devices such as PDAs and tablets from the enterprise and consumer sectors, to support a widening range of applications for both data input and information retrieval. While application security presents its own particular problems, especially where data sources such as geographical information are in the public domain, the adoption of equipment from the consumer sector adds others. As the history of the PC shows all too well, once a population of devices reaches a critical mass it becomes an increasingly attractive target for hackers, benign or otherwise. Security algorithms
|
Alun Lewis looks into the security features of