1994-12-03 - Re: 6-hour Secure Mobile Voice

Header Data

From: “Dave Emery” <die@pig.die.com>
To: cdodhner@news.primenet.com
Message Hash: 8085035a11273f4413bde8283365e406cc6846f10f09f7c8fc2baec9a6ed1642
Message ID: <9412030810.AA05653@pig.die.com>
Reply To: <199412030625.BAA02517@bb.hks.net>
UTC Datetime: 1994-12-03 08:11:14 UTC
Raw Date: Sat, 3 Dec 94 00:11:14 PST

Raw message

From: "Dave Emery" <die@pig.die.com>
Date: Sat, 3 Dec 94 00:11:14 PST
To: cdodhner@news.primenet.com
Subject: Re: 6-hour Secure Mobile Voice
In-Reply-To: <199412030625.BAA02517@bb.hks.net>
Message-ID: <9412030810.AA05653@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


Christian Odhner writes:
> 
> I'm sure most of you have seen some of the cheap (relatively speaking) 
> 'phone scramblers' and such sold in local "spy shops" and catalogs. I 
> know as well as most of you that these (almost always analog) scrambler 
> systems even with thier "10,000 code frequencies!" and such are totaly 
> insecure against an attacker with modern resources, but I was wondering 
> if any of these techniques would be good enough to use for real-time 
> applications where the transmitted data is only valuable for 6 hours or 
> less.

	The simplest of these devices is the single band frequency
inverter.  It operates by mixing incoming voice with a carrier (usually
around the top of the voice band) in a double balanced mixer and sending
the resulting spectrum down the wire.  It is not secure at all against
anyone with very simple and widely available equipment - at most it
would take such a person a few seconds to find the carrier frequency. 
And as any ham will tell you, it gets pretty easy to understand inverted
or off frequency speech with practice.   Most of the really super
cheap (under $50 or $100) scramblers are of this toy type.

	A more complex varient of this is the multiband or split band
inverter.  This was allegedly used early in World War II for medium security
communications.  It operates by splitting the voice spectrum into
several frequency subbands and swapping those subbands around according to
a pattern determined by a key.   Masking tones or noise may be
added in some of the bands to make understanding harder.  Scramblers
of this fixed shuffle type can generally be broken easily with DSP techniques.
They are not common as current day products.

	A modern varient of the multiband shuffling scrambler has been
used by the US government for low security communications until recently
(as the KY-65 Parkhill system).  This rolling code scrambler shuffles
the voice subband components dynamically several times a second under
control of a psuedo random sequence determined by a key and plays some
of them forward and some backwards from digital memories.  This system
requires much cleverer real time DSP signal analysis software to break
than the fixed shuffle of world war II stuff, but allegedly some
amateurs were able to recover intelligable speech from it without
knowing the key sequences.  There are lots of commercial versions of
this type of scrambler available all over the world - they run from the
low hundreds of dollars to the low thousands.

	Given an attack based on making a best guess as to specific
phonemes and phomeme sequences from a particular speaker rather than
trying to crack the psuedo-random shuffling sequence, speech from such a
device could probably be rendered intelligible in seconds to minutes
using modern high perfomance DSPs and fast workstation processors and
very clever software, but of course the software to do this is not
widely public and the results are probably highly variable and speaker and
signal quality dependant.  In general, the availablity of high
performance processors and better speech recognition algorithms makes
this approach more and more possible in shorter and shorter amounts of
time. 

	Cracking the psuedo random sequence used in rolling code
scramblers is a more classic cryptologic problem and varies greatly
in difficulty depending on the particular design.   This might take seconds,
minutes or many days depending on what generates the sequence and how much
"plaintext" can be recovered by signal analysis.  Obviously once cracked
the speech can be recovered in real time using simple gear.

	
> Such a system would be usefull if you only need security 'right 
> now' and didn't care who knew after a certain (short) timeframe. 
> Comments, advice and product reviews are all welcome from anyone with 
> knowledge or experience in the area.
> 

	My advice would be to use one of the digital scrambling technologies.
Lots of surplus US government DES equiped HT's are available if radio
communications are your purpose...

(signature under construction)





Thread