1997-10-01 - Re: Encrypting Pagers is Easy! [Overview, technical tradeoffs, crypto]

Header Data

From: Dave Emery <die@pig.die.com>
To: stewarts@ix.netcom.com (Bill Stewart)
Message Hash: c6db262e79cdc6d48268d59c3e83d629fc87b7a9028c44a37da2486594a35edb
Message ID: <199710011846.OAA25691@pig.die.com>
Reply To: <3.0.3.32.19971001000255.006abcec@popd.ix.netcom.com>
UTC Datetime: 1997-10-01 19:25:05 UTC
Raw Date: Thu, 2 Oct 1997 03:25:05 +0800

Raw message

From: Dave Emery <die@pig.die.com>
Date: Thu, 2 Oct 1997 03:25:05 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Encrypting Pagers is Easy!   [Overview, technical tradeoffs,  crypto]
In-Reply-To: <3.0.3.32.19971001000255.006abcec@popd.ix.netcom.com>
Message-ID: <199710011846.OAA25691@pig.die.com>
MIME-Version: 1.0
Content-Type: text



Bill Stewart wrote :

> One of the articles on the White House Pager Hack quoted a government official
> saying that encrypting pagers would be complicated and difficult.

> 
> 1)Digital PCS, in TDMA, GSM1900, and CDMA, though US coverage isn't complete 
>   (as of May 97, AT&T had service in 40% of the US land area, 80% population, 
>   and the GSM1900 players are expecting wide coverage later this year

	I would expect this kind of paging to be encrypted under the
same CAVE or A5 encryption as encrypts the rest of the call setup, but
don't have the IS standards handy here to check.  At the very least it
would be much more complex to intercept than regular beeper paging
because of the much more complex signal multiplexing and modulation. 
Regular POCSAG paging is simple FSK, receivable on an umodified scanner,
whilst CDMA and TDMA tranmissions require special demodulator hardware
and DSP software not available at Radio Shack (except as modifiable
phones).   But more significant, like REFLEX, the system generally knows
where a specific mobile phone is located and sends the paging only to
that cell site whereas regional and national paging systems used with
conventional beepers send the message to tens to hundreds of
transmitters scattered all over the place making it possible to
intercept messages at locations far removed from the intended recipiant
(continent wide in the case of the satellite feeds for the paging
transmitters used by many regional and national paging carriers).

> 
> 2)Motorola's extremely cool PageWriter 2000 is a ~2"x2" programmable beeper
>   with keyboard, 160x240 screen, crypto, operating system, and infrared.
>   http://www.mot.com/MIMS/MSPG/Products/Two-way/pagewriter/
>   says it uses the Flex Operating System and ReFLEX 2-way paging;
>   the person who showed me the beta version said OS9 and GSM.
>   I'd guess that Flex is OS9 with bells and whistles added, and that
>   the pager's CPU is a 68000-family chip, and that either he's wrong about
>   GSM or there's a second flavor coming out that does GSM.
>   In any case, it's user-programmable, and Motorola has crypto support.

	Flex and Reflex are physical, link and transport level protocols
for sending paging data over the rf link.  They are not an operating
system.  Motorola does offer implementations of these protocols
integrated with a real time OS, but properly they are link protocols and
not an OS.  Much of the common carrier paging infrastructure in the US
is being converted to flex on the existing VHF and UHF narrow band
channels, and clearly Motorola is aiming at that market.  Whether Moto
put their flex stack on top of OS-9 I don't offhand know.  GSM is a
completely different link protocol that has nothing to do with flex at
all - so a flex pager would not be able compatible with GSM (although
some DSP based dual mode wireless hardware exists that will do various
combinations of otherwise incompatible air interfaces). Flex is m-ary
FSK (4 level FSK) on narrow band carriers, and GSM is TDMA BPSK on much
wider carriers BTW.. Motorola has aimed their paging applications
software at the 68HC11 family in the past, but may well be upgrading to
32 bit stuff...


> 
> 3)If you insist on pager service that's not part of the cellphone or beeper
>   you were carrying already, or want wider coverage, it's still not very hard,
>   and it can be done with or without the paging service's cooperation.  
> 
> 4)PCMCIA cards in your PDA can get alpha pager, CDPD, ARDIS, RadioMail, etc.
> 

	There are lots of cards that will allow PDAs to receive existing
common carrier flex and POCSAG paging streams - and flex explicitly is
capable of forwarding binary data unaltered making it pretty trivial to
implement end to end unescrowed secure messaging over the existing
VHF/UHF paging infrastructure. That nobody has is a tribute to the FUD
factor...

> Making money at it may still be hard, since the government interference
> fragments on the market and raises costs, but that's a separate problem, 
> and if you can piggyback on existing developments like PCS and CDPD, 
> it's a lot easier.   
> 
> Technology tradeoffs
> --------------------
> 
	much good stuff elided...


-- 
	Dave Emery N1PRE,  die@die.com  DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3 18






Thread