Really interesting article. One particular statement caught my eye "many P25 systems … are "rekeyed" at frequent intervals, in the apparent (and basically erroneous) belief that changing encryption keys regularly improves security". My belief was that rekeying was useful in order to limit the "blast radius" if a key was compromised and thus improves security. I'd be interested in finding out why that isn't the case, is it because, as in the article, it introduces more problems that it solves or is there another reason?
His guide to secure P25 deployment suggests simply rekeying whenever a radio is lost, stolen, or compromised, since in a law enforcement context, key theft is much less likely than in military operations. (Cops don't often get shot down over enemy territory, for example.)
On a related note, I recently found an Air Marshall's radio on the side of the road. This thing had every channel imaginable. I was staggered by the fact that such a device didn't have any sort of login; the physical device was the whole key.
I turned it in, of course. They were really, really grateful.
Cops are human, and thus vulnerable to exploitation. Do you seriously think that some gang leader somewhere doesn't have local police radios given to him by cops on his payroll?
Periodic rekeying is like physical inventory or periodic password changes -- it helps you identify compromised assets.
If the rekeying protocol is performed over the air, how does rekeying help in your corrupt cop/gang leader scenario? Wouldn't the gang leader's radio get the new keys along with all the other radios?
If the rekeying protocol is performed over the air, how does rekeying help in your corrupt cop/gang leader scenario? It doesn't.
Wouldn't the gang leader's radio get the new keys along with all the other radios? Yes.
I can't see how rekeying over the air is in anyway a good idea. It doesn't seem to stop any attacks but leads to failure modes. From my understanding, the new keys are transmitted over the air using existing keys. Thus, if your radio is off when the over the air rekeying happens, you don't get the new keys and thus can't talk to anyone in encrypted mode. This causes the fall back to clear mode and thus sensitive information possibly leaking out.
The article doesn't say that rekeying occurs over the air. It could very well be the case that police departments are rekeying their radios at the end of every shift, when, for all practical purposes, they'd be as safe rekeying once a week.
Yeah, I agree. Being non-encrypted is better because they know it is being broadcast to one and all and therefore will continue to not be broadcasting sensitive information such as the identity of informants and such. With encryption, police will start talking about all sorts of new stuff because they believe it is safe to talk about on the encrypted airwaves. But in reality, although the public will no longer be able to hear what is said, there is absolutely no doubt that the major crime syndicates will have completely open access.
