Security and Encryption
Why digital two-way radio is inherently less vulnerable to eavesdropping and what you can do to encrypt your network to boost security even further.
Two-way radios systems are inherently more secure than many other wireless communication alternatives, as they operate on private networks, which makes them less vulnerable to eavesdropping by handheld scanners, for example. Analogue two-way radios are more vulnerable to eavesdropping from scanners, as it is more difficult to create a properly private channel on an analogue radio. Analogue systems do provide a list of default programmable privacy codes, or PL (Private Line) tones that can be programmed for each radio channel. But a hacker does succeed in intercepting the transmission, it will not stop them from overhearing your call. It should also be noted that voice scrambling requires investment in additional hardware, including scrambling or encryption cards, which pushes up the overall cost. The other downside to scrambling/encryption solutions for analogue radios is that the scrambling notably degrades the quality of the audio transmission.
For the analogue radio encryption is always very challenging as the older analogue technology does not require Analogue-to-Digital Converters; ADC, and after recovering the encrypted message the signals are then reconstructed to form the analogue audio waveform; DAC or Digital to analogue conversion. So the traditional analogue radios always need expensive option boards to provide encryption solution whereas these ADC and DAC are inherently part of the digital circuitries of a DMR radio.
Thus Digital radios are much easier to secure and do not suffer from audio degradation when encrypted. The encryption solutions for DMR digital radios do provide extremely good protection against common handheld scanners. Analogue scrambling is generally very poor. DMR radios also have the advantage of still being able to communicate with analogue radios if you have mixed fleets.
Hytera DMR radios offer three or four possible levels of encryption, these are Basic, Enhanced, Advanced or Customized. The Basic encryption is scrambling used mainly for analogue mode operation or the Basic encryption using 10, 32 or 64 characters keys , the Enhanced DMR Association ARC4 40 bits or Advanced AES 128 bits or the AES 256 bits encryption the last is Customization of a SIM or SD Card to be inserted into the radio with customers Proprietary encryption algorithm.
It should be noted that not all Hytera radio models can support each type of encryption. Essentially, entry tier to mid-tier models will only support Basic or Enhanced encryption, and even then may require the latest Hytera firmware and in some instances a needs chargeable licence key. Advanced encryption is only available for higher tier models and requires specific software. It is a chargeable feature and a license has to be issued for each radio serial number.
Customisation will only be done on models that support option boards and this is with up front sales commitments and maybe deposit from the customers. Each type of encryption offers a better level of security. All these security solutions use ‘symmetric-key’ algorithms, meaning the same key is used to both encrypt and decrypt the transmission. This means a DMR radio has to have the exact same key and code as all the other radios it wants to communicate with. Technically speaking Basic and Enhanced encryption are in fact ‘privacy modes’, rather than proper encryption, as the solutions only scramble and unscramble the transmission using an assigned key code.
The Basic Privacy solution offers provides key option between 1-255 using 10, 32 or 64 characters to the transmission and receiver frequency, each of which must match up. The keys are not customised, so if a hacker was so minded they need only scan all 255 keys to potentially hit on the one you are using.
The Enhanced privacy option uses a 40-bit encryption (or five bytes), which corresponds to a total of 240 possible keys, or, approximately a trillion permutations. This is more secure than Basic privacy as the user inputs a customised key using a mix of letters and numbers, along with a key name and a number slot assignment - all of which must match up. It is much harder for a hacker to work out a customised key. Nonetheless, in modern computing terms a 40-bit encryption is now regarded as relatively low security and with today’s computing power using high speed processors it is possible to break a 40-bit code using what is called a ‘brute-force’ attack very quickly.
For Advanced encryption, DMR radios use either 128-bit or AES (Advanced Encryption Standard) 256-bit. AES 256 is generally regarded as among the safest encryption types available and it is widely used by national governments, public safety departments and agencies. The AES specification for the encryption of electronic data was established by the US National Institute of Standards and Technology (NIST) in 2001. AES provides a family of ciphers with different key and block sizes.
Block size refers to the block cipher of which there are two types: stream cipher and block cipher. With a stream cipher, the algorithm encrypts and decrypts the message 1 bit at a time. A block refers to a group of bits. With a block cipher, the algorithm encrypts and decrypts the message block by block. AES uses block ciphers. NIST chose three members of the AES family each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits. AES has largely replaced the previous Data Encryption Standard (DES), which was published in 1977. DES uses a 56-bit key size, which is now regarded as insecure, as the key bit size is too small.
Hytera “Over-the-Air” Encryption
In 2017, Hytera boosted the security of its DMR radios with the introduction of an additional free of charge, “over-the-air” encryption function to provide further protection against interception. Why does this increase protection? The end-to-end encryption defined in the DMR standard encrypts the data content at the transmission end and decrypts it at the receiving end. This ensures that the data being transferred is protected against interception. But what happens before the data content is transmitted?
There is an obvious security vulnerability here, because only rarely is the actual signaling used to set up the call protected. Hytera’s over-the-air encryption solution is designed to prevent this vulnerability. Over-the-air encryption encrypts the signaling on the air interface meaning all of the information is encrypted from call setup through to reception at the transmitter. Because the call set up is encrypted, the system is protected against unauthorised access, and the connection data cannot be tapped. In other words, it is no longer possible to intercept the call type and call identifier of the radios involved in the call. It prevents third-party radios from making use of your repeater, as all subscribers need the relevant access rights to take part in the radio communication.
Over-the-air encryption therefore protects radio communications on DMR repeaters and DMR radios from unauthorised access from the moment of signaling to set up the call. This comprehensive protection from Hytera against interception is unique on the DMR market.
Hytera over-the-air-encryption is an optional function, which can be used as of DMR Firmware Release 8.0. It is available for the Hytera handheld radios in the PD6, PD7, PD9 and X1 series, as well as for DMR mobile radios and all repeaters. The Hytera radios and repeaters are configured using the Customer Programming Software (CPS). Over-the-air encryption can be easily activated and configured using this tool. Users with older equipment can upgrade to Firmware Release 8.0 and then also use over-the-air encryption.
For more information on how to enhance security on your Hytera DMR system, contact one of Hytera's Authorised Dealer.
12 September 2018