All those "bugs" are really features, not only the export one. Agencies are more interested into know what their own people is doing, than foreign agencies know what they are doing.
I’ve long argued that “proprietary encryption” is a misnomer and otherwise such “hidden” encoding schemes shouldn’t even be considered “Encryption.” The security true encryption provides should come directly from the functional robustness of the scheme not the obscurity of it operation. While I don’t discount the need for proprietary encoding and obfuscation methods in some use cases, I don’t think we should ever categorize these as encryption, unless the algorithms are made public.
so being able to meet Kerckhoff's Principle. not a bad idea to lock off use of the word "encryption" unless it meets that standard (encryption is increasingly meaning security to average people), just may not be palatable for businessmen that don't understand why they have to publish a "trade secret"
Nation-state actors don't intend to create unbreakable encryption. They want to balance their stuff not being broken with being able to break other people's stuff. So they'll never use standard unbreakable encryption.
@@GettNumber Exactly, call it Kerckhoffs's Principle or Shannon's Maxim, we should clearly accentuate the security distinction between cryptographic robustness and protected secret by definition so that in time even the business associate has at least a mere linguistic appreciation that these things are understood to be distinct. That said it should not be assumed that individual private solution implementers* necessarily have to disclose the details of which open encryption standards they use or refrain from attempting to further obfuscate their encrypted data (if done judiciously) but if the data isn’t encapsulated* at some level by an open public cipher standard* then the data isn’t really protected by encryption. * What is more, private re-implementations of the public encryption standard itself should be avoided; encrypted data should be encapsulated using a standard public encryption library before any other schemes are applied. In the strictest sense of my meaning anything else even an unmodified private re-implementation of an open encryption standard isn’t really encrypted IMHO; I appreciate this isn’t the most practical definition, but I’m fine with it being the “academic” definition.
@@thewhitefalcon8539 I agree and not suggesting that they will. I’m just saying what they are doing (in many cases) isn’t really encryption because it fundamentally lacks the primary security attribute of encryption and thus shouldn’t be acknowledged as such. I’m under no delusion that my random RUclips commentary is going to effectuate any discernible change in existing behaviors, it’s merely a philosophical proposition, but none the less, one I promote in my work.
Some of these vunerabilities were exposed by Dejan Ornig (slovenia) back in 2013. Instead of addressing the problems, he got investigated for hacking. He was cooperating with police.
I watched the CCC presentation on this topic soon after it went up. They did such a phenomenal job breaking this open, and diligently reporting the flaws to overwhelmingly deaf ears. Thanks for sharing this to an even larger audience!
@@thewhitefalcon8539Isn't it on their github? I'm no algorithms expert, so I can't figure that out. I got really amazed by what they've done to dump the sbox using the cache of the DSP, that's literally insane.
Yes, perfectly well, they learnt all this more than well. Clue: For an agency, all those backdoors are features not bugs. Why would they use a bug-free method? then they will not be able to break it when needed.
Nope. People think _"Oh, it's more secret so it's more secure."_ I think a useful analogy is this: Imagine someone tried to sell you a padlock by saying _"It's so secure because it's illegal to look inside it."_ That would obviously be spurious. The same is true for digital encryption.
We didn't LEARN that propriety encryption is a bad idea. This CONFIRMED what anyone knowledgeable about encryption already knows and would have told the manufactures, had they bothered to ask (or listen). To paraphrase that saying about sufficiently advanced incompetence, any proprietary encryption should be considered to have a deliberate backdoor.
I'm pretty sure the -manufacturers- designers and developers of TETRA were warned. I'm also pretty sure the governments who decided on using this system were warned. But did they care?
Who’s “we”? Not everyone has the same amount of knowledge as you. Just because you already knew this doesn’t mean someone else isn’t learning this for the first time.
An export ban on encryption that still allowed exporting some level of encryption would make little sense unless that lower level of encryption didn’t have known ways to exploit it. Being easy to exploit by anyone who knows a weakness in the desing sounds like a feature, not a bug. And you can’t really provide feature like that with an open standard.
It is *precisely* the same logic as placing export controls on any armour that is strong enough to protect against your best guns. The US never tried to hide the fact that their export controls on encryption systems with more than a 32 bit key was specifically so that the US could decrypt foreign communications whenever they wanted to. Although why a US export restriction was affecting an agency of the EU is confusing to me.
"And you can’t really provide feature like that with an open standard." Unless you make the strong encryption variant open and the weaker one proprietary. But that that point you're basically advertising to your export clients that there is a back door. And you're at the same time telling them how to modify the software/hardware so that it used the openly available strong encryption variant. (Unless the open encryption variant is different enough from the proprietary variant that they won't run on the same hardware.)
Bruce Schneier has been warning that this kind of thing would happen for ages. He's always been concerned at the adoption of non-open cryptographic algorithms by security agencies.
The OTP weakness has been known for DECADES. Yet the work of, in particular, Prof. Rabin (from my poor memory because he gave a talk I attended as a grad student many, many more years ago than I care to admit) and his team created a protocol that exploits the strengths of OTPs but shored up the weaknesses in a very simple yet clever way. They were implementing the protocol at that time - well, intending to do so - which was the mid-2000s and already rather dates me 🥴. FWIW, Rabin is an outstanding researcher, brilliant orator that his lecture still sticks in my mind almost 20 years on!
Security people: "You shouldn't use proprietary algorithms because no one can check if they are good" Business people: "But if no one knows the algorithm it's more secure" Later: Business people: "OH MY GOD TURNS OUT USING PROPRIETARY ALGORITHMS IS BAD!!!"
"secret encryption", just like enigma in WW2. The implementation and design was secret, and we all know how good it went for the germans. These people never learn. The power of a community of low to high experts looking at the design is extremely important to discard, but some people think they are special and claim their work needs to be secret for security.
In the talk researches said that system uses time in IV, but time can be updated by base station and guess what, it is not authenticated in any way. In attack you are inpersonating base station and transmit time that was used when you captured packets. This at least allows you to decrypt anything that was translated at a given time and derive the key, but the last is relatively slow process.
You have to give ETSI a huge credit for legally allowing all "third world" telecommunications on CRITICAL INFRASTRUCTURE to be tampered with EASILY. Not Computerphile's fault, of course, love you guys
Clarification: 1. TETRA is not (and has not) been used for any tactical or strategic military communications, it’s not designed for that. 2. TEA-1 being weakened is a feature, not a bug, given the intended user base of TEA-1.
TETRA was (is) used for tactical and strategical comms by ignorants that don't understand the basics ... The technology was pushed with the help if the military, by favoring the use of 380-400 MHz mil band to avoid regulatory problems and using it in real military manouvres with blueforce tracking in order to sell it to governments as a "secure" system..😂😂😂. Interlaced jamming is so easy that users cannot even figure out what is going on (and difficult to DF). Blind people leading other blind people...
It is worth knowing that many situations you would design your own encryption algorithm for this so as far as I know you would be immune to this particular vulnerability
Yes, ETSI EN 300 392. Also, most TETRA systems outside public safety are completely unencrypted because that saves a ton of money. So the encryption is proprietary but the standard is completely useable without it.
5:36 That's not a one-time pad. A one-time pad is a cipher where the key is at least as long as the message, and for every plaintext-ciphertext pair, there is a key that encrypts that plaintext to that ciphertext. A PRNG seeded with a key shorter than the message and then xored with the message is not a one-time pad.
Security by obscurity is not security - this is what I learned in school nearly 40 years ago. And I've become cynical enough to believe that such errors (as the suspicious "s box") on the part of management are intentional.
This story reminds me of the group that tried to analyze why the government redacts information from all the recentlu publicly available FOIYA requests, and before the feds shut them down their initial data showed most of the redactions weren't covering conspiracies but mostly just mistakes and embarrassing slip ups.
14:57 probably that this mistake wouldn't have survived scrutiny was a reason to keep it secret. As they sold the whole system to basically enemy states, they didn't want them to know how weak there version was.
Security through obscurity only works for as long as nobody cares to actually look into it. The only way a system can be considered secure is if it plays its cards face up and nobody could crack it anyway.
Incredible. People who understand cryptography, know the perils of creating their own proprietary closed encryption system. If security comes from the secrecy of how the algorithm works, it is not secure. Because if that is all it has, then it has nothing, because reverse engineering will reveal the algorithm, stripping it of the only security they thought they had. A classic case of, _"If_ _you_ *_think_* _you_ _know_ _cryptography,_ _you_ _don't"._ It seems the Dunning-Kruger Effect could be at play with those people. People who actually understand cryptography, understand that no one intellect alone can assure the maximal strength of any encryption algorithm (outside of the OTP of course). I mean when you consider that major weaknesses have slipped by all of the World's crypto experts combined, for many years, it blows my mind that any one person could think that they know better.
sounds like the key fob vulnerabilities except with this one you don't have to do it in real time if I understand correctly there's not a person there pressing their own fob.
one point is missed - some of these vulnerabilities may have been there for a reason, and combined with export restrictions it would allow the original country to have a look at what the recipient is doing with it, and in case of Iran, it isn't exactly a bad thing, so people who developed this may have been tasked to deliberately do this and it isn't like governments haven't done stuff like this since then, like FBI and Apple saga
This is one more example of why loosening encryption even a little bit (to allow say governments to unlock phones when they acquire a warrant) is always a bad idea. You fundamentally break the robustness of the algorithm and make things like this possible. There do even exist standards for multi-key cryptography (where more than one secret key can decrypt ciphertext made with the corresponding public key), but even that has to assume / trust that the secret key given to the third party won't be compromised or stolen. It is hard enough protecting secret keys in your possession, let alone formally verifying that a 3rd party has kept a second key secure.
Curiously, it's the most secure thing you can do, if you use one time pad ciphers. And honestly... why would you use anything else in a day and age of 4Tbyte SSD drives? One drive is enough for years of voice communications. ;-)
Basing public safety infrastructure encryption on a proprietary standard is just a bad idea right from the jump. Basing it on a "government endorsed" standard (or, even worse, using "government endorsed" magic numbers) is downright madness. Our algorithms should be publicly discussed, and every entity should take responsibility for finding their own magic numbers so that NO ONE ELSE KNOWS THEM, even only in theory. The job of the cryptography community is to make this realistically possible, by providing straightforward open-source tools for doing the necessary establishment operations. In other words, the main job of the crypto community, in my opinion, is to get us past this "never roll your own crypto" era - we need for the best practice to be "always roll your own crypto, using the most up-to-date best practices."
I knew this video was coming. I haven't even watched the talk yet. Prime example of obscurity != security :) It's going to be like the 90s all over again, lol
@@ChrisBreederveld That doesn't however mean obscurity is bad. Not using port 22 for SSH reduces exposure to automated attacks, but is not a replacement for a good password or forcing key-based authentication.
The mere idea that security exists in this space is a ridiculous misunderstanding of physics. A radio transmitter can always be located simply by the fact that it has to produce an energy flow that is above the noise background of the environment. No matter the protocol, it is always possible to detect the source of the transmission. For a criminal the detection of a police transmitter close to his physical location would usually be enough to seize the criminal activity. It is complete overkill to differentiate between "harmful" and "harmless" police presence for most such activities. That's why the police usually does not care about being listened to.
Im no criminal but I did like being able to exploit things like this because police should be accountable. I think the number of criminals actually listening to police (and even being able to use it to their advantage) is actually quite rare. Maybe you would want some standard that prevents insertion of messages, but it should allow you to hear public services in the clear
I'm sure there are situations where you wouldn't want people to be able to just listen in - for example, if they're coordinating raids or a manhunt. Perhaps a different idea - they could carry on broadcasting encrypted messages (using an open, thoroughly tested protocol) and maybe release keys a day or a week later
@@AbelShields Maybe in whatever shithole country you live in where government is sovereign and people are subjects. In America, it's the opposite. If cops can't do their jobs without violating peoples' rights, then too damn bad. Git gud.
The only "criminals" with this kind of capability are people engaged in highly lucrative trade of goods that the government doesn't like - aka only criminals by statute. Dangerous murderers and rapists aren't sophisticated people but magically the government rarely finds the time to go track them down.
TETRA is Terrestrial Trunking on a digital form to substitute the MPT analog wich lacked capacity. But no Enterprise would buy a lousy system that was completly shatered by GSM and the likes... So they started selling to Governments that use people's money and don't care, as long as they get some kickbacks... TBSs transmiting all the time are a perfect target, and how come military personel would use a system that cannot make radio silence on its own concept.... This is a money scheme...bilions down the drain... TETRA was for truckers and dilivery services, not for military or police or firemen work.... For that you use FHSS, anti-EMP, and the likes... All ignorants making decisions on what they don't understand....
That's guaranteed by the law and only by the law. If you think that spying on the police will keep you safe from the police of a country that does not abide by human rights standards, then you are just kidding yourself... and not just a little.
Anyone who's ever had even a tangential involvement with an ETSI standards committee will know what a glacially slow, politically handicapped process it is. Technical considerations are definitely not at the top of the list when it comes to providing the design criteria.
not to mention 2 on 32, but 2 on 80 is also bruteforcable nowadays. not in real time though. its similar to 12 letter password. so tetra is completely useless if xor algorythm is all there is...
Events like this start to look like straw-men for enhancing the false sense of security around the publicly available implementations. It's not just the public standards that have to be checked, it's the _implementations._ So the implementations of those public standards need to be open source. But even when they are open source, and even if they were formally verified, they are still vulnerable because the underlying OSes like Windows and Linux are not secure, and in fact these OSes have insecurity built in. Think for example of the common use of libraries like openssl to implement public cryptographic protocols. These libraries have a fixed publicly avaiable interface. All the OS needs to do is provide a back door that allows a man-in-the-middle to intercept the API calls to libssl and all the cryptography in the world isn't worth the bubble gum under a school desk. It's all BS and hot air.
An NDA is a legal document that defines a "reasonableness" standard for the safekeeping of trade secrets. It prevents both sides from bringing nonsense lawsuits. If you are ever exposed to somebody's trade secret without having a written NDA in place, be very careful. It might backfire if you are dealing with a possessive personality. With an NDA all you have to do is to keep their trade secrets as safe as you would your own, i.e. they can't require you to pay damages for accidental leaks if you abide by the low standards of the document, which are usually trivial. If you are used to keeping your own trade secrets in a file folder in a locked office and you have employment agreements that require your employees to keep their knowledge about your company and its operations to themselves, then you are done implementing security measures for your partner as well. They can't sue you for not keeping their documents in a safe inside a vault inside a military installation with double fences and armed guard towers. ;-)
Should also be noted that UK police pushed TETRA, because of the mesh network officers then make, but the relay/transmit power of the handsets needed to pull that off gave many officers chest/lung/heart cancer.
Also TETRA was known to be backdoored in the early 2000s, it's not that "no one knowed about it" - it was simply illegal (patent, IP) to say how. At least in the UK.
"You don't want people to know what police are saying to each other." Uhh what? So you don't want transparency in government? You want them to be able to conspire against citizens? You want them to be able to get their stories straight with each other before they write reports? All police radio traffic must be PUBLIC. WE pay for it.
I agree with transparency, BUT not realtime. What I mean, is that police communications while some operation is going on, needs to be secret, but after they are done, all data needs to be public. Think of a raid, you do not want the raided to be aware of it, but after all is done, the public has the right to know what happened there.
@@snex000 That seems...impractical. I can imagine quite a few cases where raids seem called for - human trafficking, illegal weapons manufacturing operations, etc. I mean, I guess you could call in the military for all such operations? I'm on the fence about that one.
@@Erhannis Human trafficking is only an issue because the government has illegally made it a crime to sell sexual services in a reputable manner. And what on earth is an "illegal weapon?" The right of the people to keep and bear arms shall not be infringed. You are just making my point for me. The ONLY reason you want secret police communications is to go after people who commit made up crimes that either have no victims or that only exist because the government has forced activity into a black market. Stop giving this kind of immense power to people who are supposed to be there to SERVE the people. They cannot be trusted with it. No one can.
@@Erhannisthe military is both better equipped and better trained for these types of scenarios, and the police, in america at least, have shown themselves time and time and time and time again to not handle them well. Cops use that to argue they need better equipment, then when they fail to use the better equipment, they say they need more training, then you get astronomical budgets going to the police of every town and city in the country so that they can pretend they are elite military personnel at the one big call every few years, where they tend to completely drop the ball.
Here's hoping people lose their jobs over this shit. Not just at ETSI for allowing this to happen, but at all the agencies that chose to adopt a proprietary encryption standard that had never before gone through an external audit. This is the sort of shit that costs lives.
The issue I see with the likes of TEA2 is most of the kit is made outside the EU. Even if they shouldn't those external countries will have the implementation and it will likely be further subcontracted out the another tin pot outfit. Seen it so many time with propensity standards.
The easily determined key for export units feels more like it was a feature not a bug.
depends on who you ask
the people who made this system, probably a bug
the people who made the export restriction, probably a feature
it was a feature in the 90 when the export restriction was in effect. After the restriction was lifted, it became a bug.
@@KohuGalyIs it lifted?
100%, TBTB needed to ensure they could decrypt those comms any time they wanted from the beginning
All those "bugs" are really features, not only the export one. Agencies are more interested into know what their own people is doing, than foreign agencies know what they are doing.
I’ve long argued that “proprietary encryption” is a misnomer and otherwise such “hidden” encoding schemes shouldn’t even be considered “Encryption.” The security true encryption provides should come directly from the functional robustness of the scheme not the obscurity of it operation.
While I don’t discount the need for proprietary encoding and obfuscation methods in some use cases, I don’t think we should ever categorize these as encryption, unless the algorithms are made public.
so being able to meet Kerckhoff's Principle. not a bad idea to lock off use of the word "encryption" unless it meets that standard (encryption is increasingly meaning security to average people), just may not be palatable for businessmen that don't understand why they have to publish a "trade secret"
Nation-state actors don't intend to create unbreakable encryption. They want to balance their stuff not being broken with being able to break other people's stuff. So they'll never use standard unbreakable encryption.
@@GettNumber Exactly, call it Kerckhoffs's Principle or Shannon's Maxim, we should clearly accentuate the security distinction between cryptographic robustness and protected secret by definition so that in time even the business associate has at least a mere linguistic appreciation that these things are understood to be distinct.
That said it should not be assumed that individual private solution implementers* necessarily have to disclose the details of which open encryption standards they use or refrain from attempting to further obfuscate their encrypted data (if done judiciously) but if the data isn’t encapsulated* at some level by an open public cipher standard* then the data isn’t really protected by encryption.
* What is more, private re-implementations of the public encryption standard itself should be avoided; encrypted data should be encapsulated using a standard public encryption library before any other schemes are applied. In the strictest sense of my meaning anything else even an unmodified private re-implementation of an open encryption standard isn’t really encrypted IMHO; I appreciate this isn’t the most practical definition, but I’m fine with it being the “academic” definition.
is called a proprietary backdoor lol
@@thewhitefalcon8539 I agree and not suggesting that they will. I’m just saying what they are doing (in many cases) isn’t really encryption because it fundamentally lacks the primary security attribute of encryption and thus shouldn’t be acknowledged as such.
I’m under no delusion that my random RUclips commentary is going to effectuate any discernible change in existing behaviors, it’s merely a philosophical proposition, but none the less, one I promote in my work.
Some of these vunerabilities were exposed by Dejan Ornig (slovenia) back in 2013. Instead of addressing the problems, he got investigated for hacking. He was cooperating with police.
What the hell. I googled his name and his story is really infuriating
I watched the CCC presentation on this topic soon after it went up. They did such a phenomenal job breaking this open, and diligently reporting the flaws to overwhelmingly deaf ears.
Thanks for sharing this to an even larger audience!
I watched it live at the camp. Unfortunately they did not tell us the algorithm.
@@thewhitefalcon8539Isn't it on their github? I'm no algorithms expert, so I can't figure that out. I got really amazed by what they've done to dump the sbox using the cache of the DSP, that's literally insane.
Because they weren’t flaws.
The first thing they taught us is that security by obscurity never works. Haven't people learnt that already?
Yes, perfectly well, they learnt all this more than well. Clue: For an agency, all those backdoors are features not bugs. Why would they use a bug-free method? then they will not be able to break it when needed.
Security through obscurity 100% works. Until it doesn't.
Nope. People think _"Oh, it's more secret so it's more secure."_ I think a useful analogy is this: Imagine someone tried to sell you a padlock by saying _"It's so secure because it's illegal to look inside it."_ That would obviously be spurious. The same is true for digital encryption.
TETRA was developed in the mid 90s, it wasn't much of an issue back then
Tell that to the lock companies going after LPL
We didn't LEARN that propriety encryption is a bad idea. This CONFIRMED what anyone knowledgeable about encryption already knows and would have told the manufactures, had they bothered to ask (or listen). To paraphrase that saying about sufficiently advanced incompetence, any proprietary encryption should be considered to have a deliberate backdoor.
Any propietary software and hardware
I'm pretty sure the -manufacturers- designers and developers of TETRA were warned. I'm also pretty sure the governments who decided on using this system were warned.
But did they care?
Who’s “we”? Not everyone has the same amount of knowledge as you. Just because you already knew this doesn’t mean someone else isn’t learning this for the first time.
Oh, I know when UK was shifting to TETRA this was being screamed about, to deaf ears.
Proprietary encryption is a great idea… if you don’t want the users to find out about the weaknesses you know about for quite a while.
An export ban on encryption that still allowed exporting some level of encryption would make little sense unless that lower level of encryption didn’t have known ways to exploit it.
Being easy to exploit by anyone who knows a weakness in the desing sounds like a feature, not a bug. And you can’t really provide feature like that with an open standard.
exactly correct.
It is *precisely* the same logic as placing export controls on any armour that is strong enough to protect against your best guns. The US never tried to hide the fact that their export controls on encryption systems with more than a 32 bit key was specifically so that the US could decrypt foreign communications whenever they wanted to.
Although why a US export restriction was affecting an agency of the EU is confusing to me.
"And you can’t really provide feature like that with an open standard."
Unless you make the strong encryption variant open and the weaker one proprietary. But that that point you're basically advertising to your export clients that there is a back door.
And you're at the same time telling them how to modify the software/hardware so that it used the openly available strong encryption variant. (Unless the open encryption variant is different enough from the proprietary variant that they won't run on the same hardware.)
Bruce Schneier has been warning that this kind of thing would happen for ages. He's always been concerned at the adoption of non-open cryptographic algorithms by security agencies.
"Warning." Buddy, public communications by public agencies is PUBLIC by design.
@@snex000This is clearly intended to be encrypted
@@circuit10 On what authority can our government use our money to hide things from us?
The OTP weakness has been known for DECADES. Yet the work of, in particular, Prof. Rabin (from my poor memory because he gave a talk I attended as a grad student many, many more years ago than I care to admit) and his team created a protocol that exploits the strengths of OTPs but shored up the weaknesses in a very simple yet clever way. They were implementing the protocol at that time - well, intending to do so - which was the mid-2000s and already rather dates me 🥴. FWIW, Rabin is an outstanding researcher, brilliant orator that his lecture still sticks in my mind almost 20 years on!
Most sensible comments section I've ever seen in a long time. Lots of learning too. Cheers to all.
Security people: "You shouldn't use proprietary algorithms because no one can check if they are good"
Business people: "But if no one knows the algorithm it's more secure"
Later:
Business people: "OH MY GOD TURNS OUT USING PROPRIETARY ALGORITHMS IS BAD!!!"
> proprietary standard
That’s all you had to say
I was already very impressed that this Totally English person could speak these Dutch names very very goodly!
"secret encryption", just like enigma in WW2. The implementation and design was secret, and we all know how good it went for the germans. These people never learn.
The power of a community of low to high experts looking at the design is extremely important to discard, but some people think they are special and claim their work needs to be secret for security.
In the talk researches said that system uses time in IV, but time can be updated by base station and guess what, it is not authenticated in any way. In attack you are inpersonating base station and transmit time that was used when you captured packets. This at least allows you to decrypt anything that was translated at a given time and derive the key, but the last is relatively slow process.
You have to give ETSI a huge credit for legally allowing all "third world" telecommunications on CRITICAL INFRASTRUCTURE to be tampered with EASILY. Not Computerphile's fault, of course, love you guys
Clarification: 1. TETRA is not (and has not) been used for any tactical or strategic military communications, it’s not designed for that. 2. TEA-1 being weakened is a feature, not a bug, given the intended user base of TEA-1.
TETRA was (is) used for tactical and strategical comms by ignorants that don't understand the basics ...
The technology was pushed with the help if the military, by favoring the use of 380-400 MHz mil band to avoid regulatory problems and using it in real military manouvres with blueforce tracking in order to sell it to governments as a "secure" system..😂😂😂.
Interlaced jamming is so easy that users cannot even figure out what is going on (and difficult to DF).
Blind people leading other blind people...
It is worth knowing that many situations you would design your own encryption algorithm for this so as far as I know you would be immune to this particular vulnerability
pure proprietary security theater!
Wait isn't the whole standard (besides the encryption algos) publicly available?
Probably?
Yes, ETSI EN 300 392. Also, most TETRA systems outside public safety are completely unencrypted because that saves a ton of money. So the encryption is proprietary but the standard is completely useable without it.
Backdoored for sure. Same as the NSA-sourced keymat in Windows.
5:36 That's not a one-time pad. A one-time pad is a cipher where the key is at least as long as the message, and for every plaintext-ciphertext pair, there is a key that encrypts that plaintext to that ciphertext. A PRNG seeded with a key shorter than the message and then xored with the message is not a one-time pad.
Security by obscurity is not security - this is what I learned in school nearly 40 years ago. And I've become cynical enough to believe that such errors (as the suspicious "s box") on the part of management are intentional.
A tenant of security: If we have figured out how to defeat it, then someone else already has figured out how to defeat it.
Would love to see an interview with you and John Allen Woods. He's a head of technology, and loves to talk about stuff like this.
This story reminds me of the group that tried to analyze why the government redacts information from all the recentlu publicly available FOIYA requests, and before the feds shut them down their initial data showed most of the redactions weren't covering conspiracies but mostly just mistakes and embarrassing slip ups.
10:13 Isn't that effectively what allowed the Enigma code to be broken?
"All Cops Are Broadcasting" 🤣
Damn! ACAB! NOW I get it!!!
Yes they are with the secure TEA2 encryption algorithm and multiple layers of authentication on top like GCKS, SCKs and DSKs.
14:57 probably that this mistake wouldn't have survived scrutiny was a reason to keep it secret. As they sold the whole system to basically enemy states, they didn't want them to know how weak there version was.
Security through obscurity only works for as long as nobody cares to actually look into it. The only way a system can be considered secure is if it plays its cards face up and nobody could crack it anyway.
Incredible. People who understand cryptography, know the perils of creating their own proprietary closed encryption system. If security comes from the secrecy of how the algorithm works, it is not secure. Because if that is all it has, then it has nothing, because reverse engineering will reveal the algorithm, stripping it of the only security they thought they had.
A classic case of, _"If_ _you_ *_think_* _you_ _know_ _cryptography,_ _you_ _don't"._ It seems the Dunning-Kruger Effect could be at play with those people.
People who actually understand cryptography, understand that no one intellect alone can assure the maximal strength of any encryption algorithm (outside of the OTP of course). I mean when you consider that major weaknesses have slipped by all of the World's crypto experts combined, for many years, it blows my mind that any one person could think that they know better.
Are there any open source digital radio protocols for walkie-talkies that support encryption?
Because of all of these mentioned issues with tetra, i am curious to know if there is any open source implementations of it
sounds like the key fob vulnerabilities except with this one you don't have to do it in real time if I understand correctly there's not a person there pressing their own fob.
Love how i can immediately hear he's dutch, despite the British accent
He has got a Dutch accent, but not a British accent.
He speaks first class English with a slight Dutch accent.
Why not give a link to the original paper for people willing to read it?
You mean, security through obscurity doesn't work? Wow, this is brand new news to the world! /s
one point is missed - some of these vulnerabilities may have been there for a reason, and combined with export restrictions it would allow the original country to have a look at what the recipient is doing with it, and in case of Iran, it isn't exactly a bad thing, so people who developed this may have been tasked to deliberately do this
and it isn't like governments haven't done stuff like this since then, like FBI and Apple saga
did tetra resolve these issues?
me: Oh we get to hear the cops again!
...
...
( hears the feds muttering own address... )
Did I understand correctly that they were able to reconstruct an 80-bit key from a subset of 32 bits? That seems like a very bad key algorithm.
Good to know the EU wasted almost €2bn in 1995 money on this flawed system.
Anyone know what specific hardware was compromised?
Another win for security through obscurity, I see.
What's this TEA? The TEA that I'm aware of is Tiny Encryption Algorithm, which is a block cipher, not a stream cipher.
This is one more example of why loosening encryption even a little bit (to allow say governments to unlock phones when they acquire a warrant) is always a bad idea. You fundamentally break the robustness of the algorithm and make things like this possible.
There do even exist standards for multi-key cryptography (where more than one secret key can decrypt ciphertext made with the corresponding public key), but even that has to assume / trust that the secret key given to the third party won't be compromised or stolen. It is hard enough protecting secret keys in your possession, let alone formally verifying that a 3rd party has kept a second key secure.
That means my XOR only encryption is a bit insecure, even with internal hash functions
Curiously, it's the most secure thing you can do, if you use one time pad ciphers. And honestly... why would you use anything else in a day and age of 4Tbyte SSD drives? One drive is enough for years of voice communications. ;-)
Basing public safety infrastructure encryption on a proprietary standard is just a bad idea right from the jump. Basing it on a "government endorsed" standard (or, even worse, using "government endorsed" magic numbers) is downright madness. Our algorithms should be publicly discussed, and every entity should take responsibility for finding their own magic numbers so that NO ONE ELSE KNOWS THEM, even only in theory. The job of the cryptography community is to make this realistically possible, by providing straightforward open-source tools for doing the necessary establishment operations.
In other words, the main job of the crypto community, in my opinion, is to get us past this "never roll your own crypto" era - we need for the best practice to be "always roll your own crypto, using the most up-to-date best practices."
Security through obscurity is not security
Accident or intentional?
I knew this video was coming. I haven't even watched the talk yet. Prime example of obscurity != security :) It's going to be like the 90s all over again, lol
Came here to say the same: security by obscurity is no security at all
Most people could still spell and write in complete sentences in the 90s.
@@ChrisBreederveld That doesn't however mean obscurity is bad. Not using port 22 for SSH reduces exposure to automated attacks, but is not a replacement for a good password or forcing key-based authentication.
Good video
Security by obscurity will NEVER work
The vulnerabilities were NOT a mistake. It was purposeful.
that's why wanting security with something proprietary is stupid
A proprietary standard sounds like some money somewhere changed some hands
What's the likelihood of a police scanner coming soon?
I really hate RUclips shorts, this is the quality that makes RUclips watchable at all.
Then just don’t watch shorts? What an odd comment.
@@jasonschuler2256yes it is quite easy to just not watch em very strange comment
Tetra Burst sounds like a sick attack name
Woah for a second i thought it affected Pokemon Go 😢 Whew!! ❤
Wow! This is crazy!
Seems like an interesting topic ❤🔥
If you're sending your enemies encryption methods...of course they're going to be weak?
Public money, public code! Donate to EFF, we need someone lobbying for our side.
Encryption rules:
#1: Don't invent your own algorithm.
#2: See rule #1.
Security by obscurity at it's finest
The mere idea that security exists in this space is a ridiculous misunderstanding of physics. A radio transmitter can always be located simply by the fact that it has to produce an energy flow that is above the noise background of the environment. No matter the protocol, it is always possible to detect the source of the transmission. For a criminal the detection of a police transmitter close to his physical location would usually be enough to seize the criminal activity. It is complete overkill to differentiate between "harmful" and "harmless" police presence for most such activities. That's why the police usually does not care about being listened to.
Im no criminal but I did like being able to exploit things like this because police should be accountable. I think the number of criminals actually listening to police (and even being able to use it to their advantage) is actually quite rare. Maybe you would want some standard that prevents insertion of messages, but it should allow you to hear public services in the clear
I'm sure there are situations where you wouldn't want people to be able to just listen in - for example, if they're coordinating raids or a manhunt.
Perhaps a different idea - they could carry on broadcasting encrypted messages (using an open, thoroughly tested protocol) and maybe release keys a day or a week later
Yeah a delayed system would be cool. Also body cams i feel should be harsher restrictions on "accidentally" deleting footage.
@@AbelShields Maybe in whatever shithole country you live in where government is sovereign and people are subjects. In America, it's the opposite. If cops can't do their jobs without violating peoples' rights, then too damn bad. Git gud.
The only "criminals" with this kind of capability are people engaged in highly lucrative trade of goods that the government doesn't like - aka only criminals by statute. Dangerous murderers and rapists aren't sophisticated people but magically the government rarely finds the time to go track them down.
@@AbelShields it would have to be a system that doesn’t rely on the good will of the police.
TETRA is Terrestrial Trunking on a digital form to substitute the MPT analog wich lacked capacity.
But no Enterprise would buy a lousy system that was completly shatered by GSM and the likes...
So they started selling to Governments that use people's money and don't care, as long as they get some kickbacks...
TBSs transmiting all the time are a perfect target, and how come military personel would use a system that cannot make radio silence on its own concept....
This is a money scheme...bilions down the drain...
TETRA was for truckers and dilivery services, not for military or police or firemen work....
For that you use FHSS, anti-EMP, and the likes...
All ignorants making decisions on what they don't understand....
"All ignorants making decisions on what they don't understand" is just how politics generally works under capitalism.
If we don't know what our police are doing or saying, how do we know they're not intending to victimize us?
That's guaranteed by the law and only by the law. If you think that spying on the police will keep you safe from the police of a country that does not abide by human rights standards, then you are just kidding yourself... and not just a little.
Anyone who's ever had even a tangential involvement with an ETSI standards committee will know what a glacially slow, politically handicapped process it is. Technical considerations are definitely not at the top of the list when it comes to providing the design criteria.
Security by obscurity ... isn't.
You could say, it is just an exploit prob used by organisations for years (or decades).
finally i can listen to police chatter
not to mention 2 on 32, but 2 on 80 is also bruteforcable nowadays. not in real time though. its similar to 12 letter password. so tetra is completely useless if xor algorythm is all there is...
Events like this start to look like straw-men for enhancing the false sense of security around the publicly available implementations. It's not just the public standards that have to be checked, it's the _implementations._ So the implementations of those public standards need to be open source. But even when they are open source, and even if they were formally verified, they are still vulnerable because the underlying OSes like Windows and Linux are not secure, and in fact these OSes have insecurity built in. Think for example of the common use of libraries like openssl to implement public cryptographic protocols. These libraries have a fixed publicly avaiable interface. All the OS needs to do is provide a back door that allows a man-in-the-middle to intercept the API calls to libssl and all the cryptography in the world isn't worth the bubble gum under a school desk. It's all BS and hot air.
Imagine having to sign an NDA for this
An NDA is a legal document that defines a "reasonableness" standard for the safekeeping of trade secrets. It prevents both sides from bringing nonsense lawsuits. If you are ever exposed to somebody's trade secret without having a written NDA in place, be very careful. It might backfire if you are dealing with a possessive personality. With an NDA all you have to do is to keep their trade secrets as safe as you would your own, i.e. they can't require you to pay damages for accidental leaks if you abide by the low standards of the document, which are usually trivial. If you are used to keeping your own trade secrets in a file folder in a locked office and you have employment agreements that require your employees to keep their knowledge about your company and its operations to themselves, then you are done implementing security measures for your partner as well. They can't sue you for not keeping their documents in a safe inside a vault inside a military installation with double fences and armed guard towers. ;-)
5:44 sorry but i am stopping the video because of the sound that felt-tip pen makes. i can't stand it.
If it's a European protocol why do American export restrictions matter? Also wasn't it not allowed to Iran regardless?
He was talking about European export restrictions…
@@jasonschuler2256 well he said American
Wow a symmetric key encryption protocol that gets broken that has never happened before.
Should also be noted that UK police pushed TETRA, because of the mesh network officers then make, but the relay/transmit power of the handsets needed to pull that off gave many officers chest/lung/heart cancer.
Also TETRA was known to be backdoored in the early 2000s, it's not that "no one knowed about it" - it was simply illegal (patent, IP) to say how. At least in the UK.
lol ... "heart cancer"
Never short of tin foil in your house.
@@BezosAutomaticEye false, i'm actually constantly running out because the government is hiding my shopping lists.
Rule #1 of development with crypto: *don't* roll your own crypto!
Sometimes, you want these vulnerability to exist.
idk why iran would ever trust an american export in secure telecommunications tbh or vice versa lol
"You don't want people to know what police are saying to each other."
Uhh what? So you don't want transparency in government? You want them to be able to conspire against citizens? You want them to be able to get their stories straight with each other before they write reports? All police radio traffic must be PUBLIC. WE pay for it.
I agree with transparency, BUT not realtime. What I mean, is that police communications while some operation is going on, needs to be secret, but after they are done, all data needs to be public. Think of a raid, you do not want the raided to be aware of it, but after all is done, the public has the right to know what happened there.
@@ikocheratcr Police shouldn't be doing "raids." They are not the military and citizens are not enemy combatants.
@@snex000 That seems...impractical. I can imagine quite a few cases where raids seem called for - human trafficking, illegal weapons manufacturing operations, etc. I mean, I guess you could call in the military for all such operations? I'm on the fence about that one.
@@Erhannis Human trafficking is only an issue because the government has illegally made it a crime to sell sexual services in a reputable manner.
And what on earth is an "illegal weapon?" The right of the people to keep and bear arms shall not be infringed.
You are just making my point for me. The ONLY reason you want secret police communications is to go after people who commit made up crimes that either have no victims or that only exist because the government has forced activity into a black market.
Stop giving this kind of immense power to people who are supposed to be there to SERVE the people. They cannot be trusted with it. No one can.
@@Erhannisthe military is both better equipped and better trained for these types of scenarios, and the police, in america at least, have shown themselves time and time and time and time again to not handle them well. Cops use that to argue they need better equipment, then when they fail to use the better equipment, they say they need more training, then you get astronomical budgets going to the police of every town and city in the country so that they can pretend they are elite military personnel at the one big call every few years, where they tend to completely drop the ball.
How about Tera-Burgers and junk food -->> 300 lbs overweight
Security by obfuscation is not secure...
One time pad should only be used once...
Crypto Course 101...
big heck
Here's hoping people lose their jobs over this shit. Not just at ETSI for allowing this to happen, but at all the agencies that chose to adopt a proprietary encryption standard that had never before gone through an external audit. This is the sort of shit that costs lives.
I don't even care anymore. We've destroyed ourselves with our "cleverness". I'm letting nature bat last.
Interdasting..
Garbage in, garbage out
I hope that if the Russians are using TETRA, that the public disclosure and resultant repair didn't alter the ability to decrypt their communications.
his dunglish is great
The issue I see with the likes of TEA2 is most of the kit is made outside the EU. Even if they shouldn't those external countries will have the implementation and it will likely be further subcontracted out the another tin pot outfit. Seen it so many time with propensity standards.