wtm@neoucom.UUCP (Bill Mayhew) (10/21/89)
Sometimes, scrambling on the phone might give away more information to a spy than not using scrambling. Suppose your company uses a phone scrambler every time you order CPU chips from your vendor. If an industrial spy finds out that you usually order in lots of 10,000 parts, then the spy knows approximately what your current production schedule is just by counting the number of times a scrambled conversation is present on the line. The spy doesn't need to know exactly what was said in the course of the conversation. Another example is: suppose the army sends a coded transmission when a missile is launched in a test. The other side knows to watch for the transmission; they don't have to bother with breaking the code. The solution to this is to keep the link hot all the time, even when no useful data is being transmitted. Ie: you have to scramble all of your calls. The other problem with scrambling is that alerts spys to the fact that you have something to hide, and may provoke the spys to gather intelligence data on you through other means, such as examining your trash, etc. for telltale information on what you're up to. Scrambling and ecryption needs to have some sort of time-varying authentication paramater too. An example is to connect a tape recorder to a bank security system for a while, then use play-back spoofing to fake the all-clear signal while you cut off the real alarm and rob ye olde bank. Obviously, the data needs to vary in time with some algorithm that isn't easily guessed by the criminal. General Instruments found out a lot about security with the infamous Videocipher satellite TV scrambling system. The Videocipher theoretically is quite secure, as it uses the DES algorithm to encode the digital audio (while a trivial scrambling is applied to the video portion). None the less, the system has more holes than swiss cheese in the way the keys are distributed over the air to the viewers. A 12-year-old kid with an Atari ST, a couple of blank PROMs and an hour's time can beat the system. GI is developing a new system that may use key cards that are sent to individual viewers by surface mail. The best way to handle phone security is to use a code book that is known only to you and the person you're communicating with. It is possible to choose a code book of phrases that doesn't peak the interest of the spy tapping the line. Moral: there is no such thing as phone security/privacy. Bill
sampson@attctc.Dallas.TX.US (Steve Sampson) (10/21/89)
As an user of secure radios I must say your communication rate drops to about 50% at fringe ranges. With digital DS Wide-Band and the Narrow-Band audio choppers. Digital is the nicest to listen to, while the audio chopper works with HF to UHF Narrow-Band radios. In the fringe areas you lose sync and the rest of the message is garbled or static (in wide-band). Then you say piss on it and go clear voice and break out the code book. I'd say for most police and investigators though, that secure voice can really be a benefit to operations. Currently you find them heading for a telephone to communicate in private. For home use the technology is here for simple privacy schemes (lower than DES and NSA) that could be made affordable. I'm playing with one scheme where I'm using two CODECS hooked to a Micro that inserts between the headset and the phone. In this case you can use any algorithm you want. I'm planning on using an XOR with a seeded random number generator (the simplest). Interesting subject.