Abstract
APCO Project 25 (P25) radio networks are perhaps the most widely-deployed digital radio technology currently in use by emergency first-responders across the world. This paper presents the results of an investigation into the security aspects of the P25 communication protocol. The investigation uses a new software-defined radio approach to expose the vulnerabilities of the lowest layers of the protocol stack. We identify a number of serious security flaws which lead to practical attacks that can compromise the confidentiality, integrity and availability of P25 networks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Project 25 FDMA Common Air Interface Description. Number TIA-102.BAAA-A. Telecommunications Industry Association, 2500 Wilson Boulevard, Arlington, VA 22201, USA (September 2003)
GNU Radio. Project website, http://www.gnuradio.org
Ettus research llc, Company website, http://www.ettus.com
Glass, S., Muthukkumarasamy, V., Portmann, M.: A software-defined radio receiver for APCO Project 25 signals. In: IWCMC 2009: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing, pp. 67–72. ACM, New York (2009)
Project 25 — Digital Land Mobile Radio — Link Layer Authentication. Number TIA-102.AACE. Telecommunications Industry Association, 2500 Wilson Boulevard, Arlington, VA 22201, USA (December 2005)
Project 25 Over-The-Air-Rekeying(OTAR) Operational Description. Number TIA-102.AACB. Telecommunications Industry Association, 2500 Wilson Boulevard, Arlington, VA 22201, USA (January 2002)
Project 25 DES Encryption Protocol. Number TIA/EIA-102.AAAA-A. Telecommunications Industry Association, 2500 Wilson Boulevard, Arlington, VA 22201, USA (2001)
Loukides, M., Gilmore, J.: Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design. O’Reilly & Associates, Inc., Sebastopol (1998), http://cryptome.org/cracking-des/cracking-des.html
Rouvroy, G., Standaert, F.-X., Quisquater, J.-J., Legat, J.-D.: Design Strategies and Modified Descriptions to Optimize Cipher FPGA Implementations: Fast and Compact Results for DES and Triple-DES. In: Cheung, P.Y.K., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 181–193. Springer, Heidelberg (2003), doi:10.1007/978-3-540-45234-8_19
Rouvroy, G., Standaert, F.-X., Quisquater, J.-J., Legat, J.-D.: Efficient uses of FPGAs for implementations of DES and its experimental linear cryptanalysis. IEEE Transactions on Computers 52(4), 473–482 (2003)
Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Schimmler, M.: Breaking Ciphers with COPACOBANA –A Cost-Optimized Parallel Code Breaker. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 101–118. Springer, Heidelberg (2006)
Project 25 Vocoder Description. Number ANSI/TIA/EIA-102.BABA-1998. Telecommunications Industry Association, 2500 Wilson Boulevard, Arlington, VA 22201, USA (May 1998)
Li, C., Wu, H., Chen, S., Li, X., Guo, D.: Efficient implementation for MD5-RC4 encryption using GPU with CUDA. In: 3rd International Conference on Anti-Counterfeiting, Security, and Identification in Communication (ASID 2009), pp. 167–170 (August 2009)
Mencer, O., Tsoi, K.H., Craimer, S., Todman, T., Luk, W., Wong, M.Y., Leong, P.H.W.: Cube: A 512-FPGA cluster. In: 5th Southern Conference on Programmable Logic, SPL 2009, pp. 51–57 (April 2009)
Clark, S., Metzger, P., Wasserman, Z., Xu, K., Blaze, M.A.: Security weaknesses in the APCO Project 25 two-way radio system. Technical Report MS-CIS-10-34, University of Pennsylvania (2010), http://repository.upenn.edu/cis_reports/944
Project 54. Project website, http://project54.unh.edu
Kun, A.L., Thomas Miller III, W., Lenharth, W.H.: Computers in police cruisers. IEEE Pervasive Computing 3(4), 34–41 (2004)
Ramsey, E.R., Thomas Miller III, W., Kun, A.L.: A software-based implementation of an APCO Project 25 compliant packet data transmitter. In: 2008 IEEE International Conference on Technologies for Homeland Security, Boston, MA, May 12-13. Institute of Electrical and Electronics Engineers (2008)
Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)
Mantin, I.: A Practical Attack on the Fixed RC4 in the WEP Mode. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 395–411. Springer, Heidelberg (2005)
Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. In: Proceedings of the 7th Annual International Mobile Computing and Networking Conference, pp. 180–189. ACM SIGMOBIL, ACM Press, New York, NY (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Glass, S., Muthukkumarasamy, V., Portmann, M., Robert, M. (2012). Insecurity in Public-Safety Communications: APCO Project 25. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds) Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 96. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31909-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-31909-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31908-2
Online ISBN: 978-3-642-31909-9
eBook Packages: Computer ScienceComputer Science (R0)