Research Finds P25 Susceptible to Security Attacks (12/9/10)
Thursday, December 09, 2010 | Comments

A new research paper from a group of professors at the University of Pennsylvania said Project 25 (P25) systems are highly susceptible to security attacks, and the researchers are further investigating jamming and other attacks to P25 networks.

“Security Weaknesses in the APCO Project 25 Two-Way Radio System” found a number of protocol, implementation and user interface weaknesses that can leak information to a passive eavesdropper and that facilitate active attacks. In particular, P25 systems are highly susceptible to active traffic analysis attacks, in which radio user locations are surreptitiously determined, and selective jamming attacks, in which an attacker can jam specific kinds of traffic such as encrypted messages or key management traffic, according to the report abstract. The P25 protocols make such attacks not only feasible but also highly efficient, requiring, for example, significantly less aggregate energy output from a jammer than from the legitimate transmitters, the report said.

The report analyzed the security of P25 systems against passive and active attacks. “We are currently implementing a proof-of-concept low duty cycle selective P25 jammer on the Universal Software Radio Peripheral (USRP) platform,” the report said. “Our architecture is based on a USRP equipped with receiver and transmitter daughterboards and a small outboard RF amplifier. Each received signal is analyzed in real time by a recognizer filter as it arrives; if the received headers indicate a targeted transmission, the transmitter is pulsed in sync with the NID fields of each received frame. For voice traffic, the jammer operates at a duty cycle of 3.7 percent compared with the target transmitter.”

The report authors are Sandy Clark, Perry Metzger, Zachary Wasserman, Kevin Xu and Matt Blaze, all from the University of Pennsylvania. Blaze is described in Wikipedia as a “researcher in the areas of secure systems, cryptography and trust management.” He is an associate professor of Computer and Information Science at the University of Pennsylvania; he received his doctorate degree in computer science from Princeton University.

The report was partially funded through a grant from the National Science Foundation. The full report is available here.

Your comments are welcome, click here.

 




 
 
Post a comment
Name: *
Email: *
Title: *
Comment: *
 

Comments

No Comments Submitted Yet

Be the first by using the form above to submit a comment!

Site Navigation

Close