Högskolan i Skövde

Effective development of military capability in peacetime requires the ability to predict the implications of future technologies. To this end, technology forecasting is greatly important. This study adopts a design science approach to explore whether crowdsourcing and the anonymous, asynchronous involvement of experts through a web-based application could enhance the validity of an already-established method for military utility assessment of future technologies (MUAFT). A dedicated application was developed, designed to facilitate the development of assessments by engaging online participants. The modified method, consisting of the application and updated procedures, is demonstrated to effectively support asynchronous assessments while preserving the anonymity of participants. The modifications are thus likely to leverage the possibilities of crowdsourcing and to increase the overall validity of the method. While the demonstrated method shows promise, several areas for improvement have been identified, particularly regarding the application’s usability. To comprehensively evaluate the method’s validity and reliability, real-world assessments of future technologies involving large and diverse groups of experts and students are recommended.

Purpose – Digital mobile radio communication networks are used for coordinating operations in manyimportant sectors, including critical infrastructures and large industries. Despite this, there is a dearth ofknowledge about how their information security is managed. The most commonly used standard for suchnetworks is TETRA. Given the critical role of TETRA networks, this study aims to clarify how they are used,how their users manage information security and the implications of vulnerabilities in the standard.

Design/methodology/approach – The study is based on semi-structured interviews with representativesfrom 11 organizations in Sweden that own and operate TETRA networks, representing 32% of registered usersin the country and a wide range of users and applications. Thematic analysis was used to analyze the data.

Findings – Management of TETRA networks is generally outsourced, leaving TETRA network owners withscant knowledge of the state of security in their networks. Although organizations have high demands onavailability and integrity, the use of encryption and authentication is rare. Instead, users generally rely on theprotocol’s complexity and obscurity for security. Because organizations’ core operations are often dependenton functioning TETRA networks, attacks can have severe consequences.

Originality/value – Previous research on security in digital mobile radio communication networks hasfocused on technical vulnerabilities in standards. This study is the first, to the best of the authors’ knowledge,to investigate users’ approaches to information security, the potential consequences of attacks and theimplications of known security issues in this context.

For applications where general-purpose communication systems, such as mobile telephony, do not satisfy user requirements, special-purpose digital wireless communication standards have been developed. Since these systems often support critical infrastructures, security issues can have far-reaching consequences. To study the extent of research on security issues in specialized communication standards, a systematic literature review was performed, using snowballing to maximize coverage. The found publications cover security issues in radio communication systems for three major areas: civil transportation, public safety and security, and telephony and satellite communication systems. The main results from the included publications are summarized. This is followed by an analysis that presents five common themes among the security issues: lack of encryption, lack of authentication, broken encryption, protocol vulnerabilities, and implementation vulnerabilities. Research tools and methods used across the different technology fields are systematized, showing that software-defined radio and open-source software appear to be enablers of research on the communication standards covered by the review. The systematization also reveals that the application of research methods to different standards is spotty. Finally, numerous open research directions are pointed out, including the need for more holistic research that goes beyond just finding technical flaws in single standards.

A proper assessment of maritime security risks at the national level is crucial to a national maritime security plan (NMSP) in order to secure the concerned country’s ports, vessels and territorial sea. Thus, the importance of implementing a national maritime security assessment (NMSA) to counter security threats and ensure the continuity of national and international trade. The most important set of international regulations concerning maritime security is the International Ship and Port Facility Security (ISPS) Code, which includes revision, approval and control of compliance of the Port Facility Security Plan (PFSP), which shall be based upon the Port Facility Security Assessment (PFSA). This paper proposes a mathematical dynamic model that calculates in real time the residual risk for the whole country and each of its ports by adapting and expanding the formula and procedures established in the Code, which since it has already been implemented around the world, gives the opportunity to take advantage of this quantitative solution to administrate maritime security risks on a nation-wide basis and create an effective national maritime security plan, which would allow the concerned authorities to improve situational awareness and adapt to security changes through a better planning of human, economic and material resources to deter security threats. The model was tested with the use of five encoded categories as countries, each of them with three ports, which encompassed three port facilities. The results indicate that this methodology is easy to implement and widespread use of that model could strength robustness in national security.

HALFLOOP-24 is a tweakable block cipher that is used to protect automatic link establishment messages in high frequency radio, a technology commonly used by government agencies and industries that need highly robust long-distance communications. We present the first public cryptanalysis of HALFLOOP-24 and show that HALFLOOP-24, despite its key size of 128 bits, is far from providing 128 bit security. More precisely, we give attacks for ciphertext-only, known-plaintext, chosen-plaintext and chosen-ciphertext scenarios. In terms of their complexities, most of them can be considered practical. However, in the real world, the amount of available data is too low for our attacks to work. Our strongest attack, a boomerang key-recovery, finds the first round key with less than 2¹⁰ encryption and decryption queries. In conclusion, we strongly advise against using HALFLOOP-24.

The SoDark cipher is used to protect transmitted frames in the second and third generation automatic link establishment (ALE) standards for high frequency (HF) radios. The cipher is primarily meant to prevent unauthorized linking and attacks on the availability of HF radio networks. This paper represents the first known security analysis of the cipher used by the second generation ALE protocol—the de facto world standard—and presents a related-tweak attack on the full eight round version of the algorithm. Under certain conditions, collisions of intermediate states several rounds into the cipher can be detected from the ciphertext with high probability. This enables testing against the intermediate states using only parts of the key. The best attack is a chosen-ciphertext attack which can recover the secret key in about an hour with 100% probability, using 2⁹ chosen ciphertexts.

S-boxes are often the only nonlinear components in modern block ciphers. They are commonly selected to comply with very specific criteria in order to make a cipher secure against, for example, linear and differential attacks. An M x N S-box can be thought of as a lookup table that relates an M-bit input value to an N-bit output value, or as a set of N boolean functions of M variables (Schneier, 1996).

Although cipher specifications generally describe S-boxes using their lookup tables, they can also be described as boolean functions or logic gate circuits. sboxgates, which is presented here, finds equivalent logic gate circuits for S-boxes, given their lookup table specification. Generated circuits are output in a human-readable XML format. The software can convert the output files into C or CUDA (a parallel computing platform for Nvidia GPUs) source code. The generated circuits can also be converted to the DOT graph description language for visualization with Graphviz (Ellson et al., 2002).

This memo specifies Network Time Security (NTS), a mechanism for using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) to provide cryptographic security for the client-server mode of the Network Time Protocol (NTP).

NTS is structured as a suite of two loosely coupled sub-protocols. The first (NTS Key Establishment (NTS-KE)) handles initial authentication and key establishment over TLS. The second (NTS Extension Fields for NTPv4) handles encryption and authentication during NTP time synchronization via extension fields in the NTP packets, and holds all required state only on the client via opaque cookies.