Högskolan i Skövde

For applications where general-purpose communication systems, such as mobile telephony, do not satisfy user requirements, special-purpose digital wireless communication standards have been developed. Since these systems often support critical infrastructures, security issues can have far-reaching consequences. To study the extent of research on security issues in specialized communication standards, a systematic literature review was performed, using snowballing to maximize coverage. The found publications cover security issues in radio communication systems for three major areas: civil transportation, public safety and security, and telephony and satellite communication systems. The main results from the included publications are summarized. This is followed by an analysis that presents five common themes among the security issues: lack of encryption, lack of authentication, broken encryption, protocol vulnerabilities, and implementation vulnerabilities. Research tools and methods used across the different technology fields are systematized, showing that software-defined radio and open-source software appear to be enablers of research on the communication standards covered by the review. The systematization also reveals that the application of research methods to different standards is spotty. Finally, numerous open research directions are pointed out, including the need for more holistic research that goes beyond just finding technical flaws in single standards.

The SoDark cipher is used to protect transmitted frames in the second and third generation automatic link establishment (ALE) standards for high frequency (HF) radios. The cipher is primarily meant to prevent unauthorized linking and attacks on the availability of HF radio networks. This paper represents the first known security analysis of the cipher used by the second generation ALE protocol—the de facto world standard—and presents a related-tweak attack on the full eight round version of the algorithm. Under certain conditions, collisions of intermediate states several rounds into the cipher can be detected from the ciphertext with high probability. This enables testing against the intermediate states using only parts of the key. The best attack is a chosen-ciphertext attack which can recover the secret key in about an hour with 100% probability, using 2⁹ chosen ciphertexts.

S-boxes are often the only nonlinear components in modern block ciphers. They are commonly selected to comply with very specific criteria in order to make a cipher secure against, for example, linear and differential attacks. An M x N S-box can be thought of as a lookup table that relates an M-bit input value to an N-bit output value, or as a set of N boolean functions of M variables (Schneier, 1996).

Although cipher specifications generally describe S-boxes using their lookup tables, they can also be described as boolean functions or logic gate circuits. sboxgates, which is presented here, finds equivalent logic gate circuits for S-boxes, given their lookup table specification. Generated circuits are output in a human-readable XML format. The software can convert the output files into C or CUDA (a parallel computing platform for Nvidia GPUs) source code. The generated circuits can also be converted to the DOT graph description language for visualization with Graphviz (Ellson et al., 2002).

HALFLOOP-24 is a tweakable block cipher that is used to protect automatic link establishment messages in high frequency radio, a technology commonly used by government agencies and industries that need highly robust long-distance communications. We present the first public cryptanalysis of HALFLOOP-24 and show that HALFLOOP-24, despite its key size of 128 bits, is far from providing 128 bit security. More precisely, we give attacks for ciphertext-only, known-plaintext, chosen-plaintext and chosen-ciphertext scenarios. In terms of their complexities, most of them can be considered practical. However, in the real world, the amount of available data is too low for our attacks to work. Our strongest attack, a boomerang key-recovery, finds the first round key with less than 2¹⁰ encryption and decryption queries. In conclusion, we strongly advise against using HALFLOOP-24.

Purpose – Digital mobile radio communication networks are used for coordinating operations in manyimportant sectors, including critical infrastructures and large industries. Despite this, there is a dearth ofknowledge about how their information security is managed. The most commonly used standard for suchnetworks is TETRA. Given the critical role of TETRA networks, this study aims to clarify how they are used,how their users manage information security and the implications of vulnerabilities in the standard.

Design/methodology/approach – The study is based on semi-structured interviews with representativesfrom 11 organizations in Sweden that own and operate TETRA networks, representing 32% of registered usersin the country and a wide range of users and applications. Thematic analysis was used to analyze the data.

Findings – Management of TETRA networks is generally outsourced, leaving TETRA network owners withscant knowledge of the state of security in their networks. Although organizations have high demands onavailability and integrity, the use of encryption and authentication is rare. Instead, users generally rely on theprotocol’s complexity and obscurity for security. Because organizations’ core operations are often dependenton functioning TETRA networks, attacks can have severe consequences.

Originality/value – Previous research on security in digital mobile radio communication networks hasfocused on technical vulnerabilities in standards. This study is the first, to the best of the authors’ knowledge,to investigate users’ approaches to information security, the potential consequences of attacks and theimplications of known security issues in this context.