Unfortunately, there was apparently no such eagerness to improve the equipment. The officer who demonstrated the gadget to me did not seem at all concerned that his platoon had to have physical access to a radio in order to revoke its encryption key! One might like to think that the foe will be an officer and a gentleman, yet somehow I don't think they are going to publish those revocation certificates on the British Army's behalf should they manage to obtain one of our radios...!
Wait how else would it be done? If you lose control of a radio you don't revoke the key you rotate it on all the radios you still control. The only reason you'd ever revoke a key is for administrative reasons (like you're handing the units off to someone else or something) in which case you'll have physical access just fine.
To be specific (as best I can; this conversation was about five years ago now), the radios used a form of symmetric encryption. The company would have squads of under ten soldiers, working covertly behind enemy lines in sabotage and reconnaissance. I don't remember whether the radios could communicate with each other only within the squads or across their entire platoon, but the thing that stood out to me was this: should a single soldier be captured (they'd be in enemy territory after all), each other soldier would have to meet together in person to reset the encryption keys.
It's hard to believe, but if I understood the chap at the military exhibition correctly, the enemy could use a captured device to listen in to every communication among the squad/platoon, which would presumably make it perilous for them to reconvene again in secret - precisely what they would need to do in order to cycle the keys.
If a more PKI-style mode of encryption was used instead, there could be a 'dead-man switch' or emergency button on the radio that would send a revocation certificate to all the other soldiers' radios if one was captured, causing the platoon to immediately cease encrypting their signals for the compromised set.
Seems like a really hard problem though. A dead-man switch is likely to get triggered unintentionally if you're literally in a firefight. You could improve a bit with some kind of consensus protocol - "we all agree these six radios have not been compromised" - but coordinating that in practice seems hard, and vulnerable to an enemy capturing a single radio and initiating the consensus protocol.
In a tactical context, it's a huge ask to get intel value out of a radio in a timeframe that'll be useful. On top of that, compromised comms are almost certainly better than no comms. Military radio comms are pretty good (at least in the US), what I though OP was probably referring to was P25 which is a civilian protocol with several issues [1][2]
Very interesting; thanks for the references. I'm no tactical radio expert, and can't quite remember, but I think the radio I'm referring to must have been the EZ-PRR[1], as that's the only similar-looking one that is reportedly in use by the British Army.
> compromised comms are almost certainly better than no comms.
Is this true when undercover though? As a layman, I would assume it is better for each soldier to attempt to find each other at first (like any other human beings, they'd have their 'Schelling points'), and failing that, attempt to get home safely on their own. The alternative - arranging a rendezvous over a potentially compromised comms method - could get them all killed or captured together. Is there a flaw in my reasoning?
> which would presumably make it perilous for them to reconvene again in secret
Only if they are unprepared. They can agree in advance a time and a location to meet when things go wrong. Then the only thing they have to broadcast on the radio is that the radios have been compromised and the backup protocol is active.
> there could be a 'dead-man switch' or emergency button on the radio that would send a revocation certificate to all the other soldiers' radios
I’m not sure i follow what you are saying. Are you proposing a button on the radio which removes that specific radio from the network? If so that can be much more easily, and reliably, done by zeroing the keys of that specific radio.
Just for context, on public safety/mil radios the user usually can't manage key material from within the UI of the radio: there's literally a distinct piece of hardware called a keyloader that's required to do it, e.g. https://www.motorolasolutions.com/en_us/products/p25-product... (or https://github.com/KFDtool/KFDtool if you're cool). Individual people in the field usually don't have this hardware. I think the poster you're replying to is suggesting in a roundabout manner a way for a user, knowing their radio is about to be compromised, to zero the keys without one of these boxes. It's been a while since I last dug around in cps astro, but istr that being a thing you could set up.
Spot on! That was indeed what I was imagining. If the soldier had to enter a PIN each day, for instance (a kind of dead man's switch), and assuming the enemy is abiding by the rules of war and thus can't compel a captured soldier to reveal it, there is absolutely nothing the enemy could do to prevent being locked out of the encryption after obtaining a radio.
I'm aware of the constraints inherent in designing equipment for this kind of demanding physical environment, but with reprogrammable chips being the norm rather than the exception, I'm really surprised that more modern cryptography isn't expected from these radios.
> I'm really surprised that more modern cryptography isn't expected from these radios
Military radios absolutely do have modern cryptography. That is half the reason why the NSA exists.
If you think you know better most likely you are wrong, or you are seeing some system which is held back so they can maintain compatibility with coalition forces.
You don’t need revocation certificates to zero out the key material of a radio. In fact it wouldn’t work reliably because it assumes all network participants are within radio range and listening when you want to zero your keys. Much more easy and reliable is to delete the key material localy on the radio. This zeroing can be also performed by a remote signal.
Perhaps you and the officer had different perspectives on the threat models under which revocation of radio encryption keys might happen? Maybe there are additional controls in place?
