Results 1 to 7 of 7

Thread: Unication G4 Pager Encryption Question

  1. #1
    Join Date
    Sep 05, 2020
    Location
    Alabama
    Posts
    11
    Thanks
    7
    Thanked 3 Times in 3 Posts
    Country: United States

    Question Unication G4 Pager Encryption Question

    Our agency uses one ADP key for the entire county. We have a county wide event TG that is encrypted, and we would like to put the APD key in the pagers to be able to listen to that TG. However, we don't want people to be able to add that key to other TGs. Looking at the PPS, it appears the only way to prevent this is to require a password to read/write to the device.

    Is there a way to limit the APD key to one TG or require it to be loaded again if the pager is modified? We have several departments that program their own pagers, but we do not want to give them access to the ADP key.


  2. #2
    Join Date
    Dec 31, 2012
    Location
    8.8.8.8
    Posts
    163
    Thanks
    1,547
    Thanked 170 Times in 92 Posts
    Country: United States

    Default

    I'm a little confused by your post.

    First of all, the pagers are keyloaded similarly to actual radios and there is no legitimate method to retrieve the keys that I am aware of. So as long as someone is controlling the key and keyload device/application the departments that program their own pagers would not have access to they key, but would be able to assign it's use to other programmed talkgroups. Short of completely taking over programming and using passwords as you suggested, there is no way around this.

    If I am reading the rest of the post correctly, in that you are using a single ADP key for multiple talkgroups, presumably used by multiple user groups, however want to segregate who has access to which talkgroups, I have the following observations:

    - There appears to be a trust issue with your users in that there would be an issue with someone hearing another talkgroup.
    - The proper method to compartmentalize groups would be to use individual key(s) for each user group, with a common key shared by all.
    - If the security/corruption situation is really as bad as it appears, ADP should not be your choice of algorithm.

  3. The Following 3 Users Say Thank You to box For This Useful Post:

    ndp (1 Week Ago),PSEhub (1 Week Ago),TESTMODE (1 Week Ago)

  4. #3
    Join Date
    Sep 05, 2020
    Location
    Alabama
    Posts
    11
    Thanks
    7
    Thanked 3 Times in 3 Posts
    Country: United States

    Default

    Quote Originally Posted by box View Post
    I'm a little confused by your post.

    First of all, the pagers are keyloaded similarly to actual radios and there is no legitimate method to retrieve the keys that I am aware of. So as long as someone is controlling the key and keyload device/application the departments that program their own pagers would not have access to they key, but would be able to assign it's use to other programmed talkgroups. Short of completely taking over programming and using passwords as you suggested, there is no way around this.

    If I am reading the rest of the post correctly, in that you are using a single ADP key for multiple talkgroups, presumably used by multiple user groups, however want to segregate who has access to which talkgroups, I have the following observations:

    - There appears to be a trust issue with your users in that there would be an issue with someone hearing another talkgroup.
    - The proper method to compartmentalize groups would be to use individual key(s) for each user group, with a common key shared by all.
    - If the security/corruption situation is really as bad as it appears, ADP should not be your choice of algorithm.
    We manually enter the key directly into the codeplug for the radios. The radios that were bought for everyone can only have one ADP key in them. That's why everyone shares the same key. We want departments to be able to program their own pagers, but don't want them to be able to add the ADP key to any TG other than the county event TG.

  5. #4
    Join Date
    Nov 06, 2012
    Posts
    549
    Thanks
    578
    Thanked 543 Times in 293 Posts
    Country: United States

    Default

    Quote Originally Posted by box View Post
    I have the following observations:

    - There appears to be a trust issue with your users in that there would be an issue with someone hearing another talkgroup.
    - The proper method to compartmentalize groups would be to use individual key(s) for each user group, with a common key shared by all.
    - If the security/corruption situation is really as bad as it appears, ADP should not be your choice of algorithm.
    This is like post of the month right here

    "I'm using the crappiest algorithm possible, but I want it to be secure"

    "I'm using the same key for everything but I want it to be secure"

    "I have all kinds of different people handling programming but I want it to be secure"

    "I'm using devices that don't have a hardware, tamper resistant encryption module but I want it to be secure"



    **** or get off the pot. This 1/4 ***ed security through obscurity stuff is getting old. Either it needs to be secure or it doesn't.

  6. The Following 5 Users Say Thank You to PSEhub For This Useful Post:

    box (1 Week Ago),MattSR (1 Week Ago),ndp (1 Week Ago),TESTMODE (1 Week Ago),triptolemus (1 Week Ago)

  7. #5
    Join Date
    Aug 26, 2014
    Posts
    38
    Thanks
    139
    Thanked 177 Times in 51 Posts

    Default

    Tough crowd.

    I seriously doubt the OP made all the purchasing decisions for his county's radio system. Maybe cut him some slack? He's probably just the poor guy stuck with canned tuna trying to make his bosses' caviar dreams come true. I'm pretty sure we've all been there at some point.

    OP, it looks like your options are to either 1) password the pagers and hope the software isn't full of holes (it is) or 2) upgrade all your LE subscribers to multikey.

  8. The Following 3 Users Say Thank You to fulc For This Useful Post:

    noaffiliatefan (1 Week Ago),PSEhub (1 Week Ago),roboshark28 (1 Week Ago)

  9. #6
    Join Date
    May 15, 2012
    Posts
    364
    Thanks
    92
    Thanked 285 Times in 125 Posts
    Country: Canada

    Default

    Quote Originally Posted by ben2013 View Post
    We want departments to be able to program their own pagers, but don't want them to be able to add the ADP key to any TG other than the county event TG.
    You have to pick one. Program themselves, or use the same key for everyone. If you have both, they're free to do whatever they want.

  10. #7
    Join Date
    Aug 06, 2012
    Location
    Ontario, Canada
    Posts
    788
    Thanks
    192
    Thanked 340 Times in 164 Posts
    Country: Canada

    Default

    The algo here is irrelevant really.... it could be ADP/DES/AES single key and it makes no difference. The same issue exists on the radio side of things too if you are using a single key - whats to stop someone from reading their radios, adding in a few talkgroups that utilize that same encryption key, and off they go. Obviously a little more complicated to do on a radio as you need more than a USB cable and the CPS, but still...

    Like everyone is saying your only real option is to password protect the pagers or go multikey somehow.

  11. The Following User Says Thank You to Forts For This Useful Post:

    Firebuff66 (1 Week Ago)