Unication G4 Pager Encryption Question

Status

ben2013

Regular Member
Joined
Sep 5, 2020
Messages
10
Our agency uses one ADP key for the entire county. We have a county wide event TG that is encrypted, and we would like to put the APD key in the pagers to be able to listen to that TG. However, we don't want people to be able to add that key to other TGs. Looking at the PPS, it appears the only way to prevent this is to require a password to read/write to the device.

Is there a way to limit the APD key to one TG or require it to be loaded again if the pager is modified? We have several departments that program their own pagers, but we do not want to give them access to the ADP key.
 

box

Prolific Contributor
CS Forums $upporter
Joined
Dec 30, 2012
Messages
189
I'm a little confused by your post.

First of all, the pagers are keyloaded similarly to actual radios and there is no legitimate method to retrieve the keys that I am aware of. So as long as someone is controlling the key and keyload device/application the departments that program their own pagers would not have access to they key, but would be able to assign it's use to other programmed talkgroups. Short of completely taking over programming and using passwords as you suggested, there is no way around this.

If I am reading the rest of the post correctly, in that you are using a single ADP key for multiple talkgroups, presumably used by multiple user groups, however want to segregate who has access to which talkgroups, I have the following observations:

- There appears to be a trust issue with your users in that there would be an issue with someone hearing another talkgroup.
- The proper method to compartmentalize groups would be to use individual key(s) for each user group, with a common key shared by all.
- If the security/corruption situation is really as bad as it appears, ADP should not be your choice of algorithm.
 
OP
B

ben2013

Regular Member
Joined
Sep 5, 2020
Messages
10
I'm a little confused by your post.

First of all, the pagers are keyloaded similarly to actual radios and there is no legitimate method to retrieve the keys that I am aware of. So as long as someone is controlling the key and keyload device/application the departments that program their own pagers would not have access to they key, but would be able to assign it's use to other programmed talkgroups. Short of completely taking over programming and using passwords as you suggested, there is no way around this.

If I am reading the rest of the post correctly, in that you are using a single ADP key for multiple talkgroups, presumably used by multiple user groups, however want to segregate who has access to which talkgroups, I have the following observations:

- There appears to be a trust issue with your users in that there would be an issue with someone hearing another talkgroup.
- The proper method to compartmentalize groups would be to use individual key(s) for each user group, with a common key shared by all.
- If the security/corruption situation is really as bad as it appears, ADP should not be your choice of algorithm.

We manually enter the key directly into the codeplug for the radios. The radios that were bought for everyone can only have one ADP key in them. That's why everyone shares the same key. We want departments to be able to program their own pagers, but don't want them to be able to add the ADP key to any TG other than the county event TG.
 

PSEhub

Prolific Contributor
CS Forums $upporter
Joined
Nov 5, 2012
Messages
976
I have the following observations:

- There appears to be a trust issue with your users in that there would be an issue with someone hearing another talkgroup.
- The proper method to compartmentalize groups would be to use individual key(s) for each user group, with a common key shared by all.
- If the security/corruption situation is really as bad as it appears, ADP should not be your choice of algorithm.

This is like post of the month right here

"I'm using the crappiest algorithm possible, but I want it to be secure"

"I'm using the same key for everything but I want it to be secure"

"I have all kinds of different people handling programming but I want it to be secure"

"I'm using devices that don't have a hardware, tamper resistant encryption module but I want it to be secure"



**** or get off the pot. This 1/4 ***ed security through obscurity stuff is getting old. Either it needs to be secure or it doesn't.
 

fulc

Contributing Member
CS Forums $upporter
Joined
Aug 25, 2014
Messages
39
Tough crowd.

I seriously doubt the OP made all the purchasing decisions for his county's radio system. Maybe cut him some slack? He's probably just the poor guy stuck with canned tuna trying to make his bosses' caviar dreams come true. I'm pretty sure we've all been there at some point.

OP, it looks like your options are to either 1) password the pagers and hope the software isn't full of holes (it is) or 2) upgrade all your LE subscribers to multikey.
 

CQDX

Prolific Contributor
CS Forums $upporter
Joined
May 14, 2012
Messages
402
We want departments to be able to program their own pagers, but don't want them to be able to add the ADP key to any TG other than the county event TG.

You have to pick one. Program themselves, or use the same key for everyone. If you have both, they're free to do whatever they want.
 

Forts

Prolific Contributor
CS Forums $upporter
Joined
Aug 6, 2012
Messages
909
The algo here is irrelevant really.... it could be ADP/DES/AES single key and it makes no difference. The same issue exists on the radio side of things too if you are using a single key - whats to stop someone from reading their radios, adding in a few talkgroups that utilize that same encryption key, and off they go. Obviously a little more complicated to do on a radio as you need more than a USB cable and the CPS, but still...

Like everyone is saying your only real option is to password protect the pagers or go multikey somehow.
 
Status