Insular Technologies - A Civil Tactical Response to SIGNIT Communities

In the past four years we have been accustomed to receive information on the extent of global signit work that has actually been going on without the knowledge of civil populations, communications infrastructure users and developers and in many cases even governments. A very quiet debate has started around issues arising from the knowledge about the ECHELON system, which has now spread also into mainstream politics, and we should be very careful observers of this processes. One should also be aware of the fact, that possible ?sister" systems exist in the EU countries, Russia, France and China, although not much is known about them, except what can be gathered from each countries encryption regulations, which in this respect can be taken as an information on each of the countries civil rights and signit polices. We can also assume that Israel possesses strong signit mideast oriented capabilities.

Insular Technologies

Insular Technologies

Insular Technologies

Insular Technologies
X

To understand what this kind of system does, I will quote a simple definition of ECHELON:

ECHELON consists of a global network of computers that automatically search through millions of intercepted messages and data packets for pre-programmed keywords or fax, telex and e-mail addresses. Every word of every message in the frequencies and channels selected at a station is automatically searched. The processors in the network are known as the ECHELON dictionaries. ECHELON connects all these computers and allows the individual stations to function as distributed elements in an integrated system. An ECHELON station's dictionary contains not only its parent agency's chosen keywords, but also lists for each of the other four agencies in the UKUSA system (NSA, GCHQ, DSD, GCSB and CSE). Allegedly ECHELON is concentrated on the comsat traffic, although one could suppose that signit work is done also on terrestrial HF and microwave networks.

So, with the dawn of knowledge about this signit systems, the civil community of the world should think twice before it uses the communications infrastructure for tactical, socio-evolutionary work. The systems are of course in place to protect the national security of each of the signatories to the UKUSA agreement, and other respective countries operating their own signit processors. The problem being, that national security is a highly broad and specifically expandable definition, that can in specific circumstances lead to prosecution of completely innocent individuals with a slightly different political view than that of the current governments.

In this respect it is maybe time to redefine national security as the right to security of the nation and all its citizens and other individuals, before the nation, its social and especially economical and corporate structures and within it, and in front of all other nations and their respective national security definitions. Such a definition and its enforcement would of course complicate the work of any signit agency or its corporate partners, trying to indiscriminately process communications of its own citizens and individuals, and the individuals and citizens of other nations.

Privacy laws, law-enforcement information sharing and encryption laws and regulations are also being used, all for the protection of respective national securities in a very broad sense. One thing must be clear: the board of this game has been set long ago, and the rules redefined thereafter in continuity. That's why the civil tactical sector of society has to engage in the development and implementation of its own systems to actively and consciously take part in this global system of information sharing and especially protection. And since the internet is the main communication vehicle for the sector, together with phone and fax, one must be aware that internet is of course also very vulnerable to any kind of privacy and information abuse, as are the phone and fax networks. Internet is also not so redundant as it was enthusiastically thought when the community started using it, but can be virtually shut down, channeled and single user disconnected. The other problem with the internet is of course the restriction of privacy through encryption control and key recovery policies and export and import controls. 40-56 bit DES keys which are exportable can be nowadays cracked very effectively, and there are strong export limitations for RSA, RC5 and triple DES or DES_RSA key combinations and similar protocols, which ensure higher protection. Of course there are ways for companies to actually export some of this encryption protocols, either through the release and sale of source code printouts, or export through friendly nations. One remembers the PGP source code release through a printout for the HIP 97 meeting. So, some of the doors remain open and corporations, private individuals and states are still engaged in a battle of words and legislation concerning internet encryption policies, and the very interesting case in this respect is, that the legislation concerning encryption differs from country to country and that in many of those it is completely non transparent and each individual case subject to approval by the security agencies or even the military and p.e. in the case of France of a lot of political lobbying and shouldering. One exception that many restrictive states implement is for the use of higher encryption for the banks and financial services, again, with the exception of France. So, the battle for encryption rights in the internet is ongoing, but internet should not be the final communications frontier of the tactical civil sector. The reasons are mainly its reliance on global telecom infrastructure and its vulnerability that arises from it. The other reasons are the no point to point availability and the extensive use of satellite technology by global telecoms. This are all points of weakness, in respect to signit work, and privacy protection, that's why an alternative insulator strategy must be used.

The proposal here is the implementation and construction of a High Frequency (HF) radio, point to point secure analog-digital network first within Europe and its tactical media centers and further around the globe in the range of 1.6-30 MHz.

The system would consist of base HF stations, portable units and gateways to connect it to the global data network. We can gather from military analysis and amateur radio experience over the last 50 years, that HF technology has unique characteristics that make it ideal for long haul communications. The broad operational range of HF permits both line of sight surface or groundwave communications and over the horizon skywave connections, using the reflecting properties of the ionosphere. Further, the costs of HF use during one year of operations are in connection to certain calculations, 15 times lower that the costs of satellite based communications. Another issue that is important is the possibility of mobility using HF communications, with its non-directional antenna systems, and with proper selection of equipment, HF can overcome blockage from trees, buildings and mountainous terrain.

The system we are proposing is called INSULAR TECHNOLOGIES (IT) and it is a product of PACT SYSTEMS (Projekt Atol Communication Technologies), with the first two station prototype being currently developed. The open architecture of the different parts that make up the base station, will enable the users to implement their own changes and work on parallel networking solutions with their IT partners. The system will come as a finished product or as a development kit, or source code and plans only package.

Each IT station consists of the following:
- PC based computing module
- HF transceiver
- HF modem
- CRYPTO module
- Key management hardware and software
- Amplifier (for specific solutions)
- Antenna system

At the present time, high quality off the shelf commercial equipment is being used for the first two prototypes. The security of the IT system for voice and data will be ensured through the use of the GOST 28147-89 encryption standard, using 256 bit private keys with key information stored on smart card modules. For each communication session, a new key is generated. As you can see, key management and security is the primary point of weakness of this system, so a policy of strict security standards for the users and key management operators will have to be implemented within the IT users community.

The system will have at first a simple selective call solution, for the desired connection of two stations in the network and will enable over the internet network status reports. It will basically function as a telephone or radio station for voice, and as a rtty, arq, fec an packet station for data. The most suitable mode for data transmission has not been set yet, but data rates from 60-1200 bps are expected. When the internet is down, the system switches to lower data rate secure channels on HF for network status reporting, which is otherwise done via the internet, using RSA compatible encryption. Automatic link establishment (ALE) will be implemented and developed after the number of users in the system is high enough, to make such development viable. In an Automatic link establishment system, the processor performs link quality analysis in real time, storing a measurement of the signal quality for each frequency in memory. Then it automatically establishes communications with the other radio on the best available channel. ALE automates addressing of individual radios, or groups of radios, as well as selects frequency. These traditionally have been the most labor intensive operations of radio operation, requiring experienced operators. The system will have two main modes of operations, which will also enlarge the community of users at each IT point. These will be Amateur and IT-CRYPTO operations. The amateur operations will enable radio amateurs in the community to use the system as a complex HF transceiver for non-secure voice and data communications, whereas the IT-CRYPTO operations will be dedicated to tactical media issues and policy discussion, when data protection and security is needed. Technology transfer in the developmental phases of future projects will also be IT-CRPYTO designated. ITU land service allocated frequencies will be used for the IT-CRYPTO services, with up to 60 channels chosen for the operations.

How will the IT network system look like?
At first, a web of base HF station with or without internet access will be established. Targeted are former Yugoslavia and Albania, together with partner organizations in the EU and other wireless encryption friendly states. An IT consortium has to be established for this purpose, with a research & development pool and a financial pool for the production of units and further software development and a legal pool for legal issues connected with the establishment of these stations. PACT SYSTEMS will provide on site training and set-up of the hardware.

Each station will have a 7 unit alpha numerical id designator, p.e. GA452L7, which will be used for ID purposes and selcal operations. The designator will also be the stations e-mail address and crypto key ID. There will be a central crypto key management office, which will manage the production of keys on smart card modules, but won't have the actual control of them and will serve as a service to the IT community. A web of trust would have to be established to ensure the total security of the system for all its users, and key management procedures would have to be implemented.

As it is clear from the above, the IT system has the main security flaw in the web of trust, as all advanced encryption based systems. If a key is passed along to a third party outside the IT network, the network is compromised.

In the future, the system could include frequency hopping, frequency offset and burst data transmission for enhanced prevention of interception, jamming, direction finding and spoofing.

Any of these new developments would of course need a new series of research work and in this respect new funds.

With IT, the civil tactical community will get access to relatively cheap and reliable secure point to point voice and data communication, together with possibilities of audioconferencing, electronic message store and forwarding service and bulletin dissemination. Each of the stations will also be a valuable research tool for the telecommunications in the community where it will be used, with the possibility of serving as an r&d platform for future development and the furthering of knowledge and know how in the field of digital communications as well as serving as a temporary platform for tactical broadcasting. Mobile IT units will bring access to the global digital networks to communities, which need this kind of empowerment in hostile environments. The IT consortium will also take a proactive role in policy issues concerning the use of the HF spectrum for civil tactical purposes.

Technical information for the prototype IT system unit:

- frequency range 1.6-30 MHz TX
- frequency range .5-30 MHz RX
- 100 programmable channels
- 60 scan channels
- power output: from 150W to 1 kW, depending on solution
- frequency stability: +/- 10 Hz
- operating modes: J3E, H3E, R3E, J2B, CW, SSB, RTTY, PACKET, ARQ, FEC
- power: 12VDC
- processor: pentium II.
- ADSP open architecture modem
- 60-1200 bps data rates at 3kHz transmission bandwidth limitations
- microprocessor controlled antenna coupler
- multi-band base station antenna
- cooling fan for continuous transmit operations (tactical broadcast radio implementation)
- hardware 256 bit GOST 28147-89 encryption module with session key generation
- smart card private key storage
- ethernet internet gateway
- software RSA 56-128 bit encrypted IP support
- voice conferencing
- selective call availability (selcal 7 units)
- open architecture

Target countries for the IT HF system:
EF (wireless encryption friendly), EH (wireless encryption hostile)

Austria EH
Belgium EH (4 weeks notice)
Bulgaria EF
Czech Republic EF
Denmark EF
Finland EF
France EH
Germany EF
Greece EF
Hungary EH (license for import)
Ireland EF
Israel EH
Italy EF
Netherlands EH (keys must be given to law enforcement on demand)
Norway EF
Poland EH (license for import)
Portugal EF
Romania EF
Russia EH (licenses required but probably not given)
Slovakia EF
Slovenia EF
Spain EH
Sweden EF
Switzerland EH (license for use required)
Turkey EH (license for use required)
Ukraine EF
UK EF
USA EH (export prohibited, import restricted)

Note: the above information is published without thorough research from
PACT SYSTEMS and was first printed in Data Communications International,
July 1998

X