PRESQUE ISLE, Maine — The Aroostook Amateur Radio Association learned the timeline of radio encryption as member Boyd Spencer discussed digital radio security during the AARA’s Oct. 1 meeting in the Mark and Emily Turner Memorial Library.
Radio encryption dates back to World War II and is still an essential aspect of maintaining secure communications.
“Encryption is the art of writing and solving codes,” said Spencer, “and it isn’t just limited to government and military. Criminals use encryption, and scientists use it to protect their information.”
Spencer’s presentation focused on the history of encryption along with the many methods one can use to break through encrypted barriers.
“The predecessor to the what the standard is today was used until the early 90s until people realized they could break it with what is known as “brute force.’”
Brute force attacks involve utilizing a computer to calculate every possible password or key combination until the correct code is found. Depending on the length of a password, brute force attacks can take anywhere between a couple minutes and a couple decades to successfully decrypt a network or system.
The National Institute of Standards and Technology announced that they needed a new encryption standard that was less susceptible to brute force attacks. NIST accepted submissions from the years 1997 to 2000. Two Belgian cryptographers, Joan Daemen and Vincent Rijment, won the competition and created what is now known as AES, or Advanced Encryption Standard.
“AES is used virtually everywhere,” said Spencer. ‘It’s in your bank card, your cell phone, and pretty much anywhere else you could imagine. Businesses and the military use AES as well.”
Despite its increased effectiveness against brute force attacks, Spencer warns other AARA members that AES is not entirely unbreakable.
“I read a news article where a major company sent their users a warning stating that, somehow, the NSA has a way to break your encryption and take your information,” said Spencer. “Mathematicians say that a brute force attack on a properly encoded message with 256 bit advanced encryption would take a supercomputer longer to break than the universe has been in existence. It requires trillions upon trillions of computations, so if they are breaking these encryptions, that’s not how they’re doing it. They’ve worked with designers to leave certain weaknesses in the system itself by weakening the standard.”
Aside from this, Spencer says the only other realistic way of decrypting 256-bit advanced AES is to attack the mathematician who created the key or take them hostage until they provide the necessary information.
“I played with encryption a number of years ago,” said AARA President Ivan Shapiro. “I bought a program called PGP, which stood for Pretty Good Privacy. It was written by Phil Zimmerman, who is an absolute genius with MIT. What we were told was ‘Don’t lose the key, because we can’t help you.’ Of course I didn’t actually believe that. There had to be a backdoor. I used it with some friends out west. You could write something like ‘Hello Bob’ and it would come out as 16 lines of hashcode. It was kind of neat, but I believe they were eventually bought out by somebody.”
“It’s still out there,” said AARA member Steven Vance. “That software is the bane of the NSA. They have still not come up with a way to crack PGP. It’s still free, too. Anyone can use it and the government can’t do anything about it. They’ve actually tried to pass laws to have it banned, but it’s still floating around out there.”
“A lot of the people out there who spend lots of money on data encryption were quite perturbed when they found out that the NSA weaseled their way in and read all their stuff,” said Spencer. “Let’s say the NSA does have the backdoor to your digital radio or cell phone signal. How much would it cost to replace all of that expensive data protection software? Some people will go great lengths to protect their data, but nearly every single person will sign away their location, their face, everything they’re doing. You click through the menus to set up your phone and all of your information is suddenly out there. It blows my mind how much personal information private companies maintain and sell.”