Why did the NSA not report this flaw to NATO before this became a standard? The NSA had differential cryptanalysis before anyone else. It is odd that they did not catch/report the problem.
dogma1138 3 days ago [-]
In practice this isn’t a very useful attack. You need hours of encrypted and unencrypted data and you can then only decrypt the encrypted transmissions of the targeted node.
The NSA if it knew about it most likely did disclosed the vulnerability, it was just deemed not significant enough to redesign, manufacture and re-issue millions of new radios.
These radios aren’t rated for secret communications anyhow. By the time you manage to decrypt what you want the information would likely be stale since all of the information passed over radios will be tactical in nature at best.
There are still other defenses like spread spectrum transmission and frequency hopping that make intercepts harder. The main threat model against radios isn’t actually message interception but rather basic SigInt that would be able to detect, identify and track transmissions.
On the battlefield that’s the most useful intelligence you’ll get especially during war time.
Any interception beyond that would take days if not weeks to be properly analyzed and disseminated this isn’t something that it done on a regiment or division levels.
ryao 2 days ago [-]
Thank you for this insightful answer.
meitham 3 days ago [-]
Likely a honey trap. NATO’s adversaries can waste budget listening on this leaving the real comms unchecked, plus the advantage of throwing some false comms in the event of war.
I agree. I find it incredibly difficult to believe this wasn’t a known issue until now. The NSA/CIA have unbelievable computing and analysis power available.
Anyway, IDRTFA, but I hope this was at least reported before the release of the talk. This sort of thing could get a lot of people killed.
wkat4242 3 days ago [-]
> This sort of thing could get a lot of people killed.
NATO is not at war. People aren't dying.
And I wouldn't be surprised if it's at least partly used to "leak" info to other state actors. Part of the cold war not turning hot was the mutual understanding of what went on in each block's military due to espionage. Without that, things could easily misinterpreted (and almost did a couple times like with able archer, which emphasizes the importance of this).
Some things could not be shared officially but leaving it out in a not-fully-unbreakable form might well have been a way of hinting the enemy about intentions.
wakawaka28 2 days ago [-]
>NATO is not at war. People aren't dying.
Ahem, NATO countries are assisting Ukraine in drone and missile attacks on Russia as we speak and foolishly floating the idea of adding Ukraine to NATO. Russian leadership has repeatedly said stuff along the lines of "Make no mistake, we are at war with NATO because Ukraine alone doesn't have the capabilities to do what it's been doing to attack us." So yes, NATO is essentially at war.
quickthrowman 1 days ago [-]
> foolishly floating the idea of adding Ukraine to NATO
Nobody in NATO is seriously suggesting Ukraine be added to NATO, especially right now.
>While eastern European countries say some sort of a road map should be offered to Kyiv at a NATO summit in Vilnius on Tuesday and Wednesday, the United States and Germany are wary of any move that might take the alliance closer to war with Russia.
"Some" of NATO is clearly on board with it. The article says that the support must be unanimous, but I think we know who really runs NATO. At any rate, "some" of NATO is not "nobody in NATO" as you said. I could swear I hear these people talk about the issue every month or so.
ryao 3 days ago [-]
From what I read elsewhere, it was reported to NATO and NATO did not respond.
3 days ago [-]
atoav 3 days ago [-]
Because they
A) are not that capable and did not know about it
B) knew about it, but sat on it for their own egoistical reasons
Both are rather a bad look
lokimedes 3 days ago [-]
Or C) Blue team analysis is not offered the same resources and interest as Red team analysis.
There’s also the “don’t ascribe to maliciousness what can be caused by bureaucracy“
atoav 3 days ago [-]
What you describe in C falls under A) are not that capable and did not know about it - investing all into offence means you're not capable in defense. Making sure the encryption of the major military alliance you're part of doesn't fall apart seems like a serious miss, no matter how we slice it. Be the reason bureaucratic, malicous or financial.
crest 3 days ago [-]
There're more options, but those require multiple nation states to work together in a conspiracy (everyone in the know) and all others to be incompetent. Given just publicly known facts and Occam's razor…
teh_infallible 3 days ago [-]
Maybe they wanted to decrypt NATO radio messages?
exe34 3 days ago [-]
being part of NATO, can't they just get a copy of the keys from somebody? or is it a case of "they might turn on us, better keep an ace"?
ahartmetz 3 days ago [-]
Seems less likely to happen than, well, what we have now. Russia has a lot of good mathematicians btw.
pm3003 3 days ago [-]
NATO Keys are distributed to every NATO member through distribution agencies. A good chunk of them (and the algorithms and cipher equipment) are produced by the US and shared (with some limitations) with NATO. I don't know the scope of algorithm sharing but I believe there are some limitations for NATO access to US-shared algorithms.
It's probably a case of 'nobody cares too much'. The standardization process is very long and the industry probably had already put them into their equipments.
ALE is not used that much and from what I can gather manual frequency establishment is often preferred. I'm not sure what the actual operational impact of this DoS would be, and if some spoofing is possible, but the actual communication is encrypted by different protocols depending on the type of comms (RATT, IP-like, Voice) so actually deciphering comms wouldn't be possible.
The first step in being discrete is being discrete.
That is to say, if you want to crack NATO communiques your first step is to not call them up and ask for the goods.
Whether this is ethically good or not is tangential and an exercise left to each reader.
therealdkz 3 days ago [-]
[dead]
ugjka 3 days ago [-]
So you need 2 hours of both encrypted and unencrypted data at same time to make this attack work, is this feasible? And if you just flip the switch on devices to use more bits in the encryption the attack becomes unfeasible. Piss poor that NATO never replied to them.
pm3003 3 days ago [-]
They probably replied but:
- anything serious is probably highly classified as is everything relating to COMSEC.
- The standard seems to be a US-one used by NATO (MIL-STD as opposed to a STANAG).
- I know ALE is used for link establishment but maybe it's going to be superseded in the military for the next-gen radio equipment?
nielsole 3 days ago [-]
If you know the call signs you would get exactly that, wouldn't you? (I watched the talk only half attentively)
nine_k 3 days ago [-]
Shouldn't actual session keys rotate all the time, to prevent exactly that?
0_____0 3 days ago [-]
For those without a free hour to watch, here's the slide deck?
I am not a cryptography or digital radio expert, so grain of salt and all that.
Slide 14 shows real world feasibility, I think it's safe to say that while theoretically possible it's unlikely that this creates a significant real world issue. One bit of info I don't know - how long is a set of exchanged keys used for in most situations?
The NSA if it knew about it most likely did disclosed the vulnerability, it was just deemed not significant enough to redesign, manufacture and re-issue millions of new radios.
These radios aren’t rated for secret communications anyhow. By the time you manage to decrypt what you want the information would likely be stale since all of the information passed over radios will be tactical in nature at best.
There are still other defenses like spread spectrum transmission and frequency hopping that make intercepts harder. The main threat model against radios isn’t actually message interception but rather basic SigInt that would be able to detect, identify and track transmissions.
On the battlefield that’s the most useful intelligence you’ll get especially during war time.
Any interception beyond that would take days if not weeks to be properly analyzed and disseminated this isn’t something that it done on a regiment or division levels.
Anyway, IDRTFA, but I hope this was at least reported before the release of the talk. This sort of thing could get a lot of people killed.
NATO is not at war. People aren't dying.
And I wouldn't be surprised if it's at least partly used to "leak" info to other state actors. Part of the cold war not turning hot was the mutual understanding of what went on in each block's military due to espionage. Without that, things could easily misinterpreted (and almost did a couple times like with able archer, which emphasizes the importance of this).
Some things could not be shared officially but leaving it out in a not-fully-unbreakable form might well have been a way of hinting the enemy about intentions.
Ahem, NATO countries are assisting Ukraine in drone and missile attacks on Russia as we speak and foolishly floating the idea of adding Ukraine to NATO. Russian leadership has repeatedly said stuff along the lines of "Make no mistake, we are at war with NATO because Ukraine alone doesn't have the capabilities to do what it's been doing to attack us." So yes, NATO is essentially at war.
Nobody in NATO is seriously suggesting Ukraine be added to NATO, especially right now.
>While eastern European countries say some sort of a road map should be offered to Kyiv at a NATO summit in Vilnius on Tuesday and Wednesday, the United States and Germany are wary of any move that might take the alliance closer to war with Russia.
"Some" of NATO is clearly on board with it. The article says that the support must be unanimous, but I think we know who really runs NATO. At any rate, "some" of NATO is not "nobody in NATO" as you said. I could swear I hear these people talk about the issue every month or so.
There’s also the “don’t ascribe to maliciousness what can be caused by bureaucracy“
It's probably a case of 'nobody cares too much'. The standardization process is very long and the industry probably had already put them into their equipments.
ALE is not used that much and from what I can gather manual frequency establishment is often preferred. I'm not sure what the actual operational impact of this DoS would be, and if some spoofing is possible, but the actual communication is encrypted by different protocols depending on the type of comms (RATT, IP-like, Voice) so actually deciphering comms wouldn't be possible.
See Jerry Proc's website (https://jproc.ca/crypto/) for background knowledge.
That is to say, if you want to crack NATO communiques your first step is to not call them up and ask for the goods.
Whether this is ethically good or not is tangential and an exercise left to each reader.
- anything serious is probably highly classified as is everything relating to COMSEC.
- The standard seems to be a US-one used by NATO (MIL-STD as opposed to a STANAG).
- I know ALE is used for link establishment but maybe it's going to be superseded in the military for the next-gen radio equipment?
I am not a cryptography or digital radio expert, so grain of salt and all that.
Slide 14 shows real world feasibility, I think it's safe to say that while theoretically possible it's unlikely that this creates a significant real world issue. One bit of info I don't know - how long is a set of exchanged keys used for in most situations?
https://tosc.iacr.org/index.php/ToSC/article/view/9856/11598
Any attack taking years isn't going to be operationally relevant.
I suspect this protocol was developed basically as a computational complexity trade off to keep within those sorts of boundaries.
https://github.com/dansarie/halfloop/
https://tches.iacr.org/index.php/ToSC/article/view/9856
https://events.ccc.de/congress/2024/infos/startpage.html