What is Project 25?
Project 25 is a digital radio system designed specifically for public safety applications by police, fire and medical services. It will also find applications with utility operators and other government agencies.
With interoperability and maximizing radio spectrum efficiency as fundamental requirements, Project 25 Phase I uses digital voice encoding to reduce the required bandwidth for speech transmission to 12.5 kHz, while simultaneously maintaining backward compatibility and inter-operation with the existing 25 kHz analog FM systems. A further development of the specification will reduce the required transmission bandwidth for voice down to 6.25 kHz, thus freeing up more spectrum for future use.
The Project 25 specifications are available in the public domain, enabling multiple equipment vendors to compete for this market with the objective of reducing end user costs and providing interoperability both within and between user communities.
Project 25 features
Only some of the features that make Project 25 suitable for public safety use are given here.
Priority calling enables calls to be ranked in importance so that the system is always available for high priority traffic such as emergency calls. These are usually accessed from a single key push on the terminal.
Encryption prevents call interception and ensures that the communication is kept secure.
Call Alert and User ID are used to keep the user fully informed of the status of the communication channel in use.
Group Calling allows a message to be broadcast to all other members of a specific group.
Affiliation enables the members of the group to change to meet operational requirements. This can be done over the air allowing dynamic reconfiguration of talk groups. Encryption keys can also be changed in this way to retain security within the talk groups.
Interoperability
User groups can be dynamically reconfigured over the air so that communications can be maintained between all those required to be in attendance. Cross-Band Repeaters can also be used when agencies are allocated different frequency plans.
Spectrum Efficiency
Existing analog technology supports voice traffic in a bandwidth of 25 kHz. The use of digital technology allows the same voice quality to be transmitted in a 12.5 kHz bandwidth for Project 25 Phase 1. In the future a more complex modulation will allow the same voice information to be transmitted in a 6.25 kHz bandwidth.
Basic System Components
Mobile terminals, either vehicular mounted or portable, communicate in normal mode to the Base repeaters. These are interconnected with a land line or microwave link to the main switch in the base station. Depending on system complexity, a Trunking controller may be included to provide more efficient use of spectrum if the traffic level demands it. Interfaces to a dispatch console complete the basic system and a PSTN interconnect can also be provided.
Additionally, the terminals have a talk around facility which allows direct communication between mobiles without the need for the infrastructure.
Trunking
Trunking gives a significant increase in capacity as well as having the capability to build a geographically larger network. Backwards compatibility with the existing analog systems enables Project 25 to use existing trunked infrastructure such as the Smartnet™ and Smartzone™ systems from Motorola.
The Project 25 standard also has its own defined trunked mode for implementation of a totally digital network.
Analog vs. Digital
In order to obtain an acceptable voice quality using analog FM modulation, a channel bandwidth approaching 25 kHz is required. Additionally, signaling to maintain the radio link and provide call management occupies some of the available resource.
The use of a high level modulation called Continuous 4 level FM (C4FM) enables 9600 bits to be transmitted in a 12.5 kHz channel. This enables error correction information to be transmitted along with the
voice signal and signaling information. The error correction is able to correct for small errors in the received signal thus providing a more robust service without any of the background hiss that you hear on analog systems as they get near the edge of range.
The Phase II implementation will use a further increase in modulation complexity to support the same 9600 bits in a 6.25 kHz channel.
Analog to Digital Conversion
In a digital system the voice is encoded into a bit stream by a device called a Vocoder. Various techniques are used to do this and the one selected for use in Project 25 is called an Improved Multi-Band Excitation (IMBE) Vocoder. This uses complex algorithms to reduce each 20ms of speech to 88 bits of information to be transmitted over the radio link. The receiving device reverses the process to produce 20ms of analog speech signal.
The IMBE Vocoder converts a 3100 Hz audio band (300-3400 Hz) to a 4400 bps digital signal.
Modulation
The Phase I implementation of Project 25 uses a modified form of four level FM as its modulation technique. The information is transmitted in the form of a digital data stream and is modulated as symbols.
Each symbol type is determined by two bits of data giving four symbol types in total. The symbol types are represented by a particular FM deviation applied to the carrier. The modulation is characterized as being complex because the deviation is not symmetrical about the carrier as you would expect in a conventional FM system although it is of fixed amplitude.
Compatible Quadrature Phase Shift Keying (CQPSK) has been considered as a possibility for Phase II modulation. With CQPSK, each symbol is identified by the phase change from the previous symbol. This is one of a family of modulations generally grouped under the term of linear modulation in which both the phase and the amplitude of the
signal vary from symbol to symbol.
Security flaws
According to an article published in The Wall Street journal in 2011, researchers from the University of Pennsylvania overheard conversations that included descriptions of undercover agents and confidential informants, plans for forthcoming arrests and information on the technology used in surveillance operations. It was determined that the messages sent over the radios are sent in segments, and blocking just a portion of these segments can result in the entire message being jammed. Their study also shows that the radios can be effectively jammed (single radio, short range) using a highly modified pink electronic child’s toy. With other systems, jammers have to expend a lot of power to block communications, but the P25 radios allow jamming at relatively low power, enabling the researchers to prevent reception using a $30 toy pager.
The report was presented at the 20th Usenix Security Symposium in San Francisco in August 2011. The report noted a number of security flaws in the Project 25 system, some specific to the way it has been implemented and some inherent in the security design.
The report did not find any breaks in the P25 encryption, however they observed large amounts of sensitive traffic being sent in the clear due to implementations problems. They found switch markings for secure and clear modes difficult to distinguish (∅ vs. o). This is exacerbated by the fact that P25 radios when set to secure mode continue to operate without issuing a warning if another party switches to clear mode. In addition, the report authors said many P25 systems change keys too often, increasing the risk that an individual radio on a net may not be properly keyed, forcing all users on the net to transmit in the clear to maintain communications with that radio.
One design choice was to use lower levels of error correction for portions of the encoded voice data that is deemed less critical for intelligibility. As a result bit errors may be expected in typical transmissions, and while harmless for voice communication, the presence of such errors force the use of stream ciphers, which can tolerate bit errors, and prevents the use of a standard technique, message authentication codes (MACs), to protect message integrity from stream cipher attacks. The varying levels of error correction are implemented by breaking P25 message frames into subframes. This allows an attacker to jam entire messages by transmitting only during certain short subframes that are critical to reception of the entire frame. As a result an attacker can effectively jam Project 25 signals with average power levels much lower that the power levels used for communication. Such attacks can be targeted at encrypted transmissions only, forcing users to transmit in the clear.
Because Project 25 radios are designed to work in existing two-way radio frequency channels, they cannot use spread spectrum modulation, which is inherently jam-resistant. An optimal spread spectrum system can require a effective jammer to use 1000 times as much power (30 db more) as the individual communicators. According to the report, a P25 jammer could effectively operate at 1/25th the power than the communicating radios. The authors developed a proof-of-concept jammer using a Texas Instruments CC1110 single chip radio, found in an inexpensive toy.
No comments:
Post a Comment