Methods and equipment for protecting telephone lines.

Methods and equipment for protecting telephone lines.

Methods and equipment for protecting telephone lines.
S. Stalenkov, E. Shulika.

Source— infosecur.ru

The purpose of this article is to analyze the commercial market of modern technical means of protecting telephone lines from interception of information.

Among the variety of methods of unauthorized interception of information, wiretapping of telephone conversations occupies a special place, since the telephone line is the very first, most convenient and at the same time the most unprotected source of communication between subscribers in real time.

At the dawn of telephone communications, no one really thought about protecting lines from wiretapping, and electrical signals were transmitted over wires in the open. In our time of the microelectronic revolution, wiretapping a telephone line has become a simple and cheap matter. It is safe to say that if an intruder has decided to «develop» an object, the first thing he will most likely do is start monitoring telephone conversations. This can be done without entering the premises, at minimal cost and with minimal risk. You just need to connect a special receiving-transmitting or recording device to the object's telephone line.

From a security point of view, telephone communication has another drawback: the possibility of intercepting speech information from the premises through which the telephone line passes and where the telephone set is connected. This is feasible even when no telephone conversations are being conducted (the so-called microphone effect of the telephone and the method of high-frequency (HF) imposition). For such interception, there is special equipment that is connected to the telephone line inside the monitored premises or even outside it.

Today's official market offers five types of special equipment for protecting ordinary city telephone channels:

• cryptographic protection systems (for short—scramblers);
• telephone line analyzers;
• one-way speech maskers;
• passive protection tools;
• active barrage jammers.

Let's look at the positive and negative aspects of this technique and analyze possible countermeasures of an attacker to overcome the protection.

1. SCRAMBLERS

The operation of such systems is divided into several stages. At the first stage, the subscriber's voice message is processed using some algorithm (encoded) so that an attacker who intercepts the processed signal cannot make out the semantic content of the original message. Then the processed signal is sent to the communication channel (telephone line). At the last stage, the signal received by the other subscriber is converted using the inverse algorithm (decoded) into a speech signal.

In order to reveal the semantic content of a cryptographically protected telephone conversation, an attacker will need:

• a cryptanalyst;
• expensive equipment;
• time to conduct cryptanalysis.

The latter factor can ruin all efforts, since by the time the message is revealed, it is highly likely to be outdated. In addition, the moment of revelation may not come at all.

Positive aspects of scramblers

It is generally accepted that scramblers provide the highest level of protection for telephone conversations. This is true, but only if the encoding/decoding algorithm has sufficient cryptographic strength. Analog encoding algorithms used in scramblers (from $300 to $400 per device) are simpler and therefore less secure than those of systems with digital speech sampling and subsequent encryption (vocoders). But the cost of the latter is at least 3 times higher.

The advantages of cryptographic systems include the fact that protection occurs along the entire length of the communication line. In addition, it does not matter what interception equipment the attacker uses. He will not be able to decode the received information in real time until he reveals the key protection system and creates an automatic interception complex.

The disadvantages of cryptographic protection of telephone conversations include:

— The need to install compatible equipment at all subscribers participating in closed communication sessions. Recently, «single-arm» scramblers have appeared, which, while solving this drawback to some extent, give rise to a number of others. Instead of installing a second scrambler at the opposite subscriber, it is installed at the city PBX. Now the message is decrypted halfway, and it becomes possible to intercept information from the telephone line of the opposite subscriber. In this case, you become a hostage to the financial appetites and sluggishness of telephone company employees in the event of a failure of the protective equipment, and you also suffer tactical losses from the fact that a third party appears who knows that you are using protection of telephone conversations.

— Loss of time required to synchronize equipment and exchange keys at the beginning of a secure connection session.

— Inability to resist interception of voice information from premises between negotiations.

Telephone lines are not used for negotiations constantly, many of them are in the all-clear state for most of the day. Consequently, at this time it is possible to intercept voice information from premises using the telephone line passing through them and the installed telephone set. At present, none of the scramblers operating on city telephone lines are equipped with a reliable system to prevent the interception of voice information from premises via a telephone line that is in the all-clear state.

2. TELEPHONE LINE ANALYZERS

As the name suggests, these devices are designed to measure and analyze the parameters of telephone lines, which are the values ​​of the DC component of the voltage on the telephone line, the value of the DC current that occurs in the telephone communication channel during a conversation. Changes in the active and reactive components of the line impedance can be analyzed.

The nature of the voltage change on the line at the moment of picking up the handset is interesting for analysis. In addition, it is possible to analyze the variable component of the signal on the line. For example, when a signal with a frequency of more than 50 kHz appears, it can be concluded that high-frequency interference equipment is possibly connected to the line, or a modulated high-frequency signal is transmitted along the line. Based on the measurements of the listed parameters and their analysis, the device «makes» a decision on the presence of unauthorized connections, signals a change in the line parameter or the presence of extraneous signals in it. There are devices that, in addition to the unit for measuring and analyzing parameters, also have a unit for setting up active barrage interference.

More complex and expensive devices are cable radars and non-linear location systems in cable lines, which allow you to approximately measure distances to suspicious places on a telephone line. Radio emission monitoring systems are not considered in this article.

Currently, there are many models of analyzers on the market in the price range from tens to several thousand and even tens of thousands of dollars.

In order to counteract a telephone line analyzer, an intruder will have to use interception systems that do not change or slightly change the line parameters. It is possible to use interception systems with change compensation. In any case, this increases the cost of equipment for interception of information, reduces convenience and increases the risk of the operation.

Advantages of using telephone line analyzers.

— Installing such a device on a city line will allow you to timely detect attempts to directly connect to the line. It becomes possible to track changes in line parameters and take timely measures to conduct an operation to inspect and clear the line of possible connections.

Disadvantages of using telephone line analyzers:

— Lack of clear criteria for assessing unauthorized connections. Telephone lines are not ideal. Even the specification for standard parameters of city PBX signals provides for a fairly large spread. They can differ by 30 percent on different types of PBX. Telephone line parameters can change over time depending on the PBX load, voltage fluctuations in the power grid. The temperature and humidity of the environment significantly affect the quality of contact connections, which are always present on any telephone line, and ultimately lead to oxidation processes on these contacts. Industrial interference can become a source of extraneous signals on the telephone line. All of the above leads to the fact that today there is no clear criterion by which the analyzing device can distinguish an unauthorized connection from a natural change in the telephone line parameter. Even with a comprehensive analysis of a large number of parameters, we can only talk about the occurrence of an event with a certain probability.

— High probability of false alarms. Devices that start flashing an emergency light when a parameter changes simply scare an inexperienced user, because it is clear that three alarms in one day cannot mean that three bugs have been hung on the line. Devices that simply record changes in parameters and notify the user about this, giving him the opportunity to make his own decision, behave more reliably.

— Inability to detect all types of connections. The biggest drawback of analyzers is that they can with some probability detect only a part of the interception devices from the possible arsenal of a potential intruder. Although there is a theoretical possibility to detect a contactless connection device to the line (capacitive or inductive sensors), in practice on a real line with its «floating» parameters and parasitic interference it is extremely difficult to do this.

— Significant reduction in the probability of detecting the fact of connection if the telephone line is not checked for «cleanliness» in advance. Many analyzers are designed in such a way that when installed on the line, they require balancing for its specific parameters. If some information interception device has already been installed on the line during balancing, then, naturally, it will not be detected. However, it should be noted that more advanced and, accordingly, more expensive analyzers do not require a pre-cleaned line.

3. ONE-WAY SPEECH SCRAMBLERS

Currently, there is only one such device on the market. Its operating principle is based on the fact that when receiving an important voice message from a remote subscriber, the owner of the scrambler turns on the protection mode. In this case, an intense masking noise signal is fed into the telephone line in the frequency band passed by the telephone channel, which is distributed along the entire length of the communication channel. Since the characteristics of the noise signal are known, the scrambler automatically compensates for the interference in the mixture of useful speech and noise signals received at the input using an adaptive filter.

In order to counteract a one-way scrambler, an intruder can try to:

• record a mixture of useful and noise signals;
• analyze the nature of the noise signal and determine the location of pauses in the speech message;
• determine the characteristics of the noise signal in pauses of the speech message;
• use an adaptive filter to clear the speech signal from interference based on the obtained characteristics of the noise signal.

As you can see, the task is labor-intensive and requires significant material costs and time. The masker uses an adaptive filter for noise compensation, which has some adaptation time. The longer the adaptation time, the better the interference compensation. It follows that in order to reduce the adaptation time during masking, a more uniform noise signal should be used, the characteristics of which are easier for an intruder to calculate. If a noise signal whose characteristics will change dynamically is used for masking, then, accordingly, the level of interference compensation in the handset of the masker owner will decrease (it will be worse to hear), but at the same time the intruder's task will be seriously complicated.

Advantages of using one-sided maskers:

— a fairly high level of protection for incoming messages;
— the ability to work with a mobile subscriber.

Disadvantages of one-way maskers:

— Inability to close outgoing messages. To overcome this limitation, both subscribers will need to install maskers, and they will not be able to talk in duplex, since each subscriber in turn will have to manually turn on the masking mode and this is hardly advisable, since it is easier, cheaper and more reliable to use a set of scramblers.

— The presence of a high noise level in the receiver of the subscriber transmitting the message. Having heard noise in the receiver, an «untrained» subscriber can begin to transmit the message in a loud voice, while the ratio of the amplitudes of the interference and the useful signal on his arm of the telephone line will decrease, which will make it easier for the attacker to clear the message from interference.

4. PASSIVE PROTECTION MEANS

These devices include filters and other devices designed to disrupt certain types of wiretapping of premises using a telephone line in hang-up mode. These devices can be installed in a break in the telephone line or built into the circuits of the telephone set itself.

Advantages:

— Preventing interception of speech information in premises using the HF imposition method.

— Preventing interception of speech information in premises due to the microphone effect of the telephone set.

— Preventing interception of speech information indoors using microphones transmitting speech information over a telephone line on an HF subcarrier, provided that the filter is correctly placed on the telephone line.

Disadvantages:

— The disadvantage of passive protection is that they do not protect against the rest of the variety of interception systems.

5. DEVICES FOR SETTING UP ACTIVE BARRASSING INTERFERENCE

These devices are designed to protect telephone lines from many types of listening devices. This is achieved by mixing various types of additional signals into the line (barrier interference) and changing the standard parameters of the telephone line (usually the constant component of the voltage on the line and the current in it are changed within reasonable limits) in all operating modes. In order for the interference on the line not to interfere with the conversation too much, it is compensated before being fed to the owner's telephone set. In order for the interference not to interfere with the distant subscriber, it is selected from signals that fade in the process of passing along the line or are easily filtered by the subscriber set of the city PBX equipment. In order for the interference to have a «good» effect on the interception equipment, its level usually exceeds the level of the useful (speech) signal in the line by several times.

The specified interference usually affects the input stages, AGC stages, and power supply units of the interception equipment. The impact is manifested in the overload of the input circuits, taking them out of the linear mode. As a result, the attacker hears noise in his headphones instead of useful information.

Some types of interference can affect telephone radio repeaters in such a way that the carrier frequency of the transmitter is shifted or «washed out», sharp frequency jumps occur, the shape of the high-frequency signal is distorted, overmodulation occurs, and the radiation power is constantly or periodically reduced. In addition, it is possible to «deceive» the decision-making system built into some types of intercepting devices and put them into a «false state». As a result, such devices begin to uselessly waste their limited resources, for example, an audio carrier or batteries. If in normal mode a certain transmitter worked periodically (only during telephone conversations), and the automatic registration system was turned on only when there was a radio signal, now it works constantly, and the attacker has to use the operator to separate useful information (if any remains), which in some cases may be impossible.

All of the above indicates the high efficiency of protection provided by the producers of barrage interference, but they also have some disadvantages.

Barrier jammers protect the telephone line only in the section from the device itself, to which the regular telephone set is connected, to the city PBX. Therefore, there remains a risk of interception of information from the unprotected line of the opposite subscriber and on the PBX itself. Since the frequency spectrum of the interference is located above the frequency spectrum of the speech signal, it is theoretically quite easy to clear the useful signal from interference. In addition, the interference cannot affect information interception devices that begin to register or transmit information via a radio channel based on the principle of lifting the telephone receiver, and not based on the principle of the presence of a voice signal in the line (acoustomat).

Knowing about the fundamental shortcomings of individual types of telephone line protection devices, developers try to compensate for them by providing a comprehensive approach to solving the problem of telephone line protection. The best protection devices make it possible to combat the entire variety of small-sized interception equipment that exists today, including equipment for intercepting speech information from a room between calls. New technical solutions already allow for the guaranteed suppression of many types of interception equipment.