New technology for protecting telephone conversations.
New technology for protecting telephone conversations.
Doctor of Engineering Sciences, Professor E. I. Abalmazov
The need to improve the means of physical protection of telephone conversations from interception follows, as the author claims, from the analysis of modern “telephone” threats and existing countermeasures. In this regard, the capabilities of the “Tuman” speech maskers, which implement a fundamentally new technological approach to the problem, are discussed.
Modern “telephone” threats and the degree of their danger.
Telephone conversation monitoring remains one of the most common types of industrial espionage and criminal activity. The reasons are obvious – low costs and risk of threats being implemented, no need to enter the controlled premises, a variety of methods and locations for collecting information, etc.
Telephone conversations can be monitored along the entire telephone line, and when using cellular telephone communications – throughout the entire cellular zone.
Interception devices offered on the Russian market implement various physical principles and modern software and hardware solutions. Among them: various devices for contact and contactless connection to telephone lines; special telephone bugs and responders; cellular interception systems in all its standards, etc.
The basis of any information security system, any counteraction plan is knowledge of threats and their degree of danger.
Formally, the degrees of danger of threats reflect the probability of their implementation in a certain conditional time. The overall danger is characterized by the spectrum of threats, which is their listing in order of decreasing degree of danger.
The author's version of the spectrum of «telephone» threats, based on their economic and statistical model, is presented in Fig. 1. It also provides a decoding of the symbolic designations used.
Designations
St1-the simplest contact connection to the line
St2-use of a telephone «bug»
St3-inductive connection to the line
St4-professional connection to the line (filtering out-of-band interference)
St5-capacitive connection to the line
St6- interception of a radiotelephone in the AMPS (DAMPS) standard
St7- interception of a radiotelephone in the NMT standard
St8 — interception of a radiotelephone in the GSM standard
St9 — interception of satellite telephone communications (in the near zone)
The spectrum of threats shows us that:
The greatest danger is the monitoring of telephone conversations using the simplest contact connection to the line.
An approximately equal, but lesser danger is the interception of telephone conversations from landlines using “bugs”, responders and contactless information collection
Threats associated with the interception of cellular telephone communications, especially in the GSM standard, pose a significantly lower (almost an order of magnitude) danger.
Minimal danger is predicted for satellite telephone communications.
“Telephone security” and methods for ensuring it.
Modern means and methods for protecting telephone conversations from interception reflect the multiplicity of threats and the diversity of scenarios for their implementation. The differences are manifested primarily in tactical features.
Broadly speaking, two main tactical types of counteraction can be distinguished:
means of physical protection of information, including jammers, neutralizers, filters and means of physical search for information leakage channels;
means of semantic (in particular, cryptographic) protection of information.
A brief commentary on them comes down to the following:
1 The vast majority of jammers are designed for use with wired telephone lines (mainly to protect the “telephone set – PBX” section). The interference is created, as a rule, outside the band of the speech signal and exceeds its nominal level by one or two or more orders of magnitude.
The presence of intense interference takes out of the linear mode
all the simplest devices for contact and contactless connection to a telephone line (noise appears in the audio range, signal suppression occurs in the interception channel). In the subscriber's telephone itself, noise is not felt due to preliminary passive high-frequency filtering of the input signal.
Examples of such devices are «Cicada», «Proton», «Procrustes», «Thunder», etc.
Unlike jammers, neutralizers are designed to create irreversible and, less often, reversible changes (disruptions) in the operability of devices for contact unauthorized connection to a telephone line. For this purpose, they are used to create a short-term high-voltage (about 1500 volts) voltage on the line, which “burns through” the connected devices. An example is the “PTL-1500” product.
To eliminate threats associated with the use of microcurrents and high-frequency “impositions”, special filters and telephone blockers are used.
The modern range of means for physical search of channels for interception of telephone conversations includes:
Hardware and software-hardware radio monitoring tools that allow for effective detection of telephone bugs. These include, in particular, relatively inexpensive field indicators (such as “D-006”) and more expensive scanners (such as “AR-3000”, etc.)
Technical means for detecting changes in active and reactive impedances of telephone lines that occur when an additional load appears. In the simplest case, these are telephone testing devices (such as “KTL-2”, “TPU-5”, etc.) that detect resistive changes and voltage changes in the telephone network. In more complex versions, these are telephone line analyzers that allow detecting contactless unauthorized connections (“Olkha”, “AT-23”, etc.).
Cryptographic protection of telephone conversations is considered by specialists as the only way to guarantee protection of telephone communication channels from interception, regardless of whether they are conducted via wired or wireless communication lines.
(It should be noted that the rejection of the conventional analog method of transmitting messages and the transition to digital transmission of information increases the security of telephone channels even in the absence of coding.)
The corresponding devices are called scramblers. Examples are the scramblers of the SCR, Orekh-A, Razbeg-K series, etc.
An analysis of modern means of protecting telephone communication channels, based on rank comparative metrology, shows that
The highest priority is given to telephone line jammers, telephone line testers and analyzers, radio field indicators (as tools for detecting telephone «nodes»)
Cryptographic means of protecting information in wired and wireless telephone communication channels have relatively small rank coefficients due to the need to simultaneously equip a sufficiently large number of subscribers with scramblers. The area of their economically rational use is closed networks of business telephone communication.
From market analysis to a new protection technology.
The identified priority of the producers of barrage interference determined the need not only for their parametric improvement, but also the advisability of revising this type of counteraction as a whole.
The following line of reasoning was approximately formed.
First of all, it is necessary to replace the “out-of-band” barrage interference, which operates beyond the frequency spectrum, with a “band” interference, which will operate directly in the frequency range of voice messages. This is a condition for the complete guarantee of protection of telephone conversations from interception in those sections of the line where the interference significantly exceeds the level of the information speech signal.
Next. It is obvious that the interference created can only be compensated by the one who creates it, i.e. such masking of telephone messages is fundamentally one-sided.
This means that it is necessary to abandon the usual scheme of mandatory protection of “incoming” and “outgoing” telephone calls.
The following goal of fundamental reasoning is formed.
First of all, it is necessary to replace the «out-of-band» barrage interference, acting beyond the speech frequency spectrum, with «band» interference, which will act directly in the frequency spectrum of speech messages. This condition will give us a complete guarantee of protection of telephone conversations from interception in those sections of the line where the interference significantly exceeds the level of the information speech signal.
Next. It is obvious that the created «band» interference can only be compromised by the one who creates it, i.e. detailed masking of telephone messages is fundamentally one-sided.
This means that it is necessary to abandon the usual scheme of mandatory protection of telephone messages during their entire duration, and move on to a new technology, which protects only «incoming» information at moments in time corresponding to its significance.
The new protection technology is explained in the diagram Fig. 2
Subscriber #1, who has a one-way masker, receives an incoming call from some subscriber #2, who generally does not have such a masker (If he has a masker, the connection becomes two-way protected)The “incoming” call can be from any city (intercity) telephone, including a payphone and a cellular radiotelephone. At the moment of transmitting important messages that require protection (which subscriber #2 notifies in plain text), subscriber 31 connects a speech masker to the line, which creates a fairly intense noise in the line. Subscriber #2 hears this noise, but continues the conversation without changing his voice.
Unlike him, subscriber #1 does not hear the noise, he perceives “clean” speech, since the noise is automatically compensated for during reception. Upon completion of the reception of important information, the blocking interference is switched off.
The level of noise introduced into the line is limited only by the nonlinear distortions that arise. But, as studies have shown, this limit does not prevent the protection of semantic content and even the protection of speech features (at the receiving end).
The practical implementation of the idea was carried out by teams from Laboratory No. 11 of JSC Elektrozavod (Moscow) and the Center for Speech Technologies (St. Petersburg). The speech masker «Tuman» was created jointly (Protected by a Russian Federation patent with priority from October 29, 1997), implementing a fundamentally new technology for protecting telephone conversations from interception.
Its main technical characteristics:
— frequency band of barrage interference 500 – 3500 Hz
— level of barrage interference on the line (600 ohms) up to 1 V
— level of interference suppression up to 50 dB
— adaptation speed of a fraction of a second
— degree of masking of the “incoming”
telephone message is absent
speech signs
Operating principle of a one-way masker
The instrumental basis of the speech maskers «Tuman» are modern two-channel digital adaptive filters (type «Cinderella -31»).
The structural diagram of the masker is shown in Fig. 3
There are three main functional blocks:
masking interference generator (digital or analog)
two-channel adaptive filter
push-button switch (for controlling the operating mode)
The function performed by the adaptive filter is reduced to compensating for the interference created in the line by the generator. For this purpose, “pure” noise with a known spectrum N(jw ) is fed to one of the filter inputs, and an additive mixture of the received (useful) speech signal S(jw ) and the same interference, but with a spectral characteristic changed in the general case (due to passing through the telephone path) N(jw )*K(jw ), where K(jw ) is an unknown in advance complex transmission coefficient of the telephone path, is fed to the other.
The adaptive filter analyzes the signals arriving at its inputs and selects a spectral transformation A(jw ) over the “pure” noise such that maximum noise suppression is ensured in the difference between the mixture Y(jw )=S(jw )+N(jw )*K(jw ) of the useful signal with interference and the transformed interference N(jw )*A(jw ) received at one of the inputs.
Minimum root-mean-square filtering errors occur when
A(jw ) = { Y(jw )*N(jw )}/{ N2(jw )} ,
where the symbol { z} means averaging the value of z over some adaptation time
With a sufficiently long adaptation time, the transformation A(jw ) tends to K(jw ), and the interference compensation becomes ideal
The shorter the adaptation time, the lower, generally speaking, the accuracy of reproduction of K(jw ) and, consequently, the weaker the compensation of the barrage interference will be. Everything depends on the actual properties of the telephone paths.
Tests of the “Tuman” devices in real urban conditions have shown that it is sufficient to have an adaptive filter with a number of taps up to 500 with an adaptation time of fractions of a second.
Another issue requires additional clarification – the issue of the size of the zone of guaranteed protection of telephone conversations when using speech maskers.
If telephone lines were ideal (i.e. did not introduce attenuation of “incoming” and “outgoing” signals), then the degree of masking, estimated by the spectral ratio noise/signal N(jw )/S(jw ) would be the same along the entire length of the wire telephone line.
In reality, real telephone lines introduce attenuation of signals. Its value in urban conditions can reach 20 or more decibels.
The presence of attenuation reduces the spectral ratio of interference/signal when moving towards the “incoming” telephone message. In Figure 4a conditional diagram of the levels of interference and the “incoming” signal is presented for the case when there is no intermediate amplification.
From the diagram, in particular, it follows that the interference/signal ratio (or the difference in their levels in decibels) changes from its maximum value N0 – S1 to the minimum value N1 – S0 at the source of the “incoming” message.
The Tuman product compensates for masking interference (in the frequency band of 500-3500 Hz) by up to 50 dB. If we want the incoming signal “cleaned” from noise to have a dynamic range of at least 20 dB, then the masking level N0 – S1 during reception should not exceed 30 dB.
The actual attenuation in a city telephone line in the subscriber-PBX section does not exceed 10 dB. Under these conditions, the “incoming” voice message will be covered by interference in the entire section under consideration. The minimum masking N1 – S0 will be in the PBX area, its level is estimated at at least 10 dB.
From the particular to the general.
One-way masking of “incoming” messages with noise, which we have considered as a new technology for protecting telephone conversations from interception, may have wider practical application in the information security industry.
One of the possible applications is the closed transmission of passwords, keys, identification and authentication features via computer communication channels.
As an example, let us imagine a situation where it is necessary to transmit important information via a computer network
Its protection can only be guaranteed by using cryptographic methods, but in this case there was no transfer of private keys. The situation is not entirely hypothetical.
Let us now assume that the recipient of the information has some software and hardware that allows him to temporarily close the communication channel with digital noise and compensate for it upon reception. It notifies the owner of the information of its readiness and jams the communication channel.
The owner of the information transmits the keys over the jammed channel. Upon completion of the key transfer, the noise is turned off and the information is transmitted in the usual way using the private key scheme.
If such devices are available at both ends, the exchange of key information can be carried out in both directions and automatically.
This is how the idea of cryptographic protection of information with one-time private keys is realized. This is a new and quite real technology.
Source: Special Equipment magazine.