Call Search
     

New to Ham Radio?
My Profile

Community
Articles
Forums
News
Reviews
Friends Remembered
Strays
Survey Question

Operating
Contesting
DX Cluster Spots
Propagation

Resources
Calendar
Classifieds
Ham Exams
Ham Links
List Archives
News Articles
Product Reviews
QSL Managers

Site Info
eHam Help (FAQ)
Support the site
The eHam Team
Advertising Info
Vision Statement
About eHam.net

   Home   Help Search  
Pages: [1] 2 Next   Go Down
  Print  
Author Topic: Encryption over long haul RF link  (Read 6911 times)
K0JEG
Member

Posts: 627




Ignore
« on: June 27, 2009, 10:19:16 PM »

I have an opportunity to put together a remote control station using an abandoned microwave (4GHz) point to point link. I'd like to use 802.11a for the link, but in the ham band and, since I'd be using large dishes, much higher ERP than part 15 rules allow. However, I know that there's a fairly good chance someone could stumble on my link and get control of the station. If I used encryption that would be much harder. I know that the FCC allows encryption for satellite control... how about for remote stations in general.

The only alternative I can think of is to only allow one mac address to connect to the router. It would be a little bit better than nothing, but it is also very easy to defeat.
Logged
KZ1X
Member

Posts: 3227




Ignore
« Reply #1 on: July 05, 2009, 04:02:24 PM »

http://www.arrl.org/FandES/field/regulations/news/part97/

The relevant sections, 97.305 - .313 seem to have the most information regarding your operation (modulation and power, etc.)
Logged
KA9CQL
Member

Posts: 19




Ignore
« Reply #2 on: September 10, 2009, 12:44:35 AM »

There is much debate on both sides of the use of encryption over modified 802.11 links to control unauthorized (read: non-ham) access to amateur radio-owned and operated wireless LAN links.

As far as the FCC is concerned, you CAN *NOT* use any form of encryption on any transmission other than that which controls an amateur radio satellite.  Encryption is specifically (any only) designed to "obscure the meaning" of the transmission being encrypted, which is outlawed by Part 97 rules.

There are a few well-intentioned hams out there that are trying to convince people that using encryption - if the "intent" is to prevent unauthorized (aka non-ham) access - is allowed.  This is only these people's opinion, and does not allow you to violate the law.  Once again, the FCC is quite explicit on this point - no encryption can be used in any amateur radio transmission (except satellite control, as mentioned).  Encryption has only one purpose - to obscure the meaning of a transmission.  Any other interpretation of what encryption does or is for is just an opinion, and not a legal mandate that lets you flaunt the law.

Having said that, you have other non-802.11 options for controlling your station.  Why get yourself into legal hot water, when you don't have to?

Two choices I can think of off the top of my head -

1) Use a "legal" 802.11 wireless LAN device, no high-power, no modifications to the device - use it "as is" (aka per Part 15 rules) and see if it works for your situation

2) Use a ham radio frequency band that already permits remote-control.

Depending upon your license class, you might be surprised how much power you can use, or the flexibility for remote-control you may already have at your disposal using non-802.11 (aka non Part 15) devices.

Don't get yourself into legal hot water. Stay legal. Avoid encryption using 802.11 devices modified beyond what Part 15 allows.  Playing "word games" re: encryption being "only to prevent unauthorized access" does not make breaking the law "ok".  Your lawyer can't help you - it's the FCC that has the last say, not some guy with double-talk about "intent".

'73

- Mike S.
  KA9CQL
  Victorville, CA, USA
Logged
AA4PB
Member

Posts: 12644




Ignore
« Reply #3 on: September 10, 2009, 05:25:02 AM »

According to the ARRL, you CAN use encryption on an 802.11 link PROVIDED that you make the key available to licensed ham operators. I think the HSMM people even maintain a web site where you can make that available. You might try the HSMM links to get some more information.
Logged
AB0WR
Member

Posts: 77




Ignore
« Reply #4 on: September 18, 2009, 07:04:15 AM »

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
aa4pb:
According to the ARRL, you CAN use encryption on an 802.11 link PROVIDED that you make the key available to licensed ham operators. I think the HSMM people even maintain a web site where you can make that available. You might try the HSMM links to get some more information.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

This is treading on some very thin ice. The rule doesn't say that encryption is ok if you publish the keys. The HSMM is trying to find a way to work around the rules instead of finding a way to obey them.

Conceptually, publishing the key is meaningless if there are multiple encrypted signals on the band. How do you tell which key goes with what transmission?

Better yet, how does publishing the key keep your link from being hijacked? Answer: it doesn't.

A much more legal way to do this would be to use a firewall ahead of your radio and use IPSEC (either an IPv4 adjunct or IPv6) security in the IP headers to establish a secure link between your controlling computer and the firewall. Port forwarding could then be used to get your control signals to the radio. It would keep others from hijacking your link and would not entail message encryption in any way.

Is it *harder* to do it this way? Yes. That doesn't excuse ignoring the rules.

tim ab0wr
Logged
AA4PB
Member

Posts: 12644




Ignore
« Reply #5 on: September 18, 2009, 08:20:58 AM »

Well according to the ARRL, the FCC's response to them was that it was ok to use WEP encryption provided that the **purpose** was not to obscure the meaning of the message content. The FCC is the one who's opinion matters and according to them it is legal if its purpose is to limit access.
Logged
KA9CQL
Member

Posts: 19




Ignore
« Reply #6 on: September 20, 2009, 11:06:12 PM »

Re: Using IPSEC - you'll have to avoid using encryption there, too.  But by leaving the communication on an unencrypted link would still leave you vulnerable to a denial of service (DoS) attack on the link.

There is no easy way to say this other than to be very blunt - there *is* *no* legal allowance for an amateur radio operator to use encryption on any transmission, no matter what the intent is.  Encryption is illegal in all cases except for a ground station -to- satellite link that controls the satellite.

No amount of pretending, posturing, wishing or word-gaming changes the law.  It's illegal to encrypt your communications, other than for satellite control.

There is no legal option for encrypting your signal, and then "calling it ok", by doing something else (e.g. publishing the encryption keys).

Until Part 97 is amended to remove the "...shall not encrypt or otherwise obscure the meaning of any transmission..." (or words to that effect), it will remain illegal to encrypt your transmissions.

'73

- Mike
  KA9CQL
  Victorville, CA, USA
Logged
AA4PB
Member

Posts: 12644




Ignore
« Reply #7 on: September 21, 2009, 01:42:39 PM »

Okay, then you tell the FCC that their ruling was wrong! Man, if the FCC tells the ARRL lawyer that the FCC considers that WEP for the purpose of limiting access is okay then why do the e-ham "armchair lawyers" continue to insist that its not okay? It's all on the ARRL web site - look it up!
Logged
KA9CQL
Member

Posts: 19




Ignore
« Reply #8 on: October 09, 2009, 11:05:35 PM »

The ARRL is not the final word on the legalities of the FCC. Just because the ARRL has something on its website does not change a law.

Even if an "advisor", or even "special counsel" of the FCC tells the ARRL, or *you*, personally, that something is "ok", it does not change the law.

It is common for one executive branch member to say one thing is ok, only to have that person's replacement say that something is not ok, months or years later.

The law is the law.  It's *illegal*.  What part is confusing?

Never mind that a counselor has stated that they WILL NOT ENFORCE THE LAW, or that they will TURN A BLIND EYE TO THE VIOLATION OF THE LAW.  The law remains the law.

Nothing said with a "wink and a nod" changes the law.

When congress changes the law, or the FCC asks for a legal clarification to include the use of WEP encryption on a non-satellite-control-station link, THEN it will be legal to use encryption on non-satellite-control links.

Nothing short of changing the law will change the law.  (Sounds redundant, but apparently it's not "obvious" to everyone...)
Logged
WB6BNQ
Member

Posts: 4




Ignore
« Reply #9 on: December 07, 2009, 06:25:48 PM »

N3KQX,

YOU ALREADY VIOLATED THE FIRST RULE OF SECURITY !

How ?  By opening your mouth ! ! !

The chances are pretty high if you kept your mouth shut and never - EVER - spoke about how you were accessing your remote radio, then no one would have a reason to look for the method.  You would also have no need to think about encrypting either.

Now that you spoke, anyone interested in watching what you are doing is going to have the interest in seeing if they can hear and access your point to point link.  It is just human nature.

There are many ways of going about - LEGALLY - securing a link.  First is obviously never - EVER - say anything about it.

Other ideas are:

1. Use an obscure frequency you never talk about.

2. modify the bit rate (baud) to a non standard value at both ends.  A small shift, just enough to be out of range of standard equipment, is all that is needed.  There is no rule that says you have to use a standard accepted bit rate.  The rules restrict the maximum bite rate possible on various Amateur frequencies.

For those questioning whether that is encryption ?  It is not.  The only person who needs to be appraised of what your doing is the FCC.  So long as you document it in your station log then you have satisfied the legal requirements.  Of course, when asked by the "FCC" you would present your log with an explanation.

3. Invert the logic of the data sent.  Again see comments in the above paragraph.

4. Use separate links and frequencies for the control and voice.

5. Use very high (10 or 24 GHz) frequencies that by their very nature make it damn hard for someone to mess with unless they have the expertise to do it.  Generally those people with such expertise are, by nature, not the ones to cause trouble knowingly.

OH YES, Did I mention to keep your damn mouth shut ? ?

Bill....WB6BNQ
Logged
KT4WO
Member

Posts: 139


WWW

Ignore
« Reply #10 on: December 09, 2009, 07:15:54 AM »

To the guys who say its "illegal"....

pls decode the messages between packet bbs's

or

Decode pactor 3

or that password protected file from that same
bbs.

and....If you think the FCC gives one shiit about
amateur radio...listen to K1MAN/ARRL "Broadcasts" or 75 meter voice ANY night.

Tell ya what...I have an encryp.Link running higher power than Part 15, its running WEP,, you turn me in...
and we will wait to see what they do.
Im good in the callbook and im on ch1 at 1 watt with
the call KT4WO

This is just to make the point. I believe in following
the rules...but the FCC said as long as the key is "Public"

Just my worthless view.

Trip - KT4WO
Logged
KA9CQL
Member

Posts: 19




Ignore
« Reply #11 on: February 11, 2010, 05:43:19 PM »

Bill - You said "YOU ALREADY VIOLATED THE FIRST RULE OF SECURITY ! How ? By opening your mouth ! ! ! "

This is called "security by obscurity", and it is proven not to work.

Just because "no one knows" about a thing does not make it more secure.  That's a fallacy that the info-security world has proven to be so, time and time again.

There is no security in "I just won't tell anyone".  None.

- Mike S.
  KA9CQL
  Victorville, CA, USA
Logged
KA9CQL
Member

Posts: 19




Ignore
« Reply #12 on: February 11, 2010, 05:50:27 PM »

Trip, you said -

"I have an encryp.Link ...running WEP..."


Just a word of advice - WEP is an encryption protocol that is trivial to break. A "script kiddie" (aka a relatively un-skilled computer hacker) can easily break through an WEP-protected link in under 4 minutes using freely-downloadable software.  So just an FYI, please don't rely upon WEP to secure your WiFi link.

If you really believe that you can/should/want-to use encryption over your link, please switch to something secure - perhaps WPA, or WPA-2, if you can.

Just a heads-up to a fellow ham, even if we don't agree on the point of using encryption on (non-satellite-control-link) Amateur Radio.

- Mike S.
  KA9CQL
  Victorville, CA, USA
Logged
WB6BNQ
Member

Posts: 4




Ignore
« Reply #13 on: February 11, 2010, 07:09:18 PM »

Mike,

I am going to disagree with you.

If I never say ANYTHING to ANYONE about something that has absolutely no record of having occurred, then the likelihood is so high as to be considered infinitely impossible for it being discovered.  At the point that I expire (i.e., dead), it is guaranteed.

Your premise is predicated upon an entirely different set of circumstances born out of a structure that is repetitive and predicable.  The two are not the same.

The circumstances for this thread, admittedly, fall closer to your premise then it does mine.  However, one has to consider the nature of the beast to determine the probability of discovery and ingress.  Here none of the normal qualifiers would exist for the typical reasons; e.g., espionage, financial gain, etc.  This leaves primarily two most likely causes, idle curiosity and vandalism (i.e., malicious mischief).

One needs to be mindful that this is a hobby environment with very little value except the out of pocket expenses for the hobbyist.  The need for the security is, or should be, to fulfill a licensing requirement of being in control to prevent possible interference to on-going traffic or emergency communications in progress.

Thus the act of curiosity is typically a non-threatening investigation.  Should the curiosity be answered, it is what is done with the information that determines the next step.  Obviously, vandalism is a different animal.  The end result is the operation would have to be shut down until the problem is solved.

In so far as the discovery is concerned; if only one person constructs the link and it is put on frequencies that are extremely hard to get to and equally hard to listen to and it is never spoken of - then the likelihood of discovering the link's whereabouts and operation are extremely low.  For example you could use 40 GHZ and large parabolic dishes for the job.  That frequency is extremely hard to get to and requires quite a bit of knowledge to do so.  With large dishes the beam width is extremely small and equally the field of view.

Another approach that could be even harder to find is to use a NON-visible laser beam.  For example, at a local military lab a non-classified experiment was done using an Argon laser (not visible) at 150 watts.  Two different path lengths were used.  One at 20 miles over water and the other, over land, at around 80 miles to study moisture and particulate matter in the atmosphere.  Tons of people looked in our direction (at a safe distance) everyday and never knew, had no reason to know and would have nothing that would cause them to even think about such things.

So, I am sorry but your premise is predicated on a limited field that has an entirely  different set of parameters.  No security system will satisfy all conditions.  The security processes are highly dependent on what is being secured.


Bill....WB6BNQ
Logged
AA4PB
Member

Posts: 12644




Ignore
« Reply #14 on: February 12, 2010, 05:33:15 AM »

As far as the FCC is concerned, you CAN *NOT* use any form of encryption on any transmission other than that which controls an amateur radio satellite
------------------------------------------------------------------------------------------
According to the FCC you **CAN** use encryption to limit access as long as the key is made available. Check it out on the ARRL web site.
Logged
Pages: [1] 2 Next   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!