Our local mesh team may have an opportunity to provide live video feeds for the Air Force Security Forces and Anti-Terrorist group at an upcoming air show. A question was raised as to how secure the video feeds were from eavesdropping. We will probably be on 2.4 GHz ch -2 and possibly on 3.4 GHz as well.
I understand it would be highly unlikely that the video feeds would be sniffed out, but really, if a tech savvy person was bent on eavesdropping, how hard would it be for them to do that without any prior knowledge of our setup?
You are here
Video stream security
Thu, 04/28/2016 - 01:46
#1
KD7MG
Video stream security
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
All you need is an SDR with significantly wide range (6-12MHz) and software to decode the algorithm (have to imagine this exists) and it be very easy to see the signals coming from the hardware, the frequency, the modulation, etc.
A stock PC won't be able to see or decode the data but any tech savvy source once they find out what frequency you are on will be able to decode.
You may get some advantage in that they may think that it's in the Part 15 band but if they have the gear (I'm considering that a part of tech savvy) to look at broad spectrums (there's a wide band handheld spectrum analyzer for less than 600$)
So basically steps to ease drop not knowing your setup:
Determine your frequency
Determine the width of the signal
Determine the modulation
Determine the encoding/framing (802.11n)
Decode Data with known encoding (make a reasonable assumption since its 802.11 that it's an IP network and points it as a wifi network and just tcpdump raw)
Watch video stream
That said I'm aware of a local event that uses cameras for big public event to keep an eye on what is going on and they didn't raise a concern but they also were not the USAF.
Plausible but not Probable, encryption would slow THEM! down.
If a served agency chooses to use 256 AES or similar for traffic they send over SSIDs AREDN provides, so long as all SSIDs and Node Names using Amateur Frequencies are properly conforming, for both Emcomm and Public Service events such as described here, we're not violating Part 97.
Recommend those in doubt review what ARRL's HSMM Working Group and FCC have said on the subject.
Anyone with the knowledge, equipment & inclination to do so, will indeed be able to see both the SSIDs and node names of every link we provide and proceed to do or not do whatever they would wrt to that Agency's encryption, which we're doing nothing to obfuscate. eh?
If there is any doubt, it should be about whether we should feel an obligation to ensure Served Agencies are aware of this.
No I couldn't in good conscience deprive you of the pleasure and reward of researching this yourself.
TIA for all knowledgeable feedback - so long as it is appropriate in a publicly accessible forum.
(armchair lawyers please do the research and then don't reply <g>)
73
...dan wl7coo
On a part 97 data network operated by a licensed radio operator, all (some?) traffic that a served agency rides over the top of it, does not have to meet part 97 rules? A hospital network could send encrypted documents of sensitive patient names and medical information over an AREDN Network? The RED Cross could conduct business and use a credit card to buy 1000 blankets from Amazon over an AREDN network?
Is there any specific references that folks may follow up on to increase all our understandings--to avoid everyone looking for needles in the haystack?
Joe AE6XE
Aside from part 97, so far my understanding is the purpose of AREDN is to be open to all, encryption would hinder this.
,
Thanks all, this has been educational. I see it's doable, but not very likely, especially since there are probably much bigger targets to go after than a rather obscure video feed.
otherwise obfuscate our communications.
We also know we may not engage in any activity on Amateur Frequencies for which we receive any kind of remuneration.
Does this mean we may not transport, as third party traffic, sensitive data that a Served Governmental Agency may have very good reason to encrypt vs secure and they do so prior to handing the data (in a metaphorical locked briefcase) to us? The served agencies, in preparing their traffic might be intentionally obfuscating the content, meaning, actual source or final destination, all in the National Interest or on behalf of common sense or privacy considerations.
Depending on the nature of the encryption and whether the encoding/decoding requires information not publicly available it certainly could be considered intentionally obfuscated traffic.
How are Amateurs not in full compliance with any portion of Part 97 by virtue of identifying and utilizing every best practice and specification available in order to ensure security, reliability of delivery and non-repudiation of this traffic while doing nothing to further obfuscate this traffic in the locked briefcases, or the SSIDs & authorized callsigns of each and every RF link we use to deliver the traffic to it's intended destination ?
It should be possible to point to specific passages in Part 97 that say we may not forward secured information streams from served governmental agencies. I try every so often and have yet to succeed.
Is AREDN doing something with encrypted data streams I'm not aware of or do not understand?
May I please reply to your question with a very sincere questions of my own?
Does AREDN at any time, under any circumstances, not correctly identify the SSIDs and Node Names associated with every packet on every link?
Why don't we all agree to re-read Part 97 from first to last word and every word in between as a New Years Resolution exercise every year?
This is probably more time efficient than wading through the last 10+ years of written communications on this topic.
I promise one and all if I ever see something I've missed in Part 97 that negates this bit of sophistry, I'll own the mistake.
QED
73, ...dan wl7coo
Postscript, Short version; it isn't a haystack it's Part 97 and actually quite readable.
I can provide you citations from part 97 that I believe disagree with you, and I have done so on other threads here on the forum but would be glad to provide as such again.
However I would instead this time like to first try by providing the FCC's plain language wording from Report and Order RM-11699 regarding request for rule making to permit encryption. http://transition.fcc.gov/Daily_Releases/Daily_Business/2013/db0918/DA-13-1918A1.pdf
"Based on our review of the record, we are not persuaded that the petition discloses sufficient reasons in support of the action requested. First, we conclude that the record does not support Mr. Rolph’s assertion that the prohibition on encrypted amateur communications is impairing the ability of the amateur radio community to provide effective support to public safety agencies during emergencies. As the report to Congress concluded,"
"As the Commission has noted, Section 97.113 is intended to help maintain the non- commercial character of the amateur radio service by prohibiting certain types of transmissions.18 The primary protection against exploitation of the amateur service and the enforcement mechanism in the amateur service is its self-regulating character.19"
"Therefore, we agree with the comments that say, in various ways, that amending the rules to allow encryption to obscure the meaning of messages transmitted during emergency services operations and related training exercises would not improve or enhance the operation of amateur service stations or otherwise be in the public interest.24 Accordingly, we dismiss the petition."
Again I'll be glad to provide citation more in depth on the rules of you so desire but I think the FCC's plain language words say a lot on this matter without directly reading each law. I will ask to rember that no matter who passes the information to the node operator, the originating node is indeed the message originator and is responsible for that content, it's up to that individual to make sure no information passed will violate his or her license. If the information is obscured when that operator receives it that operator needs to be mindful that if they transmit it they are still transmitting obscured content, it doesn't matter
if you obscured it yourself or received it pre obscured it is still obscured for the purpose of hiding it's meaning.
Here's an example...just yesterday our local EMA team joined up with the NWSChat (think MeshChat on steriods, used by storm spotters, the media, and emergency management teams). It's all web based, nice javascript interface, multiple windows and multiple simultaneous conferences. Guess what? It's all https. Well, no NWSChat over the mesh I guess. We had planned to access the app from our EOC across the mesh, as the mesh has redundant links and redundant power (and soon redundant internet gateways).
If the encryption rule interpretation were just a bit more modern, maybe you could justify this by saying hey, I'm connecting via https to nwschat.noaa.gov; I'm clearly not doing anything commercial or using Part 97 frequencies for personal gain.
To each his own, YMMV, I'm not a lawyer, blah blah blah.
MB