Jumps to site home page. Jumps to site home page. Jumps to the campus home page U.S. Department of Commerce Labs in Boulder, Colorado. Jumps to U.S. Department of Commerce home page.
Site Map | Contact | Opportunities

Projects

Security Tools

Project Description

SNAPSHOT

As public safety adopts emerging technologies for wireless communication, the potential for security vulnerabilities increases just as computer network vulnerabilities have increased with the development of the Internet. To protect public safety communication and information systems, the security implications of new technologies must be broadly understood.

Wireless security tools.
A PSCR staff member builds security test tools for use with P25 radio systems.

BACKGROUND

Security is an important component of P25, and while many security researchers work with theoretical vulnerabilities, on behalf of the DHS/OIC, PSCR is developing practical security tools for P25 radio systems. For example, one could read the P25 standards and come to the conclusion that P25 radios are vulnerable to unauthorized inhibit commands. However, until such an attack is attempted, this vulnerability remains purely theoretical.

AN INNOVATIVE APPROACH

PSCR is particularly well-equipped to develop practical security tools for radio systems. PSCR is:

  • Demonstrating vulnerabilities that have never been implemented in practice

  • Working with the TIA to address security concerns

  • Developing tools that can be used by manufacturers, researchers, and users to test the security of their systems

  • Developing a P25 Common Air Interface monitor, an essential tool for future security research, and for testing the security of deployed systems

VALUE TO PUBLIC SAFETY

To make appropriate deployment decisions, users need complete information about security strengths and weaknesses. The strength of digital radio and P25 is that many security concerns can be mitigated. PSCR, with DHS/OIC, will fulfill several important functions for the public safety community.

  • Security Information: Provide a central point for both collection and dissemination of security information

  • Awareness: Promote awareness of P25 security strengths and weaknesses among the standards, manufacturing, and user communities

  • Mitigation: Document each known security vulnerability, consider mitigation options for each vulnerability, and document mitigation decisions (even a decision not to mitigate a particular vulnerability) within TIA

RESULTS

Though the PSCR program’s P25 security work is in the early stages, significant progress has been made.

  • An initial enumeration of wireless communication security needs for public safety is included in the Public Safety Statement of Requirements.

  • Considerable work has been done to develop security assessments specifically for P25.

  • The SAFECOM Executive Committee and the P25 Steering Committee have been briefed on security concerns and are aware of the needed next steps.

  • A growing awareness of security issues is apparent throughout the public safety community, standards development organizations, technology developers, and the public.

. . .

Right-click Security Tools to save or download this one-page project summary PDF file.

For more information, contact: Andrew Thiessen.