Off the Grid
Jul 28th, 2008 by sherri
I felt like the luckiest girl at HOPE when bernieS handed me a pair of TriSquare Digital Two-Way Radios (TSX300), a prize given away at his excellent talk, “Off the Grid – Voice/Data Communications” (Skip Arey and bernieS).
Ever since the “warrantless wiretapping” FISA Amendements Act was passed by Congress a few weeks ago, I’ve been itching to find some practical voice communication system which isn’t trivially monitored by the government. I admit that, like many security professionals, part of me had become a little resigned to the prospect of an Orwellian future (present?) Little did I expect that someone would hand me a great short-range solution at the conference.
The TSX300 radios are awesome for a number of reasons. They’re based on Frequency Hopping Spread-Spectrum (FHSS) technology, meaning that rather than broadcasting on a static frequency, they constantly switch between many frequencies. This makes it very difficult to eavesdrop on the signal, and it also means that interference on one frequency has little impact on the overall quality of the communication.
Interestingly, the use of frequency hopping for communications privacy was pioneered by Hollywood actress Hedy Lamarr and composer George Antheil, who patented their “Secret Communication System” in 1942. Their invention used a piano roll to hop between 88 frequencies, and was “intended to make radio-guided torpedoes harder for enemies to detect or jam.” (Wikipedia)
Up until now, radios available to the general public have lacked privacy and suffered from severe channel overcrowding. According to bernieS’ excellent March 2008 article in Popular Communications, the TSX300 radios address both those issues, as follows:
The user chooses a 10-digit channel code. “Depending on which 10-digit channel code is chosen, an embedded pseudorandom number generator algorithm selects a different set of 50 [out of 700 possible] frequencies to hop and cycle through every 20 seconds. Each 400-millisecond hop frame contains both voice and data… Since FHSS can effectively create a nearly unlimited number of ‘virtual’ radio channels (by using many different hopping sequences), it could solve the severe channel overcrowding and privacy problems vexing tens of millions of… radio users.“1
Genius! My favorite part of the article is a section called “Two-Way Radio Privacy For the Paranoid” (who, me?) Here’s a snippet:
“Arguably, TriSquare’s eXRS technology might offer the general public more short-range [communications security] than landline or cellular/PCS network phone calls, which can now be remotely and instantly monitored by many people at local, state and federal government agencies, thanks to CALEA (Communications Assistance for Law Enforcement Act) and the PATRIOT act.
“… An eXRS channel code is somewhat like a simple encryption key with 10 billion (10^9) permutations… Neither scanners nor other manufacturers’ two-way radios can receive eXRS’ FHSS radios signals– further reducing the likelihood of interception. The characteristic of FHSS that rapidly slices and scatters a signal to appear as noise across a wide swath of radio spectrum makes it inherently difficult to track and demodulate. Still, if you’re really paranoid, you should know that a well-equipped and determined eavesdropper could use a highly specialized surveillance receiver like the WJ-8654 Microceptor to track and demodulate eXRS’ FHSS radio signals. More affordable fast-sweeping receivers such as those from Optoelectronics aren’t quite fast enough to track and demodulate a 400-msec FHSS signal.”
In short, the TSX300 radios offer a practical short-range alternative to our centralized telecommunications infrastructure, which is controlled by a few corporations and tapped by the government. The TSX300 radios also support text messaging, address books and all that useful day-to-day stuff that make normal people happy.
I highly recommend reading both of bernieS’ excellent Popular Communications articles on the topic:
Digital Two-Way Radio Technology Reaches Consumer Market (Bernard Bates, November 2007)
An Innovative License-Free Alternative to FRS/GMRS (Bernard Bates, March 2008)
…and I’m totally psyched to try out my new radios at Defcon next week!
1Bernard Bates, “An Innovative License-Free Alternative to FRS/GMRS,” Popular Communications, March 2008
2Bernard Bates, “Two-Way Radio Privacy For the Paranoid,” Popular Communications, March 2008
Sherri Davidoff
Cool, thanks for the links and info on new 2-way radio modes. I didn’t realize your interest in security issues extended so broadly – it makes for an interesting blog, anyway. I was thinking of getting a pair of radios for family use anyway, I think these might be just the thing.
Awesome!
bernieS just sent me a link to the TSX300s on Amazon:
http://www.amazon.com/TriSquare-TSX-300-900MHz-Charcoal-Metallic/dp/B000WY8JRU
Apparently my sexy new *black* TSX300s aren’t actually in distribution yet…. nyah nyah nyah
The charcoal metallic ones are nice too, though.
NIST is working on new surface mount sized atomic clocks (~ grain of rice) with about 1 second/300 years accuracy: http://tf.nist.gov/ofm/smallclock/index.htm
I think that will make for interesting crypto applications: eg network ports opening for fractions of a second, physical locks with fine time dependency built in, or perhaps even stored quantum states which would decohere if measured out of phase, destroying information.
folks, the illusion of freq hopping or spectrum hopping being a way to not be monitored is frankly, “an illusion. The military and DOD developed FH and has an incredible amount of technology to defeat it……
exspook: Is there any way you know of to verbally communicate, either short or long range, without being monitored?
As Sherri referenced on her blog, military or govt intelligence agencies–or any other adversary with effectively unlimited technical resources–could track or jam FHSS communications. But their eavesdropping/jamming system would have to be physically nearby (like within a mile or two) their target to do so.
Millions of private users of these FHSS radios (like Sherri) are unlikely to be targeted in this manner, because capable adversaries are very unlikely to deploy their systems in virtually unlimited simultaneous physical locations, or to follow millions of low-value targets around all the time.
The decentralized nature of “Off-The-Grid” FHSS radio communications pretty effectively thwarts centralized eavesdropping and jamming.
-bernieS
[...] Even if you’re using a spectrum analyzer like WiSpy, you may not notice it. Bluetooth uses Frequency Hopping Spread Spectrum, and hops 1600 times a second throughout the 2.402-2.480GHz band. Because it’s spread out [...]
You don’t need a microceptor to be able to intercept a TriSquare radio. They use slow hopping (2.5 frequency hops p/sec), an Optoelectronics R-10 or Xplorer near field receiver will track it and produce audio since these radios are not digital, but use analog FM. With a 900MHz antenna on my Opto I can pick up a TriSquare within apprx. 500-1000′ depending on obstacles, terrain, etc.
If you want privacy use a Motorola DTR and create your own private channel. DTR’s have a true digital signal.
I just e-mailed trisquare and asked if there is a repeater capable system available. Does anyone here know if there is ? Thanks for any reply
Today, I got a reply from trisquare tech and a repeater is being considered however not approved for production yet. Their web site is to have more info on that , when and if it happens.