[142] in cryptography@c2.net mail archive
Re: FCPUNX:ecure Phones
daemon@ATHENA.MIT.EDU (Eli Brandt)
Mon Feb 3 23:37:57 1997
To: crypto list <cryptography@c2.net>
Date: Mon, 3 Feb 1997 23:24:03 -0500 (EST)
From: Eli Brandt <eli@gs160.sp.cs.cmu.edu>
In-Reply-To: <199702040233.VAA13254@beast.brainlink.com> from "C. Kuethe" at Feb 3, 97 12:19:15 pm
C. Kuethe wrote:
> [...] and then the specs page says: [...]
> Voice Scrambling
> * Primary scrambling method: Key based sub-band scrambling, 24 active bands
> * Second: Key based re-scramble once per second
> * Third: Key based spectral inversion of
> selected sub-bands
> * Secure mode voice pass band:200 Hz - 3130 Hz
This doesn't sound too secure. Assume that the plaintext is harmonic,
with time-varying pitch. Key point: all of the harmonics vary in
synchrony; they all have the same frequency change dF/dt, except that
it's scaled by harmonic number. And we (the attacker) have nice long
windows to work with.
So sub-band inversion looks pretty worthless to me. Analyze the
signal into sinusoids and flip bands so that they all have the same
sign for F' -- there are only two possibilities. Try both in the next
step; one will fail.
(Really, the sub-band inversion is cosmetic anyway: flipping some of
these 120-Hz bands will make speech sound weird, but will not render
it unintelligible. You have to wonder whether the designers ever
tried listening to this stuff.)
For the band scrambling, look at each partial's F' and try to factor
out a fundamental frequency. That is, you see {60, 20, 30, 40} Hz/sec
as (10 Hz/sec fundamental shift)*(harmonic numbers {6, 2, 3, 4}).
Arrange the bands so that each harmonic is in the right place, and
you've got the original signal back.
Now, I'm making this sound easier than it is -- audio analysis always
takes some tweaking and screwing with heuristics, at the least.
I also assumed away the inharmonic components ("s", "t", "p", etc.),
but I doubt this would destroy intelligibility. If this is a problem,
I think I see how you could get those too.
Personally, I wouldn't trust something like this with more than $1e4
or so. If you use one, continuous loud music (or, better, voices) in
the background should make unscrambling substantially harder. Note to
designers: digital is better.
> So maybe it's not just some funky analog signal processor, but if the system
> only encrypts 200-3130 Hz, I'd think there's some data leaking out there...
If that's the passband, anything else gets thrown away. Phone lines,
for comparison, pass 300 to 3k.
--
Eli Brandt
eli+@cs.cmu.edu
