The security of transmitted packets in the MORSE network is based on two functions:
- Locking the radio modem against unauthorised configuration changes.
- Encryption of transmitted user data.
1 Locking the radio modem against unauthorised configuration changes
From the point of view of configuration structures the locked radio modem is only open for reading. Unlocking, locking, and changing the user name and password is done using the Netlock application (a_netloc for Linux and netloc.exe for MsWindows). Communication between the radio modem and the Netlock application is encrypted. 64 bit symmetric keys are used for encryption. The encryption algorithm is non-public and is similar to the DES algorithm (security is comparable to the security of the latest (2008) banking systems). The “Diffie Helman key exchange” algorithm is used for exchanging symmetric keys.
Passwords are only transmitted in their encrypted format. The memory in the radio modem where the passwords are stored is not accessible from outside (ensured using the radio modem’s operating system resources). The password image is randomized in memory (salted).
2. Encryption of transmitted user data
2.1 Encryption using symmetric keys
Encryption of transmitted data is implemented in the MORSE network using a blowfish symmetric encryption algorithm in ECB mode (Electronic Code Book) with SHA1 HMAC (SHA1 Hash Message Authentication Code) and 160bit symmetric keys. ECB mode is used because of the MULTI-POINT to MULTI-POINT character of MORSE networks. For protection against attacks by repeated packets the use of time markers can be switched on. The same symmetric key is used at one instant throughout the whole network (apart from the process of switching to a new key, as seen below).
If encryption is switched on all user data passing through the radio modem is encrypted (packet type 0x09 and 0x0A).
User packets entering a node are processed in the following order: compression, encryption, monitoring. Similarly on exit from a node user packets are processed in the following order: monitoring, decryption, decompression. Routing packets pass through the network encrypted.
2.2 Exchange of symmetric keys by RSA asymmetric encryption
An exchange of symmetric keys in the MORSE network is implemented using RSA asymmetric encryption with 512bit asymmetric keys.
Each of the nodes in the MORSE network has two symmetric keys. One of the keys is used for encrypting the current communication. The other is used for exchanging the active key.
Exchange of symmetric keys is controlled by the user using a special application (RACOM Encryption control) from the central computer (OS Linux or MsWindows), which appears as the central authority (CA – Central Authority). Upon a request for an exchange of active keys (symmetric keys ensuring encryption of user operation) a new symmetric key is generated in CA and this is successively loaded into all radio modems in the network. After successfully writing to all radio modems the modems are switched to encryption using the new key. A high level of network security against encryption cracking is achieved by the occasional exchange of keys.
Newly added radio modems (or any replaced during servicing) are also configured using CA to the network with set encryption.
Asymmetric keys used for the secure exchange of symmetric keys are generated by each radio modem themselves, either after switching on encryption (if it doesn’t currently have a key), or after receiving a request from CA.
3 Implementation limitation
Encryption is only supported in MR400 type modems (not MR25) and it is present in some versions only, e.g. 10.0.76.0.
When using encryption radio modems need to be locked using the Netlock application (see chapter 1/).
4. Additional information
4.1 Encrypted packet:
- Index of a symmetric key – 2 bytes
- Padding – padding to the size of a blowfish block. Total length of encrypted data must be divisible by 8.
Length of padding = 1byte
padding = 1…8 bytes
- Time marker = 4 bytes
- User DATA
- SHA1 hash, which is added to each encrypted message = 20bytes.
Altogether this totals 25-35 bytes plus user data
It is therefore necessary that packets no longer than 1570B in length travel from the protocol to the node. If compression is switched on this value can be higher.
5. Tested version