Being in a war zone can cause information security problems for the military

Opinion by Nick Barron

The war zone is not a perfect world: battle conditions often mean security compromises for friendly forces.

The war zone is not a perfect world: battle conditions often mean security compromises for friendly forces.

Back in the 1990s, I spent a lot of time looking at attacks on satellite TV systems. This was of academic interest; I didn't even have a satellite dish, never mind a decoder. Cryptography was unusual outside the banking and military worlds, but satellite TV was a big user and attacks on it were one of the few ‘safe' areas to research if you were interested in the security of hardware encryption systems.

Broadcast encryption, the problem of encrypting something that needs to be decrypted by a large audience, is still a major research area. DVDs and Blu-ray discs, for example, need to be protected against unauthorised duplication, but must be readable in millions of players installed around the world. Efforts to crack this have been largely unsuccessful.

Similar problems plagued satellite TV in the 1990s, with expensive smartcard replacements required to thwart fake cards. Some attacks even removed the need for a smartcard at all, with the infamous ‘Season7' software (named after the season of Star Trek it was developed to watch) being the best example. Perhaps unsurprisingly, Markus Kuhn, who wrote Season7 in 1994, has turned gamekeeper and now lectures in security systems at the Cambridge Computer Laboratory...

You might think this is just a problem for media moguls, but the US military has been a recent victim of the same problem. In combat zones such as Iraq, the Unmanned Aerial Vehicle (UAV) has become a popular intelligence resource. Its ‘what's round the corner?' video is literally a lifesaver whose unmanned nature reduces the risk of friendly casualties (the pilot is usually the most valuable component in a military plane).

Recently reports began to surface that video footage from UAVs in Iraq had been found on laptops seized from insurgents ( It turns out that the UAV video feeds were transmitted without encryption, and had been plucked from the airwaves using software designed for decoding satellite TV signals ( Video that's useful to you may well be equally useful to your enemy, so it's a bit of a worry to have it flying around unprotected. More worrying, although ignored by most reports, is the possibility of spoofing video to show non-existent attackers or ‘hide' enemy forces (although the same spoofing could be used against video eavesdroppers).

One of the major problems with any widely deployed encryption system is getting the keys to the right people, and making sure they don't end up in the wrong hands. In the military environment, it becomes even more complex. Individual military units may need access to a number of UAVs in a relatively unpredictable fashion, so key management quickly becomes a nightmare. While there are technological issues with encrypting UAV video, it may be that the risk of friendly forces not having UAV video is considered greater than the risk of it also getting into the enemy's hands.

There is the same problem with ordinary military communications, but that's hardly a problem that has gone away. Indeed, the US's currently fielded secure radio, the Joint Tactical Radio System (JTRS), has had so many teething problems that many users pronounce its acronym as ‘jitters'. Attempts to integrate UAV video with JTRS, the obvious solution, have failed due to the lack of bandwidth available. JTRS operates at low frequencies, below 2GHz, whereas the military's video standards run higher than that. Ironically one of the main reasons for this frequency choice was for good performance in heavy foliage, not a common problem in the Middle East.

So things are not quite so simple to fix. In a perfect world, all military video would be encrypted, and that's certainly the plan (providing UAV video via a secure data network, a sort of military YouTube). Quick-fix solutions are unlikely to be secure and may even make things worse by denying access to the friendly forces who really need it. As always, as one vulnerability closes, another often opens up.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events