Here is just a shameless plug for the company I work for. The article talks about secure VTC and discusses some of the products we make as well as other manufacturers we work closely with.

http://www.mit-kmi.com/articles.cfm?DocID=505

I always wondered, and this may seem like a stupid question, but why such security generally for VC? Is it that easy to "bug"?

Obviously military information is classified anyway, but are all these security devices to stop sensitive information getting out, or malicious content getting in? Is ISDN any more secure than IP?

Just curious to understand the history behind this...

For the military, the use of encryption is primarily to scramble the data so anyone who captures the information can not read it. For all practical purposes, ISDN and IP alone do not provide enough security for military use. Since data flows freely over copper wires, the information can easily be captured in a variety of ways. Even with a direct link between two sites, those connections typically take place through switching equipment at a local carrier, making it a possible point for data capture.

I have to admit that sometimes military security for VTC can seem extreme, but if you think about the sensitivity of some of the conversations that may be taking place, coupled with the persistence of the bad guys, you can see that encryption play a vital role.

For those outside the military, there are lower levels of encryption. While most of us may not have a use for such a thing, there are some companies out there who would like to protect sensitive internal information and feel the need to scramble the data.

The idea of encrypting data actually goes back a couple thousand years. Julius Ceasar used to use encryption techniques to protect sensitive military information in case his runners were ever captured by the enemy.

I might add, corporate espionage is alive and well. More often than we'd like to admit it, large companys are learning that they can simply hire the hacker that just broke into their system to break into their competitor's system and spy on them. The information gathered can be early product release dates or even proprietary technology. An information leak can cost a company millions if that info gets into the hands of a competitor that knows what to do with it.

So yeah, security in any type of information medium is important to both the military in terms of saving lives and corporations in terms of their bottom line.

The article has an updated link. Here it is.
http://www.mit-kmi.com/archive_article.cfm?DocID=505


Here is just a shameless plug for the company I work for. The article talks about secure VTC and discusses some of the products we make as well as other manufacturers we work closely with.

http://www.mit-kmi.com/articles.cfm?DocID=505

has the security for VC ever been breached at a high level b4? u mentioned espionage and all that.. when has that happened?

The update was the same link. Although... if I figured it right... this should be the right one....

http://www.military-information-technology.com/article.cfm?DocID=505

Riding on edspag2000’s line of questioning… If I understand it correctly, AES generates a key when it first establishes a link and then proceeds to code the remaining transmissions with that key. The KIV-7s have a key inserted at each end always communicate with encryption…. Or so I’m in that understanding. Correct me if I’m wrong (I’ve been wrong before :cross-eye ). So just how much more secure is one over the other? Is it that easy to snatch the key during negotiations? Or is it really just a heightened state of paranoia? :paranoid:

MacGyver,

Welcome to the forum and thanks for the updated link. To answer edspag2000’s question first……..yes, interception of a VTC conversation can happen just as easily as interception of a phone call and although it may not happen all the time (at least as far as public knowledge is concerned), it is very easy to do with the right equipment and access. It is not so much the video conferencing device you are protecting, as the information traveling across the wires. It is the information after all which is most valuable. The use of encryption protects the data being shared. In military environments, the slightest possibility of interception is unacceptable and the data must be encrypted according to classification level.

Now Macgyver’s question…….

You are correct in how the keys work, although I am not an expert on AES encryption. The KIVs require a key to be loaded into the device. This is typically done with a paper tape loader or a loader which stores multiple keys internally. Once the key is loaded into the KIV it can be saved, but as many of us who play with these devices know, if you lose power, you lose your key and it has to be reloaded. The KIV does have a battery, which only gives the device enough power to hold the key, not run the unit. Every person in this forum who deals with KIVs probably has a story of a battery dying at the most inopportune moment. KIV keys are run by one of our government agencies (I’ll let you guess which one, although it’s not a secret), and are normally rotated on a monthly basis. There must be a KIV on each side of the link, and they must have the same key.

You cannot go out and just buy a KIV. You must go through the agency mentioned above for KIV approval and keys. In many instances the room in which the VTC is located must be approved before secure conferences can take place. There are many things which need to take place, and tons of paperwork before a site can be approved for secure use with KIVs. This process can actually take years for some.

Although AES does a good job of making interception more difficult, you can see that Type 1 encryptors take encryption a little deeper. AES is available to consumers and automatically generates a key between two systems. Type 1 encryptors are not available to the public and you must have two similar encryptors (which are hard to get) on each end of the link. You then must have the same key on each end, and that key gets changed on a frequently.

The level of paranoia is equal to the value of the information. If I am talking to my mother on VTC, I would like the call to be private, but I am not risking much if I do not use encryption. If I were a CEO of a company talking to my engineers on VTC about a product which is innovative and guaranteed to make us rich, then I would want the best level of encryption available to protect our conversation. Although corporate espionage may seem like a myth to many, you would be amazed at what people will do when presented with product information worth millions of dollars. If I were a commander of a military force, talking over VTC to leaders in the field, then encryption becomes a necessity for survival. It is a necessity because the information being discussed can cost the lives of many if it falls into the wrong hands. At this level, I would prefer to use encryptors that only the good guys have access to, with keys that can only be used between the sites that need to be in the conference.

Video Mute was added because people were hiring lip readers to tell them what was being said when the audio was muted (brokerage firms so I am told), so I would guess that intercepting the IP Stream and playing it back would be desirable.