Backdoor in TETRA Police Radios

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world.

The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, and more. Crucially, TETRA is not open-source. Instead, it relies on what the researchers describe in their presentation slides as “secret, proprietary cryptography,” meaning it is typically difficult for outside experts to verify how secure the standard really is.

The researchers said they worked around this limitation by purchasing a TETRA-powered radio from eBay. In order to then access the cryptographic component of the radio itself, Wetzels said the team found a vulnerability in an interface of the radio.


Most interestingly is the researchers’ findings of what they describe as the backdoor in TEA1. Ordinarily, radios using TEA1 used a key of 80-bits. But Wetzels said the team found a “secret reduction step” which dramatically lowers the amount of entropy the initial key offered. An attacker who followed this step would then be able to decrypt intercepted traffic with consumer-level hardware and a cheap software defined radio dongle.

Looks like the encryption algorithm was intentionally weakened by intelligence agencies to facilitate easy eavesdropping.

Specifically on the researchers’ claims of a backdoor in TEA1, Boyer added “At this time, we would like to point out that the research findings do not relate to any backdoors. The TETRA security standards have been specified together with national security agencies and are designed for and subject to export control regulations which determine the strength of the encryption.”

And I would like to point out that that’s the very definition of a backdoor.

Why aren’t we done with secret, proprietary cryptography? It’s just not a good idea.

Details of the security analysis. Another news article.

Posted on July 26, 2023 at 7:05 AM38 Comments


David McClain July 26, 2023 9:25 AM

I agree on the weak homebrew crypto.

But the article also stated that they used shortened 32- and 40-bit keying on the weakened systems. It wouldn’t matter how good the algorithm is in those cases. The weakness of the key allows for simple brute force searching. Took about a minute on a laptop computer.

Ted July 26, 2023 11:13 AM

In Midnight Blue’s write up of TETRA:BURST (and its five CVEs), they report the following on CVE-2022-24403: “…consider TEA1 equivalent to cleartext”

This is not dissimilar to Matthew Green’s statement to KZ: “I wouldn’t say it’s equivalent to using no encryption, but it’s really bad.”

Kim Zetter also published a follow-up interview with ETSI’s Brian Murgatroyd:

Clive Robinson July 26, 2023 11:51 AM

As this is getting auto-moded, so black-holed I must appologize for choping it into bits,

@ Bruce, ALL,

Part 1,

Re : It started in WWII.

“Why aren’t we done with secret, proprietary cryptography? It’s just not a good idea.”

Remember this actually goes back well into the last century, that is it’s more than 20years old.

The TEA1 and TEA2 idea, is exactly the same as the GSM A5/1 and A5/2 over the air crypto[1].

All the EU standards bodies of the time were doing this nonsense of Weak Crypto for second and third world countries. Heck look up the history of the NSA and CIA with regards Crypto AG of Zug Switzerland. They had three levels of crypto.

Clive Robinson July 26, 2023 11:57 AM

@ Bruce, ALL,

Part 2,

As I’ve indicated before the original “coin counting” mechanism designed by Boris Haglin and used in the US army Field Cipher machines in WWII –of which around 140,000 were issued and still in use during the Korean War,– had a range of keys covering from very weak through to strong (for the time). The keys issued to the forces were done from a central managment, and were thus mostly strong.

However with more than 85% of the key space not being strong, any one capturing and copying the design without knowing about the key strengths would like as not just use the keys randomly, so on average around half could be broken fairly quickly.

Clive Robinson July 26, 2023 12:05 PM

@ Bruce, ALL,

Part 3,

If people study the history of WWII code breaking in Bletchly and other places (like India, where my father was stationed). It was mostly based on the idea of “possibles” that is as messages got decoded they became part of a “card index” database. When a new message came in “Huf Duf” HF Direction Finding and other “tells” in the then nascent “Traffic Analysis” gave lookups in the database.

Clive Robinson July 26, 2023 12:06 PM

@ Bruce, ALL,

Part 4,

This gave “probable plaintext” that were then used in “cribs” to reduce the code breaking effort immensely. So profitable was this that occasionaly they would order the RAF to go “gardening” where an aircraft from the RAF would be tasked with dropping parachute mines during daylight in full view of German Docks. The “Dock-yard cipher” was a reduced security or “weak key” version of the Enigma machine that could be quickly broken by going through all it’s keys.

Clive Robinson July 26, 2023 12:10 PM

@ Bruce, ALL,

Part 5,

However the same message sent over the weak key dock yard cipher was also sent over the strong key U-Boat cipher. Thus giving a long length of known plain text.

David in Toronto July 26, 2023 12:12 PM

@clive where was your dad stationed. A friend of the family was at base Anderson in Columbo doing IJN codes

Clive Robinson July 26, 2023 12:17 PM

@ Bruce, ALL,

Part 6,

All of the German rotor machines had a design issue, in that no character would encode to the same character.

Clive Robinson July 26, 2023 12:19 PM

@ Bruce, ALL,

Part 7,

So a message of fifty or more characters “tried against” the plain text gave a very fast way to eliminate wrong keys, and also find some of the key settings and unravel the rest.

Clive Robinson July 26, 2023 12:21 PM

@ Bruce, ALL,

Part 8,

After WWII, the alies rounded up the Enigmas and alied field cipher machines and sold them off quite profitably to mostnon WASP world nations. This policy started before the NSA or GCHQ actually formally existed and came about because of the “British US Agremment”(BRUSA later UKUSA). It’s been said but I’ve not found real evidence of it, that this idea started with Gordon Welchman, who also did think up the idea that later became the Internet.

Even though mentioned in other places the Enigma breaking got out in the mid 1970’s thanks to RAF and MI6 Officer Frederick W. Winterbotham CBE, who had during WWII a not so small part in the organisation of the distribution of “Ultra” intelligence. So he wrote a book “The Ultra Secret” which said very little of real use cryptographically and he got quite a bit wrong… But he did unfortunately reveal that those Enigma Machines were not at all secure, despite what a simple analysis might otherwise conclude. This was a real blow for GCHQ and the NSA. However where could these countries go… That is why Crypto AG in Zug Switzerland became so pivotal and William Friedman made his little calls. Boris Hagelin made millions[2] and as we know his son died in mysterious circumstances.

Clive Robinson July 26, 2023 12:23 PM

@ Bruce, ALL,

Part 9,

But banking killed the cosy little relationship. IBM was approached and started working on a 128bit system using the ideas of Horst Fiestel… The NSA got horrified, but the result was DES in 56bits in the US but only 40bits elsewhere in the world.

Eventually the shenanigans over DES gave rise to the crypto-wars and US President Bill Clinton eventually put a nail in the backdoored Clipper Chip saga.

But back in Europe we had a problem, not only had FBI director Louis Freeh come over on his “Grand Tour”(GT) at great expense to US tax payers we had the French…

Clive Robinson July 26, 2023 12:25 PM

@ Bruce, ALL,

Part 10,

The French have had an attitude about Crypto and industrial espionage that is still evident to day. They do not want crypto let alone any strong crypto in any non government hands because it makes their stealing of industrial and commercial secrets to be handed over to “the favourd few” –who duly “kicked back” to French Civil Servants and Politicians so they can aford their life styles– oh so much easier…

So last century with the French and their Industrial Espionage and the British still “Ruling the world” of telecommunications nodes for cables and satellite interception for the Five-Eyes nearly all European telecommunications standards were “back-doored” one way or another. So much so that there was a standing joke about it I mentioned to @SpaceLifeForm yesterday,

Any way as I also noted there I knew about this backdooring of commercial and consumer comms going back into the last Century, and I know that European Cryptographers were more than aware of it to.

Phillip July 26, 2023 2:27 PM

Post 9/11, first responder interoperability issues were laid bare, and funding was turned on to fix what might benefit improved coordination. So, it is somewhat surprising how SMEs are only recently uncovering some of the particular issues with TETRA, aside from the usual “unsurprising” aspects spoken of in the blog post.

David in Toronto July 26, 2023 2:46 PM

@Clive Gordon Welchman – there’s a name – he was a traffic analysis specialist and ended up having a second look at the Turing bombe. He realized Turing had a false stop problem (false detection) and realized he could induce more feedback to drastically reduce the number of flase stops. His solution, the diagonal board, surprised even Turing. Later he wrote the Hut6 Story and opined in the back of the book that he didn’t like the new trends in ciphers (but he did not elaborate on why).

Clive Robinson July 26, 2023 2:53 PM

David in Toronto,

“@clive where was your dad stationed. A friend of the family was at base Anderson in Columbo doing IJN codes”

He was in the Royal Signals supposedly as a traveling “Pay-Clark”, or that’s what his pay-book had him down for 😉

But yes in his photo collection he has some of the Columbo buildings and masts, and other even more interesting and less well known places.

I know that on more than one occasion he had disagreements with very senior officers, including one one occasion “cutting one off” literally in the middle of a phone call when he sliced the cable on the mans desk to stop him blabbing away into the unsecured line.

Even though I know he did both telephone, telex, and radio work, he also did a lot else besides that he still would not tell me about. He opened up a bit after the Winterbotham book came out, but he died shortly there after taking a lot to the grave with him.

Funily he had on being de-mobbed put his efforts into becoming an accountant and worked his way up in the 1950’s to a very senior position. However he developed heart trouble and decided to “take it easy” and became a senior college lecturer teaching accountancy. Amongst others to Prof Hienz Wolf’s son. When Hienz did the Christmass Royal Institution lrcture a young but not so small boy got roped in to help. Not long after on the “Equivalent of Parents Evening” at the college he almost instantly recognized the not so small boy and said hello and then lied outragiously to my father about how giffted I’d been and dropped a big hint I would have a bright future in engineering.

After I’d been orphaned a “family friend” Ken who had served with my father and had become a senior research engineer for “The Post Office” involved with System X development, gave me some more details about what they had got upto. Both of them had been keen photographas and shared other interests. Both of them could not only darn their own socks they could knit as well. Ken was semi famous for his sock endevors, because he did not like those available in mens outfitters at the time. So every morning on his way up to work on the last stretch by underground he knited his own in the most colourful wool then available. But on his first stretch crossing the SW Surrey boardser by British Rail to Waterloo he made use of a table cloth and pack of cards he also carried in his brief case along with the wool. He and three others would tuck the cloth into their belts to make a kind of table and played bridge and poker on the way up to town.

It would appear my father had got upto some interesting things in India, some of his photos tell stories all by themselves due in part to where they were taken (high up on masts). And life back in England post war must have been dull in comparison.

David in Toronto July 26, 2023 3:39 PM

@Clive Our family friend was young in the war and had a full life. For years, if asked, he worked for the Foreign Office during the war (a common cover story). That slipped after Winterbottom’s book because his famliy knew he’d been near Bletchly and overseas. His story changed, yes he was there but did nothing exciting or glamorus trying to imply that he did some kind of meanial support work or simple stats or something and everyone signed the OSA and he couldn’t talk about anything anyway. I strongly suspected he knew more because as a kid I was trying to make sense of a particularly dense passage in Gaines that he happened to look at because I hadn’t moved in an hour and he said I’d have a permanent furrow before I could drive if I didn’t stop. He read it asked me a few questions, told me that was the writing style of the day, and it meant X not the Y I thought. Bingo it worked but of course he knew nothing. After Hinsley and Strip, he realised that a layer of the OSA was effectively lifted and he wrote an account for his family that he shared. Later he pubished a spruced up version in a journal after removing some of the personal bits and anecdotes about folks. I recall the journal asking if he had any photos and his reaction was pure shock.

David in Toronto July 26, 2023 3:46 PM

@Clive had more of the secret war been known earlier the six-degrees of Kevin Bacon thing might have been The Six Degrees of Bletchly Park.

lurker July 26, 2023 7:28 PM

@Ted, ALL

The Kim Zetter article is interesting. I had a few Humpty Dumpty moments, with words meaning whatever Murgatroyd wanted them to mean.

TEA2 is only licensed for use within Europe by public safety authorities

Licensed by whom? under what authority?

TEA1, 2, and 3 were all designed for specific purposes and are really constrained by export-control regulations [such as the] Wassenaar Arrangement.

The old “encryption is munitions” argument dressed up a bit, with separate lists for different functioned items.

I’m not sure it’s what I would describe as a backdoor, nor would the TETRA community I think.

Well [obscurity is] also a way of maintaining security.

It all makes me wonder if TETRA knew what they were doing, or were competent to do it.

Carmelina July 26, 2023 8:16 PM

lurker, re: “Licensed by whom? under what authority?”, a quick search reveals Motorola patent DE602005001167D1 “Call encryption in a TETRA network”, with expiry date 2025-03-25.

So, perhaps licensed by them, under Germany’s (non-)authority to issue patents on mathematics. TEA2, by the way, stands for “Tetra Encryption Algorithm 2”, and is unrelated to the “Tiny Encryption Algorithm” that was the downfall of Microsoft’s original Xbox security system (search “17 mistakes Microsoft made” for a good paper and CCC presentation on that).

I’m having little luck with searches for “TEA2” and its expansion. One of the top results a 2004 thread in which someone asks about its security, the lack of Google results is noted, and it’s speculated that the algorithms are intentionally confidential. In other words, it’s a pretty fucking obvious forewarning of exactly this event. Anyone looking for a cryptosystem to break should look for similar threads, and of course search the patents. (Nobody wants to license crypto patents, so being patented is a shibboleth that nobody but the patent holder has used or analysed it. And who but governments and large corporations—juicy targets—would buy from the type of corporation that patents crypto?)

Anonymous July 26, 2023 9:42 PM

The vulnerability in TEA1 is a red herring, TEA1 users are not government and most have no need for encryption at all. What they need is strong authentication.
The air interface bug allowing terminals to be identified is a much more serious matter for TEA2 and TEA3 users

Ted July 26, 2023 11:31 PM

@lurker, All

Lol. It’s really an interesting interview isn’t it?

I was a little surprised that ETSI is still planning on doing the secret algorithm thing??

KM: … Why does ETSI continue to keep these algorithms secret?

BM: Well, I can tell you the reason why — because the new algorithms we’ve got are also private — and that was at the strong recommendations of governments.

Patrick Gray and Adam Boileau spent about 10 min talking about TETRA on the Risky Business podcast, episode #714 at approx min 3:50 to 13.

Patrick doesn’t necessarily think this is “a sky is falling moment” and, imo, it’s helpful to hear their thoughts.

Perhaps we will also learn more when the research embargo lifts on August 9th, and Midnight Blue subsequently presents their work at Blackhat, Usenix, DEF CON, CCC, etc.

Jon (a different Jon) July 27, 2023 12:36 AM

Must admit I hafta wonder who’s buying this crap.

“Hello. I’d like to buy an encrypted radio.”

“Great! We have four levels of encryption, from one to four. But you can’t have four – we only sell that to friendly governments. You can’t have three or two either. You only get ‘one’.”

“Um, what’s the difference between them?”

“Well, one allows all of us to spy on y… nno, no difference, really.” J.

JonKnowsNothing July 27, 2023 3:09 AM

@Jon (a different Jon), All

re: I hafta wonder who’s buying this crap.

In the USA, few policing agencies actually “buy” such devices, they are given to the devices by the 3Ls.

It’s part of the free gear program.

The Armed Services also shift equipment to local policing agencies for No Charge under this program.

The deal is attractive to cities because it’s all Off-the-Books and the cities are already strapped for funding can get new toys for their police departments. The toys are offered on the premise they help police catch bad guys. It’s all happy daze at the police stations because a team of officers get to watch the big wall size war monitors and observe the population instead of being out “on the beat in the heat”.

The ones with the military toys get happy too. They go out to the firing ranges to “certify” on the weapons. The more portable versions go to the SWAT teams or similar Rapid Action Response teams. The less portable ones get rolled out for “large public events”.

Under the agreement, the policing agencies are required to deny the existence or use of such devices, even in courts or under oath. It’s in the contract.

So the 3Ls know the devices are borked when they hand them out. There are plenty of areas of interest where being able to tap in without warrants or trace is very convenient.

These are not the first units to be passed out in such a way; there is a long history of 3Ls getting access to localized data. There are members of the 3Ls that track all sorts of crimes and illegal activities. Monitoring off the record channels is one way they keep tabs on traffic flow.

RL anecdote tl;dr

Several times a year the local city does a public document shredding event. It’s a big deal and hundreds of people participate. Each car is permitted to bring n-boxes of material to be “security shredded at no charge”. Security shredding is very expensive so it’s a great way to dispose of old documents.

The cars line up in a long maze. At a given point of the maze, the cars are in a narrow lane. If you look up you can see the telescope mast with the recording devices pointed at the cars in the funnel. Once you have inched past the recording spot, you may see the cameras unit. This is operated by the local police agency in their mobile command unit which is decorated with a variety of LEA decals.

As you move forward, the shredding team takes your boxes, dumps in into a secure shredding bin, and moved to the big shredder semi-trucks.

As you finish the maze and exit on the street there are several LEA exhibits, in case you want to chit chat with the swat team, dressed in black, standing proudly next to their black painted armored truck with the gun turret on top, more LEA decals on the doors.

Clive Robinson July 27, 2023 5:04 AM

@ Ted, ALL,

Re : Professional Liar?

Brian Murgatroyd has said a lot of things over the years and I’ve had to listen to,some of his bovine scat in the past. You might want to check into his past and if you can his early C.V. to see why “some government agencies” see him “as a safe pair of hands”.

But of more recent times he’s publically said,

“The EU Parliament and Commission for instance use a secure TETRA system to protect their building and communication networks, a scenario where failure or security compromise is unthinkable,” says Brian Murgatroyd, chair of ETSI TCCE committee.”

Check this with the timeline he talks about in the interview you link to…

Oh there is one thing that is sort of true in that interview, ETSI like NIST have had to do a Post-Quantum enquiry, though it’s more like a “wallpapering” excercise.

As for the Sbox stuff… Yes it’s realy bad for several reasons, I’ll let others discuss the statistical and theoretical sides.

However although it’s just hanging in there by it’s fingernails as a crypto algorithm “in theory”. In the real world of implementation “practice” you have to be way way more carefull.

I’ve not had time to look at it in any kind of depth, but I’d advise any “Want a PhD Project” students to have a good look at “side channel analysis” on these new ETSI algorithms as they have shall we say “a strong smell of deliberate failure”.

TETRA is all about “low cost hardware” in hand held “two way radios” and smaller modules.

As any electronics design engineer who has designed simillar will tell you it’s very difficult to,

1, Keep CPU noise off the power rail.
2, Keep power rail noise off of the RF output.

So designing a “low cost” system where expensive decoupling components are “to expensive to use” is a challenge at best (impossible at worst) so tricks get used instead[1] and “covert channels” leaking confidential information get created…

I suspect we will read about exactly this happening in the future, almost certainly within a decade.

And Brian Murgatroyd darn well knows all about this.

[1] As I’ve mentioned several times in the past we’ve seen this issue in the past with PC Motherboards where they do not get even close to being within the standards emission “test mask”. So instead the use a telecommunications trick called “Whitening” which works the same way as “Low Probability of Intercept”(LPI) “Direct Sequence Spread Spectrum”(DSSS) radio systems. Put simply by using a “Linear Feedback Shift Register”(LFSR) they generate pseudo-random noise to spread the signals that do not meet the Standards out so they do get under the “test mask”. However the energy still gets broadcast… So if you know the LFSR you can de-convolve the tramsmitted energy and recover the signals and any intelligence / information “impressed on them”.

Ted July 27, 2023 8:39 AM

Thanks @Clive

Excellent info and article. Brian Murgatroyd is kind of a big deal in re to TETRA.

I must admit though, it’s hard for me not to hear the phrase “Heavens to Murgatroyd” when I see his name 🙂

It’ll be interesting to see if we hear more about the new ETSI algorithms (ETSI TS 100 392-7 and ETSI TS 100 396-6), as the article reports they are:

“designed to secure TETRA networks for at least the next 20 years” and,

“have been developed in close collaboration with experts from the ETSI quantum safe cryptography group.”

I don’t know all the inter-workings of the algorithms, obviously, but in the words of Patrick Gray regarding the weaker TEA standards: “Throw some AES on top of that and, you know, Robert’s you mother’s brother.” 🙂

Clive Robinson July 27, 2023 12:06 PM

@ Ted, ALL,

Re : Robert’s your Mother’s brother.

“I don’t know all the inter-workings of the algorithms, obviously, but in the words of Patrick Gray regarding the weaker TEA standards: “Throw some AES on top of that

Whilst I can see the funny side of Patrick Gray’s cynicism with respect to the TEA standards you make a more general point

Most do not know the workings of algorithms and as importantly the workings of the systems they are put in.

The problem that occurs,is “end run” or “reach around” attacks where an attacker can get from the “Over The Air”(OTA) interface to the Device OS etc and thus get to the “Plain Text Interface”(PTI) without having to deal with the security process.

In short as I’ve said before if you design a secure system you need to ensure your “Security Endpoint” is beyond the reach of the “Communications Endpoint”. This can only done by properly “hard segmented” design.

For all consumer and commercial devices including TETRA units this level of segregation is not actually there as it costs to much[1]…

So the reality is they are “not secure by design”.

But you can “build your own” from Open Source code and freely available hardware[2]. It has encryption and will also work across IP.

[1] A properly designed secure radio system for use by the military and diplomats usually costs around $5000. The cheapest insecure two way radio from China costs around $20. The alledged secure mobile handsets for Digital Mobile Radio using AES cost around $200. As for insecure TETRA, it’s what the supplier thinks they can get away with but is $350-700 for what is a digital radio system with a few hundred lines of extra software…

[2] There is however an Open Source Digital Radio System that will run on hadsets that cost less than $100 called M17 that has the capability to use two basic stream ciphers. The first is a “bit scrambler” that is based on an LFSR and is more “privacy than security” as it’s not realy secure. The second is based on AES-128-CTR, is for now moderately secure, and fairly well tested as an algorithm.

However being Open Source, you can go find the part of the software that does the “Stream Cipher” you can remove the bits you want to change and drop your own code in.

Oh and it works under Android and will stream across the internet… Which gives immense potential to those with an inventive mind…

Clive Robinson July 27, 2023 12:07 PM

@ David in Toronto,

Re : Tiny time window.

“Our family friend was young in the war and had a full life.”

My Dad was not as young as some and certainly did not have a full life nor did my Mum. So I was orphaned in the second half of the 1970’s before I was an adult (I was also still in full time education).

Both of my parents were not happy about the Winterbotham book and likewise the Prof R.V.Jones book, both of which came out mid 1970’s the Jones book I found absolutly fascinating which caused a curious school teen to ask his parents lots of questions, that the obviously knew answers to but were not going to tell a youngster.

My father did show me black and white photos and say where they were taken and he kind of dropped hints about the technical side of what he had been upto. But the more technical stuff I only got later from Ken, and it was as fascinating as what was in the Prof RV Jones book, but covered the side RV Jones hardly mentioned in his sections on the radio war.

My mother however did tell some interesting stories about the supposed inventor of Radar Robert Watson (who latter appended Watt on to appear more prestigeous than he was). This was shortly after he died in the early 70’s. She obviously had had the misfortune to work sufficiently close to Watson that she knew him for what he was, or more correctly was not (he invented neither HF Direction finding or the related Radar, just used and investigated others work “cloud chasing” though he did name the ionosphere). Stuff that started comming out of official channels long after she was dead, confirms much of what she had said about him… As interestingly as a head of a History Department, and who’s interest if not passion was archaeology, she knew way more about the way the Radar and wireless systems worked than was even close to being known by the public[1]. This was at a quite technical level which even for WWII time was something “women” would have generally been kept out of, and almost certainly deliberatly have been discouraged from getting involved with and generally kept at lab-assistant or less level. She could explain how a valve/tube RF amplifier worked as well as knowing about how to modulate them to get very high envelope power. It was she that first told me how you could store energy at very high voltage and use a gas discharge system to dump a lot of energy in a very short time period and how a TV flyback system worked.

But it was my father “the accountant” who encoraged my interest in all things electronic, buying up old valve radios at “junk sales” so I could learn how to repair them. It was something he obviously wanted to have done rather than be an accountant. But post war he kind of made a sensible choice so shot into the top of “middle class” as did my Mother (back then teaching was the only acceptable way for women to get the equivalent of manager status and the rewards and, social status that came with it).

Whilst my mother did not actively disaprove of my interest in radios and electronics, she did not view it as having a profession as such so did not encorage me. To be honest, she was right based on how the industry worked in the UK upto the 1960’s then colapsed as it went to Japan. What she was not realy aware of was whatcwould happen with computers and micro-electronics, that did not realt kick off until after I’d been orphaned. It was this wave I rode into unusual work that few can even imagine today.

[1] I’ve mentioned Nick Catford before and how we met through Pirate Radio, and his interest in “Subteranian Spaces” well many of the places he gained access to back then, were UK Government nuclear bunkers and Nuclear detection radar stations (which he has since made a few of his many thousands of photos available on the Internet and in books). Well chatting to him alowed me to get access to some of the documents in these places and confirmed a very great deal of what my mother had told me.

Bob Paddock July 27, 2023 1:39 PM

@Clive Robinson

“…Pirate Radio, and his interest in ‘Subteranian Spaces’…”

I realize that the context is different, however it brought to mind the question:

Did you ever look at any of the work of James Harris Rogers in World-War-One for communicating with submarines, via buried antennas? This not the modern VLF stuff.

Roger’s had several US patents issues around 1920. Electronic Magazines of the day discussed his system.

According to the late T.E.Barden the Roger’s system “was rediscovered and ‘lost’ at least seven times”, up to our modern times.

“James H. ROGERS
Underground & Underwater Radio
( Static-free Reception & Transmission Underwater & Underground )”


lurker July 27, 2023 6:11 PM

@Clive Robinson, David in Toronto

Not to detract at all from the valuable work your father did Clive, but I probably misunderstood that once the basic cypher was cracked, reading the daily messages became a tedious task that still needed meticulous attention to detail. The basic INJ codes had been cracked early on in the piece, but of course with a low-powered mobile enemy, more reliable intel came from having the ears on the ground around the Asia-Pacific region, which would require installing, operating and maintaing hardware.

My father was in the hardware side of signals. Having been in the Regular force before ’39, with the skills and experience, and a young family, he was kept back and promoted to train those who were sent overseas. He was involved in setting up a listening station in the north of NZ, but never said much about it, nor about the rumours of an enemy fuel dump found on that isolated coast.

Clive Robinson July 27, 2023 10:37 PM

@ lurker,

“Not to detract at all from the valuable work your father did Clive, but I probably misunderstood that once the basic cypher was cracked, reading the daily messages became a tedious task”

I got the impression that whilst my father could break ciphers, it was not his area. Brcause in non forward positions this was carried out by large numbers of WAAF and similar, numbering well into the thousands by the end of the Pacific War (Which is what India came under).

Which brings us to,

“more reliable intel came from having the ears on the ground around the Asia-Pacific region, which would require installing, operating and maintaing hardware.”

Back in the early days of WWII little was known about the ionosphere and skip distances and the like. The incorrect assumption was that “low power was local”… and something the axis powers military signals organisations appeared not to get out of for much of the war.

Thus the axis worked what we now call “ground wave” and also perhaps unknowingly “Near Vertical Incident Skywave”(NVIS) either at the top of MF or bottom of HF between 1MHz and 4-7MHz depending on what we now call the “Maximum Usable Frequency”(MUF) both of which change throughout the day but in a daily predictable way.

However higher HF frequencies were used for quite local unit-unit comms as “field-telephone” replacment as putting telephone cables into jungle and similar was extreamly difficult. These above the MUF signals “bounced” off of the ionosphere like light off of a shiny surface, thus “skipped” from sky to sea and back again traveling very large distances in broad geographic bands. Where signals could alterately be heard or not be heard. These further away could be heard broad geograpic bands could be easiky heard even with the tiny amounts of power (QRP) the field units used.

Also such in the field units tended to use “hand ciphers”, which whilst they could be as strong as machine ciphers very rarely were due to the speed and reliability of use issues.

The alies made use of these field unit to unit communications pickng them up hundreds if not thousands of miles away and breaking them. Whilst this was not “Ultra” the same “don’t kill the goose” thinking applied and considerable care was taken to “keep the secret” that the way the axis field units opperated their signals were haemorrhaging not just tactical but strategic information.

This is where,

“more reliable intel came from having the ears on the ground around the Asia-Pacific region, which would require installing, operating and maintaing hardware.”

Comes in and where my fathers photograps indicated he was based / involved.

As the ionospher was better understood by the alies, it was known that the bands where you could hear distant QRP signals moved throughout the day, so you needed RX sites with low angle antennas in many places. Getting the ciphertext for such signals back to local, regional and national decoding centers tended to use “telex machines” and extensive local networks of telephone type cables and even dispatch riders. Longer distances involved well worked out radio teleprinter/telex networks.

Much of this involved lots of TX and RX sites with larger and larger “antenna fields” with technical staff continuously reconfiguring and installing existing and new links. As well as still opperating “Mobile field units”. Because as the axis forces became more splintered they became more and more reliant on radio systems. That we now know were neither local or secure.

Whilst the impression is given it was US Army forces breaking axis comms in the Pacific, it’s not true whilst they did do the Purple long distance stratigic and naval traffic much of the axis army local and regional radio comms were handled by the other nations that later formed up under BRUSA to form the Five-Eyes.

A problem not much talked about is that whilst the US had manufacturing so technical advantage, their backend systems were fraught with poor managment and turf wars. In the early days the Britsh X and Y station systems and Bletchly it’s self suffered from these poor managment issues as well.

However Bletchly got over the problems in part with a letter to Churchill, and actually started the first serious research into bringing nation spanning organisational managment onto a near scientific footing. The US forces initially had “obstacles and impediments” from the same older military thinking as the British had had. But the seniors realised that they needed to sort it out, thus relied on the British for some time. So a little “road sweeping” aside of the obstacles and impediments happened.

In part that work at Bletchly gave rise to the birth of both the British GCHQ and US NSA and “the industrial approach” to Signals Intelligence which has alowed “Collect it all” to become possible.

Clive Robinson July 28, 2023 7:52 AM

@ Bob Paddock,

Re : Dr Rogers.

“Did you ever look at any of the work of James Harris Rogers in World-War-One for communicating with submarines, via buried antennas?”

Next to nothing. Although I was aware that he existed. He came up when I was looking into Charles Wheaston’s telegraph work and the history surounding it. That was Dr Rogers name came up back in the 1890’s when he was embroiled in legal action over telegraph and phone patents during the delightfully called “Pan-Electric Scandal”. But also a quater century later was nominated for the Nobel in Physics in 1920.

So I had a little search around and found, not much more than the rexresearch page you gave a link to. I’ve given it a quick scan read as although it is in technical language, it is not even close to that we uss today. So you have to rely on “physical descriptions”.

He was using long wave frequencies and by the description he was likely using a similar effect that the slightly later 1920’s and better known Beverage Antennas do. With the Beverage being as easy as errecting a fence it would have been way faster to install, easier to maintain etc.

But note the mention of the water pipe. That would have acted as an electrostatic screen around the antenna and importantly how it was discontinuous. Such screens are still used in direction finding antennas for good reason but again at the price of signal strength.

As for loop antennas, these come in two flavours those that are small compared to the wavelength being received and those that are a half wavelength or longer.

Current experiments with large “ground loops” on the ground or very close to it –within a couple of feet” do show significant improvments to “signal to noise” ~6db but at the expense of signal strength -20db. Whilst the improvment in noise would be obvious to the ear, the kind of receiver used would make detecting the difference in signal strength bot at all obvious.

In part this S/N improvment is to do with the polarisation of most of the man made (QRM) and quite a bit of natural (QRN) noise/interferance being different to the signal.

So yes we still see the effects he observed but we can now better explain them and have better receiver types. So we can also make objective measurments that were not possible over a century ago.

But “be cautious” even today “ground waves”, and “Phantom circuits”, “cave radios” and similar still fill some with a mystique. Many of whom are not as objective as they could be, and can be seen documented,

But getting back to Dr Rogers, the funny thing, if he had been a little more open minded he would probably have discovered more about the Heaviside layer and thus have got to name the ionosphere rather than Robert Watson who I’ve mentioned above 😉

David in Toronto July 28, 2023 12:34 PM

@lurker essentially correct but the process was a bit more organic / agile because of changes, like new additive books, etc.

Some of the IJN and merchant codes like JN-11 & JN-25 were superenciphered code books. Words were mapped to 4 and 5 digit groups that were then enciphered using an add without carry. They didn’t break one-off messages, the basic idea was to collect a depth of messages with the same key/superencipherment and then strip off that layer to get to the code groups. If I understood a depth of 3 or more was workable. A lot of maths majors did the grunt work and they were supported by a small of people cataloging and indexing the messages.

There were a lot of techniques and tricks. The Japanese had their own version of the German scout in the quatar depression who reported with the same long and very formal message opening every day. There were also some lazy key selection practices. Some of the codebooks incorporated anti-garble checks in their groups where the code groups were multiples of 3 or multiples of 3 less 1. A clear indicator that your stripping worked or not. So ingrained was casting out threes that my family friend, even in his 70s, could not look at a 4 digit number without automatically and subconciously doing that check. He had not memorized them – he just and knew.

Hinsley and Strips’ the inside story of Bletchly park is a good read but it’s missing some of the IJN material. If you have access to Cryptologia there is an article from 97/98 on breaking japanese naval codes

Bill Stewart July 31, 2023 6:36 PM

Seeing “80 bits” took me back a few decades, so it’s not surprising that it’s a 1995 standard.

Clive #9, no, the NSA used some attacks that weren’t known to the public against the IBM Lucifer (Differential Cryptanalysis), so the 128-bit version wasn’t actually stronger than DES’s 56 bits. (Though the 40-bit versions were, of course, a total joke.)

Many thanks to John Gilmore, Matt Blaze, Peter Trei, Ian Goldberg and others who contributed to being able to demonstrate the weaknesses of DES, Clipper, and the GSM cell-phone encryption. (Ian said it took him three hours to break GSM because the Chinese restaurant near campus had the good special that day; otherwise it’d have taken two hours. I forget if Lucky Green was involved in “obtaining” the algorithm.)

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.