Indian Army developed secure OS

HereticHermit · 14th January 2024, 13:32

https://theprint.in/defence/encrypte...ation/1921412/

Good read. Nice to see another step toward secure communication and innovation. Although it is missing entirely in the article but two names behind the curtains are Tata and BlackBerry, I am certain. That collaboration goes at least a decade back.

ruzbehxyz · 14th January 2024, 14:21

All the Armed Forces are facing issues like “Honey trap” since many years. The case was heard in High court and Social media was banned for the Army. Later a ban was imposed by the Indian Army on the usage of 89 smartphone applications, including social media platforms like Facebook and Instagram. I saw many pictures of banned apps all over Kashmir in every Army base, on my last trip.

Encrypted phones will at least help in reducing the Honey trap.

Jeroen · 14th January 2024, 16:35

Obviously the army needs secure communication and just about all forces in the world have various systems and ways of doing so.

I have been involved in secure mobile communication and call/data interception capabilities since the early 90s.

The notion that 5G is open to eavesdropping is a bit of a misnomer.
5G is encrypted too. In fact from 2G onwards it has been encryptic. Both voice and data. Contrary to popular belief it is incredibly difficult to not only crack the code, but intercept a specific call.

To the best of my knowledge it has not been done, despite many claims to the contrary.
All of the high profile cases around call interception and eavesdropping (e.g. Prince Harry against the Uk media), was not about journalist having the technical ability to trace or intercept Harry’s calls from his mobile device.

If there is one thing I have learned in all of those years, studying endless cases, the weakest link in in secure communication is always the human, not the technology. People, even those that should know better, are careless, leave a password, are, literally, overheard, leave documents behind, leave their device behind without password etc etc.

Almost all 2G-5G networks have the ability to intercept, trace and record voice and data calls. It has been past of the standard since 2G. It allows the telecom carrier to comply with local interception rules and regulations.

Carriers usually have a department that deals with these interceptions and traces, dedicated security vetted staff. How this department is set up, how they interact with the respective law enforcement agencies is extremely important as it tends to be the weakest link in the system.

Jeroen

Samurai · 14th January 2024, 19:07

I have been involved with digital telephony since my college project in the late 80s, and with encryption since mid 90s. I agree with Jeroen, nobody really needs to crack into telephony systems, eavesdropping has been standard feature in digital telephony since the very first digital exchange (1ESS). Anyone with access (authorized or not) to the telephone exchange system can easily eavesdrop.

However, when key based encryption came into usage in telephony, it all became about who has access to the keys. Many governments barred proprietary voice communication via Skype/Whatsapp through their network since the encryption was end-to-end.

If you are thinking only about man in the middle attack, just using end-to-end encryption with 4096bit keys would take care of it. However, I think the Indian military is worried about endpoint security, the device itself. On a commercial phone with android/iOS, one could install any app and eavesdrop before it is encrypted.

By switching to a secure and proprietary OS, they can completely eliminate any unapproved apps. The custom phone app can add additional layer of encryption over the one provided by the operator like airtel/Jio while communicating over them.

HereticHermit · 23rd January 2024, 14:49

Quote:

Originally Posted by Jeroen

Obviously the army needs secure communication and just about all forces in the world have various systems and ways of doing so.

If there is one thing I have learned in all of those years, studying endless cases, the weakest link in in secure communication is always the human, not the technology. People, even those that should know better, are careless, leave a password, are, literally, overheard, leave documents behind, leave their device behind without password etc etc.

Quote:

Originally Posted by Samurai

I agree with Jeroen, nobody really needs to crack into telephony systems, eavesdropping has been standard feature in digital telephony since the very first digital exchange (1ESS). Anyone with access (authorized or not) to the telephone exchange system can easily eavesdrop.

If you are thinking only about man in the middle attack, just using end-to-end encryption with 4096bit keys would take care of it. However, I think the Indian military is worried about endpoint security, the device itself. On a commercial phone with android/iOS, one could install any app and eavesdrop before it is encrypted.

Thank you both of you. I have zero experience in security or communications or encryption. But my understanding was same that army was more concerned about end device security, probably addressing things at kernel level. Despite official guidelines, both the Officers and foot soldiers paid not much attention to them and exactly where the lines between common sense and official guidelines became blurred resulting in leaks of various proportions.
On related lines, I think Blackberry did fantastic job on QNX which effectively contained any malpractice by 3rd party and they also did reasonably well on android security with encryption keys build into the hardware. So in the end any security which army is addressing today boils down to OS policies and/or hardware security of device in hands of user.
On another note, I wonder what is going to happen to civilian phone users, if one day, a catastrophe just unfolds and take down both Android and iPhone. There is no alternate in bipolar communication world. Users have mistakenly placed much trust in apps that count steps or tell you when to buy toilet roll supplies. It is these very set of users who have killed any fair competition and now whole world is divided in just two camps.

PreludeSH · 23rd January 2024, 14:57

Adding to above its the apps that are in-secure. And the possibility of people to install such apps (I know of police enticing criminals in installing such apps to track them

)

Its only at the end in apps that data is plain and it can also be decrypted at the end like peer to peer. Some apps can take advantage of back door vulnerabilities in the OS or allow one to do such things. Maybe in defence you also want to track everything that is happening to audit

The wireless signal itself is scrambled, interleaved, changing encoding theoretically for every packet and using different sub carrier frequencies and what not in 4G and 5G.

da3mn · 23rd January 2024, 23:21

Quote:

Originally Posted by Jeroen

5G is encrypted too. In fact from 2G onwards it has been encryptic. Both voice and data. Contrary to popular belief it is incredibly difficult to not only crack the code, but intercept a specific call.

I don't know about 5G but LTE had flaws that had been exploited to intercept calls.

https://youtu.be/FiiELuFvwu0?feature=shared

14th January 2024, 13:32	#1
HereticHermit BANNED Join Date: Nov 2022 Location: Delhi Posts: 57 Thanked: 164 Times Infractions: 0/2 (12)	Indian Army developed secure OS https://theprint.in/defence/encrypte...ation/1921412/ Good read. Nice to see another step toward secure communication and innovation. Although it is missing entirely in the article but two names behind the curtains are Tata and BlackBerry, I am certain. That collaboration goes at least a decade back.
	(2) Thanks

14th January 2024, 14:21	#2
ruzbehxyz Senior - BHPian Join Date: Oct 2014 Location: MH02 to MH46 Posts: 1,612 Thanked: 6,596 Times	Re: Indian Army developed secure OS All the Armed Forces are facing issues like “Honey trap” since many years. The case was heard in High court and Social media was banned for the Army. Later a ban was imposed by the Indian Army on the usage of 89 smartphone applications, including social media platforms like Facebook and Instagram. I saw many pictures of banned apps all over Kashmir in every Army base, on my last trip. Encrypted phones will at least help in reducing the Honey trap.
	(1) Thanks

14th January 2024, 16:35	#3
Jeroen Distinguished - BHPian Join Date: Oct 2012 Location: Delhi Posts: 8,115 Thanked: 50,978 Times View My Garage	Re: Indian Army developed secure OS Obviously the army needs secure communication and just about all forces in the world have various systems and ways of doing so. I have been involved in secure mobile communication and call/data interception capabilities since the early 90s. The notion that 5G is open to eavesdropping is a bit of a misnomer. 5G is encrypted too. In fact from 2G onwards it has been encryptic. Both voice and data. Contrary to popular belief it is incredibly difficult to not only crack the code, but intercept a specific call. To the best of my knowledge it has not been done, despite many claims to the contrary. All of the high profile cases around call interception and eavesdropping (e.g. Prince Harry against the Uk media), was not about journalist having the technical ability to trace or intercept Harry’s calls from his mobile device. If there is one thing I have learned in all of those years, studying endless cases, the weakest link in in secure communication is always the human, not the technology. People, even those that should know better, are careless, leave a password, are, literally, overheard, leave documents behind, leave their device behind without password etc etc. Almost all 2G-5G networks have the ability to intercept, trace and record voice and data calls. It has been past of the standard since 2G. It allows the telecom carrier to comply with local interception rules and regulations. Carriers usually have a department that deals with these interceptions and traces, dedicated security vetted staff. How this department is set up, how they interact with the respective law enforcement agencies is extremely important as it tends to be the weakest link in the system. Jeroen
	(9) Thanks

14th January 2024, 19:07	#4
Samurai Team-BHP Support Join Date: Jan 2005 Location: Bangalore/Udupi Posts: 25,832 Thanked: 45,638 Times View My Garage	Re: Indian Army developed secure OS I have been involved with digital telephony since my college project in the late 80s, and with encryption since mid 90s. I agree with Jeroen, nobody really needs to crack into telephony systems, eavesdropping has been standard feature in digital telephony since the very first digital exchange (1ESS). Anyone with access (authorized or not) to the telephone exchange system can easily eavesdrop. However, when key based encryption came into usage in telephony, it all became about who has access to the keys. Many governments barred proprietary voice communication via Skype/Whatsapp through their network since the encryption was end-to-end. If you are thinking only about man in the middle attack, just using end-to-end encryption with 4096bit keys would take care of it. However, I think the Indian military is worried about endpoint security, the device itself. On a commercial phone with android/iOS, one could install any app and eavesdrop before it is encrypted. By switching to a secure and proprietary OS, they can completely eliminate any unapproved apps. The custom phone app can add additional layer of encryption over the one provided by the operator like airtel/Jio while communicating over them.
	(6) Thanks

23rd January 2024, 14:57	#6
PreludeSH BHPian Join Date: Oct 2021 Location: Bengaluru Posts: 583 Thanked: 1,247 Times	Re: Indian Army developed secure OS Adding to above its the apps that are in-secure. And the possibility of people to install such apps (I know of police enticing criminals in installing such apps to track them ) Its only at the end in apps that data is plain and it can also be decrypted at the end like peer to peer. Some apps can take advantage of back door vulnerabilities in the OS or allow one to do such things. Maybe in defence you also want to track everything that is happening to audit The wireless signal itself is scrambled, interleaved, changing encoding theoretically for every packet and using different sub carrier frequencies and what not in 4G and 5G.
	(1) Thanks