Law Enforcement Software
Law Enforcement Software
Few data transmission can be totally secure against someone with communication access, knowledge about the system and desire get into “hack” the data. However, some systems are inherently more secure than others and make it extremely difficult for unauthorized people to access the data. Crimestar MDC certainly falls into the category of a difficult system to “hack”.
The MDC software uses address verification, user verification with passwords, as well as message compression, strong encryption and packetization. The sections below provide a brief explanation of how messages are handled and why these methods ensure the security of MDC data.
Transmission Access: It should be mentioned that the first layer of data security is the mere access to it. Before anyone can read (or try to read) your data, they must first get a hold of it. Often the Dedicated Radio system or VPN that you use to transport MDC messages can be difficult for others to get into, and if hackers can’t get it, they can’t read it!
Message Formats: MDC messages consist of a message header and message content. Message headers are not compressed or encrypted. Message content is compressed and encrypted. Message headers are variable length with an approx maximum size of 60 bytes and contain MDC delivery and source addresses, a packet sequence #, latitude, longitude, speed and compass heading data from the MDC’s GPS receiver, message flags and a 32 bit packet message checksum value (Used to verify the integrity of the data packet).
Message Compression: MDC message data is compressed prior to being encrypted and packetized (see: Message Encryption & Message Packetization below) for transmission. The compression process minimizes the length of the MDC message string and subsequently reduces the amount of data to be sent over the message transport system. This reduces message size helps to optimize system performance. In addition to the performance benefits of message compression, it also provides an additional level of security, in that compressed data is a binary string and is not human readable.
Message Encryption: After MDC message data is compressed into a non-readable binary string it is encrypted. Using the Advanced Encryption Standard 256 bit algorithm (AES256) as published by the National Institute of Standards and Technology (NIST) Federal Information Processing Standards, Publication 197.
* Since one simple way to know if data has been successful decrypted is the ability to read or understand the results, having a successful decryption result in non-readable binary data makes detection of a successful decryption more difficult.
The MDC software will encrypt each message using one of 9,999 unique 256 bit (32-Byte) encryption keys selected at random. This means that each message sent is likely encrypted with a different encryption key than was used for the prior message. This random use of encryption keys helps to maximize system message security.
While the 9,999 encryption keys imbedded into Crimestar provide excellent security, it only protects data from someone who does not have those encryption keys. Since the Crimestar MDC software may be obtained by other law enforcement agencies, outside of your organization, they too would have imbedded into the software, the same default encryption keys. Therefore, in order to further enhance security and make data encryption specific to each installation a system administrator can create a customized list of encryption keys for the MDC software to use. Simply create a text file named “MDCKEYS.TXT” where each new line (up to 9,999 lines) in the file contains a unique 32 character (32 Byte / 256 Bit) key and distribute that file to each MDC within your fleet or system. Example of MDCKEY.TXT file:
UZ7X3hHYEPvCVOY7NAqB2qBA9WSU6S83
NR2NB8OyW8K9JPa387R8Qm96yYDM4VRP
zRJEnTTP24DCIRLTTEDYP0OYS3QZ5cWB
DFDAMAE6oB8Hg1EC61TRK9UKVYDN4N7N
RMWW9G0EVQCc1KRQFl61PoEDNVIVAT3D
AL30O9v66C6V9Qw2OUL757AHX5CLT4GL
QMCT35BEK10E747ZT9U6USU82IPSHCGK
Etc. (up to 9,999 lines total)
Crimestar supplies a small utility program named KEYGEN9K.EXE to randomly create an “MDCKEYS.TXT” key file of 9,999 random 256 bit encryption keys. Each time the program is run a new set of random keys are generated. *Be sure that when you use this program you don’t run it on each MDC workstation but rather run it once to generate a file containing a list of encryption keys then distribute that file to all MDC’s within your fleet or system (Controller & Workstations).
WARNING: If the encryption keys used by a workstation do not match the keys being used by the MDC controller the workstation and controller will not be able to successfully communicate message data.
Message Packetization: MDC messages are delivered in a series of data packets. The configured maximum size of a data packet will determine the number of data packets that are required to get a message delivered. A very small message may be deliverable in a single packet while are large message will require several packets. When messages span multiple data packets, each packet will contain a portion of a compressed and encrypted message. Since compression and encryption (explained above) is performed on the message as a whole and not on each packet, individual packets are completely unreadable and cannot be unencrypted or decompressed. Once all required packets are received and verified for integrity they are reassembled, decrypted and decompressed to create the original data message to be processed and/or displayed by the MDC.