29 July 2009

Never to see the office again - AFP get in-car computers

| johnboy
Join the conversation
61

The ABC brings word that ACT Policing is installing networked computers in its patrol cars.

    ACT Police Minister Simon Corbell says the computers will mean more police on the road, more often.

    “It means less time back at the station, it means less time dealing with paperwork at the end of the the shift, and instead being able to do more of it on the road while the police are working with the community tackling jobs,” he said.

Let’s hope they still manage to meet the basic human desires to interact with colleagues. A lot of so called inefficiencies often turn out to be important safety valves.

Join the conversation

61
All Comments
  • All Comments
  • Website Comments
LatestOldest

I am quite partial to a Krispy Kreme, but there is nothing in the whole world like a cinnamon donut!

Nope, jam doughnuts FTW. Not sure how they’d go in the mooted in-car holders though. I was envisaging some sort of spike.

perhaps the afp will look at using voice recognition for lookups whilst moving. a speaker based readback system overcomes the need to look at the screen. just a simple idea to keep a mobile unit mobile, especially when there is only one occupant in the car.

and caf, I agree. not the place to discuss this at all.

peterh, this really isn’t the place to go into it, but “2DES” is a nonsense. Double-encryption is vulnerable to a meet-in-the-middle attack which makes it only fractionally more secure than single encryption. To get an improvement you have to go straight to encrypting three times – hence 3DES.

I think this is a good thing so long as there’s read audit logging on records, and this isn’t going to be used as a “They have a computer, any paperwork that can be done at a station can be done in the car.” justification.

caf said :

eyeLikeCarrots: That tells you how much a certain salesman knows about crypto.

if you are referring to me, I know a bit.

2DES and 3DES are not dead, they are used in a whole raft of devices and environs. Just because the dept you work in isn’t using them doesn’t mean they aren’t in use.

AES is the new standard. If you want any info on the new standards, go to: http://www.truecrypt.org/ this is a collaboration to create a free encryption system for storage.

a couple of days ago you were all sooking and whinging that police cars should be trackable, have gps etc, and now that it is happening, that isn’t good enough for you either. Sooks.

Granny said :

And furthermore, who will hold the donuts? Are they installing donut holders?

Donut holders – you’re a genius Granny – we will have to start a lobby group. Maybe as a job creation scheme they could put a work for the dole person in the back to hold donuts, coffee, steer if needed and shine boots. There are endless possibilities.

And furthermore, who will hold the donuts? Are they installing donut holders?

I am quite partial to a Krispy Kreme, but there is nothing in the whole world like a cinnamon donut!

Having the offsider take care of the controls is all well and good, but who will take care of the texting? Riddle me that, eh?!

*lol*

TAD said :

For very important checks, the offsider will be required to sit on the driver’s lap and control the accelerator and brake as well.

Another option here is to put the car in cruise control. This will enable both police officers to view the computer screen at the same time.

What have the Police done to you that ails you so dvaey? You are like a broken record.

I think you’ll find dvaey that it will be ok for the driver to use the computer as long as his offsider controls the steering wheel and indicators for him.

For very important checks, the offsider will be required to sit on the driver’s lap and control the accelerator and brake as well.

Dvaey, the idea behind this is for police to be able to run vehicle and person checks out on the streets without a time consuming wait for someone at Comms to do the check for them. They wont be driving around with their computers in their laps checking their Twitter account like some people would if not for the laws you mention.

Most patrols have at least two members. I think logic would suggest that if they need to do a check whilst mobile they may actually prefer to let the non-driver do it.

If it is a one person patrol I would think that they would have enough to do in driving, operating the police radio and avoiding drivers distracted by their dash-mounted DVD to try to use their computers.

So, will officers of the law pull over to the side of the road anytime they wish to use their new-fangled computers? Or will they just use that exception to the law, that police dont have to abide by the ‘no mobile devices while moving’ rule?

By law, if a private citizen was to have a computer system installed in the car, it must be wired to only have power when the handbrake is applied, at least, thats what we had to do to pass dickson inspection with a dash-mounted dvd player. No doubt, someone will pass some specific laws to make not only the screen display legal, but the officers interaction with the system while driving, legal also.

Krispy Kremes taste like crap. Give me a hot cinnamon donut with my coffee any day.

eyeLikeCarrots: That tells you how much a certain salesman knows about crypto.

I’ll be impressed when someone does break it then.

Hack into the roaming police car whilst following it without getting noticed, I think there is the first problem to overcome, forget worrying about the encryption issues, which you won’t break.

eyeLikeCarrots6:47 pm 29 Jul 09

Everyone who used the works:

Quantum
Algorithm
AES
Carrots

In this thread needs to get sex!

Also, who the feck ever used 2DES ?

caf I think you’ll find the assymetric algorithms used for session key exchange use those same algorithm types.

Rawhide Kid No 25:49 pm 29 Jul 09

Hugh Lews said :

Are you a cop? Or just an idiot?

yes, I know, you can be both

No and probably yes.

VYBerlina: There are efficient quantum algorithms for calculating discrete logarithms and factorising, which means public key crypto would be broken – but quantum computers don’t help you with symmetrical algorithms like AES. So don’t lose too much sleep over it.

Rawhide Kid No 24:23 pm 29 Jul 09

Oh dear Batman. What have I started?………………..

I thought that you could only do van eck eavesdropping on CRT monitors.

… until I read that this is untrue:

http://en.wikipedia.org/wiki/Van_Eck_phreaking

The ability to isolate a key from one car based system is a bit pointless, just because they are using AES encryption doesn’t mean that you can isolate the two-factor authentication if token or smartcard technology is being used, and the tempest testing system is already used to ensure that the screens don’t allow ghosting.

The time that it would take a hacker / cracker to isolate and access a system with a rolling random number gen system is too long. by the time that the original generated number is gained, the number sequence has changed.

There are many encryption algorithms out there, and even some pretty clever apps that cycle through standard and non standard encryption, like 2 fish, blowfish, 2DES, 3DES & AES. if you manage to hit the cypher on time in sequence you would be in, but the U/Name & Pass would defeat you. keyloggers over wireless won’t work, secure systems are pretty much secure. and a bored 16yo can try as much as they like against some of the current standards, one very old one was recently cracked in an exercise – it took the programmers 25 years to do so.

considering that these devices are going to be car mounted, it would look pretty suss to be matching speed with them whilst trying to log in…

So many cynical nerds, so little time!

I think it’s a good idea. That is, until the beauracracy decide that with computers on site they can now increase the amount of paperwork there is for them to do…

VYBerlinaV8_the_one_they_all_copy2:55 pm 29 Jul 09

I was just thinking, if and when quantum computing becomes a commercial reality, most cryptography will become close to useless.

eyeLikeCarrots2:49 pm 29 Jul 09

Also I suck at spelling.

eyeLikeCarrots2:49 pm 29 Jul 09

Skidbladnir said :

NIST expects AES to last ‘well beyond’ 20 years.

Until my research in NP complete problems pay off…

That or the moleculer computer I planeted in my veggie patch sprouts… Carrots WILL form the basis of biomechanical supercomputers in the near future (for a given value) of future.

The US State Department were busy getting extra budget allocations to minimise it in the 1960s, according to this guy, (page 714).
It cost $4500 in the 1960s to minimise the effect, but its impossible to get rid of entirely.
Basically, if it has a screen, its vulnerable to Van Ecking.

Wim Van Eck was the guy who gave a valid proof of concept back in the 1980s, at the scarily-low price of $15 (1980s dollars) for all the required equipment, and at a range of 150m when the machine is unshielded. Hence gets his name attached to it.

VYBerlinaV8_the_one_they_all_copy2:34 pm 29 Jul 09

PBO said :

For every encrytion that comes out there is automatically a back door, there has to be. Otherwise there is too much potential to lose information permanently.

Disagree with that. The algorithm that was selected to be AES (based on a worldwide academic and industrial competition) is publicly available, and has been analysed by many minds. It is a symmetric encryption algorithm that uses a series of operations designed to support mathematically desirable characteristics. In terms of mathematical attack (ie back door), it is a pretty safe bet.

There are some fairly well known and effective means of mitigating risks relating to emanations security.

With a system like this, it’s not about making it ‘unbreakable’, it’s about making it secure enough that it’s not worth anyone’s while to break it.

For the seriously paranoid people who want to fact check, 1m Van Eck shielded devices are referred to as meeting or exceeding “USA NSTISSAM Level I” or “NATO SDIP-27 Level A” standards.

NIST expects AES to last ‘well beyond’ 20 years.

My bad, we called it Tempest in the Army when really it was Tempest testing.

Van Eck / Tempest testing, Tomato tomato

For every encrytion that comes out there is automatically a back door, there has to be. Otherwise there is too much potential to lose information permanently.

PBO, you refer to Van Eck eavesdropping.
ie: For the monitor synchronisation radiation and pixel trace activity, incidental emanations may be captured. TEMPEST is\was a program specifically to combat it.
US State Department have been taking steps against it since the 1960s, the BBC used it to trace tvs which weren’t paying UK license fees in the 1980s.

There are US TEMPEST standards in place which are designed to combat people using Van Eck from 1m away.

A million computers for a million years would be incredibly pointless, considering 1) at the end of a million years of computation research and development you would be able to achieve a lot more processing power, and 2) a million years after the transmission your encrypted information would be little more than a historical curiosity.

Current encryption on police radio uses AES256.
AES’ predecessor was a valid standard for almost three decades before computer power became cheap enough to make a valid brute force attack on it within a day, and that system had 2^55 possible keys.
There are 1.1 x 1077 possible AES256-bit keys.
Even if your decryption system could break a DES encryption key by brute force in a second, you’re looking at trillions of years of processing time to break an AES, and all they have to do is change keys and you have to start over.

If your target change AES keys every second, they still have trillions of years before the system will run out of keys.

So if the system is continually broken to the point that there are continual security compromises, its probably due to human factors.

Most of what would be being transferred across the network wouldn’t be interesting enough to justify the attempt, I reckon.

That sounds like what the contractors said when justifying why the system uses ROT13.

PBO said :

Unless the patrol car has a faraday cage built into it, it can be hacked.

At which point you lose comms…

Unless the patrol car has a faraday cage built into it, it can be hacked.

within 150 metres.

Yeah but how close would you have to be for that to work?

Rawhide Kid No 2 said :

johnboy said :

I’m sure you meant to say it will be difficult.

Nothing is impossible to crack.

Yes Johnboy, your right in saying that nothing is impossible . However you would need the power of over a million or more computers working 24/7 everyday of the year for over a million years to crack this system. Not some one following a police car with a laptop. Even then the coding for the encryption changes every second. Having said that, there is always the human element which will from time to time let the system become compromised.

There is a program called Tempest that will allow you to see whatever is on the other persons screen when you point the hand held aimer at it, it does not hack the signal, rather it reads the radiation signature that the screen emits and copies it onto another terminal. This is also old technology.

That is one way i can see the new police system failing.

VYBerlinaV8_the_one_they_all_copy1:18 pm 29 Jul 09

Cracking a block of encrypted data is one thing. Getting information that is actually useful and hasn’t perished is another matter altogether. A million computers for a million years is a bit of an overstatement, though.

You wouldn’t attack the system by trying to brute force the crypto directly. You would need to do some reconnaissance (sp?) to determine whether implementation weaknesses existed, and attack those instead.

Either way, it’s going to be a whole lot more expensive next time a cop crashes their car.

There is no such thing as safe speeding!….

I think he’s saying it would take that long to brute force the encryption.

Yes Johnboy, your right in saying that nothing is impossible . However you would need the power of over a million or more computers working 24/7 everyday of the year for over a million years to crack this system. Not some one following a police car with a laptop. Even then the coding for the encryption changes every second. Having said that, there is always the human element which will from time to time let the system become compromised.

For a bruteforce crack maybe, but that’s not the way most things get broken.

Rawhide kid No 2 said: However you would need the power of over a million or more computers working 24/7 everyday of the year for over a million years to crack this system. Not some one following a police car with a laptop.

Did you just say that? A million computers or more working 24/7 to crack the cops in-car computer?

Are you a cop? Or just an idiot?

yes, I know, you can be both

Just steal the cop car, then get the “key”…………

Rawhide Kid No 212:31 pm 29 Jul 09

johnboy said :

I’m sure you meant to say it will be difficult.

Nothing is impossible to crack.

Yes Johnboy, your right in saying that nothing is impossible . However you would need the power of over a million or more computers working 24/7 everyday of the year for over a million years to crack this system. Not some one following a police car with a laptop. Even then the coding for the encryption changes every second. Having said that, there is always the human element which will from time to time let the system become compromised.

hmmmmm looks like we’ll see lots of Cops sitting in their patrol cars playing Solitaire and surfing the web whilst chowing down on Krispy Kremes. 😛

j from the block12:18 pm 29 Jul 09

well stated john boy, although hackers love nothing more than someone coming out and saying that something can not be hacked or is completely safe.
Last department I worked for it was a good three hours though from when the minister mistakenly said the system was hack proof before some bored 16 year old proved him wrong.

I’m sure you meant to say it will be difficult.

Nothing is impossible to crack.

Rawhide Kid No 212:10 pm 29 Jul 09

johnboy said :

One would hope it will be more complicated than that.

If you paid attention to the footage shown on last nights ABC news you would have noticed all the Motorola equipment in the boot. This would indeed indicate a Encrypted radio network using the same radio system for their current radios.

So no Hacking or cracking will be possible.

DarkLadyWolfMother10:02 am 29 Jul 09

I hope they don’t surf ‘n’ drive….

If you email them will you get a faster response (by cutting out the middleman)?

Everyone could keep track of the local crime situation through constant Twitter and Facebook-status updates.

Aw, PigDog beat me to the Blues Bros reference 🙁

VYBerlinaV8_the_one_they_all_copy9:47 am 29 Jul 09

Perhaps we can get real time updates while crims accelerate away from them at 40km/h.

VYBerlinaV8_the_one_they_all_copy said :

Most of what would be being transferred across the network wouldn’t be interesting enough to justify the attempt, I reckon.

I wonder if they will be able to surf the web while out ‘policing’.

I think the frequency of comment by certain contributors here will make that clear.

VYBerlinaV8_the_one_they_all_copy9:42 am 29 Jul 09

johnboy said :

One would hope it will be more complicated than that.

Even if you could get onto their wireless network, one would presume the data being transferred would be encryped appropriately.

Most of what would be being transferred across the network wouldn’t be interesting enough to justify the attempt, I reckon.

I wonder if they will be able to surf the web while out ‘policing’.

Wasn’t this in the Blues Brothers movie (circa 1980)? SCMODS, the State County Municipal Offender Data System.

johnboy said :

One would hope it will be more complicated than that.

Quite so, but one might also look at various governments’ track records on IT security and justifiably wonder if it might not be.

One would hope it will be more complicated than that.

So does that mean all someone has to do to get into the C.O.P.S. database now is to follow a police car with my laptop and crack their wireless with a piggyback program?

All this will do is make wardriving alot more interesting.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.