Breaking and Entering

Legacy tactical communications waveforms are still proving their worth in the face of aggressive electronic warfare while new threats lurk on the horizon.

“Anything under 100 hops-per-second gets jammed to shit,” was the observation of one tactical communications expert at a conference recently attended by this correspondent. Under discussion was the vulnerability of land forces tactical radios to communications jamming (COMJAM) systems. There are no prizes for guessing where such vulnerabilities have been observed. After all, Europe is currently hosting only one large conventional war. Securing radio communications has long been a military preoccupation ever since they started being used in anger during the First World War. Frequency-hopping is one tried and tested technique aimed at reducing the opportunities for red forces to jam radio traffic.

Frequency-Hopping Spread Spectrum (FHSS) techniques, as they are properly known, use an elegantly simple principle. Imagine two radios, A and B, communicating with one another on a frequency of 560 MHz. Let us suppose that these two radios never change the frequency that they are using from 560 MHz. If the bad guys are in range of A and B’s transmissions and they tuned their radio to 560 MHz they would hear the traffic. The bad guys would then have two choices: They could just listen to the traffic and exploit what they were hearing as communications intelligence (COMINT). Of course, radios A and B might not be carrying voice traffic, but instead zeros and ones of data. The red force eavesdroppers could still try to decode and exploit this data. Alternatively, the red force could tune a jammer to a frequency of 560 MHz and transmit electronic interference which will be picked up by the receiving radio, drowning out the communications traffic.

Suppose the frequencies used by radios A and B kept changing and did so hundreds, if not thousands, of times per second within a specific frequency bandwidth. Rather than using a fixed frequency of 560 MHz, our two radios are now spreading their transmissions across a 100 kilohertz band. This means radios A and B have a bandwidth of 560.0 MHz to 560.1 MHz within which they can keep moving their transmission. Clever processing in the radios keeps changing the frequencies of the traffic, spreading it across the waveband. The changes occur thousands of times per second. At one moment, the traffic is using a frequency of 560.083 MHz, the next a frequency of 560.012 MHz. To the casual observer, there is no way of knowing the next frequency that will be used. Only radios A and B can determine this as they are both loaded with software that stipulates the frequency hopping scheme. The software also instructs the radios how to assemble the traffic, all arriving on different frequencies, into coherent voice or data.

Hopping mad

The benefits of FHSS are that, taken on their own, each change in frequency resembles nothing more than a tiny speck of radio frequency (RF) energy that appears for a fleeting moment in the spectrum. This is scarcely enough to exploit for COMINT or COMJAM. Even if red forces were to jam a specific frequency, in a microsecond, the transmission will have moved to another frequency entirely and the jamming will be ineffective. Forget eavesdropping – unless you have the software keys detailing how to reassemble the traffic, all this will be is electromagnetic gibberish. For all intents and purposes, FHSS is the electromagnetic equivalent of the Wack-a-Mole arcade game. You can hit the rubber mole with your mallet when it appears for a split second, but you cannot anticipate where the mole will emerge next.

As the interjection from the conference delegate illustrates, some forms of FHSS technologies are becoming increasingly vulnerable to COMJAM. This vulnerability is helped in no small measure by advances in computing. Contemporary electronic warfare (EW) systems, particularly electronic support measures (ESMs) which continuously watch and analyse behaviour in parts of the radio spectrum, can recognise patterns. FHSS is pseudorandom. What this means in practice is that to the casual observer the profusion of tiny spots of RF energy spread over myriad of frequencies appears to be entirely random. However, it is not, as the hopping is the result of complex mathematical calculations made by the FHSS software. Today’s ESMs can be programmed to watch specific wavebands and to recognise what may be happening. Frequencies of 30 MHz to 6 GHz are routinely used for military Very/Ultra High Frequency (V/UHF) communications.

Let us return to our example above involving radios A and B using FHSS techniques spread across a 560.0 MHz to 560.1 MHz waveband. Suppose there is no traffic in a 10 kHz band on either side of these frequencies. The ESM may flag this as strange and determine that the hop pattern, although moving across random frequencies, performs regular changes at similar times per second. Through pattern recognition, the ESM may determine that this 560.0MHz to 560.1MHz channel is being used for FHSS traffic. Determining the hop pattern does not necessarily help COMINT cadres hack into the traffic to exploit it. The same problem regarding the FHSS software keys remains. Nonetheless, it could help their COMJAM comrades to jam the transmissions. Unleashing a powerful jamming signal covering a 560.0 MHz to 560.1 MHz waveband could effectively wipe out the channel and the link between the radios.

The vulnerability of FHSS radio communications to evolving ESM technology is a cause for concern. American and allied land forces are avid users of the Single Channel Ground and Airborne Radio System (SINCGARS). SINCGARS debuted with the US Army during Operation Desert Storm in 1991, where it aided ground tactical communications during the US-led liberation of Kuwait from Iraqi control. The SINCGARS radio waveform can perform frequency-hopping communications at rates of at least 100 hops-per-second. Hop rates such as these could render the radio vulnerable to COMINT ESMs which may be able to recognise SINCGARS FHSS traffic.

SINCGARS radios have been supplied to the Ukrainian military by the US since 2014, the same year Russia performed her first invasion of Ukraine’s Donbas and Crimea. The waveform has acquitted itself well in the face of determined jamming by Russian land force tactical EW systems. The US Army launched a SINCGARS waveform modernisation in 2017: “There is still life in the waveform yet,” said Brian Wenink, director of L3Harris’s ground high assurance radio portfolio, and Robert Mariuz, the company’s senior product manager for software applications and waveforms, adding, “The US Army is continuing to evolve SINCGARS hardware and software in its combat net radios. SINCGARS is an affordable and widely fielded solution.” The upgrade improved the waveform’s communications security (COMSEC) and transmission security (TRANSEC). Whether the upgrade also improved the waveforms’ FHSS performance is unknown.

SINCGARS has stood the test of time, but thoughts are turning to its eventual replacement which at the NATO level comprises the SATURN waveform. As with SINCGARS, SATURN is a somewhat unwieldy acronym, translating as Second-Generation Anti-Jam Tactical Ultra High Frequency Radio for NATO. The waveform is transmittable across frequencies of 225 MHz to 400 MHz. Details remain classified on SATURN’s hop rate, although this is likely to be significantly improved compared to SINCGARS. SATURN is currently being introduced across NATO. Both SATURN and SINCGARS will run concurrently for some time to ensure interoperability. NATO also uses a legacy waveform for ground-to-air/air-to-ground communications known as Havequick-I/II, which uses frequencies of 225 MHz to 400 MHz. Unusually Havequick does not seem to be an acronym, and this waveform is older than SINCGARS, having been introduced initially with the US military in 1980. Open sources note that Havequick-I/II has a hop rate exceeding 100 hops-per-second.

“SINCGARS and Havequick-I/II are legacy, frequency-hopping waveforms,” says Silver Andre, chief executive officer of CR14, and a former Estonian Army signals expert. “Despite their age, they remain in widespread use due to their proven reliability, simplicity of operation and compatibility.” For Andre, the FHSS characteristics of these waveforms “still offer a degree of security against interception and jamming … However, their life expectancy is diminishing as potential adversaries develop more sophisticated electronic warfare capabilities.” These EW capabilities include the “faster and more powerful signal processing tools,” described above “that can exploit vulnerabilities in these older systems.”

Threats

Alongside the advancing electronic warfare capabilities discussed above, the ability of adversaries to counter COMSEC/TRANSEC capabilities like FHSS through cyberattack is a threat. Frequency-hopping techniques are essentially software-based, which potentially makes them vulnerable to hostile cyber-exploitation. Andre warned that cyber techniques can “exploit vulnerabilities in the software and hardware used for encrypted communications.” If hackers succeeded in obtaining the software governing the frequency hopping schemes used on a tactical communications network this could potentially compromise security.

Quantum computing, Andre highlights, could also become a potential threat. There is insufficient space in this article to dive into the technical aspects of how quantum computers can attack COMSEC/TRANSEC protocols. The key fact to remember is the breakneck speed at which quantum computers could tackle the mathematics of encryption. Even the calculation speeds of today’s conventional computers pale in comparison to such technology. “Though still in development, quantum computing presents a theoretical threat to traditional encryption methods, potentially rendering them obsolete,” Andre warned. These concerns were shared by Mariuz and Wenink, who noted: “Quantum computing is approaching the point where the scale could cause a concern.” The US National Institute of Standards and Technology, which promotes US scientific and industrial innovation has published draft algorithm standards pertaining to the quantum computing threat to encryption. “There is a lot of work going on under the hood to make sure that we are preparing and are ready for the challenge quantum computing may pose,” they added.

Mitigation

This is not to say that advances such as quantum computing, alongside artificial intelligence (AI)-enabled EW and cyberwarfare will render current COMSEC/TRANSEC approaches null and void. Measures can be taken to mitigate, if not eliminate, these threats. Nonetheless, it is important to note that there is no one ‘silver bullet’ that can address all dangers. As is often the case, a layered approach is the answer. “Adaptability is key,” said Andre. “The dynamic nature of electronic warfare necessitates adaptable and flexible communications systems.” EW is never static, and neither should the response to it be: “Adversaries will employ a combination of conventional and cyber tactics, requiring a holistic security approach.” L3Harris started “taking a holistic look at communications and transmission security over the past few years,” note Mariuz and Wenink, explaining, “We focus on information assurance. An important thing to mention is there can be vulnerabilities we talk about that are not always in the encryption. A lot of what we look at is whether a radio has been initialised properly. How is the encryption key material loaded into the radio? How is data stored?”

As much as quantum computing presents a threat, so Quantum Key Distribution (QKD) offers a potential solution for safeguarding COMSEC and TRANSEC. Once again, the particulars of how QKD works would require an article it its own right. Broadly speaking, the QKD approach involves using qubits. Whereas as a bit, the basic unit of data, has a binary state as a zero or a one, a qubit can be both. Photons are usually employed to generate qubits. A useful aspect of employing qubits is that any attempt to observe or interfere with traffic protected in this way becomes immediately obvious, since it results in the collapse of their fragile quantum state to become either a zero or one. Nonetheless, Andre urges caution regarding the adoption of quantum approaches for COMSEC/TRANSEC not least because these technologies are in their infancy: “Quantum communications require new infrastructure, which is not yet widely available.” Meanwhile, “integrating quantum encryption with existing systems poses significant challenges.” In summary Andre noted, “quantum encryption for battlefield traffic is still years away from routine deployment. Research and development is progressing but practical widespread use in tactical military communications is likely a decade or more in the future, contingent upon overcoming current technological and logistical hurdles.”

There is another potential restraint on the adoption of such sophisticated approaches to help safeguard tactical communications traffic which is more prosaic: “The transition to more advanced waveforms and encryption methods is ongoing, but the pace is dependent on budgetary constraints, the need for interoperability and the lifecycle of existing communication systems” said Andre. While they are approaching their retirement, it is still too early to write off SINCGARS and Havequick-I/II: “We expect to see heavy use of SINCGARS in the future,” said Mariuz and Wenink. Andre agreed, adding: “It’s reasonable to expect these legacy waveforms to remain in service for another decade or so … while gradually being supplanted by more secure technologies.”

Thomas Withington