Project 25

Source: Wikipedia, the free encyclopedia.
Several hand-held Project 25 radios used around the world.

Project 25 (P25 or APCO-25) is a suite of standards for interoperable digital two-way radio products. P25 was developed by public safety professionals in North America and has gained acceptance for public safety, security, public service, and commercial applications worldwide.[1] P25 radios are a direct replacement for analog UHF (typically FM) radios, but add the ability to transfer data as well as voice, allowing for more natural implementations of encryption and text messaging. P25 radios are commonly implemented by dispatch organizations, such as police, fire, ambulance and emergency rescue service, using vehicle-mounted radios combined with repeaters and handheld walkie-talkie use.

Starting around 2012, products became available with the newer phase 2

Terrestrial Trunked Radio (TETRA) and Digital mobile radio
(DMR) protocol standards, which fill a similar role to Project 25.

Suite of standards overview

History

Public safety radios have been upgraded from analog FM to digital since the 1990s because of an increased use of data on radio systems for such features as GPS location, trunking, text messaging, metering, and encryption.

Various user protocols and different public safety radio spectrum made it difficult for Public Safety agencies to achieve interoperability and widespread acceptance. However, lessons learned during disasters the United States faced in the past decades have forced agencies to assess their requirements during a disaster when basic infrastructure has failed. To meet the growing demands of public safety digital radio communication, the United States Federal Communications Commission (FCC) at the direction of the United States Congress initiated a 1988 inquiry for recommendations from users and manufacturers to improve existing communication systems.[2][3] Based on the recommendations, to find solutions that best serve the needs of public safety management, in October 1989 APCO Project 25 came into existence in a coalition with:[2][4]

A steering committee consisting of representatives from the above-mentioned agencies along with FPIC (

Department of Homeland Security Federal Partnership for Interoperable Communication), Coast Guard and the Department of Commerce's National Institute of Standards and Technology (NIST), Office of Law Enforcement Standards was established to decide the priorities and scope of technical development of P25.[4]

Introduction

Interoperable emergency communication is integral to initial response, public health, community safety, national security and economic stability. Of all the problems experienced during disaster events, one of the most serious is poor communication due to lack of appropriate and efficient means to collect, process, and transmit important information in a timely fashion. In some cases, radio communication systems are incompatible and inoperable not just within a jurisdiction but within departments or agencies in the same community.[6] Non-operability occurs due to use of outdated equipment, limited availability of radio frequencies, isolated or independent planning, lack of coordination, and cooperation, between agencies, community priorities competing for resources, funding and ownership, and control of communications systems.[7] Recognizing and understanding this need, Project 25 (P25) was initiated collaboratively by public safety agencies and manufacturers to address the issue with emergency communication systems. P25 is a collaborative project to ensure that two-way radios are interoperable. The goal of P25 is to enable public safety responders to communicate with each other and, thus, achieve enhanced coordination, timely response, and efficient and effective use of communications equipment.[8]

P25 was established to address the need for common digital public safety radio communications standards for first-responders and homeland security/emergency response professionals. The Telecommunications Industry Association's TR-8 engineering committee facilitates such work through its role as an ANSI-accredited standards development organization (SDO) and has published the P25 suite of standards as the TIA-102 series of documents, which now include 49 separate parts on Land Mobile Radio and TDMA implementations of the technology for public safety.[9]

Project 25 (P25) is a set of standards produced through the joint efforts of the

LMR
) services for local, state/provincial and national (federal) public safety organizations and agencies...

P25 is applicable to LMR equipment authorized or licensed, in the U.S., under NTIA or FCC rules and regulations.

Although developed primarily for North American public safety services, P25 technology and products are not limited to public safety alone and have also been selected and deployed in other private system application, worldwide.[10]

P25-compliant systems are being increasingly adopted and deployed throughout the United States, as well as other countries. Radios can communicate in analog mode with legacy radios, and in either digital or analog mode with other P25 radios. Additionally, the deployment of P25-compliant systems will allow for a high degree of equipment interoperability and compatibility.

P25 standards use the proprietary

Advanced Multi-Band Excitation (AMBE+2) voice codecs which were designed by Digital Voice Systems, Inc. to encode/decode the analog audio signals. It is rumored that the licensing cost for the voice-codecs that are used in P25 standard devices is the main reason that the cost of P25 compatible devices is so high.[11]

P25 may be used in "talk around" mode without any intervening equipment between two radios, in conventional mode where two radios communicate through a repeater or base station without trunking or in a

trunked mode where traffic is automatically assigned to one or more voice channels by a Repeater
or Base Station.

The protocol supports the use of

Triple-DES encryption, Advanced Encryption Standard (AES) encryption at up to 256 bits keylength, RC4 (40 bits
, sold by Motorola as Advanced Digital Privacy), or no encryption.

The protocol also supports the ACCORDION 1.3,

Type 1
ciphers.

P25 open interfaces

P25's Suite of Standards specify eight open interfaces between the various components of a land mobile radio system. These interfaces are:

P25 phases

A hand-held Project 25 radio used in US systems.

P25-compliant technology has been deployed over two main phases with future phases yet to be finalized.

Phase 1

Phase 1 radio systems operate in 12.5 kHz digital mode using a single user per channel access method. Phase 1 radios use Continuous 4 level

IMBE
voice codec.

These systems involve standardized service and facility specifications, ensuring that any manufacturers' compliant subscriber radio has access to the services described in such specifications. Abilities include backward compatibility and interoperability with other systems, across system boundaries, and regardless of system infrastructure. In addition, the P25 suite of standards provides an open interface to the radio frequency (RF) subsystem to facilitate interlinking of different vendors' systems.

Phase 2

To improve spectrum use, P25 Phase 2 was developed for trunking systems using a 2-slot

AMBE+2
voice codec to reduce the needed bitrate so that one voice channel will only require 6,000 bits per second (including error correction and signalling). Phase 2 is not backwards compatible with Phase 1 (due to the TDMA operation), although multi-mode TDMA radios and systems are capable of operating in Phase 1 mode when required, if enabled. A subscriber radio cannot use TDMA transmission without a synchronization source; therefore direct radio to radio communication resorts to conventional FDMA digital operation. Multi-band subscriber radios can also operate on narrow-band FM as a lowest common denominator between almost any two way radios. This makes analog narrow-band FM the de facto "interoperability" mode for some time.

Originally the implementation of Phase 2 was planned to split the 12.5 kHz channel into two 6.25 kHz slots, or Frequency-Division Multiple Access (FDMA). However it proved more advantageous to use existing 12.5 kHz frequency allocations in Time Division Multiple Access (TDMA) mode for a number of reasons. It allowed subscriber radios to save battery life by only transmitting half the time which also yields the ability for the subscriber radio to listen and respond to system requests between transmissions.

Phase 2 is what is known as 6.25 kHz "bandwidth equivalent" which satisfies an FCC requirement for voice transmissions to occupy less bandwidth. Voice traffic on a Phase 2 system transmits with the full 12.5 kHz per frequency allocation, as a Phase 1 system does, however it does so at a faster data rate of 12 kbit/s allowing two simultaneous voice transmissions. As such subscriber radios also transmit with the full 12.5 kHz, but in an on/off repeating fashion resulting in half the transmission and thus an equivalent of 6.25 kHz per each radio. This is accomplished using the AMBE voice coder that uses half the rate of the Phase 1 IMBE voice coders.[14]

Beyond Phase 2

From 2000 to 2009, the

European Telecommunications Standards Institute (ETSI) and TIA were working collaboratively on the Public Safety Partnership Project or Project MESA (Mobility for Emergency and Safety Applications),[15] which sought to define a unified set of requirements for a next-generation aeronautical and terrestrial digital wideband/broadband radio standard that could be used to transmit and receive voice, video, and high-speed data in wide-area, multiple-agency networks deployed by public safety agencies.[16][17]

The final functional and technical requirements have been released by ETSI

dPMR, and TETRA, but no interest from the industry followed, since the requirements could not be met by available commercial off-the-shelf technology, and the project was closed in 2010.[citation needed
]

During the

LTE for high-speed data and video applications.[19]

Conventional implementation

P25 systems do not have to resort to using in band signaling such as

Digital-Coded Squelch
(DCS) codes for access control. Instead they use what is called a Network Access Code (NAC) which is included outside of the digital voice frame. This is a 12-bit code that prefixes every packet of data sent, including those carrying voice transmissions.

The NAC is a feature similar to CTCSS or DCS for analog radios. That is, radios can be programmed to only pass audio when receiving the correct NAC. NACs are programmed as a three-hexadecimal-digit code that is transmitted along with the digital signal being transmitted.

Since the NAC is a three-hexadecimal-digit number (12 bits), there are 4,096 possible NACs for programming, far more than all analog methods combined.

Three of the possible NACs have special functions:

  • 0x293 ($293) – the default NAC
  • 0xf7e ($F7E) – a receiver set for this NAC will pass audio on any decoded signal received
  • 0xf7f ($F7F) – a repeater receiver set for this NAC will allow all incoming decoded signals and the repeater transmitter will retransmit the received NAC.

Adoption

Adoption of these standards has been slowed by budget problems in the US; however, funding for communications upgrades from the

Terrestrial Trunked Radio (TETRA) was deployed in sixty countries, and it is the preferred choice in Europe, China, and other countries.[21] This was largely based on TETRA systems being many times cheaper than P25 systems ($900 vs $6,000 for a radio)[21] at the time. However P25 radio prices are rapidly approaching parity with TETRA radio prices through increased competition in the P25 market. The majority of P25 networks are based in Northern America where it has the advantage that a P25 system has the same coverage and frequency bandwidth as the earlier analog systems that were in use so that channels can be easily upgraded one by one.[21]
Some P25 networks also allow intelligent migration from the analog radios to digital radios operating within the same network. Both P25 and TETRA can offer varying degrees of functionality, depending on available radio spectrum, terrain and project budget.

While interoperability is a major goal of P25, many P25 features present interoperability challenges. In theory, all P25 compliant equipment is interoperable. In practice, interoperable communications isn't achievable without effective governance, standardized operating procedures, effective training and exercises, and inter-jurisdictional coordination. The difficulties inherent in developing P25 networks using features such as digital voice, encryption, or trunking sometimes result in feature-backlash and organizational retreat to minimal "feature-free" P25 implementations which fulfill the letter of any Project 25 migration requirement without realizing the benefits thereof. Additionally, while not a technical issue per se, frictions often result from the unwieldy bureaucratic inter-agency processes that tend to develop in order to coordinate interoperability decisions.

Naming of P25 technology in regions

Project 25 Compliance Assessment Program (P25 CAP)

The United States

DHS's Project 25 Compliance Assessment Program (P25 CAP)[27] aims for interoperability among different vendors by testing to P25 Standards. P25 CAP, a voluntary program, allows suppliers to publicly attest to their products' compliance.[27]

Independent, accredited labs test vendor's P25 radios for compliance to P25 Standards, derived from TIA-102 Standards and following TIA-TR8 testing procedures. Only approved products[28] may be purchased using US federal grant dollars.[29] Generally, non-approved products should not be trusted to be meet P25 standards for performance, conformance, and interoperability.

P25 product labeling varies. "P25" and "P25 compliant" mean nothing while high standards apply for a vendor to claim a product is "P25 CAP compliant" or "P25 compliant with the Statement of Requirements (P25 SOR)"[30]

Security flaws

OP25 Project—Encryption flaws in DES-OFB and ADP ciphers

At the Securecomm 2011 conference in London, security researcher Steve Glass presented a paper, written by himself and co-author Matt Ames, that explained how DES-OFB and Motorola's proprietary ADP (RC4 based) ciphers were vulnerable to brute force key recovery.

packet sniffer
and analyzer. The OP25 project was founded by Steve Glass in early 2008 while he was performing research into wireless networks as part of his PhD thesis.

The paper is available for download from the NICTA website.[35]

University of Pennsylvania research

In 2011, the

undercover agents and confidential informants
, plans for forthcoming arrests and information on the technology used in surveillance operations." The researchers found that the messages sent over the radios are sent in segments, and blocking just a portion of these segments can result in the entire message being jammed. "Their research also shows that the radios can be effectively jammed (single radio, short range) using a highly modified pink electronic child’s toy and that the standard used by the radios 'provides a convenient means for an attacker' to continuously track the location of a radio’s user. With other systems, jammers have to expend a lot of power to block communications, but the P25 radios allow jamming at relatively low power, enabling the researchers to prevent reception using a $30 toy pager designed for pre-teens."

The report was presented at the 20th USENIX Security Symposium in San Francisco in August 2011.[37] The report noted a number of security flaws in the Project 25 system, some specific to the way it has been implemented and some inherent in the security design.

Encryption lapses

The report did not find any breaks in the P25 encryption; however, they observed large amounts of sensitive traffic being sent in the clear due to implementations problems. They found switch markings for secure and clear modes difficult to distinguish (∅ vs. o). This is exacerbated by the fact that P25 radios when set to secure mode continue to operate without issuing a warning if another party switches to clear mode. In addition, the report authors said many P25 systems change keys too often, increasing the risk that an individual radio on a net may not be properly keyed, forcing all users on the net to transmit in the clear to maintain communications with that radio.

Jamming vulnerability

One design choice was to use lower levels of error correction for portions of the encoded voice data that are deemed less critical for intelligibility. As a result, bit errors may be expected in typical transmissions, and while harmless for voice communication, the presence of such errors force the use of

stream cipher attacks
. The varying levels of error correction are implemented by breaking P25 message frames into subframes. This allows an attacker to jam entire messages by transmitting only during certain short subframes that are critical to reception of the entire frame. As a result, an attacker can effectively jam Project 25 signals with average power levels much lower than the power levels used for communication. Such attacks can be targeted at encrypted transmissions only, forcing users to transmit in the clear.

Because Project 25 radios are designed to work in existing two-way radio frequency channels, they cannot use spread spectrum modulation, which is inherently jam-resistant. An optimal spread spectrum system can require an effective jammer to use 1,000 times as much power (30 dB more) as the individual communicators. According to the report, a P25 jammer could effectively operate at 1/25th the power (14 dB less) than the communicating radios. The authors developed a proof-of-concept jammer using a Texas Instruments CC1110 single chip radio, found in an inexpensive toy.[37]

Traffic analysis and active tracking

Certain metadata fields in the Project 25 protocol are not encrypted, allowing an attacker to perform traffic analysis to identify users. Because Project 25 radios respond to bad data packets addressed to them with a retransmission request, an attacker can deliberately send bad packets forcing a specific radio to transmit even if the user is attempting to maintain radio silence. Such tracking by authorized users is considered a feature of P25, referred to as "presence".[38]

The report's authors concluded by saying "It is reasonable to wonder why this protocol, which was developed over many years and is used for sensitive and critical applications, is so difficult to use and so vulnerable to attack." The authors separately issued a set of recommendations for P25 users to mitigate some of the problems found.[39] These include disabling the secure/clear switch, using Network Access Codes to segregate clear and encrypted traffic, and compensating for the unreliability of P25 over-the-air rekeying by extending key life.

Comparison between P25 and TETRA

P25 and TETRA are used in more than 53 countries worldwide for both public safety and private sector radio networks. There are some differences in features and capacities:[40][41][42]

  • TETRA is optimized for high population density areas, and has spectral efficiency of 4 time slots in 25 kHz. (Four communications channels per 25 kHz channel, an efficient use of spectrum). It supports full-duplex voice communication, data, and messaging. It does not provide simulcast.
  • P25 is optimized for wider area coverage with low population density, and also supports simulcast. It is, however, limited with respect to data support. There is a major subdivision within P25 radio systems: Phase I P25 operates analogue, digital, or mixed mode in a single 12.5 kHz channel. Phase II uses a 2-timeslot TDMA structure in each 12.5 kHz channel.

See also

  • APCO-16, an earlier standard that specified trunking formats and radio operation
  • Digital Audio Broadcasting
  • Digital terrestrial television
  • Government radio networks in Australia
    , examples deployment of P25 technology
  • NXDN, a two-way digital radio standard with similar characteristics (Optional TDMA)
  • Terrestrial Trunked Radio
    , TETRA, the European(EU) standard equivalent to P25

Notes

  1. ^ "What is P25 Technology?". Project 25 Technology Interest Group. Archived from the original on 29 April 2020. Retrieved 17 November 2020. Project 25 (P25) is the standard for the design and manufacture of interoperable digital two-way wireless communications products. Developed in North America with state, local and federal representatives and Telecommunications Industry Association (TIA) governance, P25 has gained worldwide acceptance for public safety, security, public service, and commercial applications...The P25 standard was created by, and is intended for, public safety professionals.
  2. ^ a b "Project 25 Technology Interest Group - Content - General - What is Project 25?". project25.org. Project 25 Technology Interest Group. Archived from the original on 2009-02-10. Retrieved 2014-06-06.
  3. ^ "What is P25?". Project25.org. Project 25 Technology Interest Group. Archived from the original on 2014-06-07. Retrieved 2014-06-06.
  4. ^ a b "Spectrum Management". Apcointl.org. 2013-09-30. Archived from the original on February 12, 2012. Retrieved 2014-06-06.
  5. ^ "Home - National Association of State Technology Directors". www.nastd.org.
  6. ^ "SOR.book" (PDF). Retrieved 2010-09-26.
  7. ^ "Why Can't We Talk?" (PDF).
  8. ^ "A Google Company" (PDF). Motorola. Retrieved 2014-06-06.
  9. ^ Search Results | IHS Standards Store
  10. ^ Codan LTD., P25 Radio Systems Training Guide
  11. ^ "p25expence". Retrieved 5 October 2016.
  12. ^ "Aeroflex: Application Note - Understanding P25 Modulation Fidelity" (PDF). Archived from the original (PDF) on 2012-03-20. Retrieved 2012-03-26.
  13. ^ "P25 Phase 2". Retrieved 9 December 2016.
  14. ^ "P25 in Brazil". Retrieved 4 March 2020.
  15. ^ "Mobile Broadband for Public Safety - Home Page". Project MESA. Archived from the original on 2008-10-20. Retrieved 2014-06-06.{{cite web}}: CS1 maint: unfit URL (link)
  16. ^ Advanced Mobile Broadband For Public Protection & Disaster Relief Professionals. David Thompson. Telecommunications Industry Association
  17. ^ Project MESA: Broadband Telecommunications for PPDR. David Thompson. Telecommunications Industry Association
  18. ^ "www.projectmesa.org - /ftp/Specifications/". Archived from the original on June 13, 2010.
  19. ^ "700 MHz Public Safety Spectrum". Federal Communications Commission. March 17, 2011.
  20. ^ "P25 in Brazil - Tutorial by Dr. Cristiano Torres do Amaral from Brazilian Police Academy". Retrieved 4 March 2020.
  21. ^ a b c d e Is this finally P25's year?, Interview with Don Pfohl of Project 25 and Bill Belt of Telecommunications Industry Association's wireless division, 1. May 2005
  22. ^ "Home - Motorola Solutions Australia & New Zealand". www.motorolasolutions.com.
  23. ^ "Queensland Government Wireless Network". Archived from the original on 2017-02-18.
  24. ^ "Metropolitan Mobile Radio". www.esta.vic.gov.au. January 24, 2017.
  25. ^ "Victoria Scanner Frequencies and Radio Frequency Reference". www.radioreference.com.
  26. ^ "Public Safety Network". www.nsw.gov.au.
  27. ^ a b "P25 CAP". Department of Homeland Security. 2016-05-22. Retrieved 2020-09-27.
  28. ^ "Approved Grant Eligible Equipment". Department of Homeland Security. February 6, 2017.
  29. ^ "Approved Grant Eligible Equipment". Department of Homeland Security. 2017-02-06. Retrieved 2020-09-27.
  30. ^ "P25 CAP Compliance: What Should It Mean to You?" (PDF). DHS Science and Technology Directorate. 2018.
  31. ^ "SecureComm 2011 7th International ICST Conference on Security and Privacy in Communications Network". Archived from the original on 2012-02-03. Retrieved 2012-05-15. Securecomm 2011
  32. ^ "WikiStart - OP25 - Open Source Mobile Communications". osmocom.org.
  33. ^ "GNU Radio - The Free & Open Source Radio Ecosystem · GNU Radio". GNU Radio.
  34. ^ Brand, Ettus Research, a National Instruments. "Ettus Research - The leader in Software Defined Radio (SDR)". Ettus Research.{{cite web}}: CS1 maint: multiple names: authors list (link)
  35. ^ "Insecurity in Public-Safety Communications: APCO Project 25".
  36. ^ Valentino-DeVries, Jennifer (2011-08-10). "Security Flaws in Feds' Radios Make for Easy Eavesdropping". Wall Street Journal. Retrieved 2011-08-10.
  37. ^
    Usenix
    Security Symposium, 2011
  38. ^ "Design Issues for P25 Digital| National Interop". Archived from the original on 2011-07-14. Retrieved 2011-08-15.
  39. ^ P25 security mitigation guide, M. Blaze, et al.
  40. ^ https://www.powertrunk.com/docs/Pros_and_Cons_of_P25_vs_TETRA.pdf [bare URL PDF]
  41. ^ "P25 and TETRA Technology Roundtable". May 3, 2012.
  42. ^ https://tandcca.com/fm_file/dubai06swancomparison-pdf/ [dead link]

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Project_25&oldid=1211063678"