FSPlite is a simple file encryption system, designed to quickly encrypt messages to be sent as files by FSQ. It can also be used with messages formatted onto standard forms using FSM.The purpose of this encryption is to secure private and personal details in the message from casual curiosity or even determined intervention.The 'lite' in the name doesn't imply light encryption - on the contrary, it's better than ever due to various obfuscation techniques used. What 'lite' means is that the burden of encryption is very low on the transmission duration of files. Encryption is almost exclusively into lower case letters, which FSQ can transmit most efficiently.
The encryption algorithms used by FSP aren't up to the level of those used in military or financial circles, but provide more than adequate security when used correctly. FSP could be vulnerable to a determined attack (based on letter or word frequency analysis), given a sufficiently large body of messages encrypted with the same Key. However, along with various proprietary obfuscation techniques, if the PIN number (Key) is changed frequently, as suggested, attackers will not have enough data to work with to make an attempt possible, or it may take them ages to crack even a single message, by which time the the information may be irrelevant.
FSP is generally used to encrypt just the message body, and only when authorised, such as during emergencies and exercises and/or when authorised emergency callsigns are in use. When using FSM forms, encrypt only the message body. Non-formatted files can be encrypted entire.
Encryption schemes of any type may NOT be used during normal Amateur Radio communications by radio, as they are specifically forbidden by all jurisdictions and by international agreement. FSP encryption may only be used over the air by duly authorized emergency stations while using emergency service callsigns.When a PIN number of "0000" is used, there is no encryption, but the compression techniques are still used. The compressed files are more-or-less human readable, so don't constitute encryption. If you wish to test FSPlite on air with an Amateur station, always use "0000" as the PIN number.FSP can however be used freely for any written, computer or internet communication, or where radio traffic does not involve Amateur Radio stations or frequencies. While there's no practical limit to the size of file that can be excrypted, large files are not practical for transmission by radio and FSQ.
FSP operates with text files. When given a plain-text file, say source.txt, it will encrypt the whole file to an output file E2_source.txt, or decrypt a file, say encrypt.txt, to D2_encrypt.txt. The encrypted message can then be pasted to a form or transmitted without a form, and the decrypted output can be printed directly, or copied and pasted into a form for printing. The program also generates intermediate working files named E1_source.txt and D1_E2_source.txt, but these can be ignored.Without giving away the exact details, FSP utilizes a process called a Polyalphabetic Substitution Cypher, where a huge number of tables of letters and numbers is used to replace each of the characters in the message, one character at a time. While the same Key is in use, the same letters always code into the same cyphers. In FSPlite, 90% of these cyphers are lower case letters, which are the fastest to transmit via FSQ.
Use of this letter-by-letter substitution method is very important for FSQ. This is in contrast to more sophisticated methods where the codes may rotate (Enigma-like) or depend on several characters, as it means the cypher text is as tolerant of transmission errors as the plaintext would be - a single character error or omission will result only in a single error or omission in the decrypted text.FSP uses a rather larger set of substitution tables than is usual with Substitution Cyphers (3000 of them!). You could choose a different PIN number (and table) every hour of the day and not repeat the same one for four months!
These tables are generated by the computer program, as required, and not stored anywhere else. The method of generation and the way these tables are made and used will remain a secret known only to the developers. Historically, Substitution Cyphers have not performed well due to the limited number of tables available. In FSP, having such a large number of tables available adds significantly to security, by adding exponentially to the computational burden in any attempt to crack messages.
The Substitution Cypher method used has two facets: many different initial tables, and many different ways of arranging them, resulting in over 3000 different tables and corresponding PIN numbers (Keys) used to select them. The PIN Numbers are expressed as four digits, 0000 to 2999.
Ideally, a different PIN should be used for each message, or at least the PIN should be changed several times per day. The PINs must NEVER be sent or referred to by radio in any manner, encrypted or not. All stations in a network must know at all times what the current PIN is when encrypted traffic is expected. That a message is encrypted will be very obvious on receipt.
A further feature of the FSP encryption is that no characters less than ASCII 48 (which includes space, full stop and new line) are encrypted. The purpose of this limitation is to ensure compatability with FSQ (the Fast Simple QSO radio modem) and FSM (the Fast Simple Messaging system). By this means the sentence structure of messages is preserved, no unexpected characters are sent which would be confused or lost by FSQ or FSM, and the messages can be easily transmitted and saved automatically as files on reception, using the FSQ file transfer protocol.
Possession of the FSPlite program (which is freely available) or even disassembling the program, does not in itself risk compromising the security of the FSP message process. The program is useless unless the appropriate Key or PIN number for any specific message is known.
Unzip FSPlite and associated files into a sub-folder from where FSQ is installed. Make a short-cut to FSPlitexxx.exe, and drag it to the desktop. Start the program from the shortcut. FSP has a simple text-only program interface.To encrypt a message, the best thing to do is copy the message body into a text file in the FSP folder (say 'input.txt'), then give FSP this file name. Enter an appropriate PIN number (it must be the one the recipient of the message knows is currently valid). This will be four numbers 0000 - 2999, remembering that '0000' does not encrypt, only compress.
When encryption is done, look for the encrypted message in the FSP folder. It will be called something like'E2_input.txt'. Copy the contents of the file, and paste it into the message to be transmitted by FSQ, or paste it into the FSM (Fast Simple Messaging) form.
DO NOT INCLUDE THE KEY IN THE MESSAGE!
PIN numbers must never be sent via radio.To decrypt an incoming message, the process is almost identical. Paste the text into 'received.txt' or another suitable text file, and in FSPlite select this file name. Enter the appropriate PIN, the same one used to encrypt the message, this time prefacing it with '-', e.g '-1234'. This will reverse the process and produce plain text in a file which you can then copy and paste from, into the message form for saving or printing.
Practicing these encryption, decryption and message transmission techniques (before they are needed in earnest) is essential!
For an exercise or operation, Keys should be generated in advance, and enough copies printed for each participating station to have a copy. Until they are required, they should be stored securely. If even one copy is mislaid or compromised, the Keys should be regenerated and redistributed.Keys should be distributed on paper, by hand, never by radio, along with other written instructions for each operator. Keys should preferably not accompany instructions sent by email, as the security of the recipient's computer will be unknown.
While the protocol of use of Keys is up to the organization involved, it is recommended that a different Key be used at least for each day and night, changing keys perhaps when day/night operating frequencies are changed, for example; while realizing that some overlap will occur due to message delivery latency (so don't lose old Keys!).
Let's assume that the operation is expected to last for up to a week, with 12-hourly PIN changes. We will therefore require 7 x 2 = 14 different PINs, so make a few spares as well. That's simple to do. For example open Notepad, type a column of single-digit numbers 0,1,2,3,4 etc in a vertical line. Type a Prime Number of these numbers (totalling 13,17,19,23,29,31 etc) in the vertical line, then repeat, typing a second number on each line, continuing with the next number from the previous line. Keep going until your numbers have four digits. You can include zero.
How you generate the Keys is unimportant, but there must be no confusion as to how they are used. Do not restrict the keys to popular numbers (e.g. 1234), and preferably don't include repeated numbers, or those always starting with the same digit. The Keys must of course always be kept secure.
In use, the first period starts with everyone using the first number in the list. At the start of the next period, cross out (but leave legible) the last number and use the next. The same process happens again with each period change.
The same PIN numbers are used for both encryption and decryption at all stations in the organization for the duration of each PIN validity period. Organizations may make their own variations of this simple scheme and choose their own protocol and PIN periods as they see fit. Instructions and PINs should be distributed together, by hand, and signed for.
- Don't double encrypt! It is easy to make mistakes when trying to decrypt double-encrypted messages, and it serves no useful purpose, as with the huge pool of encryption tables such as FSQ uses, the message gains no further useful security with double-encryption.
- Don't make the mistake of using the encryption PIN (say 1328) instead of the decryption key (say -1328), or vice versa. You can't ever decrypt a message that has been 'encrypted' using the decryption key, as the compression process is incorrect.
- PIN numbers up to 9999 are accepted by the program, and work as expected to encrypt and decrypt, but there are still only 3000 tables used. If a PIN greater than 2999 is specified, all operators will need to use this unusual PIN, as it's unsafe to try working out which actual code table is being used.
- It's a good idea to check that you can successfully and independently decrypt the message locally before sending it by radio. Preferably have another operator perform the check. This is a good way to check that you have used the correct PIN.
- What to do if a station reports they can't decrypt the message, and they think they have the correct PIN? Remind them of their training to use an earlier or later PIN, if the PIN has or is about to change. You should not need to send the message again with the same PIN.
NEVER send the same message with a different PIN, and DO NOT send them the current PIN by radio. Check (by decrypting the message sent) that the correct PIN was used before transmission, and if it was wrong, advised the operator of the result, but DO NOT resend the message. Identical messages sent using different encryption Keys compromises network security, make cracking the encryption much easier.
If necessary, send a runner from the nearest station with the PIN List to sort out the problem. It is really important to check that the encryption is correct before sending the message in the first place. Where possible, have a second operator check the encryption by decrypting it locally. Remind the receiving operator of their training, to try the previous or next PIN in the sequence.
- If sending an encrypted message to multiple stations, preferably use the 'allcall#' facility to do so, thereby sending to all stations at once. If sending the message again, relaying or forwarding an encrypted message, DO NOT re-encrypt it with a later key, but repeat the original encrypted file. If receipt is delayed, trained operators will know from the plain text date/time of the original message when they need to try an earlier key to decrypt the message. This is why you cross out but don't obliterate old PINs.
- NEVER send the same message in plain text and encrypted, either in the same file or separately.
- Don't use obvious numbers as Keys, and remember that '0000' does not encrypt, only compress. Choose PINs at random, or as described above, and distribute them to operators with their written instuctions.
- You can significantly improve the security of longer encrypted messages by eliminating some or all the spaces between words before encryption. This removes the attacker's ability to analyse by word frequency.
- You can significantly improve the security of longer encrypted messages by breaking up the ability to analyse the message using letter frequency. One simple way is to send every second word or sentence COMPLETELY IN CAPITALS. Another simple way to do this is to add dummy letters through the message, or replace some of the frequently used lower case letters (e, t, a, o, i, n, s) with their upper-case equivalents. For example you might change:
The cat sat on the mat
to read:
ThE cAt saT on the mATor when spaces are also hidden, the message might become:
ThE*CAt%saT*on+the~mAT
or
ThECAtsaTonthemaT
- It should take about the same length of time to transmit an encrypted message as an un-encrypted one, thanks to the compression, as there will be no upper-case letters and numbers to send. The error rate should also be similar. If the error rate on decryption is very high, ask for a message repeat - it must be repeated with the same encryption.
FSPlite was written in QB64 V1.000, and compiled to a stand-alone executable. It is compatible with Win XP onwards, and both 32-bit and 64-bit operating systems. No other DLLs or files are required except the input and output text files. The executable is about 430 kbytes.