MF - HF spectrum
Long distance, non-LoS, communications are possible using various ionospheric reflection techniques. Two of the most prominent means are skip and NVIS (Near Vertical Incident Skywave).

With skip low elevation signals are reflected one or more times from the transmission point to various layers of the ionosphere and back to earth. The name skip is taken from the large geographic areas beneath the reflections which are skipped and receive little or no signals. This propagation mode is widely used for shortwave broadcasts, amateur radio and government communications. Though it suffers from limited temporal-frequency coherence / fading until the advent of satellite communications it was the workhorse for all longer distance wireless. Recently, there has  been a resurgence of, mostly government, research of using this spectrum with wideband and multiple antenna techniques to mitigate propagation limitations.

NVIS, invented by the Germans in WW II, uses different frequencies than skip and high elevation angle transmissions to take advantage of other ionospheric layers and reflect signals closer to the transmission point. Effective communication is limited to 500 km or so. It's been very useful for non-LoS in military theaters.

Most use and almost all research in these bands has focused on narrow (generally below 4 kHz) voice and and very narrow band (digital) communications. However, the favorable results from wider band (for example Mitre corp.) research indicates low data rate SS techniques are practical if not legal for other than governments. Recent R&D grants indicate militaries are again looking to this spectrum as backup to possible satellite outages during conflicts.

To be continued...

On Mon, Oct 28, 2019, 11:45 PM Steven Schear <schear.steve@gmail.com> wrote:
Unlike encryption, which is generally practiced at intermediate wireless communication protocol layers, implementing covert features  requires fundamental new tech at the PHY. In commercial stacks the PHY is invariably implemented in hardware so a prototype (or a limited production) device using this new tech requires the use of either a FPGA or software implemented on a GPP. For prototyping on GPPs Matlab or Gnu Radio.

For pure wireless communications I prefer either Point-to-Point (PTP) or single hop satellite links.


Satjacking
Satellites, especially geosynchronous, have advantages in channel quality and bandwidth (often 100s of contiguous MHz spread across several transponders). However, they generally require a good directional antenna (to compensate for high path losses) and raise issues of being located by multi-satellite Time-of-Arrival (ToA) or ground based surveillance methods. Non-geosynchronous birds have individually limited ground visibility, require somewhat complex doppler shift compensation, expensive and complex tracking antenna mounts.

ToA can be mitigated by proper tradecraft or by nearfield antenna techniques, sometimes employed in avionics to prevent ground based detection of aircraft missile targeting signals. 

The great advantage of satellites are their coverage area, high link quality and that most still use "bent pipe" relay architectures. Although recent implementations now use techniques (e.g., FFT and IFT) to clean uplink signals before retransmission they are limited to notching out frequencies and cannot be applied to offending broadband signals, especially of the type under consideration.

To be continued...

On Mon, Oct 28, 2019, 11:33 AM Steven Schear <schear.steve@gmail.com> wrote:
In the academic sphere the favored, publicly released, applications of these technologies has been to improve spectrum utilization and jamming resistance. However, these same technologies can also confir covertness. While encryption can protect the content of communication covertness can deny an eavesdropper the more important metadata of who is talking with whom and when.

It is well known that early Spread Spectrum (SS) methods (both frequency hopping, FHSS, and direct sequence, DSSS) were initially created for military purposes though are now part of wireless industry standards. There are other SS techniques, like chirp, chaotic and UWB, which have yet to find broad use in commercial or consumer products. There are yet other SS methods which are still either experimental or used only in military / government applications. Sometimes these approaches can be combined to significantly increase effectiveness. 
 
There is a general acknowledgement of relationships, in wired communications, between certain characteristics (e.g., latency) privacy and security. The same generally holds true for wireless. In addition,  wireless links must often deal with varying and unpredictable channel conditions.

Conversely, non-compliant wireless links (the only types of interest here) can dynamically choose whatever spectrum fits within the hardware and software capabilities and best suits the conversation at hand. It is also free of service provider restrictions and costs. 

One prominent way for wireless communications to acquire the covert characteristics needed is by effectively masquerading as noise. This noise can be from natural sources (e.g., lightning), non-communication radio emissions (e.g., discharge type street lamps), unintentional communication emissions or an uncontrolled mixture.

SIGINT analyst Eve may use a variety of specialized spectrum analysis tools including Bragg Cell, electroptical, steering receivers to quickly scan wide swaths of spectrum for signals of interests which can then be investigated using narrower band devices. These devices can be terrestrial or mounted on satellites.

All receivers have design tradeoffs mostly due to frequency coverage, instantaneous bandwidth, noise figures, etc. Automated identification and classification of unknown signals is an advancing art but still an inexact science. If Alice and Bob use weak (very low spectral density), intermittent, signals with very close similarity to noise they are, individually, problematic for Eve. As the number of simultaneous, unrelated and uncoordinated, parties share the spectrum the difficulty for Eve is magnified even if she records the spectrum and attempts non-realtime analysis. Despite massive SIGINT investments she is at disadvantage but the intel agency narratives would have others believe they are all-seeing all-knowing. 

With proper covert tech the advantage can shift asymmetrically in favor of Alice and Bob. The situation has similarities to mixing of blockchain transactions. It's also similar to the challenge faced by parties defending their online servers from hackers. The defenders must block any intrusions the attackers must only find one good exploit to win.

To be continued...

On Sun, Oct 27, 2019, 3:03 PM Steven Schear <schear.steve@gmail.com> wrote:
By choosing a different physical transport means a different and, I maintain, better set of security tradeoffs become available. Unlike approaches which invariably depend on the Internet and heavily monitored commercial gateways, I propose using infrastructure-less or non-permissioned commercial, single-hop, relays. It's not the electromagnetic spectrum isn't also monitored but that the efficacy of that monitoring is, unlike the former environment, much more limited by physics, channel conditions, information theory and the proper application of tradecraft by possible targets.

Both as a hobbyist and professional I've delved into the practicality of utilizing and building on commonly available, even consumer grade, Software Defined Signal Processing  (SDSP, the use of the term SDR is verboten in my world due to its inherent regulatory implications) hardware and open source software. My investigations (some openly shared at Cypherpunk-oriented tech conferences) have led me to believe that even a moderate uptake of these SDSP technologies would effectively neutralize most or all SIGINT against parties who aren't already the subject of individual targeting. 

These technologies aren't some magical new creation but rather the integration and adoption of ideas already well studied and reported in academia but whose implementations are often not openly available for tailoring and testing, mostly due to unfounded fears of regulatory actions. 

To be continued...

Join