Somebody might hear us: the future of secure communications
4 May 2021|

I was pleased to become involved when ASPI was asked to run a workshop on secure communication technologies late last year. It’s been a long time since I was in the world of signals intelligence and I hadn’t kept up with technological developments. This was a good chance to catch up, and you can read a summary of my findings in my new ASPI report.

Of course, the fundamentals of securing communications haven’t changed. In a contested environment, you want to make life as hard for an adversary as you can, consistent with keeping the imposts on your own resources manageable. And defence-in-depth is preferable to relying on a possible single point of failure.

The paper breaks down that idea into three broad steps:

  • reducing the probability of a signal being detected
  • reducing the probability of a signal being accurately or completely collected if it’s detected
  • reducing the probability of a signal being exploited if it’s detected and collected.

Ideally, you would be able to exchange information without an adversary even being aware of the existence of a communication. That’s clearly possible sometimes—for example, if you can keep everything in a closed system, such as a fibre-optic cable ‘air gapped’ from the outside world. But that won’t always be possible without unduly limiting your own capability; deployed military forces usually can’t be constrained by the reach of cables. Information sometimes needs to travel over pathways that are exposed to the outside world, such as by radio transmission.

But it turns out that some clever applications of physics can limit—but not entirely eliminate—the ability of an adversary to detect the signal. One example given in the paper is the experimental use of ultraviolet (UV) communications to broadcast information. Because some wavelengths of UV are strongly absorbed in the atmosphere, signals can’t propagate much more than 3–5 kilometres, though the signal strength can be quite high at shorter ranges. Deployed land forces could use UV signals to communicate with nearby friendly forces, with little risk of interception by adversaries outside a fairly well-defined perimeter. And, unlike current short-range military radio communications, the signal remains difficult to detect even if the adversary has a direct line of sight. Another bonus is that moving to UV frequencies from standard radio frequencies increases the data rate and decreases the time required to transmit a message. The downside to UV is clearly the limitation on range.

Greater range with only slightly less security is possible via the use of lasers for communications between two points. Laser beams can be very tightly collimated and carry high data rates. The tightness of the beam means that interception is unlikely, though in this case detection is possible because some light will scatter off atmospheric particles. Because of the randomness of scattering, collection of enough of the signal for accurate demodulation is difficult—the adversary knows you’re sending information but is unlikely to be able to exploit it. In places where laser communication isn’t possible between two ground-based locations, satellite relays can provide a bridge.

Space-based systems are perhaps the most likely applications for emerging communications technologies. In the US, NASA and the Defense Advanced Research Projects Agency are working on a number of techniques for linking spacecraft with high-data-rate and low-probability-of-intercept communications, for a range of civilian and military uses. X-ray laser beams have very short ranges on earth due to the rapid absorption of energy in the atmosphere, but they work fine in the near vacuum of space, and the high frequencies can provide gigabit-per-second data rates. In space, nobody can hear you beam.

Defence capability planning always has to take a worst-case view. The history of espionage shows that clever adversaries can find ways to detect and collect even carefully hidden signals. A quarter of a century ago, frequency-hopping radios and spread-spectrum techniques provided a level of protection against interception. But Moore’s law has enabled the development of broadband collection and analysis systems that render those techniques much less secure. Even the emerging technologies sampled in my paper have already generated some thinking about how they might be defeated. In one case, different arms of the US government have issued requests for tender for proof-of-concept communications technologies and for systems capable of detecting and possibly exploiting them.

Since absolute security of communications can’t be assumed, there will always be a place for encryption. If an adversary manages to defeat the compounding low probabilities of detection and collection, the encryption of the content will then present it with another step with a low probability of success. The future of encryption is worth a study in its own right, but don’t believe everything you read about quantum computers spelling the end for encryption; quantum-resistant encryption is possible.

Communications will never be entirely secure—the presence of human beings on the ends of communication chains almost guarantees that, even in the absence of clever methods to defeat new technologies. But there are enough clever ideas about new security techniques to ensure that signals intelligence people will have to keep working hard for their living.