High-speed multimedia radio

Because the meaning of amateur transmissions may not be obscured, security measures that are implemented must be published. This does not necessarily restrict authentication or login schemes, but it does restrict fully encrypted communications. This leaves the communications vulnerable to various attacks once the authentication has been completed. This makes it very difficult to keep unauthorized users from accessing HSMM networks, although casual eavesdroppers can effectively be deterred. Current schemes include using [[MAC address]] filtering, [[Wired Equivalent Privacy|WEP]] and [[Wi-Fi Protected Access|WPA]]/[[WPA2]]/WPA3-PSK. MAC address filtering and WEP are all hackable by using freely available software from the Internet, making them the less secure options. The newer WPA/WPA2/WPA3 are relatively more secure, though the "personal" per-shared key (PSK) mode allows anyone with the password to eavesdrop on the session key establishment, in contrast to the enterprise [[802.1x]] mode.

Because the meaning of amateur transmissions may not be obscured, security measures that are implemented must be published. This does not necessarily restrict authentication or login schemes, but it does restrict fully encrypted communications. This leaves the communications vulnerable to various attacks once the authentication has been completed. This makes it very difficult to keep unauthorized users from accessing HSMM networks, although casual eavesdroppers can effectively be deterred. Current schemes include using [[MAC address]] filtering, [[Wired Equivalent Privacy|WEP]] and [[Wi-Fi Protected Access|WPA]]/[[WPA2]]/WPA3-PSK. MAC address filtering and WEP are all hackable by using freely available software from the Internet, making them the less secure options. The newer WPA/WPA2/WPA3 are relatively more secure, though the "personal" per-shared key (PSK) mode allows anyone with the password to eavesdrop on the session key establishment, in contrast to the enterprise [[802.1x]] mode.

There is a concern that the FCC Rule 97.113(a)(4) prohibition against "messages encoded for the purpose of obscuring their meaning" would apply to encrypted HSMM. According to a 2013 ARRL comment to the FCC, FCC has historically allowed encryption for the purpose of authentication and identification, but it does remain difficult to discern the relative degree of intention.{{cite web |last1=Imlay |first1=Christopher D |title=In the Matter of ENCRYPTION OF AMATEUR RADIO COMMUNICATIONS RM-11699 |url=https://www.arrl.org/files/file/FCC%20Documents/Comments%20RM-11699%20FINAL%20Version%202.pdf}} Some have advocated for publishing the encryption keys themselves must be published in a publicly accessible place (like authors of new radio protocols would make their software open-source), but KD0LIX advises against such a belief, especially since it would not be correct given that WPA and later protocols exchange per-session keys. Accessing parts of the Internet through common encrypted protocols such as [[HTTPS]] is not possible either way.{{cite web |title=Encryption and Amateur Radio |url=https://rsaxvc.net/blog/2014/2/1/Encryption_and_Amateur_Radio.html |website=rsaxvc.net |date=February 2014}}

There is a concern that the FCC Rule 97.113(a)(4) prohibition against "messages encoded for the purpose of obscuring their meaning" would apply to encrypted HSMM. According to a 2013 ARRL comment to the FCC, the FCC has historically allowed encryption for the purpose of authentication and identification, but it does remain difficult to discern the relative degree of intention.{{cite web |last1=Imlay |first1=Christopher D |title=In the Matter of ENCRYPTION OF AMATEUR RADIO COMMUNICATIONS RM-11699 |url=https://www.arrl.org/files/file/FCC%20Documents/Comments%20RM-11699%20FINAL%20Version%202.pdf}} Some have advocated for publishing the encryption keys themselves must be published in a publicly accessible place (like authors of new radio protocols would make their software open-source), but KD0LIX advises against such a belief, especially since it would not be correct given that WPA and later protocols exchange per-session keys. Accessing parts of the Internet through common encrypted protocols such as [[HTTPS]] is not possible either way.{{cite web |title=Encryption and Amateur Radio |url=https://rsaxvc.net/blog/2014/2/1/Encryption_and_Amateur_Radio.html |website=rsaxvc.net |date=February 2014}}

(There is no broadly-supported combination of 802.11 protocols that implements cryptographic authentication without encryption. KD0LIX has suggested that since authenticated-but-not-encrypted VPN programs exist, one can run it on top of a 802.11 network.)

(There is no broadly-supported combination of 802.11 protocols that implements cryptographic authentication without encryption. KD0LIX has suggested that since authenticated-but-not-encrypted VPN programs exist, one can run it on top of a 802.11 network.)