Scanning Home
General Scanning Information


Encryption Protocols
A Brief Look at Analog and Digital Encryption Devices
by Doug G. (batwing@digital.net)

COPYRIGHT 1995 (Not to be published without permission of the author). Electronic distribution (non-profit) of this work is permitted as long as the work remains unaltered. Seeded data present. Any copy of this work can be proven to be the work of the author.

All proprietary and trademarked terms used below are the property of their respective owners, with due credit given to the holder of the trademarked term.

Encryption of the human voice is a complex and intricate procedure that is accomplished by one of two methods: analog or digital. The human voice, for the most part, occupies the frequency range from about 100 Hz to 3 kHz, forming complex analog waveforms and patterns. Analog speech encryption can be as simple as speech inversion, where the human voice is "inverted", resulting in the radio traffic sounding like a popular Disney character, or quite complex, with the voice split at about 1500 kHz, inverted at both ends, with the center carrier swept randomly up and down several kHz from the center transmit frequency. Digital voice encryption requires that the analog signal be sompled, digitized and encrypted, transmitted, and decrypted in real-time. Since complex analog encryption is rather rare, our focus will be on digital encryption products manufactured by Motorola, Inc.

Analog Encryption Types and Products

Since speech inversion is easily defeated (the Ramsey Electronics SS-70), most law enforcement agencies have ceased using this encryption technique. I know of no federal agency that has ever used analog encryption devices. These simple, low-cost devices are more suited to the local police department, since all but the most serious scanner owner will not be able to understand the radio traffic. One of the largest manufacturers of analog encryption devices, Midian Electronics, offers a complete line of products from the simplest and smallest speech inversion scrambler to a highly sophisticated "rolling-code" encryption device. Contact Midian Electronics at 1-800-MIDIANS for further information on their line of analog voice encryption products.

MotorolaTM Encryption Protocols and Products

Although there are still some analog Motorola encryption devices still in use, including simple speech inversion products, the majority of devices currently in use are of the digital variety. All Motorola voice privacy protocols are referred to simply as "SECURENET", which is a general term that Motorola uses to identify it's digital encryption products. There are three different basic encryption protocols, two of which have two distinct variations, for a total of five unique (and non- compatible) encryption protocols. Each of the five protocols uses a field inserted "key", which is what makes the communications secure. Since the author is not a cryptographer, it is simple enough to understand that without the proper encryption "key" loaded into your radio, all that you will hear is white noise, or static, when encrypted traffic is being passed between radios.

The Original Propreity Encryption Algorithm, DVP

DVP, a term that Motorola coined for use with their initial entry into the digital voice encryption product field, is a proprietary Motorola protocol that uses a self-syncronizing encryption known as cipher feedback. Depending on who you ask at Motorola, DVP actually has two different meanings. DVP stands for Digital Voice Privacy or Digital Voice Protection, same encryption protocol, different terminology. The basic DVP protocol is capable of 2.36 x 1021 different "keys" to ensure protection for your voice conversations.

Data Encryption Standard

In the middle 1970's, the federal government finally decided that they needed to standardize all federal agencies on a common encryption protocol to protect sensitive, but unclassified data. Several different schemes were submitted, but the one approved by the National Bureau of Standards was a protocol that became the Data Encryption Standard, or DES. Broaden your mind for just a minute and forget about radio traffic. There are several other forms of communication and data that must be protected from prying eyes (and ears). IRS records, Federal Banking data, etc. is not "classified" in the military sense, but does require protection nonetheless. This Data Encryption Standard, once standardized, would allow all federal agencies to use the same encryption protocol, allowing them to intercommunicate when and if the need should arise. DES is capable of using 7.2 x 1016 different key combinations and uses a self-synchronizing method of encryption known as cipher feedback. Just remember, DES is not authorized to encrypt communications or data that is classified in the interest of national security, but we'll get to that in just a minute.

So, we just learned the two basic types of Motorola encryption, DES and DVP. In a nutshell, DVP was designed to be used by anyone who needed protection from unauthorized eavesdropping, including local government and businesses. DES, on the other hand, was designed to be used only by the federal government. Availablity of DES products was supposed to have been severely restricted to federal government agencies and military personnel only, but a trip to any large hamfest will always yield at least one person selling SECURENET products and radios.

Variations of the Originals

After DVP and DES products gained acceptance and their use became widespread, a glaring flaw became obvious. When using their radios in the encrypted mode, agents noticed that their radios did not seem to transmit as far as they did when in the clear mode. In a flurry of commotion and denial, Motorola quickly went back to the drawing board and found out that sure enough, use of the original DVP and DES protocols did limit the range of the radio, sometimes as much as 30%. In response to these complaints, two new variations of the original protocols were introduced, each with the added acronym "XL", leaving us with four distinctly different encryption protocols: DVP, DVP-XL, DES and DES-XL. The "XL" variations eliminate the range loss problem and in the case of DVP-XL, the number of available "keys" is increased to 7.9 X 1028. DVP-XL and DES-XL both use a different type of encryption known as counter addressing. Just remember that all radios must use the exact same type of encryption to inter-communicate in the secure mode (DVP-DVP, DES-XL-DES-XL, etc).

Digital Voice International

The fifth unique encryption protocol, is known as DVI-XL, or Digital Voice International. Since DES products require a munitions license to export from the U.S., DVI-XL allows other countries to enjoy the same type of encryption as DES-XL, but with a reduced number of available keys. DVI-XL is not common in the U.S., although is quite common in countries such as England.

Key Variable Loader

If you've been reading the above thoroughly, you may be asking yourself "Well, how do you get the "keys" into the radio?". Good question, so let's talk about it. The device used to load these encryption "keys" into a radio is known as a "Keyloader", or in Motorola-speak, a "KVL", or Key Variable Loader. This is a hand-held device that looks similar to a radio, but allows the operators use to insert the "keys" into the encryption devices of the individual radios. The KVL attaches to the radio with a special cable and attaches to the interface port of the radio. The individual actually enters numbers (and letters, depending on the protocol) into the KVL to produce the "key" to your radio traffic. The KVL transcribes your input of approximately 20 characters into the "key" that is loaded into the radios. KVL's are capable of storing about 16 "keys" in non-violatile memory, allowing radios to be loaded when desired. Since access to the KVL constitutes access to the entire system, these devices are usually closely guarded at the radio shop. There are five different KVLs, one each for DVP, DVP-XL, DES, DES and DES-XL and a separate KVL for DVI-XL. Newer loaders are made to support both DVP and DVP-XL and another to support DES and DES-XL (Two protocols with one loader). It is rumored that there is a "super KVL" that will load any of the four domestic encryption protocols, but the author has never seen one, and it is not listed in any Motorola literature.

Enhanced Encryption Products

More recently, there have been solutions to nagging problems in some of the larger cities. For example, lets say that you have to manage the entire Drug Enforcement Agency radio system in the south Florida area, which is probably quite a large fleet of radios. You basically have two choices, either you have one person whose only task is to keyload radios all day, or you issue each office a KVL and allow them to do it themselves. As we spoke about earlier, if you increase the number of KVLs, you increase the possibility that one will be lost or stolen, not to mention the fact that KVLs are outrageously expensive ($3000+ each) to purchase. Enter OTAR, or Over-The-Air- Rekeying. Quite simply, you have one dedicated computer, called a Key Management Controller, or KMC, which centrally manages all of the encryption "keys". OTAR is available for any one of the five available encryption methods as an add-on component. OTAR allows radios to have new encryption keys loaded into them over the air, just as the name suggests. Encryption keys can also be erased over the air in a process called "Key Zeroization". If a radio is lost or stolen, all of the radios in the system except the lost or stolen one can be instantly re-keyed over the air. Also, lets say that you are about to raid a clandestine drug laboratory and you accidentally remove your radios battery, thereby erasing the encryption key. No problem, the KMC can immediately download the encryption key back into your radio before you bash down the front door! The KMC can also download the available system keys into KVLs by phone lines so that encryption keys may be kept locally should the radios be out of the range of the KMC when new keys are sent out. The other part of Advanced SECURENET is "Multikey", which is the ability to store multiple encryption keys in one radio. Most radios can only hold one encryption key at any one time. If you have two separate groups who don't intercommunicate, multikey allows supervisors to have both encryption keys in their radios and converse with both groups, but individuals in the separate groups cannot monitor each others conversations. Some radios, when equipped with Miltikey, can have as many as 16 different encryption keys.

Future - Classified Radio Communications

As we previously mentioned, even with the high level of security offered by the Data Encryption Standard, no classified traffic may be encrypted with DES. A new type of encryption, known as Facinator, offers the government the ability to encrypt land-mobile and other radio traffic up to the level of Top Secret. Facinator is a completely different algorithm whose details are still classified. The U.S. Secret Service is reported to be using Facinator in their Motorola Saber UHF radios for executive protection and security details.

Motorola's latest development, the "ASTRO" TM system, is capable of transmitting either analog or digital voice, clear or secure, conventional or trunking. This system is currently being installed in south Florida for the Florida Highway Patrol on 800 MHz trunking (without much success, I might add). LAPD is also switching over to the Astro system and most reports received so far indicate that the system works fine.

Radios

Digital voice encryption is not a cheap endeavor. There are several Motorola portable and mobile radios that offer SECURENET as an option. Even a 15 year old Motorola MX350S portable radio that has DVP is about $350 used. These are 4-32 channel models that are quite large and cumbersome, but incredibly durable. The most popular is the SaberTM portable radio. Although still large and bulky, the Saber offers many options and is still the top-of-the-line portable radio. The Saber comes in three different varieties, known as Saber I, II and III. Both SECURENET and non-SECURENET radios are available. A Saber I has 12 channels and no display; a Saber II has 72 channels with three buttons and a display; a Saber III has 120 channels, a full keypad and a display. Additionally, Saber II and III radios offer scan capabilities. A used Saber III with voice encryption installed goes for about $800 on the used market. Not bad, considering that current list price is over $3000! I cannot stress enough the importance of being extremely careful when you purchase a used radio. Be careful, and be sure you get a reciept.

Repeaters and SECURENET Products

Using digital encryption does have it's drawbacks. The common repeater, which consists of an input frequency and output frequency, normally uses some sort of Continuous Tone Coded Squelch System, or CTCSS, trademarked as Private LineTM (PL) by Motorola or ChannelGuardTM by General Electric, to prevent unauthorized or inadvertent access to the repeater. Well, to put it simply, you can't send a CTCSS tone with any form of digital encryption. There are two ways around this shortcoming; either the repeater does not use a CTCSS tone, which is called a transparent repeater, or a repeater such as the Motorola MSF5000TM is used. The MSF5000 can be operated in the transparent mode, which allows both clear and secure transmissions to be passed, or the repeater itself can be keyloaded with the same encryption key as the radios, allowing only those transmissions with the proper encryption key to be re-transmitted. It is commonly said that most open (no PL) repeaters will not pass digitally encrypted voice. This is simply not true. The repeater will pass the digital signal, which actually has a narrower deviation than regular FM voice, just fine. Whether or not the signal is still intact enough for decryption is the big question.

Conclusion

It is clear that monitors will probably never be able to eavesdrop on digitally encrypted radio traffic, but I hope that this short introduction to the many facets of encryption products available helps you to better understand their use and operation. The fact remains, however, that it will be many years before the home computer advances to a stage that scanner owners can decrypt a secure radio transmission.

Note: Many of the terms used in the above article are trademarked by Motorola, Inc. including, but not limited to: SECURENET, DVP, DVP-XL, MX-350S, MSF5000, Saber, OTAR, and PL.


Scanning Home
General Scanning Information

This site hosted by

These pages created by Jim Fordyce. © 2005 Jim Fordyce