MOTOTRBO: Setting up AES

MOTOTRBO offers three types of privacy mechanisms – Basic, Enhanced, and Advanced Encryption Standard (AES). Both Basic and Enhanced Privacy utilize Motorola proprietary mechanisms/algorithms and therefore are not interoperable with other vendor’s privacy offerings.

The AES is a specification for the encryption of electronic data, established by the US National Institute of Standard and Technology. Additionaly, the DMR Association has defined a specific method that AES can be used for DMR voice encryption. MOTOTRBO supports AES Payload Encryption with 256-bit shared encryption key length as defined in DMR Association standard.

The main differences between Basic and Enhanced Privacy is that Enhanced Privacy provides a higher level of protection and supports multiple keys in a radio, compared to one key in the case of Basic Privacy. AES has a higher level of protection when compared to Enhanced Privacy. Like to Enhanced Privacy, AES supports multiple keys.

These three privacy mechanisms are not interoperable. The Basic and Enhanced Privacy mechanisms cannot operate in a radio at the same time. AES can only coexist with Enhanced Privacy.

Also all the radios on a repeater must use either Basic or Enhanced Privacy with AES, or only AES, even if they are in different groups. In direct mode, all the radios which communicate with each other on the same talkgroup must use the same privacy mode.

No configuration is required in the repeater to support AES.

The AES and Symmetric Key options are visible in the CPS only if the AES feature is purchased. The part number for the AES Licence is HKVN4241A. The radio, repeater, and MNIS based Dispatcher of a system require configuration for AES. In the CPS, the radio codeplug lists all Symmetric Keys in the Security page, under the AES heading. Privacy types None or Enhanced are independent from the Symmetric Keys configuration. Basic Privacy does not work with AES. If Basic Privacy is configured, the radio bypasses AES for the transmission even if Symmetric Keys are configured in the radio. 
The firmware needs to be R02.30.00 or later and the AES Licence needs to be purchased

The radio allows the privacy type selection of None or Enhanced to be configured with or without Symmetric Keys. Only one privacy type is allowed on each radio channel. The radio allows up to 16 different Symmetric Keys to be configured. Each Symmetric Key can be up to 256 bits in length.

To support AES, the repeater codeplug must be configured with Enhanced Privacy type since the repeater does not encrypt or decrypt any AES payload. The Enhanced Privacy option allows the repeater to repeat the AES and Enhanced Privacy encrypted audio and data bursts. For proper functioning of the repeater in a system with AES encrypted transmissions, the repeater must be running on firmware version R02.30.00 or later.

A radio can be configured with both Enhanced Privacy keys and Symmetric Keys. The radio can receive audio and data calls encrypted with AES or Enhanced Privacy keys, from any talkgroup in the RX Group List that is tied to a personality, as long as the same key and privacy type of the transmitting radio is selected in the personality.
The AES key range is from 1 to FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE

Although key management is not a feature of MOTOTRBO, Radio Management feature of the CPS can be used to pre-configure and manage the Symmetric Keys. The AES uses the Symmetric Keys as encryption keys. The MNIS require Symmetric Keys configuration for AES encryption. The MNIS allows up to 255
Symmetric Keys.

The key drop-down in an AES enabled radio.

14 comments:

  1. As I can to understand, encryption - the MOTOTRBO radio, and never option board feature?
    Can the encryption be feature of option board in appliance with DMR standard?

    ReplyDelete
    Replies

    1. I'm not sure I understand your question. Are you asking whether it is possible to have the option board handle the encryption handle the encryption, rather than the radio?

      Delete
  2. Is Mototrbo and Hytera interoperable by using AES 256 encryption ?

    ReplyDelete
    Replies
    1. I don't think Hytera does AES256 - only 128 bit.

      Delete
    2. I had a look and some hytera radios do AES256 and will work with MOTOTRBO radios. What is not clear, is which (hytera) models and which firmware packages - not all of them seem to support this apparently.

      Delete
  3. Dear Mr.Wayne,

    Is AES 256 can be OTARED and if yes what are the requirements ?Thanks for your support.

    ReplyDelete
    Replies
    1. Yes, the key in a radio can be updated over the air by OTAP and Radio Management.

      Delete
    2. The only requirements are: Radio Management setup and AES in the radio.

      Delete
  4. Is this EID (AES-256) easily purchased from MOL, will they sell it to the public? I have heard there is issues with buying this option.

    ReplyDelete
    Replies
    1. In EMEA at least, unless you are on one of the antiterrorist or the country isn't under embargo/sanction, then you can purchase this. I don't know about North America though.

      Delete
    2. I have heard that in Canada it is next to impossible.

      Delete
    3. Sorry, I have no knowledge of how this work in North America. My suggestion would be to contact a local dealer via the SUPPORT link above.

      Delete
  5. Hi Wayne,

    I was wondering if you could assist me.
    we run a radio net through a shared repeater, all of our radios are are on enhanced privacy, but we still hear the other users in clear even though we are transmitting Enhanced privacy.
    is there a setting that we can apply to only receive our own enhanced privacy transmissions, or does Mototrbo not cater for this?
    Thanks in advance for the help !
    Nick

    ReplyDelete
    Replies
    1. A radio which has Enhanced Privacy enabled will un-mute to calls on the same Talkgroup which are clear. Currently the way to avoid this, is to put the encrypted radios/calls on another Talkgroup.

      Delete

Powered by Blogger.