MOTOTRBO: Setting up AES

MOTOTRBO offers three types of privacy mechanisms – Basic, Enhanced, and Advanced Encryption Standard (AES). Both Basic and Enhanced Privacy utilize Motorola proprietary mechanisms/algorithms and therefore are not interoperable with other vendor’s privacy offerings.

The AES is a specification for the encryption of electronic data, established by the US National Institute of Standard and Technology. Additionaly, the DMR Association has defined a specific method that AES can be used for DMR voice encryption. MOTOTRBO supports AES Payload Encryption with 256-bit shared encryption key length as defined in DMR Association standard.

The main differences between Basic and Enhanced Privacy is that Enhanced Privacy provides a higher level of protection and supports multiple keys in a radio, compared to one key in the case of Basic Privacy. AES has a higher level of protection when compared to Enhanced Privacy. Like to Enhanced Privacy, AES supports multiple keys.

These three privacy mechanisms are not interoperable. The Basic and Enhanced Privacy mechanisms cannot operate in a radio at the same time. AES can only coexist with Enhanced Privacy.

Also all the radios on a repeater must use either Basic or Enhanced Privacy with AES, or only AES, even if they are in different groups. In direct mode, all the radios which communicate with each other on the same talkgroup must use the same privacy mode.

No configuration is required in the repeater to support AES.

The AES and Symmetric Key options are visible in the CPS only if the AES feature is purchased. The part number for the AES Licence is HKVN4241A. The radio, repeater, and MNIS based Dispatcher of a system require configuration for AES. In the CPS, the radio codeplug lists all Symmetric Keys in the Security page, under the AES heading. Privacy types None or Enhanced are independent from the Symmetric Keys configuration. Basic Privacy does not work with AES. If Basic Privacy is configured, the radio bypasses AES for the transmission even if Symmetric Keys are configured in the radio. 
The firmware needs to be R02.30.00 or later and the AES Licence needs to be purchased

The radio allows the privacy type selection of None or Enhanced to be configured with or without Symmetric Keys. Only one privacy type is allowed on each radio channel. The radio allows up to 16 different Symmetric Keys to be configured. Each Symmetric Key can be up to 256 bits in length.

To support AES, the repeater codeplug must be configured with Enhanced Privacy type since the repeater does not encrypt or decrypt any AES payload. The Enhanced Privacy option allows the repeater to repeat the AES and Enhanced Privacy encrypted audio and data bursts. For proper functioning of the repeater in a system with AES encrypted transmissions, the repeater must be running on firmware version R02.30.00 or later.

A radio can be configured with both Enhanced Privacy keys and Symmetric Keys. The radio can receive audio and data calls encrypted with AES or Enhanced Privacy keys, from any talkgroup in the RX Group List that is tied to a personality, as long as the same key and privacy type of the transmitting radio is selected in the personality.
The AES key range is from 1 to FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE

Although key management is not a feature of MOTOTRBO, Radio Management feature of the CPS can be used to pre-configure and manage the Symmetric Keys. The AES uses the Symmetric Keys as encryption keys. The MNIS require Symmetric Keys configuration for AES encryption. The MNIS allows up to 255
Symmetric Keys.

The key drop-down in an AES enabled radio.

Powered by Blogger.