Managing security on your MOTOTRBO network

MOTOTRBO second generation radios supports 3 levels of privacy (encryption): Basic; Enhanced and AES.

Basic Privacy only provides simple 16 bit scrambling and only offers very  basic protection against eavesdropping. There is only one key and this must be the same in all radios that need to be party to a specific call. Radios which dont have this key will hear garbled audio when another user transmits.

Enhanced Privacy uses the well known ARC algorithm - the key length is 40 bits. It is also possible for the radio to be programmed with multiple keys which can be selected by changing the channel. The key is write only so the key variable must be stored in a safe/secure location.

AES 256 bit provides the highest level of protection of all Motorola Professional and Commercial radios. The radio uses a symmetrical group key which this means that the same keys needs to be programmed in all radios that need to be party to a specific call.

Managing your keys is essential. This means (among other things) that the keys must be updated in the radios on a regular basis. For this, Radio Management and OTAP can be used.

It is also critical to ensure that lost or stolen radios (or radios in the wrong hands) are quickly identified and disabled. Radios which are not in use must be secured and not given to anyone who is not authorized to have this equipment.

Apart from key management and radio asset management, it is also essential to ensure that staff who are handing radio communications equipment can be trusted and are not batting for the other team.

It may also be possible for suitably equipped and authorized Application Partners to develop their own encryption algorithm, on the radio option board using their own chipset, if the level of security provided by AES256 is not enough, or another algorithm is preferred.

2 comments:

  1. Hi Wayne,

    What actually changes in the repeater when I set the Basic or Enhanced privacy setting? It seems the privacy keys are only held on the radios not the repeaters so what does the repeater change when it is set to basic or enhanced privacy, and if this setting is incorrect (ie if radios don't use privacy and repeater set to basic) will the system still work?

    Thanks,
    Stuart

    ReplyDelete
    Replies
    1. When set to Enhanced, the repeater knows to handle the additional bits, required for encryption, differently. I've never tried it but I suspect there will be no/garbled audio, if the repeater is set to None and the Radios use ARC4/AES. The same would apply to Basic I guess. If the Repeater is set to basic/Enhanced and the Radios are using clear transmissions (no encryption) then the voice bursts are just passed though as is.

      Delete

Powered by Blogger.