Enhanced Privacy

Tuesday, January 22, 2019
Most MOTOTRBO radios supports 3 levels of privacy (encryption): Basic; Enhanced and AES. Certain lower tier models will only Basic and Enhanced. Entry level models will only support Basic Privacy.
The DP4801e supports all three...
...whereas the DP1400 only supports Basic Privacy.


Basic Privacy only provides simple 16 bit XOR scrambling and only offers very  basic protection against eavesdropping. There is only one key and this must be the same in all radios that need to be party to a specific call. Radios which don't have this key, will hear garbled audio when another user transmits.

Enhanced Privacy uses the well known and widely implemented Alleged* RC4 algorithm - the key length is 40 bits. It is also possible for a radio like this to be programmed with multiple keys, which can be selected by changing the channel. The key is write only so the key(s) must be stored in a safe/secure location if a backup is required. It is possible to provision keys over the air.

AES 256 bit provides the highest level of protection. The radio uses a symmetrical group key which means that the same keys needs to be programmed in all radios that need to be party to a specific call. The radio will also support multiple keys so it's possible to have one key per talkgroup or channel, for example.

AES256 is not available in the radio by default and requires you to purchase a software (CfS) licence. Since it is Export Controlled it may not be available in all countries or cannot be sold to just anyone.

When enabled, AES will be shown in the list of features. 

In the case of AES and Enhanced Privacy, a radio can be provisioned with multiple keys
A key can be provisioned on a per-channel/personality basis.

Radios configured with Enhanced Privacy or AES256** are also able to (or at least supposed to) operate with other vendors terminals. 

In all cases, the encryption is only applied to the payload. This permits relatively simple fixed infrastructure (i.e. repeaters) to provide end to end encryption. It does however mean that the headers are sent clear. If full encryption is needed, it may be prudent to consider something like Dimetra Express which supports Air Interface Encryption (ie. header+payload).

For more information, have a look at the related posts below.



This Wikipedia article explains why it is called Alleged RC4 and not RC4(TM).
** As of firmware release R02.04.00.

Leave a Comment

Powered by Blogger.