MOTOTRBO: TLS-PSK programming for added security

Adding the PSK to a radio in CPS/RM

This feature provides additional data security on the USB or IP link, between a radio or repeater and the CPS or RM. When configured, all programming data between CPS/RM  and the device is encrypted using TLS-PSK.

When the radio or repeater is configured for standard security mode, it can be programmed by anyone else. Of course a codeplug password will prevent the radio from being read but not from being written.

When configured for enhanced security mode, if anyone wants to needs to read or write a MOTOTRBO device, the CPS/RM needs to have the pre-shared key (PSK)- either saved or entered when reading or writing.

OTAP does not utilize this feature, as it has its own mechanism for authentication and will use privacy or AES for data transfer. Additionally, customers should also make use of the Ignore RX Clear Voice/Packet Data feature, if they are concerned about data security.

Adding keys in the CPS/RMcaption

The key(s) is (are) securely stored in the CPS/RM, however, it might also make sense to have a hard-copy of these keys locked away somewhere safe - just in case the hard drive crashes and the data wasnt backed up. 

It is not possible to read or write a radio or repeater, if the key is unknown or lost. For security reasons, the device would have to be returned to Motorola to be restored to factory defaults.
A radio or repeater can be reconfigured for standard security mode, if the PSK is known. 

This feature is supported on all system topologies with software release R2.10.5 and onwards.