What does encrytion cost

Status
Not open for further replies.

scanmanmi

Member
Joined
Sep 25, 2011
Messages
828
Location
Central Michigan
I couldn't find a suitable forum for this question so here it is. I've been reading about DMR & P25 etc. Everyone mentions a cost of encrytion but never what it is. I assume a radio capable is going to cost more but how much more? Is there a licensing or monthly hosting fee? Do you have to outright purchase a key made for you or can you make your own? I noticed one county's road commission and college maintenance are encrypted and I can't figure out why (unless they're a CIA front). etc. etc.etc
 
Last edited:

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
23,617
Location
Hiding in a coffee shop.
All the digital radios I've ever worked with have a basic encryption included in the radio. It's usually low tier encryption, but good enough for most users.

Upgrading to AES256 usually comes at a cost, usually for the encryption board.
For example:
A Kenwood TK-5210G VHF P25 radio can have an AES-256 encryption board installed in it. This is the full FIPS 140-2 board…
$850.00 list. FIPS is usually required for anything "Federal".
A non-FIPS AES/DES encryption unit is $550.00 list.
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
23,617
Location
Hiding in a coffee shop.
Is there a licensing or monthly hosting fee?

No.

Do you have to outright purchase a key made for you or can you make your own?

You'd make your own, either with the low tier/included encryption, or the higher tier versions.

I noticed one county's road commission and college maintenance are encrypted and I can't figure out why (unless they're a CIA front). etc. etc.etc

Since encryption is an included feature of most digital radios, it's generally a "no-cost" feature you can add. MotoTrbo has a basic encryption, and so does NXDN. When asked, most radio system purchasers think they need encryption. Since the basic feature doesn't cost anything, it's easy enough to just turn it on. It helps filter out some hobbyist hearing something they shouldn't and also reduces the chances of some meathead employee saying something stupid and having someone pick it up and blab it to the rest of the world. In an ever increasing litigious society, it sort of makes some sense to use it if you have it.
 

ofd8001

Member
Premium Subscriber
Joined
Feb 6, 2004
Messages
7,890
Location
Louisville, KY
The AES is the "High Tier" gold standard used for critical public safety stuff. The cost mentioned is per radio.

There are other lower tier types of encryption, such as ADP which started out as a Motorola propietary thing. The cost for that was $10 per radio, but at the time that locked you into buying Motorola down the road. Another manufacturer or two has began offering this format.

Another item needed for encryption is a Keyloader which kind of looks like a Blackberry device. That loads the encryption key the system administrator chooses to use. See https://www.motorolasolutions.com/e...stro-25-security/kvl-4000.html#tabproductinfo Those are pretty costly, around $2K.
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
6,859
Concerning APCO 25 radios, there has been a move to eliminate the "free" low level ADP encryption from the P25 radios.

This because of interoperability and being a vendor specific option.

Agencies who encrypt will likely use AES 256. The cost per radio for the encryption hardware is about $700 a radio assuming a specific tier model will accept the option. A portable Key Variable loader and cables will be in the order of $3K to $5K. If an agency desires over the air rekeying (OTAR) they need a Key Management Facility (KMF), they need a CORE and the price gets into 100's of thousands of dollars.
 

lysp

Newbie
Joined
Aug 29, 2017
Messages
3
Another missed cost is the additional staffing / IT / help desk / technology expert cost.
 

scanmanmi

Member
Joined
Sep 25, 2011
Messages
828
Location
Central Michigan
Great stuff thanks. I guess everything at an agency with 20 people would come to about $1k/person. I can see a day coming soon when everthing interesting will be encrypted. Maybe not tow trucks and plumbers.
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
23,617
Location
Hiding in a coffee shop.
Keep in mind that the numbers that have been tossed around are for the high end AES-256, supporting a -lot- of radios, etc.

The simple encryption in DMR and NXDN doesn't cost anything, doesn't need a KVL, and is very manageable. I don't see any costs at all to me running a little over 400 NXDN radios on a trunked system with encryption. It's just a matter of setting it up, and that's just a few key clicks.
 

wbswetnam

Member
Joined
Oct 11, 2005
Messages
1,799
Location
DMR-istan
Great stuff thanks. I guess everything at an agency with 20 people would come to about $1k/person. I can see a day coming soon when everthing interesting will be encrypted. Maybe not tow trucks and plumbers.

What surprises me is that we haven't seen more public service agencies move to encryption, especially if there is little or no added cost. I would think that most police and fire chiefs, if asked "Hey, do you want us to add encryption to your radio system?", would respond "Hell YEAH!".
 

mmckenna

I ♥ Ø
Joined
Jul 27, 2005
Messages
23,617
Location
Hiding in a coffee shop.
What surprises me is that we haven't seen more public service agencies move to encryption, especially if there is little or no added cost. I would think that most police and fire chiefs, if asked "Hey, do you want us to add encryption to your radio system?", would respond "Hell YEAH!".

A lot do/have. However, many are smart enough to understand the interoperability issues with it.
Interoperability and encryption only work if the keys are shared and that relationship between agencies is kept up. Unfortunately this can be very problematic.
 

Jay911

Silent Key (April 15th, 2023)
Feed Provider
Joined
Feb 15, 2002
Messages
9,378
Location
Bragg Creek, Alberta
What surprises me is that we haven't seen more public service agencies move to encryption, especially if there is little or no added cost. I would think that most police and fire chiefs, if asked "Hey, do you want us to add encryption to your radio system?", would respond "Hell YEAH!".

I'm not a fire chief, but I'm the officer in charge of maintaining my fire department's communications, and I say "Hell NO!" to encryption.

1. Accountability
- We serve the communities around us - they are our customers, and they deserve to know what we're doing for them. While some of our duties require confidentiality, we don't talk about those on the radio (or even in public). If there are things which must be discussed in some other manner than in-person, face-to-face, either those things are able to be discussed as if you were standing on top of the truck shouting it into a bullhorn, or they're carried on equipment designed for sensitive information, such as private mobile telephone or landline.

2. Interoperability
- Fire departments frequently and routinely work with their neighboring departments and with other agencies such as EMS, Police, power company, gas company, etc., to get the job done. Encrypting my comms will just mean that my mutual aid partners will not be able to talk with me (or, if I share my key with them, that would require orders of magnitude of complexity in keeping the keys maintained and protected - in other words, if my key gets compromised, I have to not only re-do all my radios, I have to chase down radios from other departments as well). Furthermore, if a major disaster occurs and a distant agency is brought in, or even a regional/national task force, their comms would be incompatible with mine if mine was encrypted.

3. Responder safety
- This is the biggest concern for me. Radios have been known to 'lose' their encryption keys or otherwise have a key failure. When a radio dumps its key, it loses the ability to communicate on an encrypted channel. While not as common as it once was, it still does happen that a radio ****s out its key. If a firefighter in a hazardous atmosphere/situation can't call for help because his radio's encryption key got dumped, he has lost his lifeline to the outside world. It would be terrible to have to write in a report that Firefighter Smith would have survived if only his radio had been able to transmit a mayday.
 

wa8pyr

Technischer Guru
Staff member
Lead Database Admin
Joined
Sep 22, 2002
Messages
6,982
Location
Ohio
Concerning APCO 25 radios, there has been a move to eliminate the "free" low level ADP encryption from the P25 radios.

This because of interoperability and being a vendor specific option.

Agencies who encrypt will likely use AES 256. The cost per radio for the encryption hardware is about $700 a radio assuming a specific tier model will accept the option. A portable Key Variable loader and cables will be in the order of $3K to $5K. If an agency desires over the air rekeying (OTAR) they need a Key Management Facility (KMF), they need a CORE and the price gets into 100's of thousands of dollars.

New grant rules from the Feds mandate that, if encryption is to be included on radios purchased with grant funds, it has to be interoperable (ie, AES256).

Of course, the cost per unit for that option means you're going to limit the number of radios you can buy; most agencies I work with therefore use grant funds to buy basic radios with basic "free" encryption, and use the money saved from their local budget to buy radios with interoperable encryption for their special teams.
 

KE5MC

Member
Premium Subscriber
Joined
Dec 19, 2002
Messages
1,235
Location
Lewisville, TX
Tom,

"interoperable (ie, AES256)"

"interoperable encryption for their special teams"

I'm just picking on a few items, but the reason is it seems that AES256 works between different agencies without sharing 'Keys' if I'm reading between the lines.

I never was very good at that... :(

What can you add?

Mike
 

IAmSixNine

Member
Feed Provider
Joined
Dec 19, 2002
Messages
2,443
Location
Dallas, TX
Department near me recently flipped the switch on their new shiny P25 Phase 2 system.
PD/ FD are encrypted. 3 weeks into going live and chatting with a 25 year FD veteran he said the station alerting speakers dont operate right, missed a few calls, cant understand people on the radios and a recent hazmat incident where a neighboring hazmat crew came into their agency to assist didnt go well.

My response to him was, yup and someone above your pay grade signed off on this system so you could go live with it.. Money well spent. Oh by the way what are the guidelines / recommendations from the NFPA about encryption on FD channels?? :)
 

crazyboy

Member
Joined
Apr 10, 2004
Messages
793
Location
NJ
Tom,

"interoperable (ie, AES256)"

"interoperable encryption for their special teams"

I'm just picking on a few items, but the reason is it seems that AES256 works between different agencies without sharing 'Keys' if I'm reading between the lines.

I never was very good at that... :(

What can you add?

Mike


They would still have to share keys or have a common key in their radios. It just makes it so everyone has the same algorithm capabilities in their radios.
 

wa8pyr

Technischer Guru
Staff member
Lead Database Admin
Joined
Sep 22, 2002
Messages
6,982
Location
Ohio
Tom,

"interoperable (ie, AES256)"

"interoperable encryption for their special teams"

I'm just picking on a few items, but the reason is it seems that AES256 works between different agencies without sharing 'Keys' if I'm reading between the lines.

I never was very good at that... :(

What can you add?

Keys are still necessary. AES256 is mandated because it's the P25 standard, is the highest security currently available and is standard for Federal use.
 

jim202

Member
Joined
Mar 7, 2002
Messages
2,729
Location
New Orleans region
Let me jump in here and pass along some comments.

NFPA has taken the stand of recommending that all coms of the fire scene be in the analog mode. This is based on the fact that if your getting on the edge of the coverage, you can hear the signal start to break up. As was already stated, if the radio looses the encryption key, it becomes useless. You can't have this on the fire service.

The encryption key should be changed frequently. This takes time and man power. Plus during the change, the fleet becomes non compatible between the radios that have not been upgraded with the new encryption key. Not a good position to be in if you have a large fleet of radios.

Another comment is about the interoperability with the surrounding agencies. The encryption key needs to be shared with them and they also have the same issue when the keys need changing. Labor, time and partial system ability while the key change in in the works.

I don't have any feelings about the scanner fans except the public safety agencies looses the eyes and ears of the public when the radio systems are encrypted.

Here in Louisiana, most of the agencies on the LWIN state wide system are in the clear. Only a couple of the agencies have encrypted their radios. St. Tammany Parish just installed a new P@% system which became part of the state wide LWIN system. The SO agency encrypted all their talk groups.

My feeling about encryption is that the person that benefits the most from it is the radio sales force that smile all the way to the bank. They use all sorts of heavy handed pressure to convince the agencies to encrypt all their radios on new systems and radio upgrades. They take the agency top dogs out and to the wine and dine tap dance twisting their arms about why it is needed and the problems you can have if you don't. I just don't have tall enough hip boots to be able to wade through all the bull that they pass during their efforts.

As for the problems trying to scan a simulcast system, the best way to do it is to use directional antennas and point it toward the nearest tower with the strongest signal. If you unlucky to live in the overlap zone where signals from two or more towers overlap, your going to have a problem. If you manage to live near just one of the towers, you should do good receiving a usable signal.

Hope I have cleared up a few of the confusing issues that several of you have mentioned.
 

prcguy

Member
Joined
Jun 30, 2006
Messages
15,228
Location
So Cal - Richardson, TX - Tewksbury, MA
The prices of new radios with encryption have been mentioned but for an end user buying used radios it can very inexpensive. For example, you can get used radios like the the Racal/Thales T25 with built in P25 and DES encryption for under $100 used (I got a pair for about $85 ea) and you can upgrade to AES for free.
prcguy
 

RFI-EMI-GUY

Member
Joined
Dec 22, 2013
Messages
6,859
The prices of new radios with encryption have been mentioned but for an end user buying used radios it can very inexpensive. For example, you can get used radios like the the Racal/Thales T25 with built in P25 and DES encryption for under $100 used (I got a pair for about $85 ea) and you can upgrade to AES for free.
prcguy

I have been looking at the Thales site and still have questions. Can you load DES keys in those radios with a Motorola T3011DX key loader? Are they compatible with analog FM 12 kbps CVSD used for Securenet DES and DES-XL?
 
Status
Not open for further replies.
Top