RadioReference on Facebook   RadioReference on Twitter   RadioReference Blog
 

Go Back   The RadioReference.com Forums > Commercial, Professional Radio and Personal Radio > Hytera Forum


Hytera Forum - Discussion forum for Hytera radio equipment. Questions concerning their use on amateur radio networks and frequencies belong in the Digital Voice for Amateur Radio forum.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-01-2017, 1:35 AM
RayAir's Avatar
Member
   
Join Date: Dec 2005
Location: Island of OpenSky
Posts: 1,697
Default Hytera Over The Air Encrypt & Scanners

This is regarding the newer feature in Hytera firmware for certain DMR models called "Over the air encrypt". It scrambles the signalling frames to prevent interception of radio ID's and talk group information and is set in CPS (32 digit hexadecimal key).

Initial testing shows Motorola radios (and others) light up like they want to receive but nothing is displayed on the screen and nothing is heard.


DSD plays the voice frames just fine, but of course no RID or TG info is displayed.

Has anyone tested (or has the ability to test) Hytera OTA encryption vs a DMR capable scanner such as certain Whistler or Uniden models to see if it affects their ability to decode transmissions?

I understand if I wanted to enable voice protection I'd just toggle AES 256 on. Just curious if the signalling frame encryption alone has any effect on a scanners ability to receive the transmission.

Remember hearing some had difficulty with RAS enabled systems and OTA Encrypt is similar, but appears more effective as it blocks more info.

Thanks!
__________________
KXKYC JBSOB XBMZE LCVHV WCW
Reply With Quote
Sponsored links
  #2 (permalink)  
Old 10-01-2017, 3:37 AM
teufler's Avatar
Member
  Amateur Radio Operator
Amateur Radio
 
Join Date: Dec 2002
Location: ST PETERS, MISSOURI
Posts: 2,344
Default

ENCYPT is encrypt and you should not hear any audio or understandable audio. I have had some luch listeningh into encrypted traffic, taking a wide guess that the users are using the defalt setting, I have no police traffic in my area using DMR but casinos and I have heard some DMR traffic on Brandmeister. Usually last at night or early in the morning.that have been encrypted. Nostly just experimentors.
__________________
WD0GSYDMR ID 3129226 AND 3129304
BC-396XT,780XLT,TENTEC PARAGON, TYT-2017, MD-390, DM-5R+, ANYTONE 5888,VX10, VX7, VX3,TERMN-8R, F8-HP, GT3, UV-5, UV-3R, WOUXUN UV-8D,JUENTAI UV8DR,
Reply With Quote
  #3 (permalink)  
Old 10-01-2017, 7:52 AM
jonwienke's Avatar
Member
   
Join Date: Jul 2014
Location: PA
Posts: 8,884
Default

Quote:
Originally Posted by teufler View Post
ENCYPT is encrypt and you should not hear any audio or understandable audio.
Not necessarily. It's the Hytera version of RAS. If the voice frames are not encrypted, then the voice content can still be decoded by a scanner, although the TG and UID and other info will not be available. Which is what is happening with DSD.

It's a pointless feature. If your transmission is sensitive enough to warrant encryption, the voice frames should be the first thing encrypted, not the last. Better yet, encrypt all frames, and then scanners get nothing but digital noise.
__________________
Gone camping.
Reply With Quote
  #4 (permalink)  
Old 10-02-2017, 6:49 PM
MSS-Dave's Avatar
Member
   
Join Date: Jan 2010
Location: Generally Central Florida
Posts: 323
Default

"It's a pointless feature. If your transmission is sensitive enough to warrant encryption, the voice frames should be the first thing encrypted, not the last. Better yet, encrypt all frames, and then scanners get nothing but digital noise."

It's not pointless if you run the system and want to prevent a competitor from loading his radios on your stuff. This seems to be just like (operationally)
Moto's Restricted Access to System. Since there isn't a central system "key", it's another way to protect your asset you sell time on.

If you have sensitive voice traffic, ENCRYPT, ENCRYPT, ENCRYPT. AES256 is the best way to go if you can pony up the $$$ for it. At least on Hytera, I'm not sure that Moto is offering that in DMR in NA yet.

Sent from my SAMSUNG-SGH-I337 using Tapatalk
Reply With Quote
  #5 (permalink)  
Old 10-02-2017, 7:09 PM
WQLU507's Avatar
Member
   
Join Date: Jan 2009
Location: Charleston, SC
Posts: 38
Default

I was trying to figure out a use case for this feature and MSS-Dave hit it on the head...operators of systems who lease space. No point in paying for encryption licenses on rental radios for taxis, delivery services and the like, but you also don't want people piggybacking on your system.

I don't think /\/\ is willing to enable AES256 in the US for TRBO. I think it's a P25 only feature for them. Have to keep milking those gov't contracts *eye roll*
__________________
"Never do anything you wouldn't want to explain to the paramedics" -- Anonymous
Reply With Quote
Sponsored links
  #6 (permalink)  
Old 10-02-2017, 11:58 PM
RayAir's Avatar
Member
   
Join Date: Dec 2005
Location: Island of OpenSky
Posts: 1,697
Default

Quote:
Originally Posted by WQLU507 View Post
I was trying to figure out a use case for this feature and MSS-Dave hit it on the head...operators of systems who lease space. No point in paying for encryption licenses on rental radios for taxis, delivery services and the like, but you also don't want people piggybacking on your system.

I don't think /\/\ is willing to enable AES256 in the US for TRBO. I think it's a P25 only feature for them. Have to keep milking those gov't contracts *eye roll*

You could always throw one of the free voice privacy schemes (basic or arc4) in the radios.
Since Hytera basic gives up the key in the frames and ARC4 is only shades better I opted to pay for the advanced licenses for all the radios.

Still curious if the OTA signalling encryption alone messes with DMR scanners..

This is a neat feature.
__________________
KXKYC JBSOB XBMZE LCVHV WCW
Reply With Quote
  #7 (permalink)  
Old 10-03-2017, 6:58 AM
jonwienke's Avatar
Member
   
Join Date: Jul 2014
Location: PA
Posts: 8,884
Default

Quote:
Originally Posted by RayAir View Post
YStill curious if the OTA signalling encryption alone messes with DMR scanners.
To some extent yes. A Uniden x36 can't be programmed as a trunked system, the individual frequencies have to be programmed as conventional DMR in order to receive traffic.
__________________
Gone camping.
Reply With Quote
  #8 (permalink)  
Old 03-22-2018, 10:03 AM
Member
   
Join Date: Oct 2015
Location: Europe
Posts: 74
Default

Quote:
Originally Posted by RayAir View Post
Still curious if the OTA signalling encryption alone messes with DMR scanners..

This is a neat feature.
I can do it for you.
That is weird that only the singalling part is encrypted. But I will have to test if you can have both at the same time (DMRA 40-bit arc4).
If someone has access to hytera with AES it would be good to know if you can use AES to encrypt the voice part and Over the Air Encrypt to encrypt the signaling.
Quote:
"Over the Air Encrypt

--------------------------------------------------------------------------------

This parameter allows you to set whether to enable the Over the Air Encrypt feature. With this feature enabled, the voice, data and signaling transmitted by the radio or repeater over the air interface are encrypted by using the key or encryption algorithm. The repeater can forward and the receiving radio can decrypt the voice, data and signaling only when the key value is correct. This prevents the unauthorized radio from occupying channel resources and interrupting communication.

At present, only signaling can be encrypted and decrypted.
That is from CPS v8.06.01.014
Reply With Quote
  #9 (permalink)  
Old 03-22-2018, 12:54 PM
Member
   
Join Date: Sep 2008
Location: In the 'patch
Posts: 5,021
Default

Quote:
Originally Posted by jonwienke View Post
It's a pointless feature. If your transmission is sensitive enough to warrant encryption, the voice frames should be the first thing encrypted, not the last. Better yet, encrypt all frames, and then scanners get nothing but digital noise.
Not pointless at all.

The OTA Encrypt keeps nosy scanner listeners from mapping your radio system and knowing which radios are using what talk-groups. AES 256 keeps those same listeners from knowing who is using your system.

OTA Encrypt, as others have said, keeps cheapskates from adding radios to your rental system with out paying for those radios.
__________________
Interoperatablity is not a technology, it is an attitude!!!
Reply With Quote
  #10 (permalink)  
Old 03-22-2018, 5:18 PM
RayAir's Avatar
Member
   
Join Date: Dec 2005
Location: Island of OpenSky
Posts: 1,697
Default

Quote:
Originally Posted by mattimac View Post
I can do it for you.
That is weird that only the singalling part is encrypted. But I will have to test if you can have both at the same time (DMRA 40-bit arc4).
If someone has access to hytera with AES it would be good to know if you can use AES to encrypt the voice part and Over the Air Encrypt to encrypt the signaling.


That is from CPS v8.06.01.014

Yes, you can use signalling and voice encryption at the same time. On the current radios in use, signalling encryption is forced while voice encryption is selectable.
__________________
KXKYC JBSOB XBMZE LCVHV WCW
Reply With Quote
  #11 (permalink)  
Old 03-23-2018, 12:43 AM
Member
  Amateur Radio Operator
Amateur Radio
 
Join Date: Apr 2008
Location: pittsboro in / mesa az
Posts: 399
Default

Quote:
Originally Posted by mattimac View Post
That is from CPS v8.06.01.014
I'm assuming you mean for EM5 radios, not NA2, we're still at 8.5.6.11
__________________
jay thompson / CETsr, GROL
COML, COMT trainee
KC9VTT / COML DMAT CA-4
milf CAN'T hear me, I've got private line
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 4:44 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
All information here is Copyright 2012 by RadioReference.com LLC and Lindsay C. Blanton III.Ad Management by RedTyger
Copyright 2015 by RadioReference.com LLC Privacy Policy  |  Terms and Conditions