• To anyone looking to acquire commercial radio programming software:

    Please do not make requests for copies of radio programming software which is sold (or was sold) by the manufacturer for any monetary value. All requests will be deleted and a forum infraction issued. Making a request such as this is attempting to engage in software piracy and this forum cannot be involved or associated with this activity. The same goes for any private transaction via Private Message. Even if you attempt to engage in this activity in PM's we will still enforce the forum rules. Your PM's are not private and the administration has the right to read them if there's a hint to criminal activity.

    If you are having trouble legally obtaining software please state so. We do not want any hurt feelings when your vague post is mistaken for a free request. It is YOUR responsibility to properly word your request.

    To obtain Motorola software see the Sticky in the Motorola forum.

    The various other vendors often permit their dealers to sell the software online (i.e., Kenwood). Please use Google or some other search engine to find a dealer that sells the software. Typically each series or individual radio requires its own software package. Often the Kenwood software is less than $100 so don't be a cheapskate; just purchase it.

    For M/A Com/Harris/GE, etc: there are two software packages that program all current and past radios. One package is for conventional programming and the other for trunked programming. The trunked package is in upwards of $2,500. The conventional package is more reasonable though is still several hundred dollars. The benefit is you do not need multiple versions for each radio (unlike Motorola).

    This is a large and very visible forum. We cannot jeopardize the ability to provide the RadioReference services by allowing this activity to occur. Please respect this.

DMR vs P25 - Encryption standards and software vs hardware encryption

U

UglyViking

Member
Premium Subscriber
Joined
Oct 21, 2022
Messages
18
Hey all,

I'm really hoping this doesn't turn into a flame war or anything, I'm just trying to better understand the key differences in implementation.

Question
I'm aware that companies like Anytone, Hytera, Motorola, etc. offer encryption in their DMR radios, and I know that Anytone and Hytera specifically offer AES-256 encryption. Meanwhile, P25 radios from EFJ, Motorola, etc. also offer AES-256 encryption. I can only speak direct experience to older EFJ 5100/5300 series radios and the XTS line requiring keyloaders in order to encrypt them, and that the encryption is done on the hardware via a custom board. My question is, how is AES-256 done on the DMR side? Are there crypto boards on DMR radios? Do modern P25 radios no longer have crypto boards and they have unified the design?

I know that P25 radios are pretty hardened against physical attacks so that, as an example, if a police officer loses a radio someone can't just pull they keys and listen in. I'm curious how DMR handles something like this? I also realize that you can easily avoid any real issue here by simply rotating keys in a semi-consistent manner, and doing a forced key change upon a radio getting lost, so this isn't really for any real application and more so just pure interest at this point from some of the conversations I've read online.

If anyone can point me to anything on the subject it would be awesome, as I'm struggling to find any real data out there.
 
tweiss3

tweiss3

Is it time for Coffee?
Premium Subscriber
Joined
Apr 24, 2020
Messages
1,081
Location
Ohio
Modern P25 radios do require an encryption board, some are standard, some are optional equipment. Currently KVL loading is the "standard" but some offer software loading of the encryption boards, but it is typically frowned upon by most large P25 systems.,

DMR encryption is software loaded only, and does not require a separate encryption board.
 
KE4ZNR

KE4ZNR

Radio Geek
Premium Subscriber
Joined
Jan 21, 2002
Messages
7,263
Location
Raleigh, NC
tweiss3 said:
Modern P25 radios do require an encryption board, some are standard, some are optional equipment. Currently KVL loading is the "standard" but some offer software loading of the encryption boards, but it is typically frowned upon by most large P25 systems.,

DMR encryption is software loaded only, and does not require a separate encryption board.
Click to expand...

Yep. As a general rule of thumb AES encryption in Motorola Mid/High Tier radios is handled in the MACE chip in the radio itself. You can learn more about the Motorola Advanced Crypto Engine (MACE) in the following pdf:
https://csrc.nist.gov/CSRC/media/pr...ram/documents/security-policies/140sp3948.pdf
 
U

UglyViking

Member
Premium Subscriber
Joined
Oct 21, 2022
Messages
18
tweiss3 said:
Modern P25 radios do require an encryption board, some are standard, some are optional equipment. Currently KVL loading is the "standard" but some offer software loading of the encryption boards, but it is typically frowned upon by most large P25 systems.,

DMR encryption is software loaded only, and does not require a separate encryption board.
Click to expand...
Don't some large scale P25 systems leverage OTA rekey? I'd assume that is technically software as middle layer between the crypto chip and the OTA update?

My main assumption here is that the KVL and crypto chip offer two main advantages.
  1. Only authorized users can keyload, as KVLs are a physical interface that are highly guarded, vs software which is much easier to hand out.
  2. The crypto chip is much more resilient to physical attacks since the I/O for the chips are relatively small (power, load/read keys, status from test, etc.)
Does that sound about right?

KE4ZNR said:
Yep. As a general rule of thumb AES encryption in Motorola Mid/High Tier radios is handled in the MACE chip in the radio itself. You can learn more about the Motorola Advanced Crypto Engine (MACE) in the following pdf:
https://csrc.nist.gov/CSRC/media/pr...ram/documents/security-policies/140sp3948.pdf
Click to expand...
Thanks for sharing, that's an interesting flip through for sure, I'll have to dig into it more. Seems like that is the older version of FIPS as they are now on 140-3 I believe? Either way, it's a nice overview of the chip and it's architecture at a high level.

Are you aware of anything from any DMR handset? It would be interesting to compare/contrast an anytone/hytera with that moto sheet.
 
You must log in or register to reply here.

Similar threads

J
Encryption and Patching?
Replies
5
Views
694
wa8pyr
wa8pyr
K
AnyTone AT-D878UVII Plus vs. BTECH DMR-6x2 Pro
Replies
2
Views
436
KQ4MVE
K
jcefd10
NX5200 DMR question
Replies
8
Views
831
otobmark
O
D
L3Harris P25 Phase 2 Call - Source Address Anomaly
Replies
3
Views
447
lwvmobile
lwvmobile
H
DMR Hotspot Question
Replies
9
Views
1K
marjam49
M
Top