Encryption - secure communication between different manufacturers

[cbeaumont]

I've been several evaluating radios for potential use (with encryption) for a client's deployment and migration.
Regardless of which is chosen, if possible, I would prefer to not lock them into any single manufacturer in case anyone closes, and so they have flexibility in their selection. It would also be nice to have compatibility with some of the radios I personally use, such as the TYT TH9600 AnyTone AT-D878UVII Plus, and Anytone AT-D578UV-PLUS (or for those to work together).

I have been testing and unable to successfully get encryption to work between radio manufacturers. I have tested several configurations and variations with radios such as: TYT MD-UV380, MD-UV-390 or TH9600 s Radioddity GD-73, Radioddity GD-77, AnyTone AT-D878UVII Plus, Anytone AT-D578UV-PLUS, Retevis RT43, Baofeng DM-1701, Baofeng DM-1801, Baofeng DM-5rPlus, and the super low end Cotre cp1, and Cotre cp3 (because client's volunteers tend to destroy radios).

Does anyone have experiance successfully getting encryption to work between different manufacturers, or have any configuration details that would assist with working interoperability with any of those radios, such as detailed information regarding the encryption type(s), key input, hash methods, or anything else related might be helpful?

So far I haven't seen any detailed documentation from any manufacturer in their manuals or seperately regarding encryption, and in some cases there is literally non specifying which they use, or specific key entry details (since key entry in their CPS is also inconsistant).
The only answer I get from the couple of manufacturers, which isn't an answer at all, is that they each use a different cipher/mode/Initial Vector so that you have to use their radios on both ends. In fact, in most cases, they seem to not know much about encryption at all.
While I might appreciate that a manufacturer might include a "in manufacturer" level of security, but it seems to me that encryption (when based on a standard such as AES128, AES256, or ARC04 should be interoperable regardless of whos radio is being used.... or at least they should allow a basic level, even if only ARC04.

Has anyone decrypted or reverse engineered the hash/seed/method for different manufacturers, or is there any software that can allow a common encryption key to generate manufacturer specific keys (accomidating for the difference in cypher/mode) allowing radios to introperate?

I have not tried to use SDR/DSDplus or similar to see or compare output (with a known key).... Icertainly don't want to dive into that if someone already has (and Im not sure I do anyway.)
If I did... (or if someone else has the skills)... conceptually, using the same encryption key in different radios, and sending consistant data (such as a text message), I am wondering if the output data (with the encryption key) could be used to find the cipher/mode (e.g. Base64/Hex; Initial Vector; CBC , GCM, ECB, CTR, etc) used by the manufacturer(s).

Thank you!!

To hopefully head off the common flaming I see whenever encryption is talked about....
This is intended for commercial use on a commercial frequency.
This is not about "how do I decrypt someones transmissions without the encryption key"
This is not about using encryption on HAM/GMRS.
This is not about is encryption good/bad/legal/illegal on a frequency or country.
Qualified, helpful information only PLEASE.
Encryption is in the radios... so lets talk about it and learn about it

PS... it seems like there should be a freestanding encryption topic. I didn't see one, but there have been many posts in other topics.

 

[techman210]

Those poor, poor, customers

 

[mmckenna]

Those poor, poor, customers

Indeed.


You need to get away from the Cheap Chinese Radios. Don't be the guy that sells a commercial user radios like that. It may look good from a budget standpoint, but you'll quickly be hated. They do not belong in a commercial application.

You mention that this is for commercial use, so paying attention to FCC rules is going to be required. Ham/consumer grade radios are not the right tool for the job. Frequency coordination/licensing will be required. Suitable type accepted radios will be mandatory. That will require you to focus on legit Part 90 radios….

You need to decide how much encryption you need. There are different levels. RC4 (Called ADP by Motorola) is one of the lower common standards.
AES-256 is one of the higher standards.

Making sure you find radios that work on an established standard should be task #1.
Unless you are doing public safety (actual public safety, not "security") then there's no need to pay the premium for AES-256.
RC4/ADP is plenty for any sort of commercial application. If security is so tight that you need something more than that, then you need to not be looking at Chinese radios and need to bring in a professional to design the system and have proper key management procedures.

I'd start with Kenwood or Motorola DMR equipment. Both can be had with RC4 encryption.
Something like a Kenwood NX-1200/1300 is a good basic radio that will do DMR and can be provisioned with RC4 encryption easily enough, Kenwood refers to it as "ARC4" and it is an inexpensive software key add on to the radio.

Those are durable radios, I've got a bunch of them in use at work. They are also inexpensive and well backed up by the manufacturer.
If you need something more, the Kenwood NX-3200/3300 will do what you need with additional capabilities.

Those radios will get them DMR with encryption that will be compatible with Motorola DMR radios. They'll have the necessary Part 90 certifications, and will be something that will actually stand up to commercial use.

 

[alcahuete]

To expand on the above comment, none of the radios you list really have any place being used by anyone other than hobbyists. They are Cheap Chinese Radios (CCR). Hence you are going to run into the exact problem you mention. There is no standard at all between the CCRs.

The only exception in that group are the Anytones. The 578 and 878 do support AES-256 encryption out of the box. That will not be compatible with any of the other CCRs, but they will be compatible with other real radios.

Good luck!

 

[R8000]

I've been several evaluating radios for potential use (with encryption) for a client's deployment and migration.

This is intended for commercial use on a commercial frequency.

There are so many red flags here, there's nowhere to begin.
Is this a serious question or just a troll posting?

 

[cbeaumont]

I absolutely understand and appreciate the sentiment regarding CCR. For the record... I am not trying to sell them anything myself...I have them order directly... I don't middleman.. and I dont make anything from the radio sales... just trying to find a solution.
In this case... there is a fairly regular reoccurance of radios being treated abusively... thrown, dropped, submerged, etc... but only by some of the "volunteers" so the idea of replacing a $100ish (or less) radio became preferrred to repair costs... especially when they were using motorolas. The only reason I even tested the ultra CCR Corte (at $25) "disposable radios' was for those 'special' volunteer users. Regular staff is fine, so there isn't as much concern for actual commercial radios.


They are on licensed UHF frequencies (1w seems to be fine for their campus), and were using beatshift inversion previously, so lower encryption is fine, and certainly an improvement.Communication is similar to HIPPA regarding privacy concerns, both between staff, and sometimes between security or from security to staff.
Also, in the back of my mind, there has been discussion of eventually adding a repeater for some staff when they are off campus... Motorola would be my hope on the repeater side.

The Anytone has AES (256) and "Common" which may be RC4/40bit, but I was unable to get "common" to talk to anything else.
There is a mention in the post at Anytone - Anytone 878 FW 1.14 Encryption
that suggests that there were changes between firmware 1.13 and 1.14 which may effect AES256 (maybe AES128 "Enhanced" before?) and possibly "Common" as well. I didn't test then, so not sure.
It also mentions "TYT 128 bit enhanced privacy which is really only a generated 49 bit key stream to XOR over the plaintext"... which may explain incompatibility.

The NX-1200/NX-1300 at $300-$400ish per may be a good option (they would be happier with $70-$150 per, but maybe the duribility and IP rating for water may help). Has anyone confirmed if they can encrypt between them and an Anytone 878/578?

 

[cbeaumont]

There are so many red flags here, there's nowhere to begin.
Is this a serious question or just a troll posting?

Troll?
yes, its a real question... and what would this question troll?
I'm asking for information about encryption, and equipment interoperability.

Moost documentation regarding encryption from most manufacturers is terrible... usually only a mention, but zero information regarding what is being used.

There isn't a consistant thread of actual information regarding the encryption in each radio on this site or others... only mostly (unhelpful) comments like yours and techman210's... which if I have a reaction to... are technically more troll like... coincidently reflected in you messages score (and some other posts).


Anyway:
The hope is that a) someone knows encryption (radio encryption hopefully)
or b) someone has had success with getting some of these (even CCR) radios to communicate securly

BUT - Thank you for taking the time to help, or comment... :/

 

[alcahuete]

The Anytone has AES (256) and "Common" which may be RC4/40bit, but I was unable to get "common" to talk to anything else. There is a mention in the post at Anytone - Anytone 878 FW 1.14 Encryption
that suggests that there were changes between firmware 1.13 and 1.14 which may effect AES256 (maybe AES128 "Enhanced" before?) and possibly "Common" as well. I didn't test then, so not sure.

No. "Common" has never worked with RC4, regardless of firmware version. AES-256 on the Anytone absolutely works with other AES-256 radios. Like I already said above, that is going to be your only option currently for interoperability with real radios until the CCR manufacturers come out with something else.

 

[mmckenna]

In this case... there is a fairly regular reoccurance of radios being treated abusively... thrown, dropped, submerged, etc... but only by some of the "volunteers" so the idea of replacing a $100ish (or less) radio became preferrred to repair costs... especially when they were using motorolas. The only reason I even tested the ultra CCR Corte (at $25) "disposable radios' was for those 'special' volunteer users. Regular staff is fine, so there isn't as much concern for actual commercial radios.

I get it.
However, most of these Cheap Chinese Radios are lacking Part 90 certification, which is REQUIRED in the USA. Recommending a non-type accepted radio puts their license at risk. If you are going to act as a consultant, then make 100% sure what you are recommending meets all the requirements.

Also, in the back of my mind, there has been discussion of eventually adding a repeater for some staff when they are off campus... Motorola would be my hope on the repeater side.

That is good thinking, but don't get hung up on brand names. There are a lot of good options out there that will work just as well for less money.

The NX-1200/NX-1300 at $300-$400ish per may be a good option (they would be happier with $70-$150 per, but maybe the duribility and IP rating for water may help). Has anyone confirmed if they can encrypt between them and an Anytone 878/578?

That's list price. Should be able to procure them quite a bit cheaper than that. 30% off list is pretty standard for most purchasing contracts.

 

[mmckenna]

Troll?
yes, its a real question... and what would this question troll?

Your post ticked a lot of the boxes for self proclaimed "radio consultants", especially with the mention of many non-type accepted radios. We get a lot of posts on here from people that have grand ideas, but zero technical knowledge to back it up.
You have a good question, it just has the slightest scent of one of those older posts.
Don't take it personal….

Moost documentation regarding encryption from most manufacturers is terrible... usually only a mention, but zero information regarding what is being used.

When you are dealing with this ultra low tier radios, that's what you'll get. The manufacturer wants you to buy the radio and will tell you whatever they think will make that sale. They are usually low spec equipment that has terrible performance and they don't want to give out any info that will make that obvious.
If you start looking at higher tier equipment, the documentation is all there.

There isn't a consistant thread of actual information regarding the encryption in each radio on this site or others....

That's because this is a hobby oriented site. There are radio chat boards that cater to professional radio guys that do discuss this sort of stuff, but usually centered around name brand professional/public safety grade radios.

Most of the discussions you'll see on this site are knee jerk reactions by scanner hobbyists who don't understand encryption and are mainly upset because their chosen form of entertainment has been threatened.

Anyway:
The hope is that a) someone knows encryption (radio encryption hopefully)
or b) someone has had success with getting some of these (even CCR) radios to communicate securly

You are not going to find much help with the CCR's. While there is the one mentioned that will do AES256, the rest of them are very low tier/proprietary methods of encryption/scrambling.

If you want interoperable encryption, you're going to need to set your sight higher than the sub-$100 radios.

Sounds like they need some quality radios that will stand up to abuse. Motorola is usually a good name, but some of their lower tier radios are simply polished turds that don't belong in the commercial world.
And, it sound like they need to talk to some of the people that abuse the radios. We usually encourage/require some level of user training to prevent this sort of stupidity.

 

[RFI-EMI-GUY]

Dont bother with any radios that are not Part 90 FCC certified and lack EIA/TIA603D , and/or ETSI DMR industry certification. everything else is unsuitable for reliable commercial use.

For the IT type's, the physical layer is very important in LMR. Cheesy equipment won't hack it.

 

[cbeaumont]

First, I appreciate severalof the comments above. There were a few things I had not considered... such as the effect of non Part 90 on the license.

Sounds like they need some quality radios that will stand up to abuse. Motorola is usually a good name, but some of their lower tier radios are simply polished turds that don't belong in the commercial world.
And, it sound like they need to talk to some of the people that abuse the radios. We usually encourage/require some level of user training to prevent this sort of stupidity.

They were using motorola (about 10 of them) and they would get broken constantly... resulting in monthly hundred dollar repairs. They switched to commercial looking (no keypad) CCRs ... with beat shift... but then grewto about 50 radios... with a few being replaced per month (still way cheaper). The manufacturer changed chips in their model (no change in model number or other designation) which made ANY NEW radio incompatible with the older ones (or TYT or a keypad/HAM version from the same company.) PS... I know... not a shock... I just became the one to drill into WHY they stopped working... and argued with the manufacturer until their engineers confirmed the issue and chip change.
I DO NOT want to become a radio consultant either... I have a long standing background in other areas... some of which really stumps me that there isn't much more focus on encryption amongst the radio community based on the common technical ability and knowledge in the community... which I mean as a compliment.

The problem with the radio abusers... is there is constant turn over... and the personality profile... well... is not often prone for responsibility. So... there isn't really a way to remedy the people pool.

My preferred direction is definately to have commercial level radios for the staff... I was hoping to find a less painful devicethat could still communicate securely for the abusers. Seems like not.

 

[RFI-EMI-GUY]

First, I appreciate severalof the comments above. There were a few things I had not considered... such as the effect of non Part 90 on the license.



They were using motorola (about 10 of them) and they would get broken constantly... resulting in monthly hundred dollar repairs. They switched to commercial looking (no keypad) CCRs ... with beat shift... but then grewto about 50 radios... with a few being replaced per month (still way cheaper). The manufacturer changed chips in their model (no change in model number or other designation) which made ANY NEW radio incompatible with the older ones (or TYT or a keypad/HAM version from the same company.) PS... I know... not a shock... I just became the one to drill into WHY they stopped working... and argued with the manufacturer until their engineers confirmed the issue and chip change.
I DO NOT want to become a radio consultant either... I have a long standing background in other areas... some of which really stumps me that there isn't much more focus on encryption amongst the radio community based on the common technical ability and knowledge in the community... which I mean as a compliment.

The problem with the radio abusers... is there is constant turn over... and the personality profile... well... is not often prone for responsibility. So... there isn't really a way to remedy the people pool.

My preferred direction is definately to have commercial level radios for the staff... I was hoping to find a less painful devicethat could still communicate securely for the abusers. Seems like not.

There are in fact encryption standards in P25 radios. One standard! The P25 digital common air interface is a standard and the standard encryption flavor is AES256 if you wish to have guaranteed vendor - vendor interoperability. There are several vendors to choose from. P25 is not cheap. It should be because it is supposed to be a competitive standard.

Once you drift out into the ETSI DMR world, the encryption standardization dissolves. You can buy low cost radios from MAXON which are DMR and also have AES256 encryption. You could buy same from Hytera , though they seem to be squashed under the thumb of TPTB. Does a MAXON AES256 talk to a Hytera or Tait DMR radio? That would take some research.

 

[natedawg1604]

First, I appreciate severalof the comments above. There were a few things I had not considered... such as the effect of non Part 90 on the license.



They were using motorola (about 10 of them) and they would get broken constantly... resulting in monthly hundred dollar repairs. They switched to commercial looking (no keypad) CCRs ... with beat shift... but then grewto about 50 radios... with a few being replaced per month (still way cheaper). The manufacturer changed chips in their model (no change in model number or other designation) which made ANY NEW radio incompatible with the older ones (or TYT or a keypad/HAM version from the same company.) PS... I know... not a shock... I just became the one to drill into WHY they stopped working... and argued with the manufacturer until their engineers confirmed the issue and chip change.
I DO NOT want to become a radio consultant either... I have a long standing background in other areas... some of which really stumps me that there isn't much more focus on encryption amongst the radio community based on the common technical ability and knowledge in the community... which I mean as a compliment.

The problem with the radio abusers... is there is constant turn over... and the personality profile... well... is not often prone for responsibility. So... there isn't really a way to remedy the people pool.

My preferred direction is definately to have commercial level radios for the staff... I was hoping to find a less painful devicethat could still communicate securely for the abusers. Seems like not.

What Motorola Radios were they using? FRS/GMRS bubble packs? There's a lot of people still using Moto portables made 30-40 years ago, more would probably still be in service if it wasn't for narrow banding.

 

[DeoVindice]

1) The client needs to train their volunteers better. If they won't treat the equipment properly, get rid of them. Who knows what else they're doing wrong and/or dangerously.

2) Second what mmckenna said. I've seen NX-3000-series portables stand up to serious industrial use in mines, and the NX-1000 shouldn't be much worse with the exception of the 2-pin connector. Use in wet environments should automatically trigger an upgrade to 14-pin connectors.

3) Don't rule out used TRBO radios from a reputable dealer. You may be able to get better radios at similar cost to the Chinese stuff.

 

[mmckenna]

The problem with the radio abusers... is there is constant turn over... and the personality profile... well... is not often prone for responsibility. So... there isn't really a way to remedy the people pool.

Got it, I understand.

My preferred direction is definately to have commercial level radios for the staff... I was hoping to find a less painful devicethat could still communicate securely for the abusers. Seems like not.

How badly is encryption needed?
The sticking point here is the common encryption standard. That's going to push you into more expensive radios. If you can make do with out encryption, and even run analog, you can get durable radios a whole lot cheaper.

 

[FKimble]

With the high turnover and the apparently lower tier level workers, sounds like encryption is the least of their worries. Maybe some cheap bubble packs for the low level folks an at least a 2 channel "good" radio for the upper level so they can talk enc. to each other and non-enc. to the workers.

Frank

 

[MTS2000des]

If terrestrial cellular coverage is available, a PTToC app like Zello, Wave on Cloud, or similar would be more feasible. Have employee of the day download app, authorize them on the talkgroup via portal, delete credentials when they quietly quit. LTE is 100 percent encrypted, no worries of unauthorized users nosing in, and the client portals for things like Wave (CAT UI) give the admin total control over who comes and who goes.

No expensive walke-talkies with AES-256 encryption to buy, managing encryption keys, code plugs, worrying about your info being leaked on hobbyist websites, etc.

CAPEX cost is way lower. Everyone has a cellphone. A good quality BT RSM and they can have "cop like" user experience with "better than cop" encryption.

 

[rescue161]

A luxury transceiver is the only way to go!

Check 6!

 

[RFI-EMI-GUY]

I don't know how MAXON ranks with respect to performance, but they do have two tiers of inexpensive UHF and VHF DMR radios with AES256. They are also eager to gain dealerships.