Montgomery County - New TG 304 "MC Park PD Secure"?

dmi

CyOps | Frequency Analyst
Premium Subscriber
Joined
Oct 3, 2007
Messages
192
Location
LoCo MoCo, MD
Montgomery County, MD Trunking System

New Hit:
Very active within last week (First Hit within last few months)

TG 304 (hex: 013) - TG 312 (ID+8) with Motorola Type II Status Bit ID+8 DES Encryption Talkgroup

ID on TG included 'MC Park PD Unit 120' and senior officers.

For now I'm labeling it as:
• TG 304 - MC Park PD TAC Secure

-jay
 

maus92

Member
Premium Subscriber
Joined
Jun 23, 2004
Messages
5,209
Location
Annapolis
Weird they would spend the money for the encryption now when the new system comes online in a few months - maybe Moto made the licensing transferable.
 

gesucks

Member
Premium Subscriber
Joined
Dec 19, 2002
Messages
673
Location
Our Nation's capitol
Weird they would spend the money for the encryption now when the new system comes online in a few months - maybe Moto made the licensing transferable.
What licensing? Their APX radios all already have encryption. To make a talk group encrypted is just a check box in the CPS and in the trunking controller.
 

maus92

Member
Premium Subscriber
Joined
Jun 23, 2004
Messages
5,209
Location
Annapolis
What licensing? Their APX radios all already have encryption. To make a talk group encrypted is just a check box in the CPS and in the trunking controller.
I didn't know that SmartZone is ASTRO 25 - did MC upgrade its core previously? SmartX Site Converters?

IMPLEMENTATION CONSIDERATIONS The system must be at a minimum ASTRO 25 Release 7.9 with the Radio Authentication feature purchased at the system and individual radios. Many existing XTL and XTS radios, along with the APX family of radios, can be software upgraded to enable the Radio Authentication feature, allowing systems with large fleets to take advantage of this solution. In addition, radios that access multiple ASTRO 25 systems can authenticate with multiple systems if the feature is available on each system.
 
Last edited:

maus92

Member
Premium Subscriber
Joined
Jun 23, 2004
Messages
5,209
Location
Annapolis
Adding that you likely know more than me wrt what is actually installed on their radios. Here's an example of various list prices of APX 8000 radio and option costs in 2015. Quantity discounts reduce costs by ~25-30%

Screen Shot 2020-06-25 at 9.42.13 AM.png
 

ResQguy

Meh
Premium Subscriber
Joined
Dec 19, 2002
Messages
1,290
I didn't know that SmartZone is ASTRO 25 - did MC upgrade its core previously? SmartX Site Converters?

IMPLEMENTATION CONSIDERATIONS The system must be at a minimum ASTRO 25 Release 7.9 with the Radio Authentication feature purchased at the system and individual radios. Many existing XTL and XTS radios, along with the APX family of radios, can be software upgraded to enable the Radio Authentication feature, allowing systems with large fleets to take advantage of this solution. In addition, radios that access multiple ASTRO 25 systems can authenticate with multiple systems if the feature is available on each system.
You just went way off the reservation. Encrypting a talkgroup has nothing to do with radio authentication. Surely you are aware there are dozens of talkgroups that have been using DES-OFB since the system went online in 2001.
 

maus92

Member
Premium Subscriber
Joined
Jun 23, 2004
Messages
5,209
Location
Annapolis
You just went way off the reservation. Encrypting a talkgroup has nothing to do with radio authentication. Surely you are aware there are dozens of talkgroups that have been using DES-OFB since the system went online in 2001.
Thanks for point that out. I was under the impression that APX radios had to be authenticated on the network to use AES encryption and OTAR.
 
Last edited:

maus92

Member
Premium Subscriber
Joined
Jun 23, 2004
Messages
5,209
Location
Annapolis
using AES (or any encryption for that matter) on the system has nothing to do with OTAR on the system.
Authentication has nothing to do with key management? Maybe "authentication" means something different wrt radio networks.
 
Last edited:

dpcain

Member
Premium Subscriber
Joined
Dec 14, 2008
Messages
1,437
Location
MD
Oh god it's off the rails.

Voice encryption can be DES or AES and does not require OTAR. All keys for a radio can be loaded direct from a keyfill device.

OTAR operates as an independent data service and can fill DES or AES on any capable and configured radios, whether APX or otherwise.

Radio Authentication is a separate system service used to allow access to the radio system as a whole by authenticating individual radios in handshake. It is separate from voice encryption or OTAR.
 

maus92

Member
Premium Subscriber
Joined
Jun 23, 2004
Messages
5,209
Location
Annapolis
Voice encryption can be DES or AES and does not require OTAR. All keys for a radio can be loaded direct from a keyfill device.
Understood.

OTAR operates as an independent data service and can fill DES or AES on any capable and configured radios, whether APX or otherwise.
Understood.

Radio Authentication is a separate system service used to allow access to the radio system as a whole by authenticating individual radios in handshake. It is separate from voice encryption or OTAR.
This is what I don't understand. Why would someone build a network that is capable of providing secure voice that does not authenticate devices attempting to access the network before assigning them crypto keys OTA? It seems to me that you would want RA to be operating on a system that distributes keys using OTAR, even though it may not be technically not required.

I thought that there were licensing costs and hardware options that are required to enable encryption on a per channel basis. Apparently that is not true, at least with subscribers. What I learned is AES (or DES) is a single line item option cost that facilitates any number of encrypted tgs on the subscriber side. What I am unclear about is there a cost on the infrastructure side other than a key management platform or key loaders? Like additional licensing for each base radio, site, or other device?
 

dpcain

Member
Premium Subscriber
Joined
Dec 14, 2008
Messages
1,437
Location
MD
The OTA keyfilling is authenticated separately. RA is for system access. OTAR key management is for key access. There's another layer you're not seeing there- OTAR depends on its own separate authentication of each radio just in order to transfer the keyfill.

And yes there's cost for implementing a KMF for OTAR or buying KVLs, but no cost to encrypt a talkgroup.
 

villlythekid

Member
Premium Subscriber
Joined
Aug 25, 2019
Messages
80
Location
Montgomery County, MD
When you say "they" what / who are you referring to? TG304, the MNCPPC Park Police, or the entire county police force?
I was referring to MNCPPC Park Police. False alarm: it turns out that it was just the Broadcastify that was down as transmissions were coming in loud and clear on my BCD996P2.
 

dmi

CyOps | Frequency Analyst
Premium Subscriber
Joined
Oct 3, 2007
Messages
192
Location
LoCo MoCo, MD
I'm also curious if (tg 304) is patched/linked to systems such as MD FIRST. It doesn't seem to match the talkgroup matrix.

Jay
 

maus92

Member
Premium Subscriber
Joined
Jun 23, 2004
Messages
5,209
Location
Annapolis
I'm also curious if (tg 304) is patched/linked to systems such as MD FIRST. It doesn't seem to match the talkgroup matrix.

Jay
I doubt it is "patched" to FIRST, considering FIRST is not deployed in MC or PG yet. But, it *may* be linked to PG considering MNCPPC Park Police operate in both counties. Weird tg number however.
 

motorcoachdoug

Member
Premium Subscriber
Joined
Aug 29, 2012
Messages
284
Location
Silver Spring, MD
I was listing to RINS 3 this morning here in Montgomery Aspen Hill area around 5:50am and this ID popped up ID DDS 386 popped up. That is a strange new ID on RINS 3. I know that MFD sometimes used RINS 3 and they call it the Oscar channel.
 
Top