COMSEC

Radio Encryption

Published by Kent

OPSEC and COMSEC  2020 update

Two key elements in Tactical Operations are OPSEC (operational security) and COMSEC (communications security).  Though quite different in overall meaning, both terms go hand in hand and you can not achieve one without the other.

OPSEC means the security of the complete operation.  Whether we are talking about security of a SWAT or SRT team, or the personal safety to Search & Rescue Team members, OPSEC is paramount.

COMSEC consists of securing your radios well enough that your internal communications can not be monitored.  Once you have achieved COMSEC you can feel free that any use of your radio communications gear will not effect OPSEC.  If at any time you feel your radio communications are vulnerable you have completely lost OPSEC.

Encryption

The only way to achieve COMSEC is through encryption.  There are different forms and security levels of encryption.  The basic rule of thumb is:  the more you spend, the better your encryption.  I will outline a few possibilities here, but first, a little background.

Radio Encryption Background

We basically have two types of radio transmission mediums:  1. Analog  and 2. Digital.  We have two types of Encryption: 1. Analog  and 2. Digital.  You can use both types of encryption in an Analog medium.  You can only use Digital Encryption if you use a Digital medium.

When we talk digital encryption, the length of the key code is listed in bits.  The more bits the more secure the code.  (have I lost you yet? 🙂 ) Keep in mind that once you choose an encryption format, all radios in your fleet must have the same encryption.

Analog Medium

Analog Encryption.  THRE IS NO SECURE ANALOG ENCRYPTION

DVP, DVP-XL (digital encryption) is an older Motorola format in Motorola radios only.  Not very secure, but lowered radio range.  Repeater also needs to be DVP capable.

Cost:  low on used market.  (No new equipment.)

Digital medium

The four main digital mediums today are P25, DMR, NEXEDGE/IDAS and D-Star. In basic terms these are the common air interfaces (CAI) that enable the radios and repeaters to work together. You must first choose a CAI then choose an encryption format. ***Anything less that AES-265 has the potential of being compromised***

AES-256 encryption is the gold standard today.  Employed by most government and public safety departments using P25 today. It is supposedly fool-proof.  It was partially written by the NSA and is open source for Internet Traffic.  Motorola owns an AES implementation for radio, SO if you want another brand to communicate with a Motorola radio, you must use the Motorola AES build.  Some radio manufactures do offer a Motorola compatible AES, some do not.

You can buy AES options for most modern digital radios today.  Cost: $500 – $900 depending on the model of radio. (this is a ripoff because AES is open source,  most manufactures give AES free in Europe and charge huge amounts in the USA)

Kenwood/Icom have basic encryption included in their NEXEDGE/IDAS format, or you can add AES.

Motorola Mototrbo DMR format has 13 bit and 40 bit included. With NO AES option.  Hytera adds $220 for AES-256. Kenwood is $400 for AES in the DMR format radios.

I sell some Off shore Part 90 certified radios with AES-256 included.  Current models are NOT Motorola compatible the next generation will be Motorola friendly.  Please call and check stock as we are waiting for the new compatible model to arrive.

D-Star is primarily a Ham format so there is not a lot of encryption available.

As for me…

All encryption schemes EXCEPT AES-256 have been compromised.   I only use AES-256.