Справочник Пользователя для Tyco Electronics M7200
MM23016
6.30 ENCRYPTION
In the OpenSky network, both data and voice use a 128-bit or 256-bit key encryption standard published
by the Federal Information Processing Service (FIPS), called Advanced Encryption Standard (AES). AES
is approved by the U.S. Department of Commerce for encryption of classified materials.
by the Federal Information Processing Service (FIPS), called Advanced Encryption Standard (AES). AES
is approved by the U.S. Department of Commerce for encryption of classified materials.
When encryption is enabled on the network, data is encrypted from the MDIS to the Mobile End System
(MES) (e.g., M7200 mobile radio). This form of encryption provides air-link security.
(MES) (e.g., M7200 mobile radio). This form of encryption provides air-link security.
Voice encryption is handled either automatically or manually. Automatic encryption is initiated through
the Network Administration Server (NAS) for a specific talk group and requires nothing from the user.
Manual encryption is initiated by two or more radio users and requires system model control heads. Both
methods of encryption are discussed in the following sections.
the Network Administration Server (NAS) for a specific talk group and requires nothing from the user.
Manual encryption is initiated by two or more radio users and requires system model control heads. Both
methods of encryption are discussed in the following sections.
6.30.1 Automatic Encryption
For automatic encryption, a network administrator will select the talk group to be encrypted at the
interface to the NAS. Once the talk groups have been selected and identified as secure, credentials for key
generation are generated automatically by the system and provisioned to authorized users. This process
requires that authorized users login to the network and be authenticated. Encryption keys require no
manual handling and are never sent “in the clear” over any network interface or air-link.
interface to the NAS. Once the talk groups have been selected and identified as secure, credentials for key
generation are generated automatically by the system and provisioned to authorized users. This process
requires that authorized users login to the network and be authenticated. Encryption keys require no
manual handling and are never sent “in the clear” over any network interface or air-link.
1. “Pls Login” appears displayed in the bottom line of the dwell display.
2. Login normally using the keypad on a system model control head to enter User ID and Password.
If a user is engaged in a call on a talk group encrypted at the network administrator level, “Secure Call”
will appear in the bottom line of the dwell display if the user is logged in to that talk group.
will appear in the bottom line of the dwell display if the user is logged in to that talk group.
If a secure call is in progress elsewhere and the user has not logged in, the bottom of the dwell display
will alternate between “No Access” and the alias of the radio that is currently engaged in the secure call.
will alternate between “No Access” and the alias of the radio that is currently engaged in the secure call.
6.30.2 Manual Encryption (System Model)
Two or more users can manually encrypt a call, if enabled, without an established encrypted talk group. A
pre-determined key is required at each radio.
pre-determined key is required at each radio.
NOTE
The key must be pre-determined by the users prior to making a manually encrypted call on
a talk group. It can be between one and sixteen (1 - 16) digits and it is entered into the radio
using the keypad.
a talk group. It can be between one and sixteen (1 - 16) digits and it is entered into the radio
using the keypad.
If two communicating radios have different (manually-defined) keys, receive audio at each
radio will sound garbled.
radio will sound garbled.
With manual encryption enabled, unencrypted radio users on the talk group can still make standard voice
(unencrypted) calls on the talk group. However, if an unencrypted user attempts to transmit on the talk
group when one of the encrypted users is already transmitting on the talk group, the unencrypted radio
will sound a deny tone and “No Access” will appear in the display. Also, the encrypted user can hear
standard unencrypted calls, but cannot respond while still manually encrypted.
(unencrypted) calls on the talk group. However, if an unencrypted user attempts to transmit on the talk
group when one of the encrypted users is already transmitting on the talk group, the unencrypted radio
will sound a deny tone and “No Access” will appear in the display. Also, the encrypted user can hear
standard unencrypted calls, but cannot respond while still manually encrypted.
CAUTION
Do not set a talk group for manual encryption if it has been set for encryption by the
network administration personnel.
network administration personnel.
36