MOTOTRBO: Setting up AES

***UPDATED 30.04.18***


MOTOTRBO offers three types of privacy mechanisms – Basic, Enhanced, and Advanced Encryption Standard (AES). Basic Privacy utilizes an 8-bit  XOR algorithm and therefore may not interoperable with other vendor’s privacy offerings.

Enhanced Privacy uses the well-known Alleged RC4 algorithm. The key length is 40 bits.
Enhanced Privacy should inter-operate with other vendors encryption, provided they use the same algorithm and key length. 

AES is a specification for the encryption of electronic data, established by the US National Institute of Standard and Technology. Additionally, the DMR Association has defined a specific method that AES can be used for DMR voice encryption. MOTOTRBO supports AES Payload Encryption with 256-bit shared encryption key length as defined in DMR Association standard.

The main differences between Basic and Enhanced Privacy is that Enhanced Privacy provides a higher level of protection and supports multiple keys in a radio, compared to one key in the case of Basic Privacy. AES has a higher level of protection when compared to Enhanced Privacy. Like Enhanced Privacy, AES supports multiple keys in a radio.

These three privacy mechanisms are not interoperable with each other. Basic and Enhanced Privacy mechanisms cannot operate in a radio at the same time. Similarly, AES can only coexist with Enhanced Privacy.

Also, it is not possible for Basic Privacy to coexist with Enhanced Privacy. But, it is possible for Enhanced Privacy to coexist with AES on a repeater. In direct mode, all the radios which communicate with each other on the same talkgroup must use the same privacy mode.

No configuration is required in the repeater to support AES -  other than setting the Privacy to Enhanced.The repeater does not encrypt or decrypt any encrypted payload - this done in the radio or MNIS. 

AES and Symmetric Key options are visible in the CPS only if the AES feature is purchased. The part number for the AES Licence is HKVN4241A. The radios and MNIS instances in a system require configuration for AES. In the CPS and MNIS Configuration Tool, the Symmetric Keys are listed in the Security page under AES.

Setting the Privacy to None or Enhanced is independent from the Symmetric Keys configuration. Basic Privacy does not work with AES so if it's selected, the radio/MNIS bypasses AES for any transmissions, even if Symmetric Keys are present. 
The firmware needs to be R02.30.00 or later and the AES Licence needs to be purchased
The radio allows the privacy type selection of None or Enhanced to be configured with or without Symmetric Keys. Only one privacy type is allowed on each radio channel. Radios allow up to 16 different Symmetric Keys to be configured. Each Symmetric Key can be up to 256 bits in length.

The Enhanced Privacy option allows the repeater to repeat the AES and Enhanced Privacy encrypted audio and data bursts. For proper functioning of the repeater in a system with AES encrypted transmissions, the repeater must be running on firmware version R02.30.00 or later.

A radio can be configured with both Enhanced Privacy keys and Symmetric Keys. The radio can receive audio and data calls encrypted with AES or Enhanced Privacy keys, from any talkgroup in the RX Group List that is tied to a personality, as long as the same key and privacy type of the transmitting radio is selected in the personality.
The AES key range is from 1 to FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE

Although key management is not a feature of MOTOTRBO, Radio Management can be used to pre-configure and manage the Symmetric Keys. AES uses the Symmetric Keys as encryption keys. The MNIS require Symmetric Keys configuration for AES encryption. MNIS allows up to 255
Symmetric Keys.

The key drop-down in an AES enabled radio.

Powered by Blogger.