Table of Contents
Advertisement
Message Number Period (MNP) - The maximum
difference between message numbers that can occur
before a message is declared invalid (see Section
10.4.6).
Over-The-Air-Rekeying (OTAR) - The process of
sending new encryption keys over the air using an RF
interface.
Red - Refers to information that is not encrypted. The
opposite is "Black".
Rekey - The process of preparing, sending, and
loading encryption keys into a subscriber unit for
current or future use. This may be done over-the-air
(OTAR) or by directly connecting a keyloader to the
subscriber unit.
Radio Set Identifier (RSI) - Subscriber units are
programmed with one or more Radio Set Identifier
(RSI) numbers that identify the unit for OTAR
purposes. The RSI can be unique to a individual
subscriber unit or unique to a group of subscriber
units. An individual (unit) RSI is always assigned and
one or more group RSIs may be assigned. The indi-
vidual RSI is typically programmed when the
subscriber unit is initially brought into service. The
KMF is also identified by an RSI (KMFRSI) to use as
the destination of any KMMs a subscriber unit origi-
nates. The KMMs (Key Management Messages)
generated by the KMF (Key Management Facility) are
addressed to a specific RSI.
Storage Location Number (SLN) - A link to a
specific key (TEK or KEK) in the active keyset. The
SLN specifies both a crypto group and a key within
the keysets in that crypto group (the first four bits of
the SLN are the crypto group ID). SLNs and CKRs are
equivalent terms (see Section 10.2).
Traffic Encryption Key (TEK) - A key used to
encrypt voice or data. The other type of key is the Key
Encryption Key (KEK) which is used to encrypt keys
contained in Key Management Messages. TEKs can
be either the AES or DES type.
Unique Key Encryption Key (UKEK) - A KEK
unique to a particular subscriber unit. Refer to "KEK"
for more information. These keys can be either the
AES or DES type.
SECURE COMMUNICATION (ENCRYPTION)
Zeroize - The process of deleting all keys from a
compromised subscriber unit to disable it. To make the
unit functional again, the keys must be reloaded by a
keyloader.
10.5 RADIO SETUP FOR ENCRYPTION
10.5.1 GENERAL ENCRYPTION SETUP
The following radio setup is required for encryp-
tion regardless of whether OTAR is used:
Options Enabled - The desired encryption type must
have been enabled at the factory (DES, DES-XL,
DES-OFB, AES). To determine what options are
enabled, using the PCConfigure programming soft-
ware, select the Transfer > Read Options From Radio
menu parameter.
PCConfigure Programming
PID/SLN Mode - On the global screen, select
either the PID or SLN mode (see Section 10.2.3).
If the SLN mode is used, also program the Keys
Table by clicking the
Infinite Key Retention - On the global screen,
select this parameter to store keys permanently
in memory (see Section 10.2.4).
Erase Keys On Keyset Change - On the global
screen, if the SLN mode is selected and more
than one keyset is used (see Section 10.4.3),
select this parameter to erase keys when
changing keysets (see Section 10.2.6).
Program Channel/Group PIDs and Encryption
Type - With conventional analog calls, this infor-
mation is programmed on the channel screen.
With other types, it is programmed in the talk
group list selected on the system screen. In addi-
tion, with conventional digital calls, the group
programming can be overridden on the channel
screen (see Section 10.3.3). Additional PIDs for
special calls can also be specified on the system
screen for digital and trunked calls. NOTE: The
encryption type is not selectable on digital chan-
nels because the AES/DES mode is determined
by the key type loaded, not by PCConfigure
programming.
68
button.
Advertisement
Table of Contents
