I understand that the current APCO 25 standard encryption protocol is now the so-called APCO P25 Type III encryption, known as "AES" (Advanced Encryption Standard). Apparently, AES is now replacing the previous APCO P25 Type II encryption, DES-OFB. APCO P25 DES-OFB encryption is incompatible with the more current AES APCO P25 encryption protocol, and the DES-OFB hardware modules must be replaced. I also understand that the AES modules are about $1200, as opposed to the DES-OFB modules, at $750.
I was just about to write a STIC-1 with Motorola for a new ASTRO Quantar P25 repeater, with DES-OFB. I was also about to change out my existing ASTRO radios' current DES-CFB modules to DES-OFB P25 modules ($750 per radio, not including labor). Same thing with the new Quantar: DES-OFB. Now, I'm being advised to go with the AES encryption, if I need to be compatible with Public Safety APCO P25 systems (which I do).
It appears that this is much more than sales hype. For instance, in optioning out an order from General Dynamics this afternoon for a new R2670 test set, the sales guy from General told me that they have had AES on this test set for some time now. He also recently went through a training update/refresher technical course with General, and they said that AES is the preferred APCO P25 standard now, and going forward.
Does anyone know the details? I assume AES is more secure? Does it use a 56 bit key, like DES-OFB did? (WEP encryption uses a 128 bit key, and I guess there are tons of programs on the Web that allow a novice to run a simple program on a PC, and it cracks 128 bit WEP encryption on 802.11b wireless systems with only 5 minutes of data monitoring.) Maybe DES has seen its last days?
Does AES capability also require that I replace my current T3011DX KVLs with the newer KVL 3000 key loaders (Ouch! $7,000 a pop)? Do I also need to replace my existing ASTRO Spectra mobiles' and ASTRO XTS portables' DES modules with the $1200 AES encryption modules?
Larry
DES-OFB Obsoleted and Now Replaced with AES
Moderator: Queue Moderator
-
ASTROMODAT
- Posts: 1825
- Joined: Tue Nov 05, 2002 12:32 am
With converstations with the regional M guys, the DES-OFB is the DES standard for encryption for APCO25. Other encyption schemes like AES etc are APCO25 COMPLAIANT, however it is not nessecary to upgrade unless dictated by employer or security concerns/contract/etc. DES and even DVP is tough to crack, if not impossible. Its said that it would take the best supercomputer 23 years to come up with the right key, and you can change the key as often as you like.
If you have any need to interact with public safety (state/local level) you can bet that they are NOT running AES. Many departments that are upgrading to digital are sticking with their current scheme if they are already using Astro equipment (why dump your good working $600 module and buy another one?). If a PD is buying Astro equipment for the first time, most likely they will be sold DES-OFB unless other PD's in their area are already using another form of encyption. Many PD's do not share encrypted keys. Some do.
So, unless you are requried by a three letter agency, or your company is required by law/contract to have it, why spend the money with no real or realized benefit?
Remember, the sales guys are there to make the company money. Also, the APCO standard has been around awhile, and I don't honestly see them changing the standard. Changing a standard such as this, you can really can't call it a standard. Perhaps the a new APCOxx may have AES or whatever else is out there as a standard, but I don't recall seeing anything in the trade mags of APCO25 changing. I could be wrong, but I have not seen anything.
If you have any need to interact with public safety (state/local level) you can bet that they are NOT running AES. Many departments that are upgrading to digital are sticking with their current scheme if they are already using Astro equipment (why dump your good working $600 module and buy another one?). If a PD is buying Astro equipment for the first time, most likely they will be sold DES-OFB unless other PD's in their area are already using another form of encyption. Many PD's do not share encrypted keys. Some do.
So, unless you are requried by a three letter agency, or your company is required by law/contract to have it, why spend the money with no real or realized benefit?
Remember, the sales guys are there to make the company money. Also, the APCO standard has been around awhile, and I don't honestly see them changing the standard. Changing a standard such as this, you can really can't call it a standard. Perhaps the a new APCOxx may have AES or whatever else is out there as a standard, but I don't recall seeing anything in the trade mags of APCO25 changing. I could be wrong, but I have not seen anything.
Lowband radio. The original and non-complicated wide area interoperable communications system
-
ASTROMODAT
- Posts: 1825
- Joined: Tue Nov 05, 2002 12:32 am
Since my meeting with General Dynamics this afternoon, I scanned the web re: APCO P25 Type III AES encryption. AES appears to be replacing DES-OFB.
Check out Motorola's AES technical paper published on August 22, 2002 re: AES. It's on the web. Uses a 256 bit key.
I do agree that DES-OFB won't go away over night, but if you are buying new, it makes sense to make a clean break.
Larry
Check out Motorola's AES technical paper published on August 22, 2002 re: AES. It's on the web. Uses a 256 bit key.
I do agree that DES-OFB won't go away over night, but if you are buying new, it makes sense to make a clean break.
Larry
