26 April 2020

STANAG-4285 async 1200bps test transmissions from Turkey

For about a week I monitored STANAG-4285 1200bps async transmissions heard on several frequencies in the 6 MHz band according to Table I; after April 23th the transmissions have stopped (at least in the 6 MHz band and until today). About the used frequencies, I have not found any match either in the UDXF group logs database or in other resources on the web.

Table I
The transmissions take place with a cycle of about 2 minutes and 25 seconds and seem to use a kind of "call/reply" mode between two stations a,b (since the different strength of the signals); don't know who's the caller and who's the called, but I noticed different patterns depending on the monitored day, as for example in Fig. 1

Fig. 1
The use of two frequencies was also observed (Fig. 2). Obviously it is automated transmissions or controlled by software. Messages, net of 32 bits each for SOM & EOM, have the same length each day, e.g. 8832/5760 bits (caller/called); user-data are encrypted and then transmitted using the 8N1 framing (Fig. 2). Note that the Turkish S-4285 async transmissions I have met so far used the 5N1.5 framing.

Fig. 2 - (the different durations of the signals on the left depend on the waterfall rate that has been selected)

As from Table I, the STANAG-4285 submode 1200bps/L was used from April 15th to April 19th, then the submode 1200bps/S was used.

The direction finding (TDoA) results indicate an area of southern Turkey as a possible transmitter site (Fig. 3); results may be a bit incorrect since the short durations of the signals, anyway it's quite credible. Such a location, along with the transmission schedule and with the encryption algorithm, allows for some observations and comments.


Fig. 3
As seen, the contents of the messages are encrypted but the encryption algorithm does not correspond to the known ones such as KG-84/BID and KW-46/KIV-7 therefore the use of a "national algorithm" can be assumed. TÜBİTAK (Technological Research Council of Turkey) National Electronic and Cryptology Research Institute (UEKAE) developed secure communication solutions in terms of cryptographic algorithms, protocols, and architecture as well as data encryption devices such as the MİLON family (MİLON-4A was also approved by NATO) [1] [2]. It is reasonable to think that these transmissions, as well as other encrypted transmissions from Turkish Armed Forces which are reported in this blog, use such encryption systems.

Fig. 4 - some encryption devices by TUBITAK
(https://bilgem.tubitak.gov.tr/.../corporate_presentation_v7-2019.04.09.pdf)
The way these transmissions are conducted suggests that they are tests. STANAG-4285 is now a consolidated and widely used waveform and therefore the tests could concern the installation of a new HF system (maybe a MRL system?). There is also another somewhat "suggestive" hypothesis: on-field tests of a SCA-based 4285 waveform on proprietary advanced SDR transceivers. Indeed, TUBITAK UEKAE ported two different waveforms to the Spectrum's flexComm SDR-4000 for demonstration to the Turkish Ministry of Defense: an implementation of STANAG-4285 for high frequency (HF) radio links and APCO Project 25 (P25) for public safety links [3].
[1] https://www.hurriyet.com.tr/gundem/natonun-kripto-cihazlari-tubitaktan-9191151
[2] https://bilgem.tubitak.gov.tr/.../corporate_presentation_v7-2019.04.09.pdf
[3] https://pdfs.semanticscholar.org/

No comments:

Post a Comment