(For background it might be helpful to read the relevant entries here)
Swedish Royal Navy (Swedish: Svenska marinen [1]) uses a broadcast function of STANAG-5030 (1) for communication with its subs in the Baltic Sea, the return channel is believed to be low-end HF. These LF broadcasts use the 200Bd/100 MSK waveform and can be heard on 40.4, 42.5, and 44.2 KHz (CF) by using KiwiSDR receivers located in the island of Gotland which have a good SNR. [2].
All the three signals have the classic set of parameters for (G)MSK: a spectrum equal to 1.5*Br (300Hz), shift equal to Br/2 (100Hz), a characteristic bell-shaped appearance (Figure 1), and others such as 4-point constellation, transitions and real trajectories (Figure 2). Please note that the carrier in the fourth degree is very weakly expressed, sometimes it is practically invisible at all.
Fig. 1 |
Fig. 2 |
Using 200Bd MSK (a form of QPSK) it is possible to transmit two 100 Baud channels X and Y, each on a pair of phase, and each channel can consists of 2x50 Baud multiplexed channels. Thus, MSK can provide a TDM multi-channel broadcast of up to 4x50 Baud X1 X2 Y1 Y2 channels within the 200Hz assigned band (MSK4). Some aspects about the similarities bewteen QPSK and MSK are covered in radioscanner forum [3].
In conditions where no messages are available for transmission, the four channels are arranegd with two "empty channel filler" (ECF) patterns, probably generated automatically at the transmitter equipment:
- two channels share the same 15-bit pattern;- a third channel uses a different 5-bit pattern;
- the fourth channel uses the same 5-bit pattern where one column is repalced by the bits of the pseuso-random sequence generated by the polynomial x^31+x^3+1.
An example of this "idle" mode is shown in Figure 4: here the m-sequence is sent in the Y2 channel (notice the same pattern sent in X1 X2 channels ).
Fig. 3 |
A more generalized scheme highlighting the position of the m-sequence channel in four different recordings is shown in Figure 4.
Fig. 4 |
In case of messages, the four channels use a 5-bit format with different framings:
- two channels share the same 5-bit framing, i.e 1-bit marker (pos/neg according the polarity) + 4-bit data:
- a third channel uses an unid (to me) framing;
- the fourth channel uses the same 5-bit framing of the first two channels but the marker column is replaced by the bits of the pseuso-random sequence generated by the polynomial x^31+x^3+1.
Figures 5a,5b show such arrangement.
Figures 5a,5b show such arrangement.
Fig. 5a |
Fig. 5b |
Due to their strategic and tactical importance, subcomms require secure cryptographic protocols and this could explain the presence of the x^31+x^3+1 pseudo-ramdom sequence which is used to sync the receive KW-46/KIV-7 ciphers (other than to permit channel identification), although an encrypted 4-bit stream is rather unusual as well as the use of the 1+4 bits frames.
In this regard, one might even think that the actual secured messages channel is Y before the TDM split (Figure 6), while the other channels X1 X2 transport not critical 4-bit coded data (WX forecast, sea conditions, ...). This way, messages could use 10-bit START-STOP code which is then encrypted using the KW-46/KIV-7 equipment. Encryption results in bits 2 to 10 being encrypted and bit 1 (START) being replaced with unencrypted bit defined by the polynomial x^31+x^3+1, or in reverse order - bits 1 to 9 encrypted and bit 10 (STOP) replaced (2). A second hypothesis - perhaps the most likely - is that each channel is encrypted with a specific cipher ...but these are just my speculations.
Fig. 6 (m-sequence columns are highlighted) |
The results of TD0A geolocation indicate three probable transmitter sites that match fairly exactly with those indicated in a map presented by FMV (the Swedish Defence Materiel Administration) [4] at the March 2020 HFIA HF Industry Association [5] Meeting in San Diego, CA (Figure 7):
- 40.4 KHz: SAS/SRC Varberg- 42.5 KHz: SAS2 Gudinge
- 44.2 KHz: SHR Ruda
Fig. 7 |
It must be taken into account that I can't record the (KiwiSDR) LF spectrum 24/7 so the results indicated above may be incomplete: further recordings are needed and possibly an update post will be published later. Hints and comments are welcome.
https://yadi.sk/d/hDRK-867rvKaqg traffic
(1) STANAG-5030 is a
restricted document so no information is publicy available. Moreover,
the new STANAG-4724 "VLF/LF MSK Multi Channel Broadcast" is currently being ratified by NATO member states as
next evolution:
(2) max success for x^31+x^3+1 in Y stream was found for a length frame of 10 bit; that same frame does not have parity bits (x^31+x^3+1 column excluded from the checksum)
Great work!
ReplyDelete