STANAG-4415, a NATO specific 188-110 75 bps waveform

The waveform of STANAG-4415 is the same as the 75 bps waveform of 188-110 (MS-110), but the requirements of receiver performance in STANAG-4415 are stricter than those of MS-110 (the mode is referred to as "NATO Robust 75 bps mode"). It was promulgated by NATO in 1999.

The idea for this post came from an interesting discussion with some friends on the UDXF group mailing list about an apparently unidentified signal recorded on 15091.0 KHz/USB on April 9th: "this recorded signal should be psk-8 modulated, modulation speed = 2400 Bd, ACF = 66.5 ms. What mode is it ? Not STANAG-4285, nor MIL-STD-188-110A serial, nor LINK-11 or 22 ...Any idea ?"

"Why not 188-110?" I replied. Maybe the exact ACF value is something like to 66.67 ms given that in case of MS-110 low data rates (from 150 up to 1200 bps) four groups of the pairs "data block + probe"  count 160 symbols (4 x 40) and they are just in sync with the scrambler length (160 symbols) causing 66.67 ms ACF spikes. Moreover, in case of the lowest speed (75 bps data rate) the channel probes are not sent(!) so the 66.67 mS ACF is just due to the scrambler length (MS-110B Table XIX).  

MS-110B - Table XIX

The recorded signal posted in the mailing list is quite clean but it lasts about twenty seconds and it is just a transmission segment without the (important) header/preamble part, the analysis of the ACF value is however equal to about 66.67 ms (Figure 1). Note that in the bitmap of Figure 1 there are no probes (known symbols) but rather a bit-arrangement that closely resembles Walsh Modulation.

Fig. 1 - ACF value and bitmap of a transmission (data) segment

The ACF value, the lack of known symbols and the format of the bitmap are clues in favor of the MS-110 75 bps waveform. Indeed, quoting MIL-STD 188-110B 5.3.2.3.7.1.1 "At 75 bps fixed-frequency operation, the channel symbols shall consist of two bits for 4-ary channel symbol mapping. Unlike the higher rates, no known symbols (channel probes) shall be transmitted and no repeat coding shall be used. Instead, the use of 32 tribit numbers shall be used to represent each of the 4-ary channel symbols".

A decisive step forward in identifying the signal came from my friend linkz who posted a recording of an identical transmission (same day and frequency) "extracted from the HF Time Machine" in the UDXF mailing list. The long data segment obviously has the same characteristics seen above (ACF, no known symbols, Walsh modulation) but in this recording it is possible to analyze the initial synchronization preamble preceding the long data segment (Figure 2).
The 200 ms ACF value is compliant with the sync pattern of MS-110. As for 5.3.2.3.7.2.1 "The synchronization pattern shall consist of either three or twenty four 200 millisecond (ms) segments (depending on whether either zero, short, or long interleave periods are used)". The 4.8 s length of the sync preamble indicates the long interleaver setting and a 24 preamble "superframes" (4.8/0.2), each superframe consisting of the transmission of 15 ortogonally Walsh modulated frames.

Fig. 2 - initial synchronization part

 

A "coarse" demodulation of the signal sent by linkz produces an asynchronous bitstream with 5N1 framing, so I set my Harris RF-5710A modem accordingly to process the signal as a MS-110 (serial) waveform in 75 bps long interleaver mode and connected it to a serial terminal (Figure 3).

 

Fig. 3

The resulting bitstream in the right column in Figure 5 has the classic 8-bit format from which the three leading "0" columns must be removed to obtain a clean 5-bit stream that I have named "demod-MS-110A-5bit.txt". The decoding is in clear-text (Figure 4) and shows a continuous repetition of 5 sentences (the first one I have chosen is just for convenience):

 

A1B2C3D4E5F6G7H8I9J10K11L12M13N14O15P16Q17R18S19T20U1V2W3X4Y5Z6789-
1234567890().,/-:?
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZ
-?:38().,9014572/6

 

Fig. 4 - decoded 5-bit stream

Just to do a second test, I processed the recording using a software decoder (Sorcerer) with the same settings, i.e. MS-110A 75 bps/L and 5N1 framing: the result is identical to that obtained with the RF-5710A modem (Figure 5).

 

Fig. 5 - Sorcerer at work

The final step in identifying the signal came from my friend Rolf: "It’s STANAG-4415!".

Quoting RapidM [1]: "STANAG-4415 is a NATO standard for robust, non-hopping digital data communication, used on severely degraded HF channels with poor signal-to-noise ratios, large Doppler and multipath spreads. The on-air waveform specified in STANAG-4415 is equivalent to the 75 bps variant of the MIL-STD-188-110 serial mode. However, STANAG-4415 modems are required to meet more challenging multipath delay and Doppler spread performance targets. STANAG-4415 75 bps modem waveform is typically used to send ACKs and NACKs in Automatic Repeat Request (ARQ) systems (e.g. STANAG 5066) because of its robustness".

 

Figure 6 shows a block diagram of the transmitter modem. The information data rate is fixed at 75 bps, while the transmission symbol rate is 2400 baud, as for the other waveforms. Hence a large number of redundant bits are used in transmitting an information stream of 75 bps. The coded bits are represented by orthogonal Walsh functions so that for each pair of coded bits, 32 BPSK channel symbols (one Walsh symbol) are transmitted. Initially a synchronisation sequence is transmitted, containing information about the data rate and interleaver setting, so that the waveform has an auto baud facility in conjunction with an ARQ data link protocol [2]. 

Fig. 6 - block diagram of the STANAG-4415 transmitter modem

For the sake of completeness, I used the same stuff as in Figure 3 but set the RF-5710A modem to STANAG-4415 75 bps Long mode and produced the file "demod-5bit.txt": the decoding result is obviously identical to that obtained in the case of MS-110 demodulation (Figure 7).

 

Fig.7

STANAG-4415 requirements are also applied to the 75 bps mode of STANAG-4539 which is the NATO version of MS-110B but having more stringent modem receiver decoding requirements. STANAG-4415 is mentioned in MS-110B #5.3.4 when it comes to 75bps if robust operation is required, but it is not mandated. Some MS-110B modems provide STANAG-4415 performance at 75 bps: those who have MS-110B hardware modems need to read the docs to determine if their modem's 75 bps is to the MIL-STD performance requirements or to the STANAG requirements [2].

The difference between MS-110 75 bps and STANAG-4415 are that there are no known symbols (probes) except for an initial synchronization preamble, and that the code bits are modulated by orthogonal Walsh functions in STANAG-4415. A different set of Walsh functions is used for the last Walsh symbol in each interleaver block for synchronization purposes.

 

Although STANAG-4415 works well in much more severe channel conditions it has the disadvantage of a low data rate and no chance of decoding in case of late entry (as seen, probes are not sent).

 

 https://disk.yandex.com/d/38E3SGt25By07w

[1] https://www.rapidm.com/standard/stanag-4415/
[2] https://scholar.google.it/scholar?q=FFI/...

SkyOFDM, still on air

Since some days I'm following transmissions on 14693.0 KHz/USB consisting of exchanges of messages between two nodes, as the different fading patterns in Figure 1 suggest.

Fig. 1

Messages are sent using OFDM modulation occupyng a 2400 Hz bandwidth and consisting of 28 tones with a frequency spacing of ~86 Hz, each tone is modulated using PSK2 at the symbol rate of 62.6 Bd (Fig. 2). The same results are obtained/verified by analyzing a single channel as shown in Fig. 3 (lowest tone).

Fig. 2 - OFDM parameters

Fig. 3 - single tone (yhe lowest) analysis

The parameters resulting from the analysis are very similar to those of the Skysweep Technologies proprietary "SkyOFDM" waveforms family (Table I). Quoting the SkySweeper Reference Manual #82.2 General Description: "SkyOFDM is a state of art high speed modem based on the OFDM and turbo coding technologies. It offers several baud rates (300 -9600 bps) and two different interleaving options (short and long). Also there are two bandwidth options: 2.0 (OFDM-22) and 2.4 kHz (OFDM-28)".

Table I

Note the different number, position and duration of the header tones compared to the values ​​of the "original" waveform: this is probably an improved version of the previous SkyOFDM waveforms (Figure 4). 

Fig. 4

The signal has an ACF value of approximately 957.8 ms which identifies a super-frame composed of 11 frames, the latter with an ACF value of approximately 79.8 ms (Figure 5).

Fig. 5 - ACF values

Direction Finding tests using TDoA algorithm (Figure 6) indicate an area north of Helsinki as the site of the transmitter (or rather, the radiating antenna): this makes sense because, acccording to some DXers, SkyOFDM waveforms were/are used by Finnish MFA and SkySweep Technologies was a Finnish high tech company. By the way, although there are still many references in the web to SkySweep, their official website is no longer online since SkySweeper software was discontinued on June 1st 2009.

Fig. 6 - Direction Finding

 https://disk.yandex.com/d/A9UHdyMAXeOUlA

CIS FTM-4 transitions

CIS FTM-4 (FTM stands for Frequency-Time Matrix) is an unknown Russian "domestic" system, also known as CIS 4FSK 150 Bd, using MFSK4 150Bd/4000Hz modulation.
The recorded transmission consists of two alternating FTM-4 sets (L = lower set, H = higher set) with a total bandwidth occupation slightly over 25 KHz, the separation between the two sets (i.e. H1-L4) is 1 KHz. It's worth noting that when the L set is transmitted, the signal on the H1 frequency (i.e. the lowest of the H set) is continuous; vice versa, when the H set is transmitted the signal on the L1 frequency (i.e. the lowest of the L set) is continuous (Figure 1). Also note that the two sets are transmitted simultaneously forming a sort of MFSK-8 "construct" for a period of about 3 seconds.

Fig. 1 - the two FTM-4 "sets"

As for FMT-4 specifications, both the MFSK4 sets are modulated at the rate of 150 Baud with a spacing of 4000 Hz (Figure 2).

Fig. 2 - CIS FTM-4 main parameters

The L set has an ACF value of ~718 ms which corresponds to a repeated sequence of 216 bits length (assuming that MFSK4 uses 2 binary digits (dibit) per modulation symbol (0-3), the ACF value of 718 ms @150 symbols/sec corresponds to a period of 108 dibit symbols or 216 bits). I could not find a specific generator polynomial for that sequences.

Fig. 3

The study of the ACF value of the set H can be done on three different intervals: main, intermediate and unitary (Figs. 4, 4b). 

Fig. 4

 

Fig. 4b

 

The main ACF measures about 1920 ms which corresponds to a period of 288 symbols or 576 bits (Figure 5).

 

Fig. 5

The intermediate ACF measures about 480 ms which corresponds to a period of 72 symbols or 144 bits (Figure 6).

 

Fig. 6

The unitary ACF has a value of ~80 ms which corresponds to a period of 12 symbols or 24 bits (Figure 7).

Fig. 7

In this case (H set) it is possible to see that the demodulated bitstream consists of a repeated scheme formed of 4 patterns, as in Figure 8:

(MSB first)
P1: 0x21BE41
P2: 0xB1BE41
P3: 0xB8D727
P4: 0x28D727 

Fig. 8

 

N.B. all the the "designations" I used here are only mine; the first pattern P1 is chosen just for convenient reference, choosing a different initial pattern the "logic" does not change.

A possible interpretation (just a guess) is that the L set is transmitted as "idle" or alignment sequence for the receiving modem and the transition to the H set occurs when sending data, even if, as in this case, the data are repetitive sequences. In this regard, remaining in the realm of hypotheses, the P1-P4 patterns could be telemetry data or tele-commands.

The recording was made using a remote Airspy HF+ Located in Haapavesi, Finland (belonging to the Airspy server network) [1].

https://disk.yandex.com/d/Flr5-Ops8dRBJQ

[1] sdr://178.55.138.222:5000

unid PSK2/FSK2 combined bursts

This is a very interesting transmission heard on 14736.5 KHz/USB which consists of repetitive bursts lasting about 12.6 s and separated by an interval of 1300 ms. The most interesting aspect is that a "combined" waveform is used, that is, a first segment with PSK2 modulation followed by a second segment with FSK2 modulation: both the segments are modulated at the same rate of 31 bps (Figure 1).

Fig. 1 - PSK2/FSK2 "combined" waveform

An interesting feature that my friend cryptomaster pointed out is the PSK2 mode, where the bitstream is transmitted in single bits: this feature can be seen in Figure 2 using both the "oscilloscope" function and the AM demodulator of SA. The demodulation of this bit-keying mode is complicated, apparently due to the division of the carrier into separate bits.

Fig. 2 - PSK2 segment

The FSK2 segment modulation uses a shift of about 370 Hz (measured 373) and the resulting bitstream after demodulation has an 8N1 framing which appears to be transmitted in reverse polarity (Figure 3).

Fig. 3 - FSK2 segment

The interesting things about this curious transmission don't end here: going back to the previous posts I discovered that the FSK2 segment carries exactly the same content as the 50Bd/612 FSK2 bursts analyzed some months ago [1] and compared in Figure 4.

Fig. 4 

So, it's likely the same (unid) user, maybe experimenting with different waveforms... who knows.

The PSK2 segment too probably carries the same content of the FSK2 segment, unfortunately demodulation with SA was not successful due to the particular mode which is here used.

https://disk.yandex.com/d/HV3j9zdSSRqLww

[1] http://i56578-swl.blogspot.com/2024/11/unid-fsk-50bd612-bursts.html

unid FSK 6Bd/50

No, it's not a typo: this FSK signal (kindly sent me by my friend cryptomaster) is really modulated at the speed of 6 Bd and 50Hz shift (Figs. 1,2).

Fig. 1 - modulation speed

Fig. 2 - 50Hz shift

The demodulated bitstream has a period of 696 bit (Figure 3): we do not know the source and the user.

Fig. 3 - 696 bit period

https://disk.yandex.com/d/d3Arg5sX2rXwhA

 

T-219 "Yachta", analog voice scrambler

Thanks to my friend Mario, who recently sent me some recordings, I had the opportunity to study the Russian T-219 system, codenamed "Yachta" (Russian: ЯХТА). Yachta is a Russian analog voice scrambler featuring a Frequency Shift Keying (FSK) signal transmitted in the center of the spectrum, with the encrypted voice stream split above and below the FSK signal (Figure 1). Although dating back to the Cold War era, the system is still used for tactical communication in the combat field as recordings are only a few days old and heard in the lower VHF range (just above the upper HF limit). The stream consists of unequal time segments, within which the two voice subchannels are swapped and inverted.

Fig. 1 - T-219 "Yachta" signal

The FSK signal is used as a synchronization sequence and is transmitted at a rate of 100 bps with a 150 Hz shift (Figure 2).

Fig. 2 - T-219 FSK parameters

As shown in Figure 3, after FSK demodulation the resulting synchronization bitstream is an M-sequence based on the irreducible polynomial x^52+x^49+1.

Fig. 3 - the M-sequence based on the irreducible polynomial x^52+x^49+1

It turned out that during the formation of the FSK signal the pahses of the two frequencies are preserved after each "shift" (Figure 4 shows two periods): that suggests that it's formed by switching (mechanically or electronically) two independent F1 F2 frequency generators which bear some inter-relationships or by using a VCO system.

Fig. 4 - two periods of the FSK frequencies

By the way, looking at the durations of two periods:
F1 = (2:0.001285470) = 1555,851167277338
F2 = (2:0,001422470) = 1406,005047558121
the shift is just about 150 Hz

https://disk.yandex.com/d/M60fqwh32SbNFQ