13 March 2018

about LPC-10 frames (STANAG-4197/M39)

A few days ago me and KarapuZ were discussing about a way to detect/isolate the LPC-10 digital voice encoded frames from a STANAG-4197 waveform and avoid false decoding. I took advantage of an heavy cold to stay at home and deepen the subject a little more
Briefly, the 4197 modem generates two separate signal formats based on two tone libraries: the 16-tone library is used for the system preamble and the 39-tone library is used for digital voice data. The initial preamble (modem preamble) is used in the receive modem for the detection of signal present, the correction of doppler, and the identification of the beginning of the system preamble. The system preamble tones are modulated at 75 Baud and the encoded voice (say LPC) segment at 44.44 Baud : both the segments are formed using OFDM technology (Figure 1). 

Fig. 1
As said above, the aim was to dig the demodulated bitstreams and find the period of the LPC frames.  In all the demodulated streams, from different registered 4197 samples, we highlight a period of 252 bits that is due to the system preamble frames (Figure 2). Indeed, quoting STANAG-4197, "The system preamble consists of a 4-bit code word to indicate the mode of the transmitting terminal combined with a 108-bit COMSEC message indicator, plus a 16-bit all-zero word. These 128 bits are encoded by a Bose-Chaudhuri-Hocquenghen (BCH) error correction code (252,128) which provides a 252-bit which are transmitted as 126 dibits on the 16-tone library.
Fig. 2
To avoid their "interference", the system preambles were removed from all the streams getting the only LPC segments. From the reading of STANAG-4197 we expected a LPC period of 54 bits: "The Linear Predictive Code provides 54 bits per frame at 44.44 frames per second. [...] The modulator shall accept 78 bits per frame from the encoder. The data shall be assigned to 39 dibits (one dibit symbol per tone)", as depicted in Figure 3.
Fig. 3
Well, what we have seen are random-bit periods, never a 54-bit period, sometimes bursts with 78-bit periods (Figure 4). Perhaps the periods of 78 bits are just a coincidence, but given that the modulator works on frames of this length (Figure 3)  in my opinion this result should not be underestimated.

Fig. 4
The reason, the most probable, is the use of a ciphering device in the chain (Figure 5): the signal coming from a headset/handset or from on-board communication systems is digitalized by the LPC vocoder, encrypted and then modulated in accordance with STANAG 4197.
Fig. 5
Although a period of 252 bits is a hallmark of 4197, it is not sufficient to identify LPC frames, at least as long as a ciphering device is used. The doubt remains on those 78-bit period frames, a length that corresponds exactly to the 39 dibits assigned to the LPC tones.
The tests were done on about two dozen samples, some of them coming from the same source, so it would be useful to repeat the measurements on other and different recordings, better if un-encrypted. 
Unfortunately, 4197 / LPC-10 are not very frequent but 188-110 39-tone (also known as M-39) could be a way out: according to 188-110B # "the modem should be expandable to include the Advanced narrowband digital voice terminal (ANDVT) (thirty-nine tone) mode. If included, this mode shall be in accordance with MIL-C-28883 and STANAG 4197." This is possible since 188-110B App. 8 waveform adopts a same 39-tone libray as STANAG-4197.

Fig. 6
Looking at one of these demodulated streams we had more luck and we found a period of 54 bits length that could be(!) what we were looking for (Figure 7).  More over, quoting STANAG-4197 "The 39 dibit/tone assignments shall be permuted to minimize the effect of the frequency selective fading and narrow-band interference [...]. The permutation pattern shall repeat after 39 frame periods.", we have also tried a 78 x 39 = 3042 bits period getting a quite good result.

Fig. 7
Fig. 8
Further 4197/M39 recordings will help.

1 comment:

  1. Hello antonio!
    nice work!, but i don't understand how do u got the binary data from STANAG 4197, if the OFDM module of SA isn't working or isn't complete?
    do u use other SW?