22 May 2018

Exploring FSK 50Bd/850 transmissions for STANAG-5065 and KW-46 encryption

Although STANAG-5065 indicates the standards required for naval LF shore-to-ship broadcast with KW-46 encryption devices [1], some implementations of this standards can also be found in HF waveforms such as the FSK 50Bd/850. I came up with the idea to depeen after reading an interesting Christoph Mayer' post .

Quoting STANAG-5065 Annex A, BASEBAND PROCESSING [2]: 
"Encryption and decryption sall be provided by KW-46 interoperable cryptographic equipment operating in the 6.0 Stepped Digital mode. Encryption by the KW-46 equipment sall be coded in the 7-0 unit SART-TOP ITA2 alphabet. Encryption by the KW-46 equipment will result in bits 1 through 6 being encrypted and bit 7 (STOP) being replaced with an unencrypted and deterministic Fibonacci bit", where "Fibonacci bits = Deterministic unencrypted bits used by the KW-46 interoperable cryptographic equipment to provide synchronization defined by the polynomial x^31+x^3+1."


7-bit frame delimited by KW-46 sync bit
x x x x x x KW-46
1 2 3 4 5 6 7

The goal was to arrange the demodulated bits (courtesy of Christoph) into a 7-bit format stream and then process each column of the stream in order to find a descrambler polynomial - if any - that was the same as the one indicated in STANAG-5065 standard. As expected, only the bit-7 column can be successfully descrambled using the LFSR described by the polynomial x^31+x^3+1.


As seen,  STANAG-5065 and KW-46 can be meet also in HF secured naval broadcasts with the commonly used FSK waveform 50Bd/850Hz. For what concerns the users, such signals were recorded on 4905, 4985, 7455 and 16123 Khz (all CFs) using KiwiSDRs located at DF0KL and at Newport,OR: user is probably US Navy.



 [1] In the late 1980's, the KW-46 simplex cryptosystem was introduced in order to provide communications security (COMSEC) for naval broadcasts to naval fleets (Fleet Broadcast). Formally, this equipment is called "Fleet Broadcast Security Equipment, TSEC/KW-46". The  KW-46 consists of the KWT-46 transmitter and the KWR-46 receiver (code name Vallor).

[2] STANAG-5065 Annex A

 

1 comment:

  1. Hi Tony,

    the difference between your and mine polynomials must be due to notation.

    I have updated my blog post, adding recursion equations for all LFSR sequences
    http://hcab14.blogspot.com/2018/05/some-interesting-fsk-signals-found-on-hf.html
    which are unambiguous.

    ReplyDelete