Recently in the list of the UDXF group a log of the UTE listener howardhawks (HH) appeared about transmissions of the Royal Navy of Oman (RNO) in 110A 1200bps/S mode on 8403.0 KHz/USB: nothing special except the use of encryption with 128-bit length initialization vectors, as indicated by KarapuZ in his comments to the message. This fact intrigued me and, since I have already met crypto systems that use initialization vectors of equal length and with the same format (ie five times repeated) [1], I decided to monitor those transmissions and collect some recordings to compare with other similar ones stored in my hard disks, ie:
- STANAG-4285 from Croatia (TDoA), recorded on January 2020 (*)
- 110A and STANAG-4539 attribute to the Swiss Emergency Network, recorded on October 2017 (*)
The bitstreams after demodulation of the above signals are shown all together in Figure 1:
 |
| Fig. 1 - COMSEC preambles using 5x128-bit length IVs |
As you can see, the three COMSEC preambles - highlighted in figure 1 - have the same pattern, regardless of polarity:
- 000110000100000111000101111001011011101101001001011111010101 60-bit length frame sync
- 128-bit (16 bytes) sized Initialization Vector (5x)
- 0101010101010101010101010101010101010101010101010101010101010101 64-bit length phasing/idling sequence
I don't know if it's an external COMSEC devices (ie standalone equipment such as KG-84) or communications equipment with built-in COMSEC, the fact is that the preambles are the same and this leads me to think that the above transmissions - coming from three different countries/organizations - are secured by the same COMSEC device. In this respect, it would be important to know which providers of communication equipments the above users have in common.
By the way, signals gathering has been possible thanks to the KiwiSDRs operated by Kuwait Amateur Radio Society [2]. Transmissions on 8403.0 KHz, at least those listened to, mainly consist of voice calls/radio-checks and short exchanges of messages using as mentioned 188-110A in 1200bps/S mode. Unlike other HF networks, neither 188-141A or some other ALE system is used for link setup so it is assumed that the nodes are simultaneously listening on the same frequency and responding when called by the net control station (callsign F4). Stations mentioned in traffic on this net so far include H5R, O5H, R7N, W6J, W3M, O3P and G9I, as well as vessels RNOV Al Mubshir S11, RNOV Al Seeb Z20, Shabab Oman II (thanks to the logging by howardhawks).
http://9k2ra-2k.proxy.kiwisdr.com:8073
(*) 188-110A and STANAG-4285 modems show a slightly modified waveform due to the addition of 4 unmodulated initial tones
[1] https://i56578-swl.blogspot.com/p/initialization-vectors.html
[2] http://9k2ra-2k.proxy.kiwisdr.com:8073
No comments:
Post a Comment