Contents 1. U3 ENCRYPTION UTILITY RELEASE NOTES... 2 1.1 FEATURES... 2 1.2 REMARKS... 2 1.3 GENERAL DESCRIPTION OF THE U3 VOICE ENCRYPTION... 3 1.4 CUSTOMIZATION... 5 2. INSTALLING THE U3 & P3 ENCRYPTION UTILITY... 6 2.1 SYSTEM REQUIREMENTS... 6 2.2 U3 & P3 PROGRAMMING CABLE... 6 2.3 SOFTWARE INSTALLATION FOR ENCRYPTION UTILITY... 6 3. ENCRYPTION UTILITY OPERATION... 9 3.1 LAUNCHING ENCRYPTION UTILITY... 9 3.2 INTRODUCTION TO THE ENCRYPTION UTILITY... 11 3.3 TO PROGRAM ENCRYPTION KEY TABLE... 11 3.3.1 GENERATE KEY TABLE... 12 3.3.2 PROGRAMMING THE KEY TABLE TO SELECTED DEVICES... 13 3.4 SETTINGS... 14 3.5 TO ENABLE SECURE CALLS... 17 4. UNINSTALLING THE ENCRYPTION UTILITY... 18 1 Revision:
1. U3 Encryption Utility Release Notes 1.1 Features The U3 Encryption Key Utility provides the following. No. Feature Description 1 Introduction Features, operation steps, and notes about the utility. 2 Program Encryption Key 1. Generate key table. 2. Program key table to connected device. Table 4 Settings 1. Operator Setting 2. Admin Setting 3. Language Setting 4. User Mode 5 Exit Exit the utility. 1.2 Remarks (1) The USB driver is NOT certified by Microsoft and the user will have to confirm the installation of this non-certified driver. (2) If the USB cable can t be detected by U3 encryption key utility, please power off the U3 device and power up it again, or re-connect the USB cable. 2
1.3 General Description of the U3 Voice Encryption What is AES-256? The Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES 128, AES 192 and AES 256. Each AES cipher has a 128 bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES). AES is one of the most popular algorithms used in symmetric key cryptography. It is available in many different encryption packages. How does U3 & P3 Voice Encryption work? The below figure illustrates how the U3 & P3 Voice and Data Encryption works. DIGITAL SIGNAL PROCESSING FROM MIC A/D VOICE CODING XOR MODULATOR TO RADIO keystream Key ENCRYPTION DECRYPTON ENCRYPTION ENCRYTION ENGINE ENGINE Keystream TO SPK D/A VOICE DECODIN XOR DEMODULATO R FROM RADIO 3
Figure-1: U3 & P3 radio voice encryption/decryption data flow The U3 & P3 encryption/decryption procedure of the ENCRYPTION ENGINE blocks are detailed below. (1) In the U3 & P3 radio, the encryption/decryption process uses a 256 bit key encryption/decryption algorithm. The algorithm uses a 256 bit encryption key to generate a bit stream which is called Keystream. (2) In the transmit path, the clear voice is encrypted by performing an XOR operation using the Keystream. In the receive path, the clear voice and data is recovered by performing an XOR operation using the Keystream. (3) Each U3 & P3 radio has an encryption Key Table. The Key Table is a variable length table which holds multiple key entries. Each entry contains an encryption key. (4) Two radios need to use the same Key Table in order to have securecommunication. (5)..The U3 & P3 encryption key selection from the Key Table is a dynamic procedure. The radio selects a specific key entry from the Key Table whenever a call is setup by sending out a call setup message over the air. The call setup message is for the transmitting and receiving radios to negotiate and sync the key selection. The selected key entry will then be used by the encryption algorithm. Key Table with multiple encryption key entries Key entry (Selected during call setup) Encryption/decryption Output Keystream Algorithm 4
Figure-2: U3 & P3 radio encryption/decryption engine 1.4 Customization The encryption utility provides the capability for customers to control the encryption process. The customer generates the Key Table, to be used with the U3 s (& P3 s) embedded encryption algorithm, with the U3 & P3 Encryption Utility running on a PC. The Encryption Utility does the following: a. Generate a Key Table. b. Download a Key Table to a U3 & P3 radio via the USB interface. 5
2. Installing the U3 & P3 Encryption Utility 2.1 System Requirements To use this software, the PC hardware and operating system are listed below: Hardware: CPU clock frequency: 266MHz, 1GHz is recommended. RAM: Minimum 256MB or above, 1GB is recommended. Hard disk space: Minimum 500MB, 1GB is recommended. USB port Mouse and keyboard USB Programming cable for U3 & P3 radio series. Operating System: Windows 2000/XP/Vista/7 32-Bit (latest service pack) 2.2 Software Installation for Encryption Utility Please Install the U3 & P3 PPS software before installing the Encryption Utility. To install the Encryption Utility, please follow instructions below. (1) Exit all running programs before starting installation. (2) Insert the CD into the appropriate CD drive. (3) Double-click the setup.exe contained in the folder named Encryption Utility. (4) The welcome message appears, click Next. 6
(5) On the License Agreement screen, please read the agreement carefully. Click Next if the terms is accepted. (6) On the Directory screen, click Next to install the software to the default folder C:\program files\u3\encryption Utility. Or click Browse to select another destination folder before clicking Next. 7
(7) On the Installation Options, please select the option you desire. Click Next (8) After the installation is completed, the Installation successfully message appears. Click OK to finish the installation process. 8
3. Encryption Utility Operation 3.1 Connecting the Radio (1) Please connect the radio to a PC using the Programming Cable first. 3.2 Launching Encryption Utility (1) Double-click on destop. (2) From the Start menu, find the Encryption Utility folder for the Encryption Utility. Click icon to launch the program. (3) Select at Taskbar to enter Quick Show and click on Encryption Utility. 9
3.3 Login Encryption Utility For security reason, the Encryption Utility requires multiple logins, therefore, to login as operator, please login both as an operator and as an admin to have full access to the software except Admin setting. a. Login as an operator Operator: user Password: 111111 b. Login as an administrator To edit the Admin setting, please enter the Admin account name and password only to enter as Administrator mode. Operator: admin Password: 111111 The encryption key setting will be disabled if entering in Admin mode. 10
3.4 Introduction to the Encryption Utility This section provides information on the encryption utility, an SDVOA introduction and a description of the operational procedure. 3.5 To Program Encryption Key Table Please login both as an Operator and an Admin. Then click Program Encryption Key Table first, and then there are two buttons on side page which are Generate Key Table and Programming Key Table to Connected Device. 11
3.5.1 Generate Key Table User can generate a preferred key table by following steps below, (1) Click the button Generate Key Table to pop-up a window with the title Seed number. (2) In the pop-up window, enter your favorite characters in the blank with the caption Seed Number and confirm your input in the next blank below. Remark: Only number and letter are accepted and the number length should be from 12 to 32 characters, including 12 and 32. (3) After finish inputting, click the button OK to generate the encryption key table. When you see the prompt says A new key table has been generated. It represents the encryption key table is generated successfully. Then you can program the key table into your desired radios. 12
3.5.2 Programming the Key table to selected devices After a key table is generated, user can program the key table to selected devices into a radio by the steps below, (1) Connect a radio to the PC with a USB cable. When the utility detects the connection, the utility will show the connected device s serial number. CLICK to tick (2) Click the device below the caption Connected devices to tick the radio, and click the button Program Key Table to Connected Device to start programming. (3) A pop-up window will appear again to confirm your operation. Please select yes to confirm. 13
(4) During the programming, a pop-up window displays the programming status. (5) Click OK to close the prompt window says Programmed Successfully. Then user can disconnect the radio and connect another radio to program the same key table. 3.6 Settings The encryption utility provides several customized settings to users. The user can change operator password in Settings > Operator Settings. 3.6.1 Operator Account Setting 3.6.2 Admin Account Settings The Admin settings allow the user to edit the account settings. 14
1 2 3 1 2 3 Add: To add new accounts. Edit: To edit an account. Delete: To delete an account. Once Edit is selected, the edit page will be displayed, please fill the below blanks to edit. 1Account code: Fill in preferred account code for this account. 2Account ID: Fill in preferred account name. 3Password: Fill in preferred password to login the account. 4Account Type: 15
Indicate the account type. 5Note: Fill in preferred notes for this account. 3.6.3 Language Settings If your software version supports multi-languages, you can select preferred user interface language in Setting > User Interface Language Settings. 3.6.4 Settings Usually, the generated key table will be automatically deleted after exiting the utility. To use secure calls, radios can only talk to the radios with same encryption key table. Before exiting the utility, make sure you have programmed all radios in your group. Note that for security reason, users can t view or edit the content of the generated key table. The encryption utility will provide three options to generate the key table: (1) PC Utility internally generates a non-repeatable set of keys without need for customer to enter the seed number: Automatically generates a set of key, so-called key table, once generate Key Table button was clicked. 16
(2) PC Utility internally generates a non-repeatable set of keys after the customer enters a single seed number. To generate a key table, user has to enter a single seed number, and restart the Utility, the utility will generate a random key table each time. (3) PC Utility internally generates a repeatable set of keys after the customer enters a single seed number. To generate a key table, user has to enter a single seed number, and restart the Utility, the utility will generate a repeatable key table as previously generated. Users can select key table generation mode in Settings > Settings. 3.7 To Enable Secure Calls Once the radio is programmed with an encryption key table the user should switch to a channel enabled for voice encryption. The radio will automatically select a specific key entry from the Key table whenever a secure call is initiated. 17
4. Uninstalling the Encryption Utility To uninstall the Encryption Utility, please follow the steps below: (1) Exit all windows programs before uninstalling. (2) From the Start menu, select Programs or All Programs. (3) Find the Encryption Utility folder for the Encryption Utility program and highlight it. Double-click icon to uninstall the program. (4) The uninstall wizard will appears, and the click Uninstall to remove the program from your PC. (5) After uninstalling the Encryption Utility is completed, click OK to exit the wizard. 18
19