HOME

TheInfoList



OR:

The Secure Communications Interoperability Protocol (SCIP) is a US standard for secure voice and data communication, fo

one-to-one connections, not packet-switched networks. SCIP derived from the US Government Future Narrowband Digital Terminal (FNBDT) project. SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries develop SCIP devices to support the multinational and national modes of SCIP. SCIP has to operate over the wide variety of communications systems, including commercial land line
telephone A telephone is a telecommunications device that permits two or more users to conduct a conversation when they are too far apart to be easily heard directly. A telephone converts sound, typically and most efficiently the human voice, into e ...
, military radios,
communication satellite A communications satellite is an artificial satellite that relays and amplifies radio telecommunication signals via a transponder; it creates a communication channel between a source transmitter and a receiver at different locations on Earth. C ...
s,
Voice over IP Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet t ...
and the several different cellular telephone standards. Therefore, it was designed to make no assumptions about the underlying channel other than a minimum
bandwidth Bandwidth commonly refers to: * Bandwidth (signal processing) or ''analog bandwidth'', ''frequency bandwidth'', or ''radio bandwidth'', a measure of the width of a frequency range * Bandwidth (computing), the rate of data transfer, bit rate or thr ...
of 2400 Hz. It is similar to a dial-up
modem A modulator-demodulator or modem is a computer hardware device that converts data from a digital format into a format suitable for an analog transmission medium such as telephone or radio. A modem transmits data by Modulation#Digital modulati ...
in that once a connection is made, two SCIP phones first negotiate the parameters they need and then communicate in the best way possible. US SCIP or FNBDT systems were used since 2001, beginning with the CONDOR secure cell phone. The standard is designed to cover
wideband In communications, a system is wideband when the message bandwidth significantly exceeds the coherence bandwidth of the channel. Some communication links have such a high data rate that they are forced to use a wide bandwidth; other links ma ...
as well as
narrowband Narrowband signals are signals that occupy a narrow range of frequencies or that have a small fractional bandwidth. In the audio spectrum, narrowband sounds are sounds that occupy a narrow range of frequencies. In telephony, narrowband is usua ...
voice and data security. SCIP was designed by the
Department of Defense Department of Defence or Department of Defense may refer to: Current departments of defence * Department of Defence (Australia) * Department of National Defence (Canada) * Department of Defence (Ireland) * Department of National Defense (Philipp ...
Digital Voice Processor Consortium (DDVPC) in cooperation with the U.S.
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collect ...
and is intended to solve problems with earlier
NSA encryption systems The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have becom ...
for voice, including
STU-III STU-III (Secure Telephone Unit - third generation) is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephone ...
and
Secure Terminal Equipment Secure Terminal Equipment (STE) is the U.S. government's current (), encrypted telephone communications system for wired or "landline" communications. STE is designed to use ISDN telephone lines which offer higher speeds of up to 128 kbit/s ...
(STE) which made assumptions about the underlying communication systems that prevented interoperability with more modern wireless systems. STE sets can be upgraded to work with SCIP, but STU-III cannot. This has led to some resistance since various government agencies already own over 350,000 STU-III telephones at a cost of several thousand dollars each. There are several components to the SCIP standard: key management, voice compression, encryption and a signalling plan for voice, data and multimedia applications.


Key Management (120)

To set up a secure call, a new Traffic Encryption Key (TEK) must be negotiated. For Type 1 security ( classified calls), the SCIP signalling plan uses an enhanced FIREFLY messaging system for key exchange. FIREFLY is an NSA key management system based on
public key cryptography Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...
. At least one commercial grade implementation uses Diffie-Hellman key exchange. STEs use security tokens to limit use of the secure voice capability to authorized users while other SCIP devices only require a
PIN A pin is a device used for fastening objects or material together. Pin or PIN may also refer to: Computers and technology * Personal identification number (PIN), to access a secured system ** PIN pad, a PIN entry device * PIN, a former Dutch ...
code, 7 digits for Type 1 security, 4 digits for unclassified.


Voice compression using Voice Coders (vocoders)

SCIP can work with a variety of
vocoder A vocoder (, a portmanteau of ''voice'' and ''encoder'') is a category of speech coding that analyzes and synthesizes the human voice signal for audio data compression, multiplexing, voice encryption or voice transformation. The vocoder was ...
s. The standard requires, as a minimum, support for the
mixed-excitation linear prediction Mixed-excitation linear prediction (MELP) is a United States Department of Defense speech coding standard used mainly in military applications and satellite communications, secure voice, and secure radio devices. Its standardization and later deve ...
(MELP) coder, an enhanced MELP algorithm known as
MELPe Mixed-excitation linear prediction (MELP) is a United States Department of Defense speech coding standard used mainly in military applications and satellite communications, secure voice, and secure radio devices. Its standardization and later deve ...
, with additional preprocessing, analyzer and synthesizer capabilities for improved intelligibility and noise robustness. The old MELP and the new MELPe are interoperable and both operate at 2400 bit/s, sending a 54 bit data frame every 22.5 milliseconds but the MELPe has optional additional rates of 1200 bit/s and 600 bit/s. 2400 bit/s MELPe is the only mandatory voice coder required for SCIP. Other voice coders can be supported in terminals. These can be used if all terminals involved in the call support the same coder (agreed during the negotiation stage of call setup) and the network can support the required throughput. G.729D is the most widely supported non-mandatory voice coder in SCIP terminals as it offers a good compromise between higher voice quality without dramatically increasing the required throughput.


Encryption (SCIP 23x)

The security used by the multinational and national modes of SCIP is defined by the SCIP 23x family of documents. SCIP 231 defines AES based cryptography which can be used multinationally. SCIP 232 defines an alternate multinational cryptographic solution. Several nations have defined, or are defining, their own national security modes for SCIP.


US National Mode (SCIP 230)

SCIP 230 defines the cryptography of the US national mode of SCIP. The rest of this section refers to SCIP 230. For security, SCIP uses a block cipher operating in
counter mode In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transform ...
. A new Traffic Encryption Key (TEK) is negotiated for each call. The block cipher is fed a 64-bit state vector (SV) as input. If the cipher's block size is longer than 64 bits, a fixed filler is added. The output from the block cipher is xored with the MELP data frames to create the cipher text that is then transmitted. The low-order two bits of the state vector are reserved for applications where the data frame is longer than the block cipher output. The next 42 bits are the counter. Four bits are used to represent the transmission mode. This allows more than one mode, e.g. voice and data, to operate at the same time with the same TEK. The high-order 16 bits are a sender ID. This allows multiple senders on a single channel to all use the same TEK. Note that since overall SCIP encryption is effectively a stream cipher, it is essential that the same state vector value never be used twice for a given TEK. At MELP data rates, a 42-bit counter allows a call over three thousand years long before the encryption repeats. For Type 1 security, SCIP uses BATON, a 128-bit block design. With this or other 128-bit ciphers, such as AES, SCIP specifies that two data frames are encrypted with each cipher output bloc, the first beginning at bit 1, the second at bit 57 (i.e. the next byte boundary). At least one commercial grade implementation uses the
Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standa ...
cipher.


Signalling plan (210)

The SCIP signalling plan is common to all national and multinational modes of SCIP. SCIP has two mandatory types of transmission. The mandatory data service uses an ARQ protocol with forward error correction (FEC) to ensure reliable transmission. The receiving station acknowledges accurate receipt of data blocks and can ask for a block to be re-transmitted, if necessary. For voice, SCIP simply sends a stream of voice data frames (typically MELPe frames, but possibly G.729D or another codec if that has been negotiated between the terminals). To save power on voice calls, SCIP stops sending if there is no speech input. A synchronization block is sent roughly twice a second in place of a data frame. The low order 14 bits of the encryption counter are sent with every sync block. The 14 bits are enough to cover a fade out of more than six minutes. Part of the rest of the state vector are sent as well so that with receipt of three sync blocks, the entire state vector is recovered. This handles longer fades and allows a station with the proper TEK to join a multi station net and be synchronized within 1.5 seconds.


Availability

a range of SCIP documents, including the SCIP-210 signalling standard, are publicly available from th
IAD website
SCIP-related documents are made available through the Information Assurance Directorate web site. Documents can be retrieved by typing "SCIP" into th
IAD SecurePhone document search web page
/ref> Prior to this, SCIP specifications were not widely diffused or easily accessible. This made the protocol for government use rather "opaque" outside governments or defense industries. No public implementation of the Type 1 security and transport protocols are available, precluding its security from being publicly verified.


See also

*
Secure voice Secure voice (alternatively secure speech or ciphony) is a term in cryptography for the encryption of voice communication over a range of communication types such as radio, telephone or IP. History The implementation of voice encryption dat ...
*
ZRTP ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol. ...
*
MELP Mixed-excitation linear prediction (MELP) is a United States Department of Defense speech coding standard used mainly in military applications and satellite communications, secure voice, and secure radio devices. Its standardization and later devel ...
*
MELPe Mixed-excitation linear prediction (MELP) is a United States Department of Defense speech coding standard used mainly in military applications and satellite communications, secure voice, and secure radio devices. Its standardization and later deve ...
*
CVSD Continuously variable slope delta modulation (CVSD or CVSDM) is a voice coding method. It is a delta modulation with variable step size (i.e., special case of adaptive delta modulation), first proposed by Greefkes and Riemens in 1970. CVSD encode ...
*
CELP Code-excited linear prediction (CELP) is a linear predictive speech coding algorithm originally proposed by Manfred R. Schroeder and Bishnu S. Atal in 1985. At the time, it provided significantly better quality than existing low bit-rate algori ...
*
LPC-10e FIPS 137, originally issued as FED-STD-1015, is a secure telephony speech encoding standard for Linear Predictive Coding vocoder developed by the United States Department of Defense and finished on November 28, 1984. It was based on the earlier STA ...
* FS1015 *
FS1016 FS-1016 (also called FED-STD-1016) is a deprecated secure telephony speech encoding standard for Code-excited linear prediction (CELP) developed by the United States Department of Defense and finalized February 14, 1991. Unlike the vocoder used ...
*
ANDVT The Advanced Narrowband Digital Voice Terminal (ANDVT) is a secure voice terminal for low bandwidth secure voice communications throughout the U.S. Department of Defense. Devices in the ANDVT family include the AN/USC-43 Tactical Terminal (TACTERM ...
*
Secure Terminal Equipment Secure Terminal Equipment (STE) is the U.S. government's current (), encrypted telephone communications system for wired or "landline" communications. STE is designed to use ISDN telephone lines which offer higher speeds of up to 128 kbit/s ...
* L-3 Omni/Omni xi * Sectéra secure voice family


Notes


References

*''Securing the Wireless Environment (FNBDT)'', briefing available from http://wireless.securephone.net/ *''Secure Communications Interoperability Protocols, SCIP'', HFIA briefing available at https://web.archive.org/web/20060530160027/http://www.hfindustry.com/Sept05/Sept2005_Presentations/HFIAbriefing.ppt {{Cryptography navbox , machines Cryptographic protocols Speech codecs National Security Agency encryption devices Secure communication