Ardy electronics Sec-line gsm-2002/mw3026 User manual

Page 1 of 12

User Instruction

Instructions about the

The Sec-Line GSM-2002/MW3026.

Ardy Electronics Ltd

P.O.Box 47

S-70140 Orebro Sweden

Phone: +46 19 247010

Fax: +46 19 247011

e-mail: [email protected]

www.ardyelectronics.com

Page 2 of 12

The Sec-Line GSM-2002/MW3026

The Sec-Line Phone 2002/MW3026 is a dual band

GSM 900/1800, composed of a GSM phone

equipped with an encryption function.

Plain communications are established, through the

voice channel, either with or without the function.

This means that the function does not interfere with

plain communications.

Encrypted communications require the function to

be connected to the GSM phone. The encrypted

communication is then transmitted through the data

channel provided by the local GSM service provider.

GSM phone with encryption function

Using the 2002/MW3026 requires subscription on two services, voice services and

data services along with their dedicated calling number. It means that one calling

number is used for plain communication when the data calling number corresponds to

the encrypted call only.

Before the transmission starts in data mode, the voice is digitised, then encrypted,

finally transmitted through the data channel. The communication may be established

between the two encrypted GSM phones, or from an encrypted GSM phone to a

telephone equipped with the 2002/C500 base encryption telephone and reciprocally.

The main advantages of the solution offered by the 2002/MW3026 can be

summarised as follows:

•Allow establishing plain communication as any GSM phone.

•Allow establishing encrypted communication.

•High security of encrypted communication by a 128-bit encryption key.

•High secure proprietary algorithm.

•Low cost solution, using the current GSM network infrastructure.

•Encrypted communication independent of the GSM network.

•Working worldwide on any GSM network.

•900 MHz on GSM standard, 1800 MHz on DCS standard, 11900 MHz on PCS

(USA and South America) standard, as well as dual standard 900 MHz and

1800 MHz are available.

•The traffic key management allows defining hierarchical cryptographic networks

structure.

•New vocoding technology enhances the voice quality.

•As any GSM, easy to use, and operating procedures are user-friendly.

1Only available for purchase order over 2000 units.

Page 3 of 12

Description of the encryption function:

Encryption function. (Figure 1)

The encryption function is inbuilt in the GSM phone, the encryption function as figure 1

is composed of:

•The Vocoder, which digitises the voice.

•The encryption component with a 128-bit encryption key and a proprietary

algorithm.

•The Data interface, during transmission the encrypted digital signal coming

from the data network through the GSM phone is sent to the encryption

function, to be decrypted prior to be sent back to the GSM receiver.

Key Management.

Prior to any encrypted call, the voice signal is digitised then encrypted. The encrypted

algorithm is using a 128-bit traffic encryption key. Keys are introduced locally by the

means of a “Key Management System”. Keys are loaded into the function by using a

personal desktop computer with the appropriate software called “ User Station”.

The User Station software allows renewing the traffic key(s) inside the encryption

function, to reload the supervisor and user codes. Keys are stored ciphered in the

encryption function. The encryption function is able to manage up to 100 network keys

and has a unique base key. Key selection between encryption equipment is done

automatically after negotiation of non-confidential key identifiers.

Page 4 of 12

Sec-Line Base Phone 2002/C500

Sec-Line Base Phone 2002/C500 is placed

under the connected telephone, the solution is

based on the encryption equipment called

2002/C500.

The 2002/C500 unit is installed between the handset and the telephone. The choice of

this type of connection has been designed with the concern to propose equipment

independent of the telecom network.

The 2002/C500 unit secures voice communication on different type of telephones

connected to either PSTN or ISDN networks. Moreover all available functions

provided by a PBX are saved.

The 2002/C500 unit extern appearances consist in small box located under the

telephone. A keyboard and a large graphic screen equip its front.

The 2002/C500 digitises the voice (vocoder), ciphers the bit stream, then a modem

converts the digital signal into an analogue signal being able to be transmitted to the

analogue network.

All man/machine interfaces with the standard telephone remains unchanged.

However, the 2002/C500 is providing the user with the possibility to establish an

encrypted communication, as well as a plain communication. The plain mode to

encryption mode, and reciprocally, during the communication.

The main advantages of the 2002/C500 unit can be summarised as follows:

•Allows establishing plain as well as encrypted communication. During a plain

communication, the user can switch from plain to encrypted communication and

reciprocally. The 2002/C500 of the correspondent will automatically switch from

plain to encrypted and reciprocally.

•Very High security of communication, by a 128-bit encryption key and a

proprietary algorithm.

•Low cost solution.

•The unit can be connected to any current telephone equipment, does not

require the replacing of the existing telephone sets.

•Independent of the network, it is offering an end-to-end high security for

confidential communications.

•Works on PSTN and ISDN networks.

•Keeps available all functionality provided by the PBX.

Page 5 of 12

•The traffic key management allows defining a hierarchical structure of the

cryptographic network.

•Allows establishing encrypted communication with the 2002/MW3026 GSM

phones type.

•New vocoding technology enhances the voice quality.

•Easy to use and operating procedures are user friendly.

•Reliable electronic design.

•Does not require and PTT approval.

Encryption System Description.

Function of the 2002/C500 system.

The 2002/C500 encryption system includes the following components:

•The Vocoder; it digitises the voice signal,

•The encryption unit; which encrypts the digital signal.

•The Modem; it converts the digital signal to an analogue signal prior to transfer

it to the network.

Page 6 of 12

Key Management

Prior any encryption call the voice signal is digitised then encrypted. The encryption

algorithm is using 128-bit encryption traffic key. Keys are loaded into the encryption

component locally by the means of the “Key management System” Keys are also

loaded by using a personal desktop computer with the appropriate software called

“User Station”. The User Station software allows renewing the traffic key(s) inside the

encryption function, to reload the supervisor and the user codes. Keys are stored

ciphered in the encryption component.

The 2002/C500 unit memorises and handles up to 100 traffic keys, allowing the user

to define up to 100 cryptographic networks. In addition, each system owns its unique

base key. Key selection between the 2002/C500 units is done automatically after

negotiation of non-confidential key identifiers.

Key Distribution.

Key distribution ( U=Users, K= Keys)

Page 7 of 12

The encryption function for the GSM phone 2002/MW3026, as well as the 2002/C500

base unit (both called encryption devices) store traffic keys, allowing encrypted

communication.

Each encryption device belongs to a given user. Each user belongs to one or several

groups of users. A group is closed and dedicated to a specific entity: for instance a

group can be dedicated to the Air Forces, of to the Navy, or to the Special Forces etc.

A user may be authorised to establish encrypted communication inside one group, or

from one group to another. It means that the encryption device may be loaded with

only one traffic key belonging to one group, or with several traffic keys corresponding

to several groups. The figure above illustrates the structure of the groups and the

distribution of the traffic keys to different users.

For instance, as showed on the figure above, the user 1 have an encryption device

loaded with four traffic keys, corresponding to groups 1,2,3,4 allowing the user 1 to

communicate in encrypted mode with the users of the four groups. User 4 have an

encryption device with only one traffic key, they can communicate with the users of the

same group2, however, they also are authorised to communicate with users 1 who

have a common key.

From the above figure we define the corresponding cryptographic network as follows:

Cryptographic network

The security agent is in charge of defining the cryptographic network, by the means of

the key management system called “Key Management System”.

Page 8 of 12

Algorithm.

The proposed algorithm is a pseudo random generator based on set of non.-linear

functions associated linear shift registers with maximum period feedback.

The traffic key length is 128 bits and allows 1038 values of key that avoids possibility

of systematic tries. In addition a 64 bits message key is exchanged at each time

communication, this key modifies the binary sequence issued from the same key.

The entropy of the traffic key is 128 bits. The cardinal (cardinal number) of the key is

3,4x1038, equivalent to 2128 combinations. The proprietary algorithm is using real 128

bits traffic key.

System Specifications.

End to end encryption on fixed and on GSM mobile phones.

The Encryption function 2002/MW3026 has been designed with the aim to provide an

end-to-end encrypted communication over 900 MHz, 1800 MHz, 1900 MHz GSM

networks. Independent of the network, the encrypted communication is established

trough the data channel network. The 2002/C500 base unit has been designed for

end-to-end communication over the PSTN/ISDN network and encrypted

communication is established from an encrypted GSM phone and reciprocally.

Through the ordinary network an encrypted communication is established from an

encrypted GSM phone to a telephone base and reciprocally.

The 2002/MW3026 and 2002/C500 structure.

As shown on the picture of the 2002/MW3026 unit it is composed of two sub-

assemblies; the mobile GSM phone and the encryption function. A shown on the

picture of the 2002/C500 unit, it is a small box located under an ordinary telephone. It

is connected between the handset and the base of the telephone. Independent of the

line, the 2002/C500 can be used on PSTN as well as on ISDN lines. Moreover the

method of its connection allows keeping all functionality provided by the PBX.

The proprietary algorithm (non published) developed, using a real 128-bit encryption

key allows to encrypt the digitised signal of the voice. The same algorithm is used on

both the 2002/MW3026 and the 2002/C500 systems. A common key loaded on the

both side of the communication allows the establishment of an encrypted

communication.

Page 9 of 12

The 2002/MW3026 and 2002/C500 plain override facility.

The 2002/MW3026 GSM mobile unit as any kind of GSM mobile phone allows

communicating in plain mode with every other GSM phone with or without the

encryption function connected. The 2002/C500 base unit is transparent during a plain

communication.

Plain or Encrypted mode on the 2002/MW3026 GSM phone.

Easy to use, the encryption GSM phone offers different choices of the communication

mode. The encryption mode in the GSM phone is set using the ENCRYPTION menu

and may be in the following modes:

“By Default Encryption Mode”

The standard display of the GSM mobile phone shows: “CRYPTO”, but pressing the

key makes it possible to switch alternately from encrypted mode to plain mode.

After a plain mode communication, the encryption unit returns automatically to

encryption mode after the phone call.

“On Request Encrypted Mode”

The standard display of the GSM Mobile phone shows “PLAIN”, but pressing the key

makes it possible to switch alternately from plain mode to encrypted mode. After

an encrypted mode communication, the encryption unit returns automatically to plain

mode after the phone call.

“Systematic encryption”.

In this mode the plain communication is not possible. The standby display of the GSM

mobile phone shows “ENCRYPTION”. Pressing the key has no effect. Only

encrypted communications are authorised.

Moreover, when the “On Request Encrypted Mode” is set, it is possible to perform a

encrypted call by choosing an encryption telephone number memorised either in the

memory, or in the redial memory without having to switch the encryption function from

PLAIN mode to ENCRYPTED mode. Actually the encryption telephone number

contains a “C” prefix, which automatically switches the encryption mode from PLAIN to

ENCRYPTION. After the communication, the encryption units return automatically to

plain mode.

Page 10 of 12

When receiving a call the 2002/MW3026 GSM phone will be set automatically in

PLAIN mode for a plain call, on ENCRYPTION mode for a encrypted call. If the

encryption function is not connected to secure the GSM phone during an encrypted

call the following message will be displayed:

“Crypto Call”

“Connect Your Crypto Unit”

The 2002/C500 base telephone unit.

Easy to use, the 2002/C500 unit will automatically switch to “CRYPTO” mode for any

incoming encrypted communication. The 2002/C500 unit is transparent during plain

communication.

During a plain communication, it is possible to switch at any time the communication

from “PLAIN” mode to “CRYPTO” mode by pressing the key the 2002/C500 of the

correspondent will automatically switch to “CRYPTO” mode. It is also possible to

switch an encrypted communication from “CRYPTO” mode to “PLAIN” mode without

interrupting the communication. Calling encrypted GSM number will switch

automatically the 2002/C500 unit to “CRYPTO” mode.

The 2002/MW3026 GSM phone unit.

Tamper proof security facility.

Two secret codes restrict the access to the encrypted communication. The access

known by the user, is required prior any encrypted call, the security code, known only

by the security supervisor, is required prior to display the security menu of the

encryption function.

Prior delivery the encryption function is customised in the factory with default factory

codes value. Prior using the secure GSM phone it is required to replace the access

and security default codes by the user own codes. Among other functions, the “Key

Management System” allows to manage these codes. The access and security default

code values are confidential, they are sent separately from the equipment.

In addition the 2002/MW3026 GSM phone “LOCK K.PAD” feature allows locking the

keypad to prevent any attempt of dialling.

Popular Cell Phone manuals by other brands

Nokia

Nokia 6700 classic user guide

LG L34C user guide

Ericsson

Ericsson T60d manual

Zte

Zte Score M user manual

Sony

Sony Xperia Z1 Compact Startup guide

AT AT-Q5 user manual

Vingtor

Vingtor ACM-M-A-V2 Installation/configuration

Olitech

Olitech EasyFlip 2 Quick setup guide

Zte

Zte Atrium Z793C user manual

Alcatel

Alcatel IDEAL manual

Zte

Zte BLADE A520 quick start guide

switel

switel M222 user manual

LG LG-P503 user guide

LG F2410 user guide

Argom

Argom E500 manual

Hisense

Hisense U30 user manual

Argom Tech

Argom Tech E401 user manual

Nokia

Nokia 3595 - Cell Phone - GSM Manual Del Usuario

Ardy Electronics sec-line GSM-2002/MW3026 User manual

Popular Cell Phone manuals by other brands