53SL ES Series Mobile Radio Operating Manual April 2009
8-11
Over-the-Air Rekeying (OTAR)
Section 8 - Secure Communication (Encryption)
Notice that if all radios in a cryptonet are using traffic keys from the same active keyset,
the keys contained in the inactive keyset of each radio can be replaced without disrupting
encrypted communications. Once the keys in the inactive keyset are replaced for every
radio in a given cryptonet, the radios can switch active keysets and start using the new
keys. After all radios are using the new keys, the keys in the previously used keyset can
then be replaced, and so on. It is the task of the Key Management Facility to coordinate
this key cycling activity.
While the active keyset is usually selected by the Key Management Facility, it can also be
selected by the radio user if the KY CHG option switch is programmed. In this fashion,
two keysets can be used even if OTAR is not being used. Note that the radio must be in
SLN mode (see Section 8.2.2) to make use of keysets.
KEKs are always placed in Keyset 255, and are always considered to be active. The valid
SLN range for Keyset 255 is 61440 through 65535. While KEKs can reside in any SLN
within this range, traditionally UKEKs will reside in SLN 61440 and/or 61442, and
CKEKs, if present, will reside in 61441 and/or 61443. The EFJohnson Technologies KMF
uses SLN 61440 for DES UKEKs.
Erase Previous Keyset on OTAR Changeover
is selected in PC Configure, the keys in
the original keyset are erased when the OTAR Changeover command or the Keyset option
switch are used to select the other keyset. If this not selected, the keys in the original
keyset are not erased when this occurs. Please note that this only erases keys on an OTAR
changeover: It does not erase keys on a manual keyset changeover from either the menu or
function button.
8.5.3
Key Management Facility
The Key Management Facility (KMF) provides key management and OTAR functions to
applicable radios within the radio system. One of the main tasks of the KMF is to maintain
a data base of encryption information contained in each radio. This information may
include the following:
• TEKs (main Traffic Encryption Keys)
• KEKs (Key Encryption Keys) used to encrypt keys within OTAR messages
• Keysets (groups of TEKs or KEKs)
• Individual and group Radio Set Identifiers (RSIs)
The KMF performs OTAR functions by exchanging Key Management Messages (KMMs)
with the radios. Both the KMF and radio can originate messages. Some functions
performed by the KMF are as follows:
• Loading new keys
• Modifying keys
• Initiating active keyset switch overs