SCIP
Encyclopedia
SCIP is a multinational standard for secure voice and data communication. The acronym stands for Secure Communications Interoperability Protocol. SCIP derived from the US Government FNBDT (Future Narrowband Digital Terminal) project after the US offered to share details of FNBDT with a number of other nations in 2003.
SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries are actively developing SCIP devices to support the multinational and national modes of SCIP.
SCIP has to operate over the wide variety of communications systems, including commercial land line telephone
, military radios, communication satellites, Voice over IP
and the several different cellular telephone standards. Therefore it was designed to make no assumptions about the underlying channel other than a minimum bandwidth of 2400 Hz
. It is similar to a dial-up modem
in that once a connection is made, two SCIP phones first negotiate the parameters they need and then communicate in the best way possible.
US SCIP [FNBDT] systems have been in use since 2001, beginning with the CONDOR secure cell phone
. The standard is designed to cover wideband
as well as narrowband
voice and data security.
SCIP was designed by the Department of Defense
Digital Voice Processor Consortium (DDVPC) in cooperation with the U.S. National Security Agency
and is intended to solve problems with earlier NSA encryption systems
for voice, including STU-III
and STE
which made assumptions about the underlying communication systems that prevented interoperability with more modern wireless systems. STE sets can be upgraded to work with SCIP, but STU-III cannot. This has led to some resistance since various government agencies already own over 350,000 STU-III telephones at a cost of several thousand dollars each.
There are several components to the SCIP standard: key management, voice compression, encryption and a signalling plan.
(TEK) must be negotiated. For Type 1 security (classified
calls), the SCIP signalling plan uses an enhanced FIREFLY
messaging system for key exchange. FIREFLY is an NSA key management system based on public key cryptography. At least one commercial grade implementation uses Diffie-Hellman key exchange.
STEs use security tokens to limit use of the secure voice capability to authorized users while other SCIP devices only require a PIN
code, 7 digits for Type 1 security, 4 digits for unclassified.
s, but the standard requires, as a minimum, support for the Mixed Excitation Linear Prediction coder known as (MELP), an enhanced MELP algorithm known as MELPe, with additional preprocessing, analyzer and synthesizer capabilities for improved intelligibility and noise robustness. The old MELP and the new MELPe are interoperable and both operate at 2400 bit/s, sending a 54 bit data frame every 22.5 millisecond
s but the MELPe has optional additional rates of 1200 bit/s and 600 bit/s.
2400 bit/s MELPe is the only mandatory voice coder required for SCIP. Other voice coders can be supported in terminals. These can be used if all terminals involved in the call support the same coder (agreed during the negotiation stage of call setup) and the network can support the required throughput. G.729D is the most widely supported non-mandatory voice coder in SCIP terminals as it offers a good compromise between higher voice quality without dramatically increasing the required throughput.
SCIP 231 defines AES based cryptography which can be used multinationally.
SCIP 232 defines an alternate multinational cryptographic solution.
Several nations have defined, or are defining, their own national security modes for SCIP.
For security, SCIP uses a block cipher
operating in counter mode. A new Traffic Encryption Key (TEK) is negotiated for each call. The block cipher is fed a 64-bit state vector (SV) as input. If the cipher's block size is longer than 64 bits, a fixed filler is added. The output from the block cipher is xored with the MELP data frames to create the cipher text that is then transmitted.
The low-order two bits of the state vector are reserved for applications where the data frame is longer than the block cipher output. The next 42 bits are the counter. Four bits are used to represent the transmission mode. This allows more than one mode, e.g. voice and data, to operate at the same time with the same TEK. The high-order 16 bits are a sender ID. This allows multiple senders on a single channel to all use the same TEK. Note that since overall SCIP encryption is effectively a stream cipher
, it is essential that the same state vector value never be used twice for a given TEK. At MELP data rates, a 42-bit counter allows a call over three thousand years long before the encryption repeats.
For Type 1 security, SCIP uses BATON
, a 128-bit block design. With this or other 128-bit ciphers, such as AES
, SCIP specifies that two data frames are encrypted with each cipher output bloc, the first beginning at bit 1, the second at bit 57 (i.e. the next byte boundary). At least one commercial grade implementation uses the Triple DES
cipher.
(FEC) to ensure reliable transmission. The receiving station acknowledges accurate receipt of data blocks and can ask for a block to be re-transmitted, if necessary. For voice, SCIP simply sends a stream of voice data frames (typically MELPe frames, but possibly G.729D or another codec if that has been negotiated between the terminals). To save power on voice calls, SCIP stops sending if there is no speech input. A synchronization block is sent roughly twice a second in place of a data frame. The low order 14 bits of the encryption counter are sent with every sync block. The 14 bits are enough to cover a fade out of more than six minutes. Part of the rest of the state vector are sent as well so that with receipt of three sync blocks, the entire state vector is recovered. This handles longer fades and allows a station with the proper TEK to join a multi station net and be synchronized within 1.5 seconds.
Prior to this, SCIP specifications were not widely diffused or easily accessible. This made the protocol for government use rather "opaque" outside governments or defense industries.
No public implementation of the Type 1 security and transport protocols are available, precluding its security from being publicly verified.
SCIP supports a number of different modes, including national and multinational modes which employ different cryptography. Many nations and industries are actively developing SCIP devices to support the multinational and national modes of SCIP.
SCIP has to operate over the wide variety of communications systems, including commercial land line telephone
Telephone
The telephone , colloquially referred to as a phone, is a telecommunications device that transmits and receives sounds, usually the human voice. Telephones are a point-to-point communication system whose most basic function is to allow two people separated by large distances to talk to each other...
, military radios, communication satellites, Voice over IP
Voice over IP
Voice over Internet Protocol is a family of technologies, methodologies, communication protocols, and transmission techniques for the delivery of voice communications and multimedia sessions over Internet Protocol networks, such as the Internet...
and the several different cellular telephone standards. Therefore it was designed to make no assumptions about the underlying channel other than a minimum bandwidth of 2400 Hz
Hertz
The hertz is the SI unit of frequency defined as the number of cycles per second of a periodic phenomenon. One of its most common uses is the description of the sine wave, particularly those used in radio and audio applications....
. It is similar to a dial-up modem
Modem
A modem is a device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original digital data...
in that once a connection is made, two SCIP phones first negotiate the parameters they need and then communicate in the best way possible.
US SCIP [FNBDT] systems have been in use since 2001, beginning with the CONDOR secure cell phone
CONDOR secure cell phone
Qualcomm built several prototype secure CDMA phones for NSA under a contract project called "Condor". The NSA insisted on hardware encryption, which Qualcomm originally implemented using Fortezza PC cards, but later it became apparent that what the NSA really wanted was developed as the...
. The standard is designed to cover wideband
Wideband
In communications, wideband is a relative term used to describe a wide range of frequencies in a spectrum. A system is typically described as wideband if the message bandwidth significantly exceeds the channel's coherence bandwidth....
as well as narrowband
Narrowband
In radio, narrowband describes a channel in which the bandwidth of the message does not significantly exceed the channel's coherence bandwidth. It is a common misconception that narrowband refers to a channel which occupies only a "small" amount of space on the radio spectrum.The opposite of...
voice and data security.
SCIP was designed by the Department of Defense
United States Department of Defense
The United States Department of Defense is the U.S...
Digital Voice Processor Consortium (DDVPC) in cooperation with the U.S. National Security Agency
National Security Agency
The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
and is intended to solve problems with earlier NSA encryption systems
NSA encryption systems
The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems has become known and its most modern systems share at least...
for voice, including STU-III
STU-III
STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user...
and STE
Secure Terminal Equipment
Secure Terminal Equipment is the U.S. Government's current , encrypted telephone communications system for wired or "landline" communications. STE is designed to use ISDN telephone lines which offer higher speeds of up to 128k bits per second and are all digital...
which made assumptions about the underlying communication systems that prevented interoperability with more modern wireless systems. STE sets can be upgraded to work with SCIP, but STU-III cannot. This has led to some resistance since various government agencies already own over 350,000 STU-III telephones at a cost of several thousand dollars each.
There are several components to the SCIP standard: key management, voice compression, encryption and a signalling plan.
Key Management (120)
To set up a secure call, a new Traffic Encryption KeyKey (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
(TEK) must be negotiated. For Type 1 security (classified
Classified information in the United States
The United States government classification system is currently established under Executive Order 13526, the latest in a long series of executive orders on the topic. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the...
calls), the SCIP signalling plan uses an enhanced FIREFLY
Firefly
Lampyridae is a family of insects in the beetle order Coleoptera. They are winged beetles, and commonly called fireflies or lightning bugs for their conspicuous crepuscular use of bioluminescence to attract mates or prey. Fireflies produce a "cold light", with no infrared or ultraviolet frequencies...
messaging system for key exchange. FIREFLY is an NSA key management system based on public key cryptography. At least one commercial grade implementation uses Diffie-Hellman key exchange.
STEs use security tokens to limit use of the secure voice capability to authorized users while other SCIP devices only require a PIN
Personal identification number
A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...
code, 7 digits for Type 1 security, 4 digits for unclassified.
Voice compression using Voice Coders (vocoders)
SCIP can work with a variety of vocoderVocoder
A vocoder is an analysis/synthesis system, mostly used for speech. In the encoder, the input is passed through a multiband filter, each band is passed through an envelope follower, and the control signals from the envelope followers are communicated to the decoder...
s, but the standard requires, as a minimum, support for the Mixed Excitation Linear Prediction coder known as (MELP), an enhanced MELP algorithm known as MELPe, with additional preprocessing, analyzer and synthesizer capabilities for improved intelligibility and noise robustness. The old MELP and the new MELPe are interoperable and both operate at 2400 bit/s, sending a 54 bit data frame every 22.5 millisecond
Millisecond
A millisecond is a thousandth of a second.10 milliseconds are called a centisecond....
s but the MELPe has optional additional rates of 1200 bit/s and 600 bit/s.
2400 bit/s MELPe is the only mandatory voice coder required for SCIP. Other voice coders can be supported in terminals. These can be used if all terminals involved in the call support the same coder (agreed during the negotiation stage of call setup) and the network can support the required throughput. G.729D is the most widely supported non-mandatory voice coder in SCIP terminals as it offers a good compromise between higher voice quality without dramatically increasing the required throughput.
Encryption (SCIP 23x)
The security used by the multinational and national modes of SCIP is defined by the SCIP 23x family of documents.SCIP 231 defines AES based cryptography which can be used multinationally.
SCIP 232 defines an alternate multinational cryptographic solution.
Several nations have defined, or are defining, their own national security modes for SCIP.
US National Mode (SCIP 230)
SCIP 230 defines the cryptography of the US national mode of SCIP. The rest of this section refers to SCIP 230.For security, SCIP uses a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
operating in counter mode. A new Traffic Encryption Key (TEK) is negotiated for each call. The block cipher is fed a 64-bit state vector (SV) as input. If the cipher's block size is longer than 64 bits, a fixed filler is added. The output from the block cipher is xored with the MELP data frames to create the cipher text that is then transmitted.
The low-order two bits of the state vector are reserved for applications where the data frame is longer than the block cipher output. The next 42 bits are the counter. Four bits are used to represent the transmission mode. This allows more than one mode, e.g. voice and data, to operate at the same time with the same TEK. The high-order 16 bits are a sender ID. This allows multiple senders on a single channel to all use the same TEK. Note that since overall SCIP encryption is effectively a stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
, it is essential that the same state vector value never be used twice for a given TEK. At MELP data rates, a 42-bit counter allows a call over three thousand years long before the encryption repeats.
For Type 1 security, SCIP uses BATON
BATON
BATON is a Type 1 block cipher in use since at least 1995 by the United States government to secure classified information.While the BATON algorithm itself is secret, the public PKCS#11 standard includes some general information about how it is used. It has a 320-bit key and uses a 128-bit block...
, a 128-bit block design. With this or other 128-bit ciphers, such as AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
, SCIP specifies that two data frames are encrypted with each cipher output bloc, the first beginning at bit 1, the second at bit 57 (i.e. the next byte boundary). At least one commercial grade implementation uses the Triple DES
Triple DES
In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....
cipher.
Signalling plan (210)
The SCIP signalling plan in common to all national and multinational modes of SCIP. SCIP has two mandatory types of transmission. The mandatory data service uses an ARQ protocol with forward error correctionForward error correction
In telecommunication, information theory, and coding theory, forward error correction or channel coding is a technique used for controlling errors in data transmission over unreliable or noisy communication channels....
(FEC) to ensure reliable transmission. The receiving station acknowledges accurate receipt of data blocks and can ask for a block to be re-transmitted, if necessary. For voice, SCIP simply sends a stream of voice data frames (typically MELPe frames, but possibly G.729D or another codec if that has been negotiated between the terminals). To save power on voice calls, SCIP stops sending if there is no speech input. A synchronization block is sent roughly twice a second in place of a data frame. The low order 14 bits of the encryption counter are sent with every sync block. The 14 bits are enough to cover a fade out of more than six minutes. Part of the rest of the state vector are sent as well so that with receipt of three sync blocks, the entire state vector is recovered. This handles longer fades and allows a station with the proper TEK to join a multi station net and be synchronized within 1.5 seconds.
Availability
a range of SCIP documents, including the SCIP-210 signalling standard, are publicly available from the IAD website.Prior to this, SCIP specifications were not widely diffused or easily accessible. This made the protocol for government use rather "opaque" outside governments or defense industries.
No public implementation of the Type 1 security and transport protocols are available, precluding its security from being publicly verified.
See also
- Secure voiceSecure voiceSecure voice is a term in cryptography for the encryption of voice communication over a range of communication types such as radio, telephone or IP.-History:...
- ZRTPZRTPZRTP is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over Internet Protocol phone telephony call based on the Real-time Transport Protocol. It uses Diffie-Hellman key exchange and the Secure Real-time Transport Protocol for...
- MELP
- MELPe
- CVSD
- CELP
- LPC-10e
- FS1015
- FS1016
- ANDVTANDVTThe Advanced Narrowband Digital Voice Terminal is a secure voice terminal for low bandwidth secure voice communications throughout the U.S. Department of Defense. Devices in the ANDVT family include the AN/USC-43 Tactical Terminal , the KY-99A Miniaturized Terminal , and the KY-100 Airborne...
- Secure Terminal EquipmentSecure Terminal EquipmentSecure Terminal Equipment is the U.S. Government's current , encrypted telephone communications system for wired or "landline" communications. STE is designed to use ISDN telephone lines which offer higher speeds of up to 128k bits per second and are all digital...
- L-3 Omni/Omni xiOMNI (SCIP)The OMNI adds Type 1 secure voice and secure data to any standard analog telephone or modem connected computer. SCIP signalling allows interoperability with other SCIP devices such as the Secure Terminal Equipment phone...
- Sectéra secure voice familySectéra Secure ModuleSectéra is a family of secure voice and data communications products made by General Dynamics C4 Systems which are approved by the United States National Security Agency...