TCC TCClogo

Technical White Paper Discussing
Voice Encryption Methods


Introduction
Definitions
Technical Discussion

Introduction:

This paper discusses in general terms, typical methods used to integrate voice encryption equipment into communications channels. The paper is not intended to delve deeply into the internal workings of any particular product, i.e., product-specific encryption algorithms. It does, however, look at voice applications as well as some communications topologies traditionally used in voice communications.

[Back to Top of Paper]

Definitions:

Full Duplex - simultaneous, bi-directional traffic between two (or more) users. True full duplex traffic generally requires two, one-way communications links each servicing traffic in opposite directions. An example of a full duplex voice system is the classic analog telephone system that allows two or more users to talk simultaneously to each other.

Half Duplex - non-simultaneous bi-directional traffic between two (or more) users. Half duplex usually relies on cooperation between the users, allowing each to speak in turn. In most half duplex systems, the default mode is 'receive' or 'listen,' with the 'send' or 'talk' mode commanded by the individual users' actions. Some half duplex systems use manually actuated switches (e.g. push-to-talk or 'PTT') to determine when the near end unit will transmit, while other systems use voice actuated microphones (VOXes) that begin transmitting when the VOX circuit detects a signal above its set audio threshold level. In some cases, a mixed mode system is introduced, (e.g., a half duplex radio patch to a full duplex phone system) where the resultant system takes on many of the attributes of a half duplex system.

Voice Channel Attributes - Voice channel attributes are typically dependent on whether the voice is digitized or presented in an analog format. Digitized voice channels perform in many respects like digital data channels in that the channel processing performed on the digital voice traffic is identical to that of data traffic. In many multi-channel systems, voice and data signals are intermixed in a multiplexer, and are therefore treated identically within the communications pipeline. Most users of data channels are not overly concerned with data packet delays of up to 2 or 3 seconds. Most users of voice channels (digitized or analog circuits) are critically aware of such delays, and would therefore not appreciate the communications channel postponing audio presentation while re-sending "voice packets". On the other hand, a voice channel may perform adequately with a fair amount of noise, (bit errors) while although noticeable, would not seriously effect voice intelligibility. A data channel on the other hand may not tolerate any bit errors and may make use of extensive amounts of forward error correction and/or data re-transmissions to detect and correct any errors at the destination data terminal.

Intrusive vs. Non-intrusive Cryptographic Methods - Most voice systems are made up of various sub systems or 'components' that treat or process voice information. In the case of cryptographic equipment, the introduction of an encipher and decipher process is designed to provide a non-intrusive presence, particularly when the cryptographic equipment is placed in a "PLAIN" mode of operation. This methodology dictates that the user of a system does not detect the presence of a cryptographic subsystem within its architecture. The possible exception may include some additional delay introduced by the signal processing, and occasionally, some additional user functionality (mode selections and indicators). An example of intrusive cryptographic methodology is where additional connections (patches), complex channel establishment procedures (special lines or trunks), or other noticeable features like degraded voice quality or some other measurable voice channel degradation is present.

Throughput Delay - A measure of total end-to-end time delay that a system introduces to a communications channel, between the signal's point of origin and its point of final reception. The total throughput delay of a system is the sum of all system time delays ranging from coder/decoders (CODEC) or other digitization techniques, signal buffers, signal processing, interleaving techniques (error spreading matrices), signal filters, as well as all propagation delays from the communications path(s). In general, this delay is most noticeable in voice channels, and in particular, full duplex voice channels such as telephone circuits.

[Back to Top of Paper]

Technical Discussion:
  1. Why Do I Need Encryption?
  2. If My Voice Audio Circuit is Already Digitized, Why Do I Need Voice Encryption?
  3. What Types of Voice Circuits Can Be Protected?
    Digital Voice Encryptor
    Analog Voice Encryptor
  4. What Types of Encryption Products Exist for Voice Circuits?
  5. How Can TCC Satisfy My Security Needs?

1. "Why Do I Need Encryption?" (Some Basic Assumptions):

Any general discussion on the need for voice encryption makes a few assumptions. These being, that the user of a comunications system believes that;

  1. a real or perceived threat exists in voice traffic collection from some source who has the technical and financial means to collect and extract information from a communications system.
  2. the information on the system is of some value to persons other than the sender and the intended receiver(s), e.g., personal; financial; intelligence; or otherwise information that is sensitive in nature.

2. "If my voice audio circuit is already digitized; why do I need voice encryption?"

The average eavesdropper with a simple analog radio or telephone wire tap may not be a real threat against a modern digitized communications channel, however, most people would agree that the 'average eavesdropper' is not representative of their threat. The standards placed on communications systems are global in nature, and the boxes that can intercept (monitor) most communications protocols are 'off-the-shelf' purchases. Therefore, digitization alone only protects your voice channel from the 'casual listener' who's budget does not include the necessary, commercially available, monitoring products.

3. "What Types of Voice Circuits Can Be Protected?"

Any type of voice circuit is capable of being protected to some extent with the appropriate encryption product. The decision as to which product is best suited for a particular voice application is dependent on the communications channel characteristics and the level of security needed.

As noted above in the 'Definitions' section, the classical voice circuit is generally less tolerant of extensive throughput delays. Voice circuits that incorporate voice encryption are generally going to see some slight increase in the channel's throughput delay. This may present other challenges, particularly in analog full duplex circuits where near-end echo off of a telephone hybrid is present, due to the additional signal processing delays introduced.

The term "Encryption" implies more than just "voice scrambling" which simply disguise the voice in some manner to reduce the intelligibility of someone monitoring the channel. Most "scramblers" do not use any form of key stream generator that allow any pseudo random changes to the scrambling pattern. The security level of "voice scramblers" is therefore quite low and this approach requires little in terms of counter-measure costs to defeat.

[Back to Technical Discussion] [Back to Top of Paper]

VOICE ENCRYPTOR AND VOICE CIRCUIT TYPES:

The two voice encryptor types are generally categorized as either 'analog voice encryptors' or 'digital voice encryptors'.

I. The Digital Voice Encryptor

  1. The digital voice encryptor treats the voice signal as a digital data stream, and is therefore closer to a data encryptor than a voice encryptor in terms of its performance characteristics. It relies on some method of converting the voice signal into a digital data stream. Once it is digitized, it is then 'Exclusive ORed' with the key stream generator's output bit stream, thus producing the encrypted data stream signal sent out over the channel.
  2. The principle disadvantage or limitation of the digital voice encryptor is generally recognized to be that of recovered voice intelligibility and recognition brought on by limitations in voice channel bandwidths. In other words, in order to fit the digitized information into a restrictive audio channel, certain trade-offs of bits-per-second (bps) vs. voice quality need to be addressed. Also, the previously noted problem with retaining digital synchronization on poor quality channels is also generally viewed as a disadvantage of digital voice encryption techniques.
  3. One notable advantage of a digital voice encryptor over an analog voice encryptor is that the security level is generally considered to be equal to that of the key stream generator itself. Related to this feature, digital encryption offers the countermeasure attacker an interesting problem, where if designed correctly, the ability to break back the data stream to the key is typically viewed as an "all-or-nothing" challenge. That is, if the key is discovered, all of the traffic for that key period is susceptible to interception. The analog encryptor, again if properly designed, offers a different challenge to an attacker, in that the amount of effort to find the originator's key from the attributes of the captured encrypted analog signal is next to impossible (due to limited key stream 'visibility') and is not an all-or-nothing challenge. The only viable attack against "quality" analog encryption techniques is to attempt to piece together the individual audio segments using individual segment's boundary characteristics. These segment boundary characteristics are not necessarily easy to ascertain, particularly after a signal has been transmitted over a communications channel. Although some degree of success may be achieved over long periods of time, the amount of effort to piece together small segments (seconds) of speech is generally viewed as not worth the signal analysis time (weeks to months) and effort it requires.
  4. All digitized voice encryptors use some method of digitizing the voice signal using an analog-to-digital (A/D) process before the signal is encrypted. The principle difference from 'analog' approaches is that the digitized signal is not treated as analog information, but rather is viewed as a true digital bit stream that is subsequently Exclusive-ORed (XOR) with the output of the secure key stream generator. This classical digital decryption method does result in a secured data bit stream with totally pseudo random characteristics. The 'down side' is that a quality (high bit rate) voice signal, being truly random digital in nature, cannot be re-routed through the D/A (digital to analog) circuitry and be broadcast in the same analog bandwidth channel as the original voice signal. The only way to reduce the channel bandwidth of the signal is to reduce the sampling rate of the analog signal during the A/D process. The obvious result in reducing the sampling rate is that the audio characteristics suffer. A simple A/D converter samples the signal at twice the highest frequency component of the analog signal. If the sampling rate is reduced, then the channel band-width must likewise be reduced. This reduces the channel band pass in proportion to this reduction. To help offset this constraint, voice encoding techniques have been developed that enable the predictable nature of voice signals to be modeled with the end result of greatly reducing the digital rate needed to pass an audio signal. The most common digital voice encryptors use a vocoder (short for voice coder/ decoder) to provide the optimum voice intelligibility for a given channel data capacity. These devices (or software modules) use current and previous states of sampled audio to predict the next sample's state, and then model the deviation from the expected state in far fewer bits than an equivalent direct-sampled A/D converter would need. Most modern voice encryption products use vocoders, to present the best available voice characteristics within constrained channel bandwidths. A 'down side' to vocoders over direct A/D and D/A, is that channel noise attributes and distortions become more pervasive when using a vocoder, since more information is represented by individual bits than in simple A/D and D/A converters. The other 'down side' is that even the best designed voice encoders can require appreciably more bandwidth to pass an equivalent audio quality signal than a straight analog signal (or an analog encrypted signal).

[Back to Technical Discussion] [Back to Top of Paper]

II. The Analog Voice Encryptor

Early methods of "analog" encryption were nothing more than voice scramblers with little security to any aggressive attack. The advent of more powerful voice processing circuitry and software allowed more sophisticated voice processing techniques that use a key generator's secure key stream for selecting the given sound segment's permutations. These permutations include band segmentation, sub-band frequency inversions (or non-inversions), and sub-band segment interleaving. The more combinations used, the harder to reconstruct the signal without knowledge of the key generator's key stream. This technique will generally provide a near-plain mode level of voice quality while containing the encrypted channel to within the plain modes voice channel bandwidth. It is common in the newer 'analog' techniques to digitize the signal, but it processes (in many respects) like an analog signal. In this respect, it is a bit of a misnomer to call it 'analog' encryption, however it is done primarily to differentiate it from 'digital' voice encryption techniques (see the discussions below).

  1. The analog voice encryptor can be viewed as a hybrid between a digital encryptor and a voice scrambler. It also digitizes the voice signal (often at a data rate much higher than the typical Vocoder), but handles the voice processing in a manner that allows digital-to-analog reconstruction in a bandwidth constrained manner. This means that although the analog voice signal is digitally processed, it retains sufficient voice-like characteristics, that when transmitted out over the channel, maintains the energy within the original voice channel.
  2. The digital processing portion of the analog encryptor is generally executed on a high speed digital signal processor (DSP) that handles the digitized audio as sub-elements of the original captured audio. These sub-elements are pseudo randomly manipulated in both time and frequency domains, so that the exported signal has very little of its original voice intelligibility. The destination end processing performs the reverse time and frequency manipulations and reconstructs the audio composite using its DSP.
  3. The principle advantage of this approach is the voice quality which is typically much higher than a vocoder-generated product for a given channel bandwidth. Additionally, it operates on far worse channels; noise, multipath, phase distortion, etc. than the digital equivalent encryption system. The degree of security is to a large degree dependent on the level of signal processing and the security of the key stream generator used to set the signal processing's permutation attributes. On one hand, it's extremely difficult to attack the key stream used, particularly if hashing functions are used (that hide the actual key stream output) and the fact that any key stream 'visibility' is very limited. As noted above in the Digital Voice Encryption discussions, this makes a break of the key stream through key analysis extremely improbable.
  4. The principle disadvantage of the analog voice encryption technique is in its retention of a finite number of signal permutations. When the number of signal permutations is limited, it may be possible (with a reasonable amount of effort) to achieve some degree of success using signal analysis countermeasures. This approach requires the use of sophisticated signal analysis of the individual encrypted audio segments in an attempt to characterize each to a degree where they can be reconstructed and reorganized in their original orientation and sequential order. However, the ability to reconstruct the signal using brute force methods is very limited if sophisticated encryption techniques are used, plus the process is too slow to achieve anywhere near real time signal reconstruction. It is therefore an excellent approach for achieving a "tactical" level of voice security, and (depending on the sophistication of signal processing used) can achieve 'strategic' (long term) levels of signal protection.

In general, the voice channel encryptor operates on one of the three channel types discussed below:

[Back to Technical Discussion] [Back to Top of Paper]

III. Voice Circuit Channel Types

  1. Single Channel Full Duplex Encryption. The most popular application is the secure telephone. It offers end-to-end voice encryption using specialized circuitry and software within the telephone itself. This category of encryption also includes station-to-station voice encryption. It may have the cryptographic device separated from the actual phone instrument by some distance, however, with the advent of microcircuit technology, this approach is not as popular as true end-to-end (phone-to-phone) encryption. The actual method of encryption is typically either analog encryption or digital encryption. Both of these methods will use some sort of Key Generator to produce a secure key stream used by the voice encryptor and decryptor, be it analog encryption or digital encryption.
  2. Multi-channel Full Duplex. Multi-channel type systems are often encrypted on a station-to-station basis using digital trunk encryption methods. Analog trunks (frequency division multiplexed, multi-channel voice circuits) are seldom if ever "bulk" encrypted due to the extremely high digital sampling rates required and the complexities involved in producing an acceptable voice quality deciphered signal. Digital voice trunks are often encrypted in the same way as digital data trunks. The architecture of a system dictates where the selected encryption device is placed, typically between the voice channel multiplex/ demultiplex equipment and the communications link, (e.g., radio equipment). As in data bulk encrypted channels, the level of security for station-to-station encryption techniques is a function of the degree of physical security of the individual physical channels between the multiplexer equipment and the individual audio channel, (e.g., telephone) instrument. In general, if you can't guarantee the security of the physical links to the end instruments, you should select end-to-end encryption rather than bulk (trunk) station-to-station encryption.
  3. Single Channel Half Duplex. These systems are generally found on radio channels with push-to-talk features used to send voice traffic across the radio link. Occasionally, data encryptors are found on radio channels, however, many poor quality, (e.g., long distance HF) radio channels will not support reliable, real-time digitized voice exchanges at rates above 600 bits per second (bps). The audio encoders operating at 600bps are not generally acceptable to users who are used to voice recognition and 'plain mode' voice quality. For this reason, 'analog' voice encryption schemes are generally preferred on poor quality radio channels (and even on noisy, poor quality telephone channels). Another attribute of 'analog' encryptors is that they generally accommodate burst noise and channel fade outs without the problem of 'losing sync' experienced on 'digital' voice encryption products.

[Back to Technical Discussion] [Back to Top of Paper]

4. "What Types of Encryption Products Exist for Voice Circuits?"

Many analog voice encryptors and digital voice encryptors are commercially available from a variety of sources. Major distinctions between sources exist and the differences dictate the success of the companies' offerings. When selecting the best voice encryptor for a particular application, the following considerations should be considered:

  • What levels of security are needed?
  • What device type (i.e. analog or digital) best suits the specific application (telephone, HF radio, FAX, aircraft qualified narrow-band, etc.)?
  • What level of device reliability and supportability is needed.
  • What key management approach (Public or Secret Key) is desired for the application?
  • What budgetary constraints exist which limit the device selection choices?

In addition, which companies:

  • Provide integration assistance and up-front technical support?
  • Provide customer support after the sale?
  • Are acknowledged leaders in Cryptography?
  • Will be around in 5 to 10 years to support their products?

[Back to Technical Discussion] [Back to Top of Paper]

5. "How Can TCC Satisfy My Security Needs?"

TCC offers the industry's best solutions to both digital and analog types of voice encryption. TCC's digital phones offer either Public or Secret key approaches and digitized voice options between 2,400bps to 9,600bps.

As the industry's leader in analog security solutions, TCC's DSP 9000 family of security products has a stellar reputation for both high security levels, reliable service, and affordable pricing. TCC's patented Enhanced Domain Transform (EDT) signal processing approach provides excellent recovered voice quality while maintaining an extremely narrow occupied channel bandwidth of only 3KHz. Used with narrow-band radios like HF long-haul and UHF or VHF line of sight (including a number of aircraft applications), the DSP 9000 handles the worst channel distortion and noise conditions and channel fading, and consistently proves its worth to many customers world-wide. Coupled with a user-friendly key management structure based on highly secure Secret keys, the user of the DSP 9000 will appreciate both the ease of key management and the excellent performance. The DSP 9000 "family" includes:

  • DSP 9000 Full Duplex (DSP 9000FD)
  • DSP 9000 Full Duplex with Rear Connector (DSP 9000FD/RC)
  • DSP 9000 Half Duplex (DSP 9000HD)
  • DSP 9000 Half Duplex with Rear Connector (DSP 9000HD/RC)
  • DSP 9000 Handset (Half Duplex (DSP 9000HS)
  • DSP 9000 Half Duplex Implant Board (DSP 9000 IMP) - Transworld 7000-series radio
  • DSP 9000 Full Duplex Remote Vehicular, Mobile (DSP 9000RVM)

TCC also delivers embedded versions of the half duplex DSP 9000 (Note: the currently fielded DSP 9000 IMP above). With a minimum of space and the radio host's interfaces defined, TCC can also develop and deliver embedded analog encryption solutions of various package shapes and audio interfaces.

The CSD 3324E Secure Telephone Central Office product operates using Secret keys and offers not only 9,600 and 4,800bps digital encryption, but also full analog encryption which is interoperable with the DSP 9000 product lines. This hybrid solution is powerful in that it allows the use of the highest security levels for both digital and analog encryption. This product also supports two fully secure peripheral secure interfaces, a 2-wire (RJ-11) FAX interface and an RS-232 asynchronous port to secure data terminals and personal computer file transfers.

The CSD 4100 Secure Telephone product offers 9,600bps, 4,800bps, and 2,400bps digital voice encryption. It is fully featured and has a number of peripherals such as a video platform complete with color LCD and built-in camera for secure video phone operation, an RS-232 interface, PBX support and telephone conferencing.

The CSD 3600 Secure Telephone Attachment will interoperate with a CSD 4100 at 2,400bps and 4,800bps, and is installed between an existing 'standard' telephone and its handset through the handset's modular cord. Like the CSD 4100, it uses digital voice secure encryption.

The discussions above are designed to be introductory in nature. The actual intricacies of voice and data encryption techniques, and the complexities of the numerous voice and data channel topologies are much to diverse to present in a single white paper. The decisions and tasks of a systems integrator when choosing an encryption solution, are very involved and typically take first hand discussions with the encryption device manufacturer to fully address the best solution for a given system. TCC has been working with customers and system integrators on cryptographic solutions for over thirty years and is considered a leader in the Cryptographic Design and Manufacturing business. Let our staff discuss your needs and determine whether one of our existing products is right for your system. We are also famous for our build to order capabilities, that allow our engineers to make special modifications to the products' software and hardware to accommodate special customer requirements.

[Back to Technical Discussion] [Back to Top of Paper]

Copyright © Technical Communications Corporation 1995