Secure Communications Interoperability Protocol

SCIP is the U.S. Government's standard for secure voice and data communication. The acronym stands for Secure Communications Interoperability Protocol and was adopted to replace the FNBDT (Future Narrowband Digital Terminal) title in 2004. SCIP systems have been in use since 2001, beginning with the CONDOR secure cell phone. The standard is designed to cover wideband as well as narrowband voice and data security.

SCIP has to operate over the wide variety of communications systems that the U.S. Government uses, including commercial land line telephone, military radios, communication satellites, Voice over IP and the several different cellular telephone standards. Therefore it was designed to make no assumptions about the underlying channel other than a minimum bandwidth of 2400 Hz. It is similar to a dial-up modem in that once a connection is made, two SCIP phones first negotiate the parameters they need and then communicate in the best way possible.

SCIP was designed by the Department of Defense Digital Voice Processor Consortium (DDVPC) in cooperation with the U.S. National Security Agency and is intended to solve problems with earlier NSA encryption systems for voice, including STU-III and STE which made assumptions about the underlying communication systems that prevented interoperability with more modern wireless systems. STE sets can be upgraded to work with SCIP, but STU-III cannot. This has led to some resistance since various government agencies already own over 350,000 STU-III telephones at a cost of several thousand dollars each.

There are several components to the SCIP standard: key management, voice compression, encryption and a signalling plan.

Key management (120)

To set up a secure call, a new Traffic Encryption Key (TEK) must be negotiated. For Type 1 security (classified calls), the SCIP signalling plan uses an enhanced FIREFLY messaging system for key exchange. FIREFLY is an NSA key management system based on public key cryptography. At least one commercial grade implementation uses Diffie-Hellman key exchange.

STEs use security tokens to limit use of the secure voice capability to authorized users while other SCIP devices only require a PIN code, 7 digits for Type 1 security, 4 digits for unclassified.

Voice compression using Voice Coders (vocoders)

SCIP can work with a variety of vocoders, but the standard requires, as a minimum, support for Mixed Excitation Linear Prediction (MELP), an enhanced LPC algorithm known as MELPe, with additional synthesizer capabilities for improved intelligibility. The old MELP operates at 2400 bit/s, sending a 54 bit data frame every 22.5 milliseconds. Other secure voice compression standards include 16 kbit/s CVSD, 2.400 kbit/s LPC-10e, and the 4.8 kbit/s CELP FS-1016.

The MELPe or enhanced-MELP (Mixed Excitation Linear Prediction) is a United States Department of Defense speech coding standard used mainly in military applications and satellite communications, secure voice, and secure radio devices. Its development was led and supported by NSA, and NATO. The US government's MELPe secure voice standard is also known as MIL-STD-3005, and the NATO's MELPe secure voice standard is also known as STANAG-4591.

The 2400 bit/s MELP was created by Texas Instruments, and first standardized in 1997 and was known as MIL-STD-3005. Between 1998 and 2001, a new MELP-based vocoder was created at half the rate (i.e. 1200 bit/s) and substantial enhancements were added to the MIL-STD-3005 by SignalCom (later acquired by Microsoft), Compandent, and AT&T, which included (a) additional new vocoder at half the rate (i.e. 1200 bit/s), (b) substantially improved encoding (analysis), (c) substantially improved decoding (synthesis), (d) Noise-Preprocessing for removing background noise, (e) transcoding between the 2400 bit/s and 1200 bit/s bitstreams. This fairly significant development was aimed to create a new coder at half the rate and have it interoperable with the old MELP standard.

This enhanced-MELP (also known as MELPe) was adopted as the new MIL-STD-3005 in 2001 in form of annexes and supplements made to the original MIL-STD-3005. The significant breakthrough of the 1200 bit/s MELPe enables the same quality as the old 2400 bit/s MELP's at half the rate!

One of the greatest advantages of the new 2400 bit/s MELPe is that it shares the same bit format as MELP, and hence can interoperate with legacy MELP systems, but would deliver better quality at both ends. MELPe provides much better quality than all older military standards, especially in noisy environments such as battlefield and vehicles and aircraft.

In 2002, the US DoD MELPe was adopted also as NATO standard, known as STANAG-4591. As part of NATO testing for new NATO standard, MELPe was tested against other candidates such as France's HSX (Harmonic Stochastic eXcitation) and Turkey's SB-LPC (Split-Band Linear Predictive Coding), as well as the old secure voice standards such as FS1015 LPC-10e (2.4 kbit/s), FS1016 CELP (4.8 kbit/s) and CVSD (16 kbit/s). Subsequently, the MELPe won also the NATO competition, surpassing the quality of all other candidates as well as the quality of all old secure voice standards (CVSD, CELP and LPC-10e).

The NATO competition concluded that MELPe substantially improved performance (in terms of speech quality, intelligibility, and noise immunity), while reducing throughput requirements. The NATO testing also included interoperability tests, used over 200 hours of speech data, and was conducted by 3 test laboratories world wide. Compandent, as a part or MELPe-based projects performed for NSA and NATO, provided NSA and NATO with special test-bed platform known as MELCODER device that provided the golden reference for real-time implementation of MELPe.

In 2005, a new 600 bit/s rate MELPe vocoder was added to the NATO standard STANAG-4591 by Thales (France), and there are more advanced efforts to lower the bitrates to 300 bit/s and even 150 bit/s.

Encryption (230)

For security, SCIP uses a block cipher operating in counter mode. A new Traffic Encryption Key (TEK) is negotiated for each call. The block cipher is fed a 64-bit state vector (SV) as input. If the cipher's block size is longer than 64 bits, a fixed filler is added. The output from the block cipher is xored with the MELP data frames to create the cipher text that is then transmitted.

The low-order two bits of the state vector are reserved for applications where the data frame is longer than the block cipher output. The next 42 bits are the counter. Four bits are used to represent the transmission mode. This allows more than one mode, e.g. voice and data, to operate at the same time with the same TEK. The high-order 16 bits are a sender ID. This allows multiple senders on a single channel to all use the same TEK. Note that since overall SCIP encryption is effectively a stream cipher, it is essential that the same state vector value never be used twice for a given TEK. At MELP data rates, a 42-bit counter allows a call over three thousand years long before the encryption repeats.

For Type 1 security, SCIP uses BATON, a 128-bit block design. With this or other 128-bit ciphers, such as AES, SCIP specifies that two data frames are encrypted with each cipher output bloc, the first beginning at bit 1, the second at bit 57 (i.e. the next byte boundary). At least one commercial grade implementation uses the Triple DES cipher.

ignalling plan (210)

SCIP has two modes for transmission. For data, it uses an ARQ protocol with forward error correction (FEC) to ensure reliable transmission. The receiving station acknowledges accurate receipt of data blocks and can ask for a block to be re-transmitted, if necessary. For voice, SCIP simply sends a stream of MELP data blocks. This is done to maximize the use of the available channel bandwidth. To save power on voice calls, SCIP stops sending if there is no speech input. A synchronization block is sent roughly twice a second in place of a data frame. The low order 14 bits of the encryption counter are sent with every sync block. The 14 bits are enough to cover a fade out of more than six minutes. Part of the rest of the state vector are sent as well so that with receipt of three sync blocks, the entire state vector is recovered. This handles longer fades and allows a station with the proper TEK to join a multi station net and be synchronized within 1.5 seconds.

Security

SCIP protocol specifications are not widely diffused or easily accessible. This makes the protocol for government use rather "opaque".No public implementation of the security and transport protocols are available, precluding its security from being publicly verified.The only audio codec available, MELPe, is subject to IP licensing royalties.

For a well recognized security protocol, ZRTP is considered a more trustful technology.

ee also

* Secure voice
* ZRTP
* MELP
* MELPe
* CVSD
* CELP
* LPC-10e
* FS1015
* FS1016
* ANDVT
* STE
* Sectéra Wireline Terminal
* L-3 Omni/Omni xi
* Sectéra Secure Module for Motorola GSM cell phone
* Sectéra VoIP phone

References

*"Securing the Wireless Environment (FNBDT)", briefing available from http://wireless.securephone.net/
*"SCIP", http://elayne.nc3a.nato.int/msec/scip/index.html
*"Secure Communications Interoperability Protocols, SCIP", HFIA briefing available at http://www.hfindustry.com/Sept05/Sept2005_Presentations/HFIAbriefing.ppt

External links

* [http://www.compandent.com/melpe_faq.htm Compandent MELPe & MELPe Frequently Asked Questions page]
* [http://maya.arcon.com/ddvpc/ Arcon DDVPC home page]
* [http://www.net.com/products/products_vx.shtml VX Home Page]
* [http://www.dtechlabs.com/p_whisper.html Whisper900 home page]