The 2010 Military Communications Conference - Unclassified Program - Systems Perspectives Track

An Overview of the Tactical address the longstanding issue of legacy Cryptographic Interoperability Specification stovepipes in tactical secure voice. Thomas Moran David Heide The ANDVT and VINSON family of devices Swati Shah being replaced are incompatible; both with each U.S. Naval Research Laboratory other and with themselves across the different voice modes. The differences between these Abstract links include: data rates, methods for voice compression, , synchronization, and The Tactical Secure Voice Working Group was framing. These differences not only hinder formed by the in 2008 existing tactical communications but also to ensure that modernized tactical secure voice prevent the modernization of the overall devices will be interoperable across the communications networks. This total lack of Department of Defense. The Naval Research commonality prevents these links from someday Laboratory was tasked by the working group to being converged into a larger network that could develop the Tactical Secure Voice Cryptographic provide more effective and efficient tactical Interoperability Specification (TSVCIS), which communications. became an official National Security Agency (NSA) document in July of 2009. The overall design goal with the TSVCIS was to implement all the voice modes using a common, The TSVCIS consists of two documents, one layered approach. One that provides the basis for classified and the other unclassified. These secure interoperability across the specified voice documents define the voice encoding, modes and allows for wider network encryption, framing, synchronization, convergence in the future. It is important to note management, and other functions for tactical that the TSVCIS only provides the basis for this secure voice and data radio communications. wider interoperation. Actually achieving narrowband/wideband voice interoperability will This paper describes the unclassified portion of be dependent on the implementation of the the TSVCIS and explains some of the specific devices and systems. improvements over the legacy tactical secure voice systems. It also describes how the Due to the urgent need of the program offices the modernized secure voice modes can provide draft TSVCIS was produced in a little over six even wider benefits in the future. months. In spite of the timeframe, significant improvements were made in many areas. A Main Objective and Overall Design Goals number of these improvements stem from taking a common approach to implementing all of the The primary objective in developing the TSVCIS modes of operation of the combined VINSON was to ensure that the cryptographically and ANDVT families of devices being modernized modes of two families of tactical modernized. Consequently, the goal of secure voice devices now under development be commonality across all modes drove many of the interoperable. These two families of devices are design decisions. the Air Force led VINSON/ANDVT Cryptographic Modernization (VACM) program Scope and the Navy led ARC-210 Generation 5 radio program. The TSVCIS defines the required voice encoding, encryption, framing, synchronization, The main goal when specifying the modernized key management, and other functions for tactical modes was to improve operational performance secure voice and data radio communications wherever possible and at least meet legacy capabilities employed in emerging tactical secure performance when improvements were not voice devices. possible. While interoperability across devices is an obvious concern, simultaneously It will first apply to the VACM and ARC-210 modernizing both narrowband and wideband Generation 5 radio programs. Both of these tactical secure voice was a rare opportunity to do programs will produce a family of tactical secure much more than that. It provided the chance to voice devices for a variety of aircraft, ship, and land-mobile platforms. All future programs using

U.S. Government work not protected by U.S. copyright 213 modernized cryptographic devices for tactical the exact 54 bits of the narrowband secure voice will need to adhere to the TSVCIS. speech frame.

The TSVCIS was developed to ensure that Converting from a wideband mode to the modernized devices implementing new narrowband mode involves just stripping the first cryptographic algorithms can interoperate. 54 bits and passing them directly to the Simply having one common mode of operation narrowband coder. Converting from narrowband that is shared by the different devices would to a wideband mode involves just adding FEC to satisfy this requirement. But the TSVCIS the 54-bit kernel. This simple stripping or accomplishes more than that by providing the appending bitstreams makes interoperability following areas of improvement over current clearly achievable and does not involve any tactical secure voice technology: enhanced voice parameter decoding/re-encoding that can interoperability, crypto and framing typically hurt speech quality. See Figure Two. synchronization, over-the-air key distribution, higher data rates, more robust transmissions. The common synchronization methods include frame synchronization, the Initialization The TSVCIS also calls for a single, multirate Vector (IV), Mode Control Word (MCW), ID voice compression algorithm for all of the Fields, and End Of Message fields for standard-rate modes of voice operation. So all narrowband and wideband modes. TSVCIS-compliant devices will interoperate in all modes, and can potentially interoperate The MCW automates switching between voice across all the voice and data modes; even when and data modes, thereby eliminating the need for encrypted. the receive operator to manually switch between modes. Although legacy narrowband equipment Direct Benefits already uses MCWs, legacy wideband equipment does not. Now MCWs are specified The following section describes some of the for both narrowband and wideband direct benefits that arise from the TSVCIS. communications.

1) Interoperable Modes: To provide Also, certain MCWs are now specified to be the interoperability between the narrowband and same for narrowband, wideband, and the voice wideband voice modes the narrowband vocoder modem modes. This should simplify the design is embedded in the bitstream of all the voice of an interoperable gateway by, in part, allowing modes. In addition, the wideband and the transmission preamble to remain intact narrowband modes have common within the gateway. Otherwise, the preamble synchronization methods, common Mode would need to be decoded, translated, and re- Control Words, and use common cryptographic coded at the gateway. techniques. Importantly, common cryptographic techniques The vocoder core is the DoD standard for 2400 (algorithm/framing/mode) are also specified for bits/second voice; Mixed Excitation Linear the narrowband and wideband modes that allow Predictor; enhanced version (MELPe). direct interoperability across these modes. That is, no process of decrypting and re-encrypting is needed to interoperate across the voice modes. Additional Additional 54 bits from spectral FEC to FEC to To summarize, all these design features, taken MELPe coefficients protect protect 2400 bit/s to improve together, enable direct digital interoperability MELPe bits spectral standard speech between narrowband and wideband voice modes coefficients quality (5-kHz and 25-kHz devices) in the black Figure 1 - Example of Embedded Bitstream approach (encrypted) via a simple, secure, gateway, and (16000 bit/s with FEC mode shown) without speech degradation. See Figure Three

All four wideband voice modes include the 2400 2) Improved Voice Quality: One of the goals in bits/sec MELPe as the bitstream kernel. An writing the TSVCIS was to improve voice example is illustrated in figure one. The first 54 quality as compared to existing equipment. A bits of each wideband mode bitstream frame are key aspect of overall vocoder performance is

214 how well a vocoder performs in two common The users can select the voice mode that best military environments: a) harsh acoustic matches their needs. Ideally, a radio system platform noise and b) harsh RF channel noise would be flexible enough to switch between (bit errors). modes to adjust to changing noise conditions. These four modes were defined to provide this To judge the performance of candidate voice flexibility while still maintaining direct modes, the prospective modes were analyzed interoperability through the MELPe vocoder. with formal speech intelligibility and acceptability tests in various noise conditions. 3) Channel Bit Error Resistance: As stated These test scenarios included channel conditions above, ensuring good voice quality even in harsh with up to a 10% Bit Error Rate (BER) and RF channel noise is very important. To address acoustic environment such as the HMMWV and this issue, three of the four wideband modes the Blackhawk helicopter. have inband FEC to correct channel bit errors. In addition, two optional narrowband modes For the 2400 bits/s narrowband voice mode, were designed with inband FEC. The main FEC MELPe is the DoD and NATO standard. It is technique used was BCH block coding of designed to provide good performance overall in various lengths. These block codes give good tactical environments and has been tested performance, can be implemented in hardware or extensively as part of the standardization software, and are memoryless (which is process. important because interoperability involves stripping portions of the bitstream). The The goals for the wideband voice modes, besides performance of the FEC protected 8000, 12000, improving voice quality, were to provide & 16000 bit/s modes is given in the table below. multiple voice rates that can be matched to Note that 8000 & 16000 FEC protected modes varying channel conditions while still yield less than 1% BER even up to 8% uncoded maintaining direct interoperability with the other random bit error rate. And the 12000 bit/s voice modes, both wideband and narrowband. protected mode yields less than 1% BER at 10% uncoded BER. While the narrowband These goals were met with four wideband voice specification includes optional inband FEC, the modes that are all supersets of the MELPe 2400 TSVCIS also included the specification of bit/s mode. There is an 8000 bit/s mode, a modem FEC for HF radios. 12,000 bit/s mode, and two modes at 16,000 bit/s. The rates of these modes were selected to Coded bit error rate (%) conform to the voice data rates of existing radio Coded bit error 1st layer BCH equipment. The modes themselves were defined rate (%) Uncoded (15,5) to accommodate the expected range of acoustic BCH (15,5) bit error 2nd layer BCH and channel noise condition. 8000 & 16000 rate (%) (125,55) bit/s non-DAMA The 8000 bit/s and 12,000 bit/s modes are both 12000 bit/s non- channel modes super-protected MELPe frames. They both have DAMA channel Forward Error Correction (FEC) layered on the mode narrowband bitstream to strongly protect it from 0.0 0.00 0.00 channel noise and so provide higher voice 1.0 0.00 0.00 quality over longer transmission distances. 2.0 0.00 0.00 3.0 0.01 0.00 The first 16000 bit/s mode contains both layered 4.0 0.06 0.00 FEC to protect from channel noise and a layer of 5.0 0.19 0.00 additional voice information (spectral coefficient 6.0 0.36 0.02 parameters) to improve voice quality in harsh 7.0 0.58 0.05 acoustic environments. 8.0 0.94 0.08

Finally, the second 16000 bit/s mode contains no 9.0 1.40 0.29 FEC but even more voice information. This 10.0 2.13 0.75 mode is designed to provide high voice quality Table 1 - Performance of in-band FEC in 8000/12000/16000 bit/s wideband modes. when the channel has low bit errors or FEC is provided out of band. 4) Cryptographic Synchronization:

215 Many improvements with cryptographic traffic key being delivered with a separate pre- synchronization were achieved through the use placed encryption key prior to transmission, thus of NSA-approved modern Suite A and B adding better protection of the delivered key and algorithms for traffic encryption and over-the-air offering layered security over legacy OTAD key distribution. Use of these algorithms also techniques; (c) Delivering the traffic key with allows emergent tactical secure voice devices to metadata that include at a minimum key comply with the NSA's Cryptographic identification attributes, which offers improved Modernization requirements. key management and allows easier identification of the key upon receipt (current TSV devices do The TSVCIS cryptographic synchronization and not identify the transmitted key which requires framing is based on the Secure Communications more manually intensive pre-coordination on the Interoperability Protocol (SCIP) as much as broadcast); (d) Allowing the receiving unit to possible. SCIP is an existing protocol designed extract the received encrypted key into a mainly for secure telephony. The approach in connected key fill device; (e) Improved using elements of SCIP was to support future robustness by using FEC coupled with Majority SCIP interoperability via a gateway but provide Voting Logic (legacy only uses FEC); (f) good tactical secure voice device performance. Transmission times are kept low (less than 2s at 2400 bit/s) while still providing the above Having minimal delay is an important improvements. requirement for tactical communications. Several layers of synchronization between the transmitter and receiver need to properly occur before the Potential Benefits received speech can be heard. Since this synchronization must occur at the start of every The following section describes some of the half-duplex transmission it is a critical factor in potential benefits that could be achieved by communications response time. taking advantage of the inherent possibilities of the flexible architecture, established in the For narrowband modes only a few changes were TSVCIS v.1.0. These are potential benefits made as the legacy methods for tactical secure because they depend upon how the TSVCIS may voice synchronization still perform well. These be used, not on how it must be used. changes were to allow for more modes, some security improvements, and a slightly faster 1) All voice mode black interoperability: synchronization time. Because interoperability between modes is achieved by simply stripping bits or appending For the wideband modes, more changes were bits to a bitstream, secure black interoperability made. Bit synchronization was made user can be achieved. This secure interoperability is selectable down to 2ms. This is a great possible because all wideband and narrowband improvement over legacy wideband modes. bitstream formats are layered and are defined by Frame synchronization was much improved by mode. The boundaries for all the voice using a more robust Pseudo Random Noise (PN) parameters, FEC bits, etc. are known without the sequence, versus the legacy Phi pattern. The PN need to decrypt the bitstream. This makes end- sequence is the same as in the narrowband to-end security possible even at network modes, but repeated three times. This provides junctions and across dissimilar data transport robust synchronization and supports networks. interoperability by simplifying the design of a wideband/narrowband gateway. 2) Automatic/dynamic voice mode selection at receiver: One of the main advantages of the 5) Key Management: Current tactical secure 16000 bit/s Wideband Mode (non-DAMA voice devices support over the air distribution channels) is that there are two options for (OTAD) of key material from a broadcasting synthesizing speech at the receiver. The device to receiving devices. The TSVCIS complete bitstream contains both the heavily improves on legacy OTAD capabilities by error protected MELPe 8000 bit/s mode followed specifying: (a) Suite A and Suite B modern by 8000 bits/s of lightly error protected cryptographic algorithms for key wrapping, thus, additional spectral components to enhance the promoting releasability and the Cryptographic speech quality. The bitstream format is given in Interoperability Strategy; (b) Wrapping the figure one above. Because FEC gives detected

216 errors along with error correction, the receiver mapping these spectral coefficients tables to each can use this information to determine the other, a direct, straightforward method for severity of the channel noise. In addition, the interoperability with VoIP networks could be receiver can detect the signal-to-noise ratio of the provided for both 16000 bit/s wideband modes. speech in the presence of acoustic noise. By In addition, the narrowband modes are always combining these two measurements (channel directly interoperable with the MELPe kernel noise vs. acoustic noise), the receiver can decide portion of the bitstream. Because all of the to use the heavily FEC protected synthesis were designed with a common option in high bit error rate conditions or in the approach, interoperability across narrowband case of especially severe acoustic noise, the tactical networks, to wideband tactical networks, synthesis option with additional spectral all the way to high bandwidth strategic voice components would be best. These synthesis communication is possible, securely and with options can be periodically switched during a very little voice quality degradation. conversation based on changing channel or acoustic noise conditions. Because this choice of 4) Simple Black Gateway: synthesis does not affect interoperability Future interoperability between the 5-kHz and between radios, it is not strictly part of the 25-kHz radio channels can be achieved within a TSVCIS, but is certainly a capability that could gateway. The TSVCIS allows for a simple and be utilized for improved voice quality. efficient 5-kHz to 25-kHz gateway design through the use of the common vocoder, This concept could be extended to all the common synchronization methods, common narrowband and wideband modes if a protocol Mode Control Words, and common for feeding the channel information to the cryptographic techniques present in both transmitter were to be developed. Similar wideband and narrowband modes. Furthermore, protocols already exist for IP links. the need to use RF bandwidth more efficiently may someday lead to the 25-kHz channels being 3) Interoperable Secure Voice Core for Strategic reduced to 12.5-kHz. The 8000 bit/s voice mode Voice and VoIP: One goal for tactical voice will likely fit that channel well. Any transition communications is to find ways to extend the from 25-kHz to 12.5-kHz channels will be range of tactical voice across the globe to greatly simplified by the fact that the 8000 bit/s strategic networks. Currently, most tactical voice mode is interoperable with the 16000 bit/s vocoders are designed for a fixed data rate, while and 2400 bit/s voice modes. future strategic voice networks may use Voice over Internet Protocol (VoIP) as the mode for Possible Future Work voice communication. For these VoIP systems automatically variable data rate (VDR) vocoders Enhanced voice quality provide efficient use of bandwidth by constantly changing the data rate based on voice content 1) Wideband Audio: One way to improve voice and the current network congestion. NRL has quality is to extend the audio frequency being designed a variable data rate (VDR) vocoder for transmitted. Vocoders typically cut off the VoIP applications that has these features. In portion of the audio spectrum above 4 kHz. designing the tactical modes for the TSVCIS, Extending this range up to 7 kHz would produce NRL used a fixed rate subset of this technique much clearer consonants and maintain the upper for the 16000 bit/s tactical modes. Both vocoders resonant frequencies of certain vowels. use the same approach to spectral coefficient Fortunately, this upper band (4-7 kHz) can be enhancement and both use the common MELPe encoded independently from the lower band (0-4 kernel. kHz). This allows for the extended audio band to be added as an enhanced option when there is The main issue in making the VDR approach available capacity in the channel. Since it is directly interoperable with the fixed rate tactical independent of the lower band vocoding it could versions is that the different spectral coefficient be appended to any of the other voice modes; constellations need to be mapped to one another. from the 2400 bit/s MELPe mode to either one Specifically, the fixed rate vocoders only use a of the 16,000 bit/s modes. This could be done single 8-bit table to represent the spectral automatically when the channel has the capacity coefficients while VDR uses a series of 3 to 9 bit to support the added bandwidth. tables, which makes the design variable. By

217 2) Additional Voice Modes: The need for the TSVCIS to conform to existing radio equipment Many of these benefits result from the use a limited the number of voice modes that could be common, layered approach to implementing all designed. With future radios it may be possible the voice modes. This approach defines, in to further optimize voice quality by designing effect, a secure voice core that allows all the many more voice modes with varying voice modes to directly interoperate; even when proportions of vocoding and error control. These encrypted. new modes could provide the optimal mix based on network congestion, channel conditions and It also lays the foundation for benefits beyond acoustic noise conditions. The communications the specification itself. These include providing system could automatically switch between these the basis for automatic channel selection based different modes, constantly adjusting to changing upon channel conditions and the design of a external conditions, and providing the highest relatively simple radio gateway between tactical voice quality at all times. secure voice devices operating in different modes. Conclusion A future version of the TSVCIS could expand on The Tactical Secure Voice Cryptographic this work to provide even wider interoperability. Interoperability Specification will ensure that This could include SCIP and secure VoIP future tactical secure voice devices will be interoperability. interoperable. It provides improvements for tactical secure voice communications in the areas of: voice quality, security, time to synchronize, robustness, and ease of implementation.

Analog Tandeming between devices: • adds latency and complexity, Encrypted Bitstream • reduces security, of WB device • degrades speech.

De- Decode WB WB Speech D/A Analog encrypt speech Synthesis Converter Speech parameters Waveform

A/D NB Speech Encode NB Encrypted speech Re- Converter Analysis Encrypt Bitstream parameters of NB device

Fig. 2 Legacy Interoperation between Wideband (WB) & Narrowband (NB) Devices

Direct digital interoperability between devices in the black: • simple, • quick, • secure, • no speech degradation.

Strip 1st 54 MELPe bits Encrypted Strip Encrypted Bitstream Bitstream Bitstream of WB of NB device device

Fig. 3 TSVCIS Approach for Interconnecting Wideband (WB) & Narrowband (NB) Devices

218