home grown wireless communications technology
About Etherstack

Encryption Products
  • AES / DES P25 Encryption Engine
  • Subscriber-side OTAR and KFD clients
  • P25 Key Management Facility (KMF)
  • Secure Dongle
  • Network Key Server
  • (APCO P25) IMBE Vocoder
  • TETRA Vocoder
  • Vocoder Implementation Services

Cryptographic Solutions

Etherstack offers all of the software required to build full information assurance into your radio device or system.

P25 Security Suite

Etherstack’s P25 Security Suite unites our AES/DES P25 Encryption Engine with P25 Key Fill Device (KFD) support for complete P25 subscriber encryption. This provides well-defined interfaces for the encryption/decryption of P25 voice and data payload and OTAR messages. It supports the following FIPS 140-2 Approved Operational Modes: DES ECB, DES OFB, DES CBC, DES 1-bit CFB, AES-256 ECB, AES-256 OFB, AES-256 CBC.

An optional P25 Over The Air Rekeying (OTAR) Client that supports all Mandatory and Optional OTAR procedures (except for Public Key) is also available, allowing any subscriber using the suite to take full advantage of key updates over the all-IP Core Network or third party infrastructure.

FIPS 140-2 Crypto Module

Etherstack’s FIPS 140-2 Crypto Module is a single-board security device that implements P25 encryption, decryption, key management and key storage services in conformance with FIPS140-2 standards. It can be used to provide FIPS 140-2 compliant encryption services to APCO P25 mobiles, portables and base stations - or any other end point for voice or user data in a P25 network.

The following options are available: AES/DES P25 Encryption Engine plus P25 Key Fill Device (KFD) protocol support, P25 Over-The-Air-Rekeying (OTAR), New Link Layer Authentication and P25 Key Management Facility (KMF).

The module is a 28 x 25 mm board based around a 32-bit ARM core based microcontroller, and meets the Security Requirements for Cryptographic Modules standard from the National Institute of Standards and Technology (NIST). It has a dedicated 3-wire KFD interface, and includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSK keys, with protection from unauthorized disclosure or modification.

Secure Dongle

Etherstack’s P25 Security Suite is available on a FIPS 140-2 compliant USB dongle for fully portable, pluggable P25 AES/DES encryption. The P25 USB Encryption Dongle includes full P25 OTAR compliant rekeying support and includes an IMBE Vocoder and audio input/output jacks to avoid routing unencrypted audio off the device.

Etherstack’s P25 Soft Radio can also be deployed from mass storage on the device to allow portable secure communications from a laptop into a radio network.

P25 Key Management Facility

Etherstack’s P25 Key Management Facility (KMF) integrates with the company’s all-IP Core Network or a third-party soft-switched or traditional hard-switched network to support APCO P25 encryption. The Key Management Facility provides AES and DES encryption keys to OTAR subscribers throughout the network - whether a portable/mobile, an Etherstack Console Engine, a gateway or a P25 Soft Radio - via the P25 Over-The-Air-Rekeying (OTAR) standard. Etherstack’s P25 Security Suite accompanies the KMF software to provide it with encryption and key-fill services.

The KMF is available either as a software solution that can be easily ported to an industrial Linux PC, or ready-deployed on Etherstack’s FIPS 140-2 Crypto Module.