vulcan-cryptanalysis
vulcan-cryptanalysis
vulcan-cryptanalysis
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
4.1 Description and Operation<br />
Our T3010AX KVL has a TRN6777B cryptographic hybrid in it. This hybrid<br />
contains the SC76807 Vulcan IC and some additional non-cryptographic circuitry<br />
that is of no interest here. It is the presence of the TRN6777B crypto<br />
hybrid within the KVL that allows us to gather a known triplet of cryptovariable,<br />
plaintext and ciphertext that we can use to verify the correctness of our<br />
software simulations of the Vulcan cipher.<br />
The KVL is a relatively simple device that allows an end user to manually<br />
enter (via a membrane keypad) a cryptovariable into the key loader and then<br />
transfer this cryptovariable into a DVP-equipped radio. Unlike more modern key<br />
loaders (e.g. the KVL4000), the T3010 cannot generate a random cryptovariable<br />
(this fact alone is a rather serious security flaw). Instead, the user must manually<br />
enter 24 octal digits, with the final digit being restricted to values 0 to 3. Key<br />
entry proceeds in four groups of six octal digits each, with the intermediate<br />
result being displayed on a LED numeric display. The T3010 thus provides the<br />
user the ability to enter a 71-bit cryptovariable even though the Vulcan cipher<br />
itself requires a 138-bit cryptovariable.<br />
Internally, the KVL is based on a Motorola 6802 microprocessor that performs<br />
all the required functions except for encryption. Encryption is handled<br />
exclusively by the embedded TRN6777B hybrid. The 6802 processor primarily<br />
performs user interface functions such as handling the membrane keypad inputs<br />
and numeric LED display outputs.<br />
Interestingly, when transferring a cryptovariable from the KVL to a target<br />
radio (a process commonly referred to as key loading), communication is strictly<br />
one-way: from the KVL to the target. No provision exists for the target to<br />
communicate to the KVL. This means that the KVL cannot be certain that a<br />
key load operation was successful. Later generations of Securenet key loaders<br />
implemented bidirectional communications between the KVL and the target<br />
device.<br />
To overcome the problem of not knowing if a key loading process was successful<br />
or not, the KVL sends a short burst of encrypted CVSD immediately<br />
following the cryptovariable transfer. If the CV was successfully transferred,<br />
the target radio will correctly decrypt this ciphertext and play the resulting<br />
plaintext (a tone) on the radio speaker. Therefore, if the user hears a beep from<br />
the radio immediately after key loading, that means the CV was successfully<br />
loaded. If no beep occurs, the key load process failed and only static will be<br />
heard.<br />
If it were not for this unusual form of verification, the KVL would not require<br />
an internal crypto hybrid. The only reason the T3010 KVL has an internal<br />
TRN6777B hybrid is so that it can generate the correct ciphertext to send to<br />
the target radio to make it beep after a successful key load. We exploited this<br />
operation by capturing data with a logic analyzer and then used that data to<br />
confirm the validity of our software simulations of Vulcan.<br />
18