|
|
|
|
Crypto BBC Voice Vericrypt →
In the late 1970s and early 80s, the Cryptophon 1100 was introduced
with many police and law enforcement agencies world-wide.
Examples are the German border police, the German Secret Service (BND)
and the Dutch national police.
The image on the right shows a typical Cryptophon 1100 unit. It is basically
a grey metal box, with two connections and a set of thumbwheels
(behind a sliding door) at the front.
A separate breakout box was required for the
connection of the various perpherals, such as microphone, speaker
and the actual (police) radio itself.
|
|
|
All connections and controls are at the front of the unit.
At the top left is the audio connector. It is a 12-pin DIN connector with
audio-in, audio-out, push-to-talk (PTT), etc. At the bottom left is the
4-pin DIN power connector. It takes 12V from a car battery or external PSU.
At the right is a black sliding door behind which the thumbwheels for setting
the daily key are hidden (see below).
The time-division process introduces a delay of approx. 0.5 seconds with
is typical for this type of
time-domain voice scrambling.
The unit is compatible with the
Vericrypt 1100
and can also be used
on telephone networks, although it does not have echo cancellation
on 2-wire networks.
The unit shown here was used for many years by a crime unit
of the Dutch police, who used it in a number of high-profile cases.
Note however, that this type of encryption is inherently unsafe.
|
The cryptographic key is made up of two elements: the basic key, which is
fixed internally, and the daily key, which is set with the six thumbwheels
at the front.
The basic key can only be altered by opening the unit and replacing a small
printed circuit board (PCB) with a set of solder
links in a 5 x 12 matrix. It was different for each agency,
and was not changed very often.
|
The daily key can easily be set by entering a 6-digit number with the
thumbwheels at the front. A small sliding door hides the current setting,
so that the number cannot be read by prying eyes or by a potential
eavesdropper. It also protects the settings against accidental changes.
The 6-digit number allows 106 combinations. It is used to 'seed'
the internal pseudo-random number generator (PRNG), which has a period of
approx. 8.5 hours. This means that the number sequence produced by the PRNG
does not repeat itself within 8.5 hours [2].
|
|
|
During a transmission, a Frequency Shift Keying (FSK) signal is broadcast
with the speech, to allow the PRNG of the receiver to run 'in sync' with the
transmitter. This FSK signal takes the form of a 1830 Hz pilot tone (± 100 Hz).
At the start of a conversation, the system needs approx. 1.5 seconds to
'lock in'. During this time, no useful speech can be transmitted.
Most operators would count 'twenty-one, twenty-two',
before starting the message.
Once transmitter and receiver were 'in sync', the system would need only
0.2 seconds on a change-over. Because of the principle behind the type of
scrambling used by the Cryptophon 1100, all audio was delayed by 0.5 seconds.
This was considered a drawback of the system.
|
Between 1978 and 1981, the Cryptophon 1100 and
Vericrypt 1100 were tested
by a number of West-German agencies, such as the police, the Ministry of
Internal Affairs and the
German Intelligence Agency (BND).
They considered the system safe and between 1981 and 1982, a large number
of Cryptophon and Vericrypt 1100 units were installed with the various agencies.
In 1983 the East-German cipher bureau managed to break the cipher by
reconstructing the keys from a series of intercepts.
They also built their own equivalent of the Cryptophon, known as the
A-003, that was used in the breaks.
Another device, the so-called A-004,
was used to decipher the Vericrypt 1100.
As a result, they managed to read about 90% of the West-German Cryptophon
1100 and Vericrypt 1100-based radio traffic
during the 2nd quarter of 1988 [2].
|
Considering its age, the Cryptophon 1100 is extremely well built.
Only first class components and PCBs are used.
The units consists of three main PCBs, all mounted on an extendible frame.
The image below shows the uncovered interior of the Cryptophone 1100.
|
The two digital boards are both mounted on one side (left) and can be folded
away from the frame. A small 3rd board is mounted to the inner board as some
kind of modification, that was introduced after the design was completed.
The analogue board is at the other side (right).
It contains 9 high-quality LC audio filters that are used for filtering the
FSK pilot tone and the audio.
The rear of the unit contains the power supply unit (PSU) that converts
the 12V of a car into suitable internal voltages.
The unit shown here was probably built around 1975.
|
|
|
The cryptographic principle used in the Cryptophon 1100 and the Vericrypt 1100,
is of the time-division speech scrambler type.
Speech is recorded (sampled) and divided over the time domain (scrambling).
The simplified diagram below, shows how this works.
Speech is cut into small time segments of 30 ms each, and is scrambled
with other time segments in an ever changing order.
The order in which the packets are scrambled is
determined by a pseudo random number generator, or PRNG, that is seeded
by the settings of the 6 thumbwheels at the front panel.
In this diagram, the top row shows the clear speech (input) in time.
The second row shows the speech after it is scrambled.
Finally, the bottom row shows the speech once it is descrambled again (output).
The process of scrambling and descrambling, causes a delay of approx.
0.5 sec.
As the time segments are scrambled in an ever changing pattern, it is important
that transmitter and receiver are correctly synchronised. To ensure that both
ends are kept 'in sync', a pilot signal (FSK) is transmitted with the
scrambled speech.
|
Below is the blockdiagram of the Cryptophon 1100. The audio input is at the
top left. In transmission mode, audio is filtered, digitised and stored in
a temporary memory buffer. The order in which the samples are read out of
the buffer, is determined by the number generator (PRN). The new (scrambled)
signal is then converted back to the analogue domain again.
In order to allow the receiving end to stay in sync, an FSK signal (pilot)
is inserted in the output path.
In receiving mode, the synchronisation signal (pilot) is extracted from
the incoming audio signal (top left) and decoded. It is then used by the
program register (CPU) to keep the pseudo-random number generator (PRN)
in sync, so that the packets are re-assembled in the correct order.
|
When the Cryptophon 1100 was released in the mid-1970s, the manufacturer
— BBC —
also released a rather unusual brochure, in the shape of a 45 rpm vinyl audio
disc, also known as a gramophone record or a phonograph record [5].
On the disc, which holds a 11-minute recording, a German-speaking gentleman
explains how the 1100's time-division scrambling works, along with
examples. It demonstrates what a properly decoded conversation
sounds like, and what an unauthorised eavesdropper hears. Click the audio
sample below to play the demonstration. 1
|
|
|
-
Many thanks to Andreas Obermeier for making this recording available
digitally [6].
|
- Barry Wels, Cryptophon 1100 - THANKS !
Device kindly donated, Februari 2011.
- Jörg Drobick, Beschreibung des Cryptophon 1100 BStU176
Der SAS- und Chiffrierdienst (SCD), German.
- W. Baschlin,Integration of time division speech scrambling
into police telecommunication networks
Ores Publications (USA), 1977.
- US Patent 4773092, Speech Scramblers
Frederick Huang, Oxford (UK). Racal Research Ltd., Berkshire (UK).
- Wikipedia, Phonograph record
Retrieved May 2019.
- Andreas Obermeier, Digitised audio recording of BBC vinyl record
Demonstration of the Cryptophon 1100 (German). Received May 2019.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Tuesday 08 February 2011. Last changed: Friday, 03 July 2020 - 11:11 CET.
|
|
|
|
|