Click for homepage
Philips
ZODIAC
  
BVO-M   UA-8244 · KY-6127/M
Trunk encryption device · Mucolex II

BVO-M was a Trunk Encryption Device (Dutch: Bundel Vercijfer- Ontcijferapparaat), 1 developed around 1981 by Philips Usfa in Eindhoven (Netherlands) for the Royal Dutch Army. The device was used as part of the ZODIAC 2 integrated communications network, and was installed in the fully automated (mobile) telephone exchange. It allows multiplexed traffic to be transferred at speeds up to 2 Mb/s and is backward compatible with the older 1 Mb/s Mucolex encryption device. The BVO-M is also known as UA-8244, KY-6127/M, Mucolex II and NSN 5810-17-055-9446.

BVO-M allows voice and data to be bundled, encrypted and sent over a line-of-sight radio link (LOS). Several BVO-M units were typically installed as part of the ZODIAC/DELTACS auto­mated switch, 3 developed by Philips daughter HSA. A number of such complete switches were implemented as mobile installations, allowing the fast deployment of flexible field networks.

Two versions of the BVO were available, named BVO-M and BVO-T. The image on the right shows a typical BVO-M, which is backward compatible with the earlier 1 Mb/s MUCOLEX.
  
BVO-M

BVO-M was part of the ZODIAC communications network of the Royal Dutch Army, a project that started in 1975 and was completed in 1987. In the early 2000s, ZODIAC was gradually replaced by TITAAN, but BVO-M remained in use in the first stages of the implementation. The last units were decommissioned in 2007, which means that BVO-M had a life cycle of more than 20 years.

  1. Literally translated: trunk encryption/decryption device.
  2. Formerly known as DELTACS.
  3. Also known as a telephone exchange or exchange switch or switched network.

BVO-M
BVO-M with KYK-13 key loader connected
Compartment with 3.6V backup battery
Front panel
Mode selector and 'Activate' button
BVO-M seen from the rear with top panel removed
Rear panel
A
×
A
1 / 7
BVO-M
A
2 / 7
BVO-M with KYK-13 key loader connected
A
3 / 7
Compartment with 3.6V backup battery
A
4 / 7
Front panel
A
5 / 7
Mode selector and 'Activate' button
A
6 / 7
BVO-M seen from the rear with top panel removed
A
7 / 7
Rear panel

Features
The image below provides a quick overview of the features of the BVO-M. The device measures 300 × 200 × 150 mm and weights approx. 8.5 kg. All controls and indicators are at the front panel. Also at the front are a U-229 socket for connection of a DS-102 compatible key transfer device, and a backup battery for retaining the crypto variables (keys) in the CMOS memory. The keys can be purged (ZEROIZED) remotely. The power, red and black connections are at the rear.

Click to see more

The device has several modes of operation, such as key loading (sleutel laden) and operation (bedrijf). The desired MODE must be selected with the knob at the top right, and is activated by pressing the ACTIVATE button (activeren). The display shows the current operating state.

MODE
  • TRANSPORT
    Power supply off: backup battery off, keys destroyed, ready for transport.
  • LAMP TEST
    Test display and indicator LEDs. Display shows
    ****
    0000
    ::::
  • ALARM RESET
    Simulate alarm. Display shows
    AL
    .
  • BASIC
    Load the base key into the operational crypto variable register.
  • LADEN
    Crypto variable (from fill device) is loaded as spare key.
  • WISSEL
    Initiate key change (required at both ends). Display shows
    SL W
    .
  • RES LADEN
    Load spare crypto variable into spare crypto variable memory.
    R+SL
    .
  • BEDRIJF
    Puts the equipment in normal crypto operation mode.
  • LA-LOOP
    Activate internal test loop.
  • ONDERHOUD 1
    The crypto start pattern is transmitted once.
  • ONDERHOUD 2
    Internal test of the equipment. Display shows test number.
Indicators
  • Green
    Valid keys loaded, in-sync and BEDRIJF (OPERATION) is selected
  • Red
    Sync ALARM
  • Yellow
    ECCM units at both ends have been switched on
Display during operation
  • ZERO
    No keys loaded (flashing when zeroized)
  • B SL
    Base key loaded (in operational key register)
  • SL+B
    Base key and spare key loaded
  • SL L
    Spare key loaded
  • SL W
    Crypto variable chnaged (spare key in operation)
  • R+SL
    Operational and spare key loaded
  • COMP
    Compromise pattern recognised twice
  • AL
    The quipment is in ALARM state
  • --
    Normal operation (flashing when command is executed)
  • TEST
    Local test initiated
  • BUSY
    Local test is being carried out
  • OK
    Local test carried out without a fault
  • ****
    Fault in equipment
  • LUS
    LA loop test switched on
Display during maintenance (onderhoud 2)
  • A 01
    Set detection time for sync (A-F) and set acquisition time (00-09)
  • 1234
    Test number
  • OK
    End of test, no faults found
BVO-M
Front panel
Mode selector and 'Activate' button
BVO-M with KYK-13 key loader connected
Loading a key
B
×
B
1 / 5
BVO-M
B
2 / 5
Front panel
B
3 / 5
Mode selector and 'Activate' button
B
4 / 5
BVO-M with KYK-13 key loader connected
B
5 / 5
Loading a key

Wheels   rotors
BVO-M is an electronic cipher machine, in which the cryptographic algorithm is built with non-linear feedback shift-registers (NLFSRs). As shift-register-based cipher machines were the successors to the rotor-based cipher machines, the shift register is often seen as the electronic equivalent of of an electromechanical rotor. For this reason, the circuit boards that accomodate the shift registers are called wheels (rotors). The transmit and receive circuits of the BVO-M, each contain a key generator that consists of eight such 'wheels', divided over two PCBs. This means that inside the BVO-M are four identical PCB's, each of which is the equivalent of four rotors.

Unfortunately, the precise construction of the shift-register-based key generators is not revealed in the technical manual [C][D]. We hope to be able to present more details about this part of the machine in due course.

 Look inside the BVO-M


Complete unit   wanted
BVO was mostly installed as part of a terminating subsystem on the DELTACS (ZODIAC) switch. Each unit was housed in 3U 19" enclosure, accompanied by a Line Terminating Unit (LTU) and a Universal Junctor (UJ). It transfers multiplexed data — subscriber and trunk channels — to/from existing MUCOLEX field units at 1 Mb/s. An alternative to BVO-M, known as BVO-T, was used for compatibility with the standard KG-81 Trunk Encryption Device (TED) of the US Army and NATO.

The image on the right shows a complete BVO terminating subsystem in a 19" rackmount. Each subsystem consists of a Line Terminating Unit (LTU) at the left, a BVO Link Encryptor (LE) at the center, and a Universal Junctor (UJ) at the right.

The LTU is marked as LA (Dutch: Lijn Aanpassing). It regenerates a multiplexed data stream at an aggregate bitrate of 256, 512 or 1024 kb/s. It also ensures equalisation for cable lengths up to 2.4 km. The LTU/LA allows connection to either a standard telephone line or to a line-of-sight radio link (LOS), such as the FM-200 transmitter [3].
  
Complete terminating subsystem. Photo courtesy Philips Usfa [1]

The Universal Junctor (UJ) is marked as UO (Dutch: Universele Omzetter. It handles the coupling of the matrix subsystem, the control subsystem and the LTUs. The UJ unit also handles all possible signalling protocols supported by ZODIAC. It converts the different types of in-band signalling to a uniform protocol for the information exchange with the control subsystem [3].

BVO-M Trunk Encryption Device
Complete BVO unit
Variant of the BVO-M called DACOLEX
Eearly prototype of DELTACS (ZODIAC). Note that the key fill connectors are missing)
Complete ZODIAC switch in the Royal Dutch Signals Museum
Close-up of a BVO unit
C
×
C
1 / 6
BVO-M Trunk Encryption Device
C
2 / 6
Complete BVO unit
C
3 / 6
Variant of the BVO-M called DACOLEX
C
4 / 6
Eearly prototype of DELTACS (ZODIAC). Note that the key fill connectors are missing)
C
5 / 6
Complete ZODIAC switch in the Royal Dutch Signals Museum
C
6 / 6
Close-up of a BVO unit

Block diagram
Below is the simplified block diagram of the BVO-M. The device has a strict red/black separation, which is implemented as a compartimented design. At the left is the red interface which connects to the local (unecrypted) equipment. At the right is the black interface which connects to the out­side world. All lines are differential and asynchronous, which means that separate data (TXD/RXD) and clock (TXC/RXC) lines are used. Each line has a separate transformer to make it unbalanced. In addition, all lines of the red/black compartments are filtered to meet TEMPEST requirements.

BVO-M simplified block diagram

The device has separate transmit (TX) and receive (RX) circuits, each of which consists of multiple PCBs. At the heart of the TX and RX units is a key generator, which consists of 8 shift-register-based virtual 'wheels' (divided over two PCBs) and an ECCM unit. The latter is responsible for masking any repetitive pulse interferences which might otherwise be exploited by an adversary.

The device is controlled by a microprocessor (CPU), which controls the front panel user interface (UI), the transmitter, the receiver and several types of memory (RAM). Key variables and other operational data is stored in a special CMOS Static RAM which is retained by a backup battery installed behind the front panel. The cryptographic keys can be purged (ZEROIZED) remotely.


History
ZODIAC
ZODIAC was an integrated tactical communication system, used by the Dutch Armed Forces from 1979 until the early 2000s. It consisted of a series of fixed and mobile exchanges (switches) that could be linked together in various ways, via cables and/or line-of-sight (LOS) radio links. Each mobile ZODIAC switch was fitted with several BVO-M units, and in most cases also BVO-T units.

The image on the right shows a typical ZODIAC automated switch, with sevaral BVO-M units installed. The image was taken at the Royal Dutch Signals Museum [2] in July 2008. It shows a completely functional installation, that was installed in the museum after the ZODIAC network was decomissioned in the early 2000s.

Another image of a nearly identical installation is shown here. It shows the exchange at an early stage, when it was still called DELTACS [3]. Note that the key-fill sockets are missing from the encryptors, suggesting that they were dummies.
  
Complete ZIODIAC switch in the Royal Dutch Signals Museum

BVO-M was compatible with a number of international data-standards, including EUROCOM. This allowed the ZODIAC network to communicate with similar systems from other countries. For encrypted communication with the US Army and with other NATO partners, the KG-81 compatible BVO-T was used. ZODIAC was phased out in the early 2000s, when it was replaced by TITAAN.

 More about ZODIAC.

TITAAN
When TITAAN was introduced in the early 2000s, the existing ZODIAC equipment was phased out. BVO-M remained in use however, and was given a new lease of life by TNO, who designed a new UJ (UO) for it, shown in the image on the right.

By allowing the BVO-M to communicate with a modern matrix, existing FM200-based line-of-sight radio links could be integrated with the new system. TNO called the new interface TC-FEC (Turbo Code Forward Error Correction). The upgraded BVO-M units were used until 2007.

 More about TITAAN.

  
Click to see more




Click to see more

Interior
The interior of the BVO-M can be reached from the top, bottom and rear. by removing the top, bottom and rear panels respectively. The image above shows the interior after removing the top panel. There are 5 compartments: front panel, red connection, black connection, black interface and main unit. Where necessary, the compartments are interconnected via appropriate filtering.

Looking at the unit from the rear, there are three connectors. From left to right: (1) a DB-25P for connection of the red 1 signal, (2) a DB-13W3P for connection of the 5.5V power supply, and (3) a DB-25P for connection of the black 2 signal.

Looking from the top, there are 10 plug-in cards, interconnected by means of a backplane that is fitted at the bottom of the device. Each card is slotted into the backplane by means of a 64-pin DIN connector. The connectors and the backplane sockets are coded, so that a particular card cannot be installed in the wrong position.
  
PCB (F) removed

Each plug-in card is identified by a letter (A-F) that is visible towards the rear end. At the upper edge is a conductive gasket that improves EMC shielding when the top lid is fitted in place. In the image above, the black interface (card F) has been extracted from its shielded compartment.

The bottom panel is held in place by 23 hex socket cap bolts. Removing the bottom panel gives access to the backplane, part of which is visible in the image on the right. The backplane consists of two parts: a 'black' side, with room for a single plug-in unit (card F), and a 'red' side which connects all other plug-in circuit boards.

The two backplane parts are interconnected by a small strip at the centre. Towards the rear of the device, both parts of the backplane extend to the black and red signal compartments, where they are filtered before reaching the connectors.
  
Black interface backplane

The large part of the backplane also extends to the front panel compartment, where it interfaces with the user controls, the indicators and the display. The remaning compartment can be reached after removing the reinforced rear panel, which is actually a 10 mm thick stainless steel frame.

The rear panel is held in place by 10 recessed hex socket cap bolts. After removing these bolts, the rear panel can be removed without affecting the connectors, as shown in this image.

There are separate compartment for the red and black signal connectors. These connectors are wired to two smaller compartments towards the bottom of the device, via filter blocks that are embedded in the compartment walls. From there, the wiring is connected to the backplanes of the red and black interfaces respectively.
  
Compartments at the rear

The wiring from the external power supply unit (PSU), enters the device on the 3-pin receptacle at the rear. This connector is part of the black signal compartment. After filtering, the power is passed to the red compartment, where is additionally filtered and then passed to the backplane.

  1. The red interface is for connection of the signal that must be protected. Note that pin 12 of this connector is missing.
  2. The black interface is for connection of the unprotected network. It interconnects the secured signal with the outside world. Note that pins 12, 13, 24 and 25 are missing from this connector.

BVO-M seen from the rear with top panel removed
Rear panel
Interior - top view
Front panel wiring
Black and red compartments with ferrite filters
Black compartment with ferrite filter units
Extracting a PCB
BVO-M with PCB (F) removed
PCB (B) - component side
PCB (D) - component side
PCB (B) - solder side
PCB (D) - component side
PCB (D) - solder side
PCB (E) - component side
PCB (E) - solder side
PCB (F) removed
PCB (F) - upper side
PCB (F) - bottom side
PCB (F) with metal cover removed
PCB (F) solder side (with metal cover removed)
PCB (F) component side
PCB (F) solder side
PCB (F) interboard connection
Compartment with 3.6V backup battery
Bottom side with backplane
Backplane
Black interface backplane
Red and black compartment wiring
Red and black compartment wiring and filtering
Compartments at the rear
Rear side with removed rear panel
Power filtering
D
×
D
1 / 32
BVO-M seen from the rear with top panel removed
D
2 / 32
Rear panel
D
3 / 32
Interior - top view
D
4 / 32
Front panel wiring
D
5 / 32
Black and red compartments with ferrite filters
D
6 / 32
Black compartment with ferrite filter units
D
7 / 32
Extracting a PCB
D
8 / 32
BVO-M with PCB (F) removed
D
9 / 32
PCB (B) - component side
D
10 / 32
PCB (D) - component side
D
11 / 32
PCB (B) - solder side
D
12 / 32
PCB (D) - component side
D
13 / 32
PCB (D) - solder side
D
14 / 32
PCB (E) - component side
D
15 / 32
PCB (E) - solder side
D
16 / 32
PCB (F) removed
D
17 / 32
PCB (F) - upper side
D
18 / 32
PCB (F) - bottom side
D
19 / 32
PCB (F) with metal cover removed
D
20 / 32
PCB (F) solder side (with metal cover removed)
D
21 / 32
PCB (F) component side
D
22 / 32
PCB (F) solder side
D
23 / 32
PCB (F) interboard connection
D
24 / 32
Compartment with 3.6V backup battery
D
25 / 32
Bottom side with backplane
D
26 / 32
Backplane
D
27 / 32
Black interface backplane
D
28 / 32
Red and black compartment wiring
D
29 / 32
Red and black compartment wiring and filtering
D
30 / 32
Compartments at the rear
D
31 / 32
Rear side with removed rear panel
D
32 / 32
Power filtering

Connections
Red signal   X4
The red interface — also known as the clear side — is for connection of the device that must be secured. This is the equipment on which the unencrypted signal is available. Below is the pinout of the 25-pin DB-25P receptacle, as seen from the rear of the device. Note that pin 12 is missing.

  1. L1a
  2. GND
  3. L2a
  4. L3a
  5. GND
  6. L4a
  7. L5a
  8. GND
  9. STM bev.
  10. STM norm.
  11. Signal ground
  12. missing
  13. Remote ZEROIZE
  1. L1b
  2. L2b
  3. GND
  4. L3b
  5. L4b
  6. GND
  7. L5b
  8. GND
  9. LA status
  10. Sync 2
  11. STM sync
  12. BATT uit
Black signal   X1
The black interface — also known as the cpher side — is for connection of the insecure network. This is the medium over which the encrypted signal is transmitted. Below is the pinout of the 25-pin DB-25P receptacle, as seen from the rear of the device. Pins 12, 13, 24, and 25 are missing.

  1. L1a
  2. GND
  3. L2a
  4. L3a
  5. GND
  6. L4a
  7. BSCa
  8. GND
  9. AL-nc
  10. AL-no
  11. LAe
  12. missing
  13. missing
  1. L1b
  2. L2B
  3. GND
  4. L3b
  5. L4b
  6. GND
  7. BSCb
  8. GND
  9. AL-c
  10. LAc
  11. missing
  12. missing
Power supply   X2
Power should be applied to the 3-pin DB-13W3P receptacle, located to the left of the black receptacle. Is has three thick pins, marked A1, A2 and A3. Note that the smaller pins (1-10) are missing from the receptacle. Below is the pinout as seen from the rear of the device.

  1. A1
    GND chassis
  2. A2
    GND 0V
  3. A3
    +5.5V/DC ± 0.2V
Fill device   X5
At the front of the device is a standard 5-pin socket that accepts a U-229 connector. It is wired for the connection of a DS-102 compatible key transfer device, such as the KYK-13 or KOI-18. Below is the pinout of the socket as seen from the front of the device.  DS-102 standard

  1. GND
  2. -
  3. ACK
  4. DATA
  5. CLOCK
  6. -
Specifications
  • Device
    Trunk encryption device
  • Manufacturer
    Philips Usfa BV
  • User
    Royal Dutch Army
  • Network
    ZODIAC, TITAAN
  • Years
    1981-2007
  • Plug-in cards
    10 (see below)
  • Crypto fill
    STANAG 5063, DS-102 (e.g. KYK-13, KOI-18, etc.)
  • Power
    5.5V/DC ± 0.2V
  • EMC
    MIL-STD-461
  • TEMPEST
    AMSG 720A
  • Environment
    DEF STAN 07 55
  • Temperature
    -25°C to +55°C (storage -40°C to +70°C)
  • Humidity
    ≤95%
  • Dimensions
    300 × 200 × 150 mm
  • Weight
    8.5 kg
Black side
  • Eurocom D/1, paragraph 1B6, interconnection point B
  • Black Station Clock (BSC), when available
  • Alarm relay for external alarm indicator
Red side
  • Eurocom D/1, paragraph 1B6, interconnection point A
  • Indicators for status of security, synchronisation and operation
  • Remote ZEROIZE of crypto variables
Plug-in cards
  1. Red interface
  2. Processing unit
  3. 4 × Key generator 1 (4 'wheels' per board)
  4. 2 × Key generator 2
  5. Pattern unit
  6. Black interface
External requirements
  • LTU
    Line Terminal Unit (Dutch: Lijn-Aanpassingseenheid)
  • PSU
    Power supply unit
  • DMD
    Digital Multiplexer/Demultiplexer
Nomenclature
The BVO-M is known under the following names and designators:

  • BVO-M
  • BVO-Mucolex
  • Mucolex II
  • UA-8244
  • KY-6127/M
  • NSN 4810-17-055-9446
  • 12NC 4322 082 12624

  • Dacolex
  • UA-8257
Documentation
  1. DELTACS - a versatile tactical communication system
    Functional description of the new ZODIAC network. AJW van Daal & P van der Vlist.
    Philips Telecommunicatie Industrie BV (PTI), Hilversum (Netherlands), 1984.
    Reprint from Philips Telecommunication Review, Vol. 42, No. 2, pages 74-89.

  2. Bediening van het bundel vercijfer-ontcijfertoestel BVO-M type KY 6127 M
    20 0047-N-1183. Royal Dutch Army, undated (in Dutch). Dienstgeheim.

  3. Mucolex II (UA-8244) - Part 1 (text)
    20.0025-E-0288. Philips Usfa BV, February 1988. NATO Confidential.

  4. Mucolex II (UA-8244) - Part 1 (figures)
    20.0025-E-0288. Philips Usfa BV, February 1988. NATO Confidential.
References
  1. Philips Usfa, BVO-M stock photographs
    Crypto Museum Photo Archive #300633.

  2. Royal Dutch Signals Museum
    Visited 2008.

  3. AJW van Daal & P van der Vlist, DELTACS - a versatile tactical communication system
    Philips Telecommunicatie Industrie BV (PTI), Hilversum (Netherlands), 1984.
    Reprint from Philips Telecommunication Review, Vol. 42, No. 2, pages 74-89.

  4. Th. Sierksma & A. Bijlsma, Transmissie binnen TITAAN
    Intercom, 2005, Volume 1, p. 41-45. Dutch.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Friday 14 December 2012. Last changed: Friday, 07 April 2023 - 14:41 CET.
Click for homepage