“The vast majority of phones currently in use are still analog phones, and it is difficult to ensure that the content of calls will not be illegally stolen. Therefore, people put forward the demand for digital secure telephone. At the communication sending end, the analog signal is converted into a digital signal through a voice coding device; then, it is encrypted by a digital security machine. The current analog telephone network does not support the direct transmission of digital signals.
Authors: Zhao Liqiang, Zhao Xiaodong, Li Z
The vast majority of phones currently in use are still analog phones, and it is difficult to ensure that the content of calls will not be illegally stolen. Therefore, people put forward the demand for digital secure telephone. At the communication sending end, the analog signal is converted into a digital signal through a voice coding device; then, it is encrypted by a digital security machine. The current analog telephone network does not support the direct transmission of digital signals. The encrypted digital voice also needs to go through the Modem, modulated into an analog signal and then sent to the other party. At the receiving end, demodulation needs to be performed first, the encrypted digital voice is recovered, and then decrypted. Then, the digital signal is restored to an analog voice signal. The corresponding conversion process is speech encoding/decoding, digital encryption/decryption, modulation/demodulation.
The digital security telephone terminal equipment designed in this paper mainly includes three components: AMBE vocoder, RSA security machine, Modem, as shown in Figure 1.
1 AMBE Vocoder
In 1985, Dr. DW Griffin of MIT first proposed the multi-band excitation (MBE) coding algorithm. In 1997, the American Digital Sound System (DVSI) company launched a single-chip speech encoder (AMBE-1000TM) based on the AMBE (improved MBE) algorithm with a data rate from 2.4kbps to 9.6kbps. AMBE encoder technology has achieved great success in the commercial field.
The hardware implementation structure of 2.4kbps~9.6kbps AMBE vocoder is shown in Figure 2. The vocoder adopts an AMBE-1000TM to complete the analysis and synthesis of speech. A/D & D/A module adopts a MC14LC5480 to complete the conversion of analog/digital and digital/analog.
Generally, the frequency range of the speech signal is 80Hz~8000kHz. The speech signal is pre-filtered before sampling. There are two purposes: first, use a low-pass filter to limit the part of the frequency domain component in the signal that exceeds half of the sampling frequency to prevent signal aliasing interference; second, use a high-pass filter to suppress 50Hz power supply disturbance.
AMBE-1000TM receives digitized voice from A/D converter through a serial interface, after encoding and compressing, it is sent to RSA security machine through the channel interface of AMBE-1000TM. At the same time, AMBE-1000TM receives the compressed digital signal through the channel interface, and through the processing of AMBE-1000TM decoder, the digital voice signal is restored. After D/A conversion, an analog voice signal is obtained.
2 RSA security machine based on DSP
Deciphering a password actually depends on the computing time (time complexity) and the hardware resources (space complexity) occupied by the attack method used by the decipherer when it is programmed and implemented on the computer. Table 1 shows the computer resources required to decompose RSA public key moduli of different lengths by using generalized number field sieve.
MIPS-year refers to one year of computer execution at 1,000,000 instructions per second. If the confidentiality period is required to be greater than 24 hours, the length of the public key modulus should not be less than 192 bits.
The hardware development platform of RSA security machine adopts TMS320C50. If the modulus n of the public key is 192bit, then, in the worst case, 2×191=382 multiplications of 192bit×192bit are required in one encryption/decryption operation. TMS320C50 provides 16bit×16bit hardware multiplier and 32bit+32bit adder. Therefore, to complete a multiplication operation of 192bit×192bit, 12×12=144 multiplication instructions and 12 addition instructions are required. The RSA secrecy machine adopts a fast encryption/decryption algorithm, which requires 55008 multiplication instructions and 4584 addition instructions to complete one encryption/decryption operation. The processing capacity of TMS320C50 is 25MIPS, and the time required to complete an encryption/decryption operation is about 3ms. Obviously, the delay of encryption/decryption will not cause much influence on the voice quality.
The hardware structure of Modem is shown in Figure 3, which mainly includes two parts: the data processor (RC9624DP), the main chip of Modem, mainly completes the data modulation and demodulation functions; the controller (TMS320C50), mainly completes the basic data transmission protocol (V.22bis) function.
The Modem chip RC9624DP supports a variety of Modem communication protocols, as shown in Table 2.
When the RSA security engine receives the frame of the AMBE vocoder, first, it needs to deframe. The control information in the letter frame does not change in the whole communication process, and can be set in the AMBE vocoder at the receiving end in advance, so it does not need to be transmitted. Secondly, the RSA security machine encrypts the voice information. Final packing. Packing mainly refers to adding a group synchronization header to realize group synchronization of voice streams.
After receiving the envelope, the RSA secrecy machine at the receiving end needs to unpack it first. Unpacking, mainly refers to identifying the group synchronization header. The ciphertext packet can only be identified if the group sync header is found. Decryption operation can be performed to restore the plaintext. Finally, the RSA security machine needs to re-bind the plaintext information according to the frame structure of the AMBE vocoder before it can be sent to the AMBE vocoder.
At present, there are many secure telephone products on the market. The use of analog encryption has poor confidentiality and is not suitable for the development of technology; the use of strong encryption technology has good confidentiality, but is expensive.