Zeroizing trunking authentication keys in APX subscribers
Moderator: Queue Moderator
-
- Posts: 1854
- Joined: Tue Jan 13, 2004 7:03 am
Zeroizing trunking authentication keys in APX subscribers
Anyone know of a way to do this? Reloading a blank default codeplug won't do it, and the erase key options (menu-driven or purple+orange buttons on a portable) only zeroize traffic keys.
-
- Posts: 613
- Joined: Sat Jun 26, 2004 3:35 pm
Re: Zeroizing trunking authentication keys in APX subscribers
use a KVL to zeroize or uncheck both infinite ukek retention and infinite key retention
"TDMA = digital and same great taste, half the bits"
-
- Posts: 1854
- Joined: Tue Jan 13, 2004 7:03 am
Re: Zeroizing trunking authentication keys in APX subscribers
There is no zeroize option in Radio Authentication mode, and infinite key retention only applies to traffic keys.
I'm beginning to think it's not possible, at least not without depot-level trickery.
I'm beginning to think it's not possible, at least not without depot-level trickery.
Re: Zeroizing trunking authentication keys in APX subscribers
It's strange that the KVL4000 doesn't have a delete option when in Authentication mode, as the P25 specs definitely have a "Delete Authentication Command/Response" KMMs defined. The KMM has two options - delete all authentication keys or just the active key. There are KMM message IDs defined for Load Auth Key Command, Load Auth Key Response, Delete Auth Key Command, Delete Auth Key Response.
When I get a chance I'll see if this KMM actually works on a real radio and get back to you. Either way it is an oversight in the KVL4000's design, and the functionality should definitely be there.
Ref - Section 3.9.2.27 of TIA 102.AACD-A
When I get a chance I'll see if this KMM actually works on a real radio and get back to you. Either way it is an oversight in the KVL4000's design, and the functionality should definitely be there.
Ref - Section 3.9.2.27 of TIA 102.AACD-A
- chartofmaryland
- Batboard $upporter
- Posts: 411
- Joined: Sat Dec 28, 2002 11:25 pm
- What radios do you own?: Alot
Re: Zeroizing trunking authentication keys in APX subscribers
Well there are 2 options
You can backdate the firmware to version 9 or 10 where after you turn power on and off to the radio about a dozen times and the authentication key will be dropped automatically, it must have been a customer feature request.
Or your can overwrite with a useless key for the purpose of not having the key in the radio that was sent to the auth server.
Never heard a reason beyond wanting extra protection that would require zeroize the auth key.
CoM
You can backdate the firmware to version 9 or 10 where after you turn power on and off to the radio about a dozen times and the authentication key will be dropped automatically, it must have been a customer feature request.
Or your can overwrite with a useless key for the purpose of not having the key in the radio that was sent to the auth server.
Never heard a reason beyond wanting extra protection that would require zeroize the auth key.
CoM
If the lights are out when you leave the station and then come on the second you key up, you know you have enough power.
-
- Posts: 1854
- Joined: Tue Jan 13, 2004 7:03 am
Re: Zeroizing trunking authentication keys in APX subscribers
In this particular instance it was to verify that the system was actually challenging subscribers for authentication after a 7.17 upgrade, but it could (will) become an issue when we start sending radios to surplus.chartofmaryland wrote:Never heard a reason beyond wanting extra protection that would require zeroize the auth key.
- chartofmaryland
- Batboard $upporter
- Posts: 411
- Joined: Sat Dec 28, 2002 11:25 pm
- What radios do you own?: Alot
Re: Zeroizing trunking authentication keys in APX subscribers
Well if that is what you were after,
We scheduled a service window and went from limited to restricted with the auth server which then only allowed auth’ed radios to continue operating
The same process of using a dummy key to overwrite current keys was used to confirm radios on and off the system while authentication only was enforced
CoM
We scheduled a service window and went from limited to restricted with the auth server which then only allowed auth’ed radios to continue operating
The same process of using a dummy key to overwrite current keys was used to confirm radios on and off the system while authentication only was enforced
CoM
If the lights are out when you leave the station and then come on the second you key up, you know you have enough power.
-
- Posts: 1854
- Joined: Tue Jan 13, 2004 7:03 am
Re: Zeroizing trunking authentication keys in APX subscribers
We operate in restricted/forced full-time. We specifically wanted to see the difference in behavior and notification between a radio that had a mismatched key and a radio that had no key at all (there is no system notification for a radio attempting affiliation with no key, which was elevated to the infrastructure group.)
- chartofmaryland
- Batboard $upporter
- Posts: 411
- Joined: Sat Dec 28, 2002 11:25 pm
- What radios do you own?: Alot
Re: Zeroizing trunking authentication keys in APX subscribers
Afternoon Otaku,
Interesting, we experience SYS REG REFUSED when a new radio is programmed and attempting to affiliate while the system is restricted and no auth key is present but ID is turned on.
APX6000, APX8000 and APX7000 firmware 15.13 thru 16.23
Now on XTS and XTL models i believe the radio just sits idle without any display notification
Will check that in the coming days
CoM
Interesting, we experience SYS REG REFUSED when a new radio is programmed and attempting to affiliate while the system is restricted and no auth key is present but ID is turned on.
APX6000, APX8000 and APX7000 firmware 15.13 thru 16.23
Now on XTS and XTL models i believe the radio just sits idle without any display notification
Will check that in the coming days
CoM
If the lights are out when you leave the station and then come on the second you key up, you know you have enough power.
-
- Posts: 1854
- Joined: Tue Jan 13, 2004 7:03 am
Re: Zeroizing trunking authentication keys in APX subscribers
Sorry, should've clarified... the radio will alert and display when authentication fails (if programmed to do so) but UEM will only generate a notification when a radio attempts authentication with a mismatched key, not with no key at all.