Wireless communication systems provide for radio communication links to be arranged within the system between a plurality of user terminals. Such user terminals may be mobile and may therefore be known as ‘mobile stations.’ At least one other terminal, e.g. used in conjunction with mobile stations, may be a fixed terminal, e.g. a control terminal, base station, or access point. Such a system typically includes a system infrastructure which generally includes a network of various fixed installations such as base stations, which are in direct radio communication with the mobile stations. Each of the base stations operating in the system may have one or more transceivers which may, for example, serve mobile stations in a given local region or area, known as a ‘cell’ or ‘site’, by radio frequency (RF) communication. The mobile stations which are in direct communication with a particular base station are said to be served by the base station, and all radio communications to and from each mobile station within the system are made via respective serving base stations. Sites of neighbouring base stations in a wireless communication system may be offset from one another or may be overlapping.
Wireless communication systems may operate according to an industry standard protocol such as, for example, the Project 25 (P25) standard defined by the Association of Public Safety Communications Officials International (APCO), or other radio protocols. Further details regarding, the P25 standards can be obtained from the Telecommunications Industry Association, 2500 Wilson Boulevard, Suite 300 Arlington, Va. Communications in accordance with P25 or other standards may take place over physical channels in accordance with one or more of a TDMA (time division multiple access) protocol, a FDMA (frequency divisional multiple access), or CDMA (code division multiple access) protocol. Mobile stations in wireless communication systems such as P25 systems send use communicated speech and data, herein referred to collectively as ‘traffic information’, in accordance with the designated protocol.
Many wireless communication systems, including many P25 systems, employ a procedure to encrypt sensitive communicated traffic information, especially where the information is sent via insecure channels, e.g. by wireless communication over-the-air. For example, in some wireless communication systems, communications can be end-to-end encrypted. This means that encryption of traffic information is applied by an original transmitting terminal of the sender (source) of the traffic information and removed by a final receiving terminal of the recipient (destination) of the traffic information. Intermediate terminals that facilitate the delivery of the encrypted traffic information are unable to decrypt the encrypted traffic information (or at least, are unable to do so in a reasonable amount of time).
FIG. 1 illustrates an example of how encryption may be achieved between a transmitter 101 and receiver 103 over an intervening channel 105 by producing a random or pseudo-random data sequence of binary digits (e.g., an encryption initialization vector 111) and using a combining procedure (e.g., an encryption algorithm 115) to combine the encryption initialization vector 111 with a secret key variable 113 supplied by the user. The combination generates another data sequence, known as a keystream, incorporating the secret key variable 113. The keystream, or a portion of it, is then used internally by the encryption algorithm 115 to encrypt the user traffic information 117 to be transmitted in encrypted form as encrypted traffic information 133. This is done in an encryption processor by using a combination procedure, such as an XOR (exclusive OR) combination procedure, to combine the unencrypted traffic information 117 with the keystream, e.g. on a frame-by-frame basis. The encryption initialization vector 111 may be loaded into a linear feedback shift register (LFSR), for example, and may be clocked to provide a time-varying keystream.
The secret key variable 113 used at the transmitter 101 is known at the receiver 103 and is thus never transmitted openly. The receiver 103 is sent the encryption initialization vector 111, an identifier identifying the encryption algorithm 115 used at the transmitter 101 (assuming it is not hardcoded in both transmitter 101 and receiver 103), and an identifier identifying the key variable 113 used at the transmitter 101 (assuming it is not hardcoded in both transmitter 101 and receiver 103) via a sync block 131 transmitted over the channel 105 and included in one or more of a header information structure or embedded in a data payload frame. The transmitter 101 also transmits the encrypted traffic information 133 over the channel 105 for reception by the receive 103. The receiver 103 is thereby able to re-construct the keystream applied at the transmitter 101. The receiver 103 combines the reconstructed keystream with the encrypted traffic 133 it receives in a manner such that the keystream included in the encrypted traffic 133 is cancelled allowing the original user traffic 163 to be extracted in unencrypted form. For example, the receiver 103 may use a same clocked LFSR as used by the transmitter 101 to provide a same time-varying keystream using the retrieved encryption initialization vector 111 transmitted in the sync block 131.
The end-to-end encryption process therefore typically includes (i) operation of an encryption algorithm in a processor of a transmitting terminal to encrypt the information to be transmitted, and (ii) operation of a related decryption algorithm in a receiving terminal to decrypt the received encrypted traffic information. As noted, the encryption process has to be synchronised between the transmitting terminal and the receiving terminal. The transmitting terminal must send to the receiving terminal information concerning the state of the encryption algorithm being run in the transmitting terminal to allow the receiving terminal to synchronise its decryption algorithm with the received signal.
As already alluded to above, synchronisation information may be sent from the transmitting terminal to the receiving terminal in several different ways. In a first method, synchronisation information is embedded in a stream of traffic information (e.g. voice payloads including digitized speech audio data or other data). In each consecutive encrypted frame of traffic information, a portion of the traffic information may be replaced by additional embedded synchronisation information. Synchronisation information portions retrieved from a single frame or from several frames may then be collected to form a complete set of synchronisation information to allow the receiver to begin decryption. Thus, a disadvantage of this first known method is that queuing of received traffic information frames may have to occur until all of the traffic information frames containing the several portions of embedded synchronisation information have been received. This first method may thus cause audio reproduction delays and/or truncation of voice message streams.
In a second known method, an initial full traffic information frame is replaced by synchronisation information in a complete synchronisation frame. This synchronization frame contains all of the information needed to begin decryption. This may be followed by a sequence of full traffic information frames containing no additional synchronisation information embedded therein. Thus, no queuing of received traffic information frames needs to take place because the receiving terminal can begin without delay decryption of the first full traffic information frame received directly after the complete synchronisation frame. However, this second known method has the disadvantage that if the initial synchronisation frame is missed by the receiving terminal, e.g. because the receiving terminal has made a late entry into the process of receiving the communication, the receiving terminal is unable to decrypt any of the subsequently received traffic information.
In addition to end-to-end encryption, link layer encryption may additionally be used between individual links to further prevent the interception or monitoring of traffic information transmitted over-the-air, such as between mobile stations and base stations. For example, even when end-to-end encryption is used to encrypt digitized voice data, some control and/or signalling data is necessarily sent unencrypted over-the-air to allow the receiving device (such as the base station or mobile station) to identify a sender or receiver, talkgroup ID, or to obtain information such as an algorithm ID or key ID sufficient to begin decrypting the end-to-end encrypted voice payload data. However, established protocols such as P25 may not provide sufficient signalling space in the established control procedures to introduce a second layer of encryption to the existing end-to-end encryption without incurring substantial delays and/or performance degradation. Furthermore, established protocols do not provide a way for a base station to dynamically provide link layer encryption for both end-to-end encrypted and non end-to-end encrypted voice calls.