Spy sets
Burst encoders
Logo (click for homepage)
Philips MDT
High-end encryption for the Motorola MDT-9100 - wanted item

MDT was a system for secure transmission of sensitive data via Motorola MDT-9100-386 Mobile Data Terminals. It was developed by Philips Crypto around 1995, especially for the Police Department of Eindhoven (Netherlands). The system was officially launched in March 1996 and lasted until the introduction of the nation-wide C-2000 network from 2004 onwards [1].
In the 1980s and 90s, many Police Departments world-wide started using digital data terminals in their vehicles, such as the Motorola D-1118 and later the Motorola MDT-9100. Although Motorola sold these systems as being secure against evesdropping, they were easily broken by international hackers in the late 1980s.

As the Police in some major Dutch cities made use of the MDT-9100, and the new nation-wide C-2000 network was still several years away, Philips was asked to develop a high-end crypto system that could be added to existing MDTs.
MDT-9100-386 mobile terminal in a Dutch Police vehicle

The base station (host) consisted of a stand-alone Windows PC with a special encryption card and dedicated software. It had a local disk-encryptor for secure transport of key variables on floppy disks. A separate PC was used as a Key Generation System (KGS) and as a backup for the host.
In the vehicles, only a single PCMCIA card, with built-in hardware encryption, was plugged into the existing MBT-9100-386 and MDR-9100-WS terminals. The MDT software inside the terminals was probably updated in order to support the Philips-developed encryption card.

Philips developed the MDT-project in co-operation with Motorola and the Eindhoven Police Department. Initially Amsterdam Police was also involved, but their older MDT-9100-T workstations could not easily be upgraded. They eventually pulled out for financial reasons.
A Motorola MDT-9100-WS terminal equipped with a Philips Crypto module

Other cities hesitated going the same route as Eindhoven, as the new nation-wide C2000 communication system was just around the corner. Eventually, Eindhoven would be the first and only city in the world to use high-end Philips cryptography with their MDTs. Nevertheless, the project was a major success, albeit a local one. The secure MDTs were used by the Eindhoven Police well into the 2000s, long after the introduction of the C-2000 system. The knowledge and experience gained from the project would later be used during the development of the V-kaart.
The system was fully integrated with the existing speech and data infrastructure of the Eindhoven Police. It allowed secure messages to be sent between a HOST at the base station and any Mobile Work Station (MWS) in the field, but was not intended for speech encryption. Voice messages were not encrypted and were passed-on unaltered. The base station is configured as follows:

Base station (host)

The Host is used to initiate a message, which is then encrypted by means of the Host Encryptor (HE). The encrypted message is then sent via the Trunking Data Controller (TDC) to the Network Control Processor (NPC) and finally to the General Communication Controller (GCC). The HE physically acts as a bridge between the (secure) Host and the (non-secure) network.

At the Mobile Works Station (MWS), the encryption/decryption hardware takes the form of a PCMCIA card which can be slotted into an existing Motorola MDT-9100-386 terminal. As a result, the system requires no hardware modification of the MWS. The MWS is configured as follows:

Mobile Work Station (MWS)

Messages from the Host are received by the Radio Modem (RM) and passed on to the Data Processor (CPU). Encrypted messages are then sent to the Mobile Encryptor (ME) card, where they are decoded. The messages are then sent back to the CPU and are finally shown on the terminal display (UI). Messages can also be originated at the keyboard of the MWS and sent to the Host.
The project
As Philips Crypto was based in Eindhoven (Netherlands) and the Eindhoven Police Department had just started using the Motorola MDT-9100 in 1993, it was decided to start the development of the so-called Mobiele Data Encryptie Systeem (Mobile Data Encryption System, or MDES) as a co-operation between Philips Crypto BV, Motorola Ltd., the Police Signals Service (KLPD) and the Eindhoven Police Department (Politie Brabant Zuid-Oost) [3]. It would be used for the following:
  • Status messages (En-route, At scene, etc.)
  • Incident messages
  • Database access (BOS, RDW, NSIS, CRR, OPS, etc.)
  • Free text messages
  • Gain knowledge and experience for the C-2000 project
Initially the Amsterdam Police would also participate in the project, but they pulled-out when it became clear that their (early) version of the MDT-9100 was not suitable for PCMCIA cards. Upgrading the equipment was considered too expensive. Eventually, Eindhoven would be the first and only Police Department in the world to use MDTs with Philips Crypto's high-end digital encryption system. The project was partly financed by the Dutch Ministry of Trade and consisted of the following items [3]:
Host Encryptor (HE)
The Host Encryptor (HE) consisted of a standard Dell Windows PC of the early 1990s, running the Windows 3.10 operating system. The PC was extended with a special hardware encryption module UP-2194 and suitable application software, both developed by Philips Crypto BV. The PC itself was protected by means of an Elkey local disk encryptor with smart card and PIN-code, in order to protect it against unauthorised access. It was also used to create protected floppy disks for the transport of keys to the Key Generation System, that used the same smart card and PIN [9].
The hardware consisted of an expansion card that was fitted in one of the ISA slots of the PC. The actual encryption/decryption hardware was implemented as a daughter board on top of the ISA card. The image on the right shows the ISA card with the Philips crypto unit at the top right.

The daughter board was in fact a modified version of the crypto heart of the Philips PNVX secure telephone. This way, the development cost of the HE could be kept relatively low. One has to bear in mind that only a few of these hand-built HE units were ever manufactured.
ISA-bus PC card with Philips crypto heart

The crypto heart of the HE was built around Philips's OQ4434 crypto chip, which was also used in the PNVX phones and in the PFX-PM hand-held radio. It contained approved proprietary encryption algorithms. By customising the software in the on-board 8051 processor, the crypto heart was adapted for Motorola's mobile trunking data network. A small number of hardware modifications were made to the board. They are visible as thin white wires in the image above.

In order to guarantee a minimum down-time in case of a hardware failure, the HE computer had two harddiscs. One disc was a 'mirror' of the other one, so that it could take over in the unlikely event that the first one went down. Furthermore, the Key Generation System (KGS) was used as a backup system. It also contained a HE card and had the HE-software already running. All that was necessary to make it behave like a HE, was to move the cables from the real HE to the KGS [8].
ISA-bus PC card with Philips crypto heart Close-up of the crypto heart on top of the ISA expansion card Top view of the HE card The stacked PCBs The crypto heart separated from the ISA card Top side of the crypto heart Close-up of the bottom side of the crypto heart, showing the 2 OQ4434 chips and the processor Close-up of the processor on the crypto heart

Mobile Encryptor (ME)
At the mobile end, the situation was more complicated. The initial plan was to implement the encryption/decryption module as a separate unit that would be plugged into the MDT's serial port, but it raised too many problems. The firmware inside the MDT had to be changed and the external module imposed installation problems in the already overcrowded police vehicles.
Later versions of the Motorola MDT-9100 (i.e. the T and 386 models) had a PCMCIA slot that would be ideal for the expansion, but this slot was not present on the early MDTs that the Eindhoven Police had. It was then decided that they would be swapped for the 386 variant.

Philips subsequently developed a PCMCIA card that could be slotted into the MDT-9100-386, and that would not require any modification of the terminal whatsoever. The challenge was to fit all the components of the hardware encryption unit into the low-profile case of a PCMCIA card.
Philips UP-2198 crypto card for MDT (rear side)

After another design round, Philips engineers succeeded in shrinking the design to the limited space of the PCMCIA card. Like many of the other components, the OQ4434 crypto chip of the PNVX phone was too high and had to be re-packaged in order to fit inside the low-profile case.
The image on the right shows a close-up of the OQ4434 crypto chip on a prototype of the UP-2198 crypto card. This card was used by Philips engineers during the development of the ME.

The card contains an Intel P80C32 processor (a ROM-less variant of the 8051 with 256 bytes of RAM) [5] with an external AM29F010 Flash ROM (128KB) [6], the OQ4434 crypto chip and an M67130 dual-port RAM (1KB) [7]. The functions of the OQ4434 crypto chip are controlled by an Actel FPGA that also acts as the bridge between the crypto card and the PCMCIA bus.
Close-up of the re-packaged OQ4430 crypto chip

The actual cards that were released to the police were designated UP-2198/06. They had the interior of the card covered in blue stuff, in order to protect the unit against tampering and reverse-engineering. Faulty cards could not be repaired; they simply had to be replaced.

Initial programming of the card and key loading was done by placing the card in the PCMCIA slot of a standard PC. For this purpose, the PC had a PCMCIA expansion card (PCI or ISA). Once the initial key was loaded, it was possible to load newer keys via the small connector at the front of the crypto card. For this purpose, a special Key-loading Device (KD), based on the UP-2101 key filler, would be developed. In practice however, this method of key loading was never used [9].

Instead, a method more in line with the logistic procedures of the police department was used. A small number of spare MEs was available. As soon as a police vehicle would go to the workshop for maintenance, the ME in the MDT was replaced with a spare one that had been loaded with new keys. The removed ME would then be checked, zeroized and added to the stock of spares. The HE management system would then automatically detect the presence of a 'new' ME in a particular MDT and adapt its settings accordingly after checking that the replacement was indeed valid [9].
Philips UP-2198 crypto card for MDT (rear side) Philips UP-2198 crypto card for MDT (front side) Interior of the Philips UP-2198 crypto card, showing the components covered in blue stuff Interior of a prototype of the UP-2198 crypto card, showing the components side Interior of a prototype of the UP-2198 crypto card, showing the components side Close-up of the re-packaged OQ4430 crypto chip Prototype UP-2198 crypto card Connection for an external key loader

Key Generation System (KGS)
For secure communication, the Host Encryptor (HE) and the Mobile Encryptor (ME) had to use the same key. For security reasons, each ME had its own unique key and it was mandatory that keys would be changed frequently. For the production of keys, a separate Key Generation System (KGS) was used. It consisted of a stand-alone Dell PC with suitable KGS software developed by Philips. It was designated UP-2104 and used the same Elkey local disc encryptor as the HE (see above).

For security reasons, the KGS was not connected directly to the HE by means of a network or by any other means. This was done to avoid tampering. Instead, the generated keys were written to an encrypted 3.5" floppy disk that was manually carried over to the HE. Loading the keys into the ME was done by means of a PCMCIA adapter that was fitted inside the KGS. For that, the UP-2198 card had to be removed temporarily from the ME, whilst it was being loaded by the KGS [9].

Like the HE, the PC used for the KGS was also protected by a smart card with PIN, in order to protect it against unauthorised access. The same smart card and PIN were used as for the HE. Furthermore, the KGS was used as a backup for the HE. It contained the same expansion card and software. In case of a hardware failure of the HE, it was sufficient to move all cables from the HE to the KGS. The KGS would then function as a HE. A spare KGS was available in case it failed.

Two types of keys were used: fixed keys and variable keys. Both types of keys were unique for each ME. The variable key was generated by the KGS and was loaded into the ME via the PCMCIA interface. For improved crypto security it had to be changed frequently. In normal use, the variable key would be used for communication. Whenever an ME got compromised (e.g. when it was stolen), the variable key could be deleted remotely by issuing a remote ZEROIZE command.

The fixed key was based on the ME's built-in unique number and could not be changed. It allowed the ME to be addressed when the other key somehow got lost. It could also be used to issue a remote ZEROIZE command from the HE, in case the ME had been compromised. It also allowed the ME to send an encrypted message to the HE in case it had no variable key. Initially, the system design had several other remote commands, mainly for system status and security management purposes. Unfortunately, due to budgetary reasons, these were never implemented.

The initial system design also included two variable net keys, to enable the efficient encryption by the HE and decryption by any selection of MEs of broadcast messages. Using two variable net keys would allow sliding replacement of these net keys, and the formation of one or more groups of terminals sharing the same key. Furthermore, the HE and all MEs would have a Fixed Net Key that could be used in case of an emergency. However, during the development of the crypto system, it became clear that the Motorola TDC-NCP system did not support real broadcast, but would rather send a message, designated as broadcast, sequenctially in quick succession to all MDTs individually. As a consequence, the requirement of having net keys was dropped [9].

The system was also designed to employ so-called special keys. These keys could be used for regional or nation-wide collaboration between several police departments and special forces. The generation and distribution of special keys was the responsibility of the NLNCSA.
  1. Wikipedia, C2000
    Retrieved May 2012.

  2. Politie Brabant Zuid-Oost, Voorop in Informatie en Communicatie
    4-page full-colour brochure about the new secure data terminals (Dutch).
    Date unknown, probably late 1995 or early 1996.

  3. Commissaris JAF Kort, Crypto voor Mobiele Communicatie
    Presentation at the introduction of the system (Dutch). 21 March 1996.

  4. Philips Crypto BV, Mobiele Data Encryptie Systeem Politie Brabant Zuid-Oost
    3-page system description. Date unknown, probably early 1996. 4822 089 03202.

  5. Temic Semiconductor, 80C32 CMOS 4-44MHz Single Chip 8-bit Microcontroller
    Datasheet. 13 February 1997. Retrieved July 2012.

  6. AMD, Am29F010 128K x 8-bit CMOS 5.0V-only, Uniform Sector Flash Memory
    Datasheet. March 1998. Retrieved July 2012.

  7. Temic Semiconductor, M67130 1K x 8 CMOS Dual Port RAM
    Datasheet. 11 April 1997. Retrieved July 2012.

  8. Philips Crypto BV, MDT Encryption Demonstrator
    Internal document. 27 March 1994.

  9. Cees Jansen, Architect of the MDT project at Philips Crypto BV
    Former cryptographer at Philips Usfa/Crypto BV.
    Interview at Crypto Museum, June 2012.

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Monday, 03 March 2014 - 15:00 CET
Click for homepage