High-end encryption for the Motorola MDT-9100
- wanted item
MDT was a system for secure transmission of sensitive data via
Mobile Data Terminals. It was developed by
around 1995, especially for the Police Department of Eindhoven (Netherlands).
The system was officially launched in March 1996 and lasted until the
introduction of the nation-wide C-2000 network from 2004 onwards .
In the 1980s and 90s, many Police Departments world-wide started using
digital data terminals in their vehicles, such as the
Motorola D-1118 and later the
Although Motorola sold these systems as being secure against evesdropping,
they were easily broken by international hackers in the late 1980s.
As the Police in some major Dutch cities made use of the MDT-9100,
and the new nation-wide C-2000 network was still several years away,
Philips was asked to develop a high-end crypto system that could be
added to existing MDTs.
The base station (host) consisted of a stand-alone Windows PC with a special
encryption card and dedicated software. It had a local disk-encryptor
for secure transport of key variables on floppy disks.
A separate PC was used as a
Key Generation System (KGS) and as a backup for the host.
In the vehicles, only a single PCMCIA card, with built-in hardware encryption,
was plugged into the existing MBT-9100-386 and MDR-9100-WS terminals.
The MDT software inside the terminals was probably updated in order to support
the Philips-developed encryption card.
Philips developed the MDT-project in co-operation
with Motorola and the Eindhoven Police Department.
Initially Amsterdam Police was also involved,
but their older MDT-9100-T workstations could not easily be upgraded.
They eventually pulled out for financial reasons.
Other cities hesitated going the same route as Eindhoven, as the new nation-wide
C2000 communication system was just around the corner. Eventually, Eindhoven
would be the first and only city in the world to use high-end Philips
cryptography with their MDTs. Nevertheless, the project was a major success,
albeit a local one.
The secure MDTs were used by the Eindhoven Police well into the 2000s,
long after the introduction of the C-2000 system.
The knowledge and experience gained from the project would later be used
during the development of the V-kaart.
The system was fully integrated with the existing speech and data infrastructure
of the Eindhoven Police. It allowed secure messages to be sent between a HOST
at the base station and any Mobile Work Station (MWS) in the field, but was not
intended for speech encryption. Voice messages were not encrypted and were
The base station is configured as follows:
The Host is used to initiate a message, which is then encrypted by means of
the Host Encryptor (HE). The encrypted message is then sent via the
Trunking Data Controller (TDC) to the Network Control Processor (NPC) and
finally to the General Communication Controller (GCC). The HE physically
acts as a bridge between the (secure) Host and the (non-secure) network.
At the Mobile Works Station (MWS), the encryption/decryption hardware takes
the form of a PCMCIA card which can be slotted into an existing
Motorola MDT-9100-386 terminal.
As a result, the system requires no hardware modification of the MWS.
The MWS is configured as follows:
Messages from the Host are received by the Radio Modem (RM) and passed on
to the Data Processor (CPU). Encrypted messages are then sent to the
Mobile Encryptor (ME) card, where they are decoded. The messages are then
sent back to the CPU and are finally shown on the terminal display (UI).
Messages can also be originated at the keyboard of the MWS and sent to the Host.
As Philips Crypto was based in Eindhoven (Netherlands) and the Eindhoven
Police Department had just started using the
Motorola MDT-9100 in 1993,
it was decided to start the development of the so-called Mobiele Data
Encryptie Systeem (Mobile Data Encryption System,
or MDES) as a co-operation between
Philips Crypto BV, Motorola Ltd., the Police Signals Service (KLPD)
and the Eindhoven Police Department (Politie Brabant Zuid-Oost) .
It would be used for the following:
- Status messages (En-route, At scene, etc.)
- Incident messages
- Database access (BOS, RDW, NSIS, CRR, OPS, etc.)
- Free text messages
- Gain knowledge and experience for the C-2000 project
Initially the Amsterdam Police would also participate in the project,
but they pulled-out when it became clear that their (early) version
of the MDT-9100 was not suitable for PCMCIA cards. Upgrading the equipment
was considered too expensive. Eventually, Eindhoven would be the first
and only Police Department in the world to use MDTs with Philips Crypto's
high-end digital encryption system. The project was partly financed by the
Dutch Ministry of Trade and consisted of the following items :
The Host Encryptor (HE) consisted of a standard Dell Windows PC of the early
1990s, running the Windows 3.10 operating system. The PC was extended with a
special hardware encryption module UP-2194 and suitable application software,
both developed by Philips Crypto BV.
The PC itself was protected by means of an Elkey local disk encryptor
with smart card and PIN-code, in order to protect it against unauthorised access.
It was also used to create protected floppy disks for the transport of keys
to the Key Generation System,
that used the same smart card and PIN .
The hardware consisted of an expansion card
that was fitted in one of the ISA slots of the PC.
The actual encryption/decryption hardware was implemented as a
daughter board on top of the ISA card.
The image on the right shows the ISA card with the
Philips crypto unit at the top right.
The daughter board was in fact a modified version of the crypto heart
of the Philips PNVX secure telephone.
This way, the development cost of the HE could be kept relatively low.
One has to bear in mind that only a few of these hand-built HE units
were ever manufactured.
The crypto heart of the HE was built around
Philips's OQ4434 crypto chip, which was also used in the
and in the PFX-PM hand-held radio.
It contained approved proprietary encryption algorithms.
By customising the software in the on-board
8051 processor, the
crypto heart was adapted for Motorola's mobile trunking data network.
A small number of hardware modifications were made to the board.
They are visible as thin white wires in the image above.
In order to guarantee a minimum down-time in case of a hardware
failure, the HE computer had two harddiscs.
One disc was a 'mirror' of the other one,
so that it could take over in the unlikely event that the first
one went down. Furthermore, the Key Generation System (KGS) was used
as a backup system. It also contained a HE card and had the HE-software
already running. All that was necessary to make it behave like a HE,
was to move the cables from the real HE to the KGS .
At the mobile end, the situation was more complicated.
The initial plan was to implement the encryption/decryption module
as a separate unit that would be plugged into the MDT's serial port,
but it raised too many problems. The firmware inside the MDT had to be
changed and the external module imposed installation
problems in the already overcrowded police vehicles.
Later versions of the Motorola MDT-9100
(i.e. the T and 386 models) had a PCMCIA slot that would be ideal for the
expansion, but this slot was not present on the early MDTs that the
Eindhoven Police had. It was then decided that they would be swapped
for the 386 variant.
Philips subsequently developed a PCMCIA card
that could be slotted into the MDT-9100-386, and that would not require
any modification of the terminal whatsoever. The challenge was to fit
all the components of the hardware encryption unit into the low-profile
case of a PCMCIA card.
After another design round, Philips engineers succeeded in
shrinking the design
to the limited space of the PCMCIA card.
Like many of the other components,
the OQ4434 crypto chip of the PNVX phone
was too high and had to be re-packaged
in order to fit inside the low-profile case.
The image on the right shows a close-up of the
OQ4434 crypto chip on a
prototype of the UP-2198 crypto card.
This card was used by Philips engineers during the development
of the ME.
The card contains an Intel P80C32 processor
(a ROM-less variant of the 8051 with 256 bytes of RAM) 
with an external AM29F010 Flash ROM (128KB) ,
the OQ4434 crypto chip and an M67130 dual-port RAM (1KB) .
The functions of the OQ4434 crypto chip are controlled by an Actel FPGA
that also acts as the bridge between the crypto card and the PCMCIA bus.
The actual cards that were released to the
police were designated UP-2198/06. They had the interior of the card
covered in blue stuff,
in order to protect the unit against tampering and reverse-engineering.
Faulty cards could not be repaired; they simply had to be replaced.
Initial programming of the card and key loading was done by placing the
card in the PCMCIA slot of a standard PC. For this purpose, the PC had
a PCMCIA expansion card (PCI or ISA). Once the initial key was loaded,
it was possible to load newer keys via the small connector at
the front of the crypto card.
For this purpose, a special Key-loading Device (KD), based on the
UP-2101 key filler, would be developed.
In practice however, this method of key loading was never used .
Instead, a method more in line with the logistic procedures of the police
department was used. A small number of spare MEs was available. As soon as
a police vehicle would go to the workshop for maintenance, the ME in the
MDT was replaced with a spare one that had been loaded with new keys.
The removed ME would then be checked, zeroized and added to the stock
of spares. The HE management system would then automatically detect the
presence of a 'new' ME in a particular MDT and adapt its settings accordingly
after checking that the replacement was indeed valid .
Key Generation System (KGS)
For secure communication, the Host Encryptor (HE) and the Mobile Encryptor (ME)
had to use the same key. For security reasons, each ME had its own unique key
and it was mandatory that keys would be changed frequently. For the production
of keys, a separate Key Generation System (KGS) was used.
It consisted of a stand-alone Dell PC with suitable KGS software developed
by Philips. It was designated UP-2104 and used the same Elkey local disc
encryptor as the HE (see above).
For security reasons, the KGS was not connected directly to the HE by means of
a network or by any other means. This was done to avoid tampering.
Instead, the generated keys were written to an encrypted 3.5" floppy disk
that was manually carried over to the HE.
Loading the keys into the ME was done by means of a
PCMCIA adapter that was fitted inside the KGS. For that,
the UP-2198 card had to
be removed temporarily from the ME, whilst it was being loaded by the KGS .
Like the HE, the PC used for the KGS was also protected by a smart card
with PIN, in order to protect it against unauthorised access. The same smart
card and PIN were used as for the HE. Furthermore, the KGS was used as a
backup for the HE. It contained the same expansion card
and software. In case of a hardware failure of the HE, it was sufficient
to move all cables from the HE to the KGS. The KGS would then function as
a HE. A spare KGS was available in case it failed.
Two types of keys were used: fixed keys and variable keys.
Both types of keys were unique for each ME. The variable key was generated
by the KGS and was loaded into the ME via the PCMCIA interface.
For improved crypto security it had to be changed frequently.
In normal use, the variable key would be used for communication.
Whenever an ME got compromised (e.g. when it was stolen), the variable key
could be deleted remotely by issuing a remote ZEROIZE command.
The fixed key was based on the ME's built-in unique number and could not
be changed. It allowed the ME to be addressed when the other key somehow got
lost. It could also be used to issue a remote ZEROIZE command from the HE,
in case the ME had been compromised. It also allowed the ME to send an
encrypted message to the HE in case it had no variable key.
Initially, the system design had several other remote commands, mainly for
system status and security management purposes. Unfortunately, due to
budgetary reasons, these were never implemented.
The initial system design also included two variable net keys,
to enable the efficient encryption by the HE and decryption by any selection
of MEs of broadcast messages. Using two variable net keys would allow sliding
replacement of these net keys, and the formation of one or more groups of
terminals sharing the same key.
Furthermore, the HE and all MEs would have a Fixed Net Key that could be used
in case of an emergency. However, during the development of the
crypto system, it became clear that the Motorola TDC-NCP system
did not support real broadcast, but would rather send a message, designated
as broadcast, sequenctially in quick succession to all MDTs individually.
As a consequence, the requirement of having net keys was dropped .
The system was also designed to employ so-called special keys.
These keys could be used for regional or nation-wide collaboration between
several police departments and special forces. The generation and distribution
of special keys was the responsibility of the
- Wikipedia, C2000
Retrieved May 2012.
- Politie Brabant Zuid-Oost, Voorop in Informatie en Communicatie
4-page full-colour brochure about the new secure data terminals (Dutch).
Date unknown, probably late 1995 or early 1996.
- Commissaris JAF Kort, Crypto voor Mobiele Communicatie
Presentation at the introduction of the system (Dutch).
21 March 1996.
- Philips Crypto BV, Mobiele Data Encryptie Systeem Politie Brabant Zuid-Oost
3-page system description. Date unknown, probably early 1996.
4822 089 03202.
- Temic Semiconductor, 80C32 CMOS 4-44MHz Single Chip 8-bit Microcontroller
Datasheet. 13 February 1997. Retrieved July 2012.
- AMD, Am29F010 128K x 8-bit CMOS 5.0V-only, Uniform Sector Flash Memory
Datasheet. March 1998. Retrieved July 2012.
- Temic Semiconductor, M67130 1K x 8 CMOS Dual Port RAM
Datasheet. 11 April 1997. Retrieved July 2012.
- Philips Crypto BV, MDT Encryption Demonstrator
Internal document. 27 March 1994.
- Cees Jansen, Architect of the MDT project at Philips Crypto BV
Former cryptographer at Philips Usfa/Crypto BV.
Interview at Crypto Museum, June 2012.
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?|
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Monday, 03 March 2014 - 15:00 CET