|
|
|
|
|
|
Rapid offline encryption device
- Wanted item
The Aroflex is probably the most successful crypto machines
ever built by Philips Usfa. It was developed
between 1976 and 1982 and over 4500 units were produced.
It uses hardware-based encryption with NATO-style key management.
The machines were used by NATO, the Dutch government, the Dutch
Department of Defence, and the governments of some friendly
nations, such as Norway and Canada.
Aroflex is also known as UA-8116,
BID 1100 and
T-1000CA.
|
The device is based on a standard Siemens T-1000 telex machine,
with a crypto unit mounted to the bottom of it.
In the image on the right, the crypto unit is visible
as a low-profile black cabinet, with a red button and two
physical key locks: one for the INSERT key and one
for the SPECAT key.
This black and white photograph was used by Philips for promotional
purposes [1]. More images below.
Whenever a message key was compromised, or when an army post was
raided by the enemy, the operator just had to press the
red button
at the front of the crypto unit to flush the
keys and all stored messages.
This key is called ZEROIZE.
|
|
|
It was a highly automated encryption/decryption machine for
rapid, reliable and efficient off-line operation. It could also
be used as a stand-alone message tape preparation unit.
Some machines were equiped with appropriate interfaces to allow
them to be connected directly to the line.
The T-1000 could be operated at 50, 75 and 100 baud on-line,
and 100 baud off-line.
Aroflex is crypto compatible with NATO
CEROFF equipment,
such as RACE
and Picoflex.
As such, it complies with the the symmetrical
ACP 127
standard (Allied Communications Publication) [8].
The plaintext was converted into 5-letter groups, with 10
groups on each line. The Aroflex could store upto 6 pages
(i.e. 120 lines of 10 crypto groups each) in its internal memory.
The name Aroflex is probably derrived from Automatic Rapid
Offline Encryption Device.
In the early 1990s, Aroflex was succeeded by the
Aroflex II (T-1285CA), but it came too
late to be successful.
|
|
|
|
|
|
|
In 1974, NATO was looking for a replacement for the ageing American
KL-7 cipher machine,
also known as ADONIS or POLLUX. They initiated an evaluation under the
code name CEROFF and invited several
manufacturers to take part in the bidding.
Aroflex was Philips' contribution to the bidding.
Another bidder was the STK from Norway,
offering RACE (KL-51) as an alternative.
When designing Aroflex, Philips wanted to use an existing teletype
machine (telex) as its basis, and expand it with cipher capability.
After dismissing AEG
and PTI as possible partners in the project,
they finally selected the Siemens T-1000.
It was a modern telex machine which offered unparalleled expansion
possibilities. The downside of the T-1000 was the rather 'open' construction,
causing unwanted emission of radio signals (EMC). It took an enormous
effort by both Siemens and Philips Usfa, to make the combined machine
EMC and TEMPEST proof [4].
The outcome of the NATO CEROFF bidding match was inconclusive and
ended in a remittance between Aroflex
and the Norwegian RACE.
NATO chose for a split-procurement and left it to
the end-user to decide what equipment to order.
As a result, Philips allowed RACE to use
the Aroflex algorithm, making both machines compatible [4].
Eventually, Aroflex turned out to be the more popular machine in
Europe and Canada [5], whilst the more robust
RACE was adopted by the US.
|
In 2009 we discovered a series of black & white photographs that were
considered to have been lost when Philips Crypto BV
was dissolved in 2003. The pictures show detailed images of the various
assembly stages of the Aroflex. They were probably made for the
service manual.
|
The image on the right shows an exploded view of the Aroflex' crypto
add-on. It consists of four PCBs and a crypto-unit. The narrow board
at the top left is the processor board. It contains an 8080 microprocessor
and connects to the other boards via 6 flat-cables with 16 lines each.
The three boards in the middle are (from top to bottom) the memory-board,
the mixer-board and the interface-board. The latter also contains the
switched-mode power supply unit. All the voltages needed for the electronics
are derived from a single 24V source inside the T-1000.
|
|
|
The small grey rectangle at the right is the crypto-module,
also known as the crypto-heart. It contains a number of custom chips
and was classified as confidential at the time.
All units are connected together by means of a series of short flatcables,
with plugs that fit into an IC socket.
|
Once the initial Aroflex machine for NATO CEROFF was ready, Philips developed
a number of variants, such as the line-connected mode, the civil version,
the customer-unique key generators and numerous variations in operation.
All machines for NATO were delivered as completely assembled machines,
including the Siemens T-1000 teletype.
Siemens sold the civil version.
|
The image on the right shows two important parts of the Aroflex.
The large board on the left is the mixer. It combines plaintext
and key stream into ciphertext. The blue resistor packs
are inserted in the connectors during storage, as a temporary
measure to protect the highly sensitive CMOS chips against static discharge.
The yellow block on the right is the actual crypto-module.
It consists of a printed circuit board with a number of OQ4407
custom chips. As this too is a CMOS device, it is protected
during storage by means of resistor packs.
|
|
|
Apart from NATO, Aroflex was also sold to various departments of
the Dutch government and also to the authorities of some friendly nations.
As Philips Usfa had officialy won the CEROFF bidding, they received
purchase orders from SHAPE
and from most NATO countries, making Aroflex arguably Usfa's
most successful cipher machine.
It was very popular in Germany, Canada and Turkey.
At the end of 1982, more than 2500 units had already been produced [4].
|
In order to allow Siemens
to sell the civil version of the Aroflex,
Philips supplied the bare crypto module to Siemens. In this case, the
combination was called T-1000-CA, in which the extension CA stands for Cryptographical Application.
In the 1986 edition of Jane's Military Communication, the machine was
offered by Siemens as the T-1000CA,
with a black (rather than white) body stored in a suitable flight-case.
According to an internal Philips Usfa memo [4], only one batch of
1500 crypto add-on modules was ever delivered to Siemens.
Note
The same modified Siemens T-1000 teleprinter was used for the
Hagelin HC-550 and HC-580
cipher machines. Like the Aroflex, these machines had the crypto unit bolted
to its bottom. Please note that although the Hagelin machines
closely resemble the Aroflex, they were not compatible with Aroflex nor with any other NATO cipher machine.
|
During the Cold War, the Aroflex was researched extensively
by the Russian KGB and the East-German Ministerium für Staatssicherheit
(MfS or Stasi). In 1982/1983 they managed to get hold of a machine that had
mysteriously disappeared from a show.
In 1986/1987, Department XI of the Stasi spent 30% of its capacity on
targetting the machine.
They tried to exploit the machine's unwanted eminations
(TEMPEST),
but were not successful [6].
Although they didn't manage to break the machine, they had a constant
supply of keylists from someone at NATO. It was the same guy who had
supplied them with the ELCROTEL keylists from 1972 onwards [7].
Although this means that the key was compromised,
it does not mean that the machine was also compromised.
|
Aroflex can store upto 26 keys:
- 23 keys for 'ordinary' traffic.
- 2 SPECAT (Special Category) keys (see note below).
- 1 for encryption/decryption of the system indicators (i.e. the serial numbers of each key).
A new key is easily entered and takes the following steps:
- Place the INSERT-key in the leftmost lock and turn it clockwise.
- Enter the number of the required key store (address).
- Enter (from the key list) the serial number of the key, the keying variables and the check word.
- Remove the INSERT-key.
The two SPECAT keys can only be entered and/or used if the physical
SPECAT-key is entered in the rightmost lock and turned clockwise.
As an alternative to the above procedure, it was also possible to
enter the keys via a paper tape that was read by the built-in tape reader.
In addition, the crypto unit has a special connector through which
the keys can be entered using a 'key filler' or a 'key gun'.
|
|
AEG
|
|
Algemeine Elektricitäts Gesellschaft
Former German manufacturer of electronic equipment and components.
Started co-operation with Telefunken in 1967 and with Siemens in 1969,
trading as AEG Telefunken.
More...
|
|
CEROFF
|
|
Cipher Equipment Rapid Off-Line
Code name of a NATO evaluation in 1974 to find a replacement for the ageing
KL-7 cipher machine. Examples of CEROFF compatible
equipment are Aroflex,
RACE (KL-51) and
Picoflex.
|
|
NATO
|
|
North Atlantic Treaty Organization
(Wikipedia)
(Website)
|
|
PTI
|
|
Philips Telecommunicatie Industrie
Former Philips subsidary specializing in telecomminication solutions.
|
|
RACE
|
|
Rapid Automatic Cryptographic Equipment
Acronym used for the NATO KL-51 cipher machine that was used for
NATO CEROFF communication alongside the Philips Aroflex.
RACE was manufactured by
Standard Telefon og Kabelfabrik A/S
in Norway.
|
|
SHAPE
|
|
Supreme Headquarters Allied Powers Europe
Headquarters of the Allied Command Operations (ACO), one of NATO's
two strategic military commands.
(Website)
|
|
SPECAT
|
|
Special Category
|
|
ZEROIZE
|
|
General expression for deleting the cryptographic keys and other variables
from an encryption device in case of a compromise or seizure.
|
|
|
|
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Saturday, 21 July 2012 - 17:04 CET
|
 |
|
|
