UNRESTRICTED
  Updated: 10 JUL 16
Articles
CONTACT!
RGHQ-51
Military Reference Pages
UNITED NATIONS STAR GATE COMMAND LOGO Radio Voice Procedure

6. Authentication Codes

FLAG OF THE UNITED KINGDOM

The RTO's Page The RTO's Wiki Links Page 1 Introduction & Equipment. 2 Basic Radio Operations - includes useful learning aids. 3 NATO Phonetic Code 4 Prowords
5 FIVE BY FIVE 6 Authentication Codes 7 Message Precedence 8 Radio Frequencies The Profanity Codes ARAN

When the identity of an encountered unit, or a transmitting station is uncertain or susspect, and the orders, request's or imformation's validity needs to be confirmed, the recieving station can issue a challenge in the form of a demand that the sender AUTHENTICATE their message. Units meeting in the field, not using the same password and challenge, can also use this Authentication Code to aide in confirming friendly status.

This is done using a simplified version of the standard unclassified US military DRYAD encription system. Each"CALL SIGN" in the network has a copy of the current code sheet, see example extract below, which has a limited lifetime called its "Cryptoperiod", typically 6~24 hours. In the UNSGC this period is normally the duration of a single off-world operation, or less.

To use, the receiving station issues a challenge, to which the original sender must respond correctly within 5 seconds, otherwise a second and different challenge must be issued. The reason being, that an enemy station can take the challenge, retransmit it to a friendly unit, so as to illicit the correct response. This takes longer than 5 seconds, and so this time limit prevents this from happening.

Alternatively when the COMSEC (Communications Security) environment is clearly unsecure, the use of authentication codes becomes mandatory with any key data or orders. For example a signal ordering a change in direction of movement or a withdrawl.

The first column of the code sheet has the 26 characters of the alphabet listed from top to bottom in their correct order. Each row has another 26 letters arranged in a random order, with an ordinal beneath each. Here is an example line:

N R W I A F K Q H V B L S G P E T D J M X U Y N O Z C
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

The challenging station randomly selects a letter from the left hand "0" column, and then another from the same row, then issues the challenge thus:

"ALPHA THREE TWO, THIS IS BRAVO TWO ONE, AUTHENTICATE NOVEMBER SIERRA, OVER"

The challenged"CALL SIGN" then looks up N in the left hand column, followed by finding the S in that row. Next the operator performs the pre-aranged procedure for selecting the correct answer. This can be to select by either:

  • shifting left or right a set number of characters (1~3)
  • to go up or down a specified number of rows (1~3)
  • a combination of the above options (not recommended).

If when counting columns or rows you go over the end, you roll back to the start of that column or row and keep counting until you reach the desired letter. The numerals are there to speed up the process. In practise you should keep it simple, so that its greatest advantage, speed comes to the fore. If you require extra security, request a second authentication, its easier, quicker and more secure.

So, in our example if the procedure is shift right three characters, then the result is a letter E. The challenged station would respond with:

"BRAVO TWO ONE, THIS IS ALPHA THREE TWO, AUTHENTICATION ECHO, OVER"

Once a letter in a row has been used, all parties cross it out, never using it again. This enables up to 676 challenges to be made off each sheet, with a 1:26 chance of an enemy guess being correct. A second authentication reduces this to 1:676, but this halves the number of possible challenges, and doubles the workload. For most situations a single authentication should be sufficient.

A blind authentication can also be used, wherein the station issuing a set of orders, includes a two letter alphabetical code to authenticate the message in advance. This is done when no acknowledgement of the transmission is required for reasons of security, thus the transmission itself is said to be in the blind.

Let us presume that for the purpose of this example the pre-arranged authentication letter is J, and the agreed procedure is to shift two characters to the left, then Using the example code sheet above, the orders will include:

"....AUTHENTICATION IS NOVEMBER X-RAY..."

The stations receiving the message, would first find the "N" in the left hand "0" column, followed by the X of that row, then count back along it two characters to find the "J", thus authenticating an order transmitted in the blind.

This ONLY works because it is a one time use code. The afore mentioned "X" must be crossed out and no other orders accepted using the "November X-Ray" authentication. The maximum number of times that orders can be issued like this is just 26 (once per row), so it must be used sparingly. To extend the life of this procedure in the field, units would be issued with a One Time Pad (OTP), containing several unique sheets. And when required, they would move on to the next specified sheet, from which to encode.

The US military's DRYAD cypher, like the British Army's BATCO, can also be used to encript simple numerical data, such as times, frequency changes and grid references, but in the UNSGC, our off-world radio telephony has to be performed "in the clear" due to operational limitations.

End of Document

Top

UNRESTRICTED