overscan (PaulMM)

Administrator
Staff member
Joined
Dec 27, 2005
Messages
13,445
Reaction score
7,115
I really don't know much about Link 16 datalink. Here's a picture of a Link 16 display- has anyone researched this area?
 

Attachments

  • ELEC_Link-16_Scenario_lg.jpg
    ELEC_Link-16_Scenario_lg.jpg
    24.9 KB · Views: 254

yahya

ACCESS: Restricted
Joined
Apr 2, 2020
Messages
29
Reaction score
8
From my old notes: Link-16 a.k.a. TADIL-J is a TDMA-based secure, jam-resistant, high-speed digital data link which operates in the 960–1215 MHz band. Information is typically passed at one of three data rates at least in the older implementations: 31.6, 57.6, or 115.2 kilobits per second, although the radios and waveform FHSS itself can support throughput values well over 1 Mbit/s. Mode of operation: Fixed Frequency or Frequency Hopping. Believed to have a 3 MHz bandwidth.
 

LukaszK

I really should change my personal text
Joined
Jan 15, 2018
Messages
49
Reaction score
50
Hi.
Look on game tutorial
I know this is only game but symbology and general approach may have sth from reality
 

ferpe

ACCESS: Restricted
Senior Member
Joined
Mar 6, 2020
Messages
17
Reaction score
37
This presentation covers the design of secure physical layer communication designs and includes Link 16/JTIDS. It's an L-band frequency hopping (960Mhz to 1215Mhz) Direct Sequence Spread Spectrum physical layer with a digital encryption layer.
 

Attachments

  • Link 16 secure modem design.pdf
    3.6 MB · Views: 44

badd

ACCESS: Restricted
Joined
Sep 18, 2020
Messages
6
Reaction score
3
I remember a moderate amount of detail about it. Do you have any particular questions?

This is a decent introduction, albeit a little bit dated at this point. Since I have been out of that world for more than 20 years, I'm not sure how much has changed (a few quick googles suggest that sending J-series messages over IP bearers is very much a thing at this point - I suspect that is primarily between fixed nodes, but the Link-16 physical layer is just insanely profligate in terms of spectrum utilized per delivered message bit.
 

stealthflanker

ACCESS: Top Secret
Senior Member
Joined
Feb 12, 2010
Messages
923
Reaction score
791
I'm curious if one can arbitrarily change the encryption key/generate encryption key on their own for this datalink system without requiring permission from US.

It could be a very rare case but we know Greece and Turkey are at odds, which might turn explosive. Should it went south, we know both nations have US made fighters and naturally both may have Link-16 in their posession. This opens up opportunity to "listen" to each other's emission and potentially gain access to each other's network.
 

marauder2048

"I should really just relax"
Joined
Nov 19, 2013
Messages
3,159
Reaction score
514
I'm curious if one can arbitrarily change the encryption key/generate encryption key on their own for this datalink system without requiring permission from US.

You mean allied key management? It's totally up to them. If they wish to share their keys with everyone else there are
formal/encrypted key sharing mechanisms for doing so.

They are free to share network keys for lower privilege networks while reserving higher privilege keys for their
own internal networks. It's how Link-16 was (kinda) designed; segregation by key.
 

badd

ACCESS: Restricted
Joined
Sep 18, 2020
Messages
6
Reaction score
3
One thing that I don't know (and if I did know of course I could not say; thus I am free to speculate) is how cryptographically secure the hopping sequence is (note that link-16 uses different encryption for hopping (TSEC) and message content (MSEC)). The people who designed Link-16 were plenty smart, but I'm not sure how well they were able to predict the 2020 state of the art in fast cracking (a particular thing which is my speculation regarding the type of generator used for Link-16's pseudorandom hopping sequence).

Obviously anybody with Link-16 hardware and autonomous keymat generation capability can mount a chosen plaintext attack on the hopping sequence. If the sequence is crackable in near realtime, then it is also exploitable for both ELINT and jamming purposes. The frequency dwell time is about 13 usec (more precisely, the hop rate is 77 kHz - I'm too lazy to go back and look up the guard times :) ) so it is straightforward to create a frequency synthesizer that can match and jam or track it.
 

marauder2048

"I should really just relax"
Joined
Nov 19, 2013
Messages
3,159
Reaction score
514
One thing that I don't know (and if I did know of course I could not say; thus I am free to speculate) is how cryptographically secure the hopping sequence is (note that link-16 uses different encryption for hopping (TSEC) and message content (MSEC)). The people who designed Link-16 were plenty smart, but I'm not sure how well they were able to predict the 2020 state of the art in fast cracking (a particular thing which is my speculation regarding the type of generator used for Link-16's pseudorandom hopping sequence).

Obviously anybody with Link-16 hardware and autonomous keymat generation capability can mount a chosen plaintext attack on the hopping sequence. If the sequence is crackable in near realtime, then it is also exploitable for both ELINT and jamming purposes. The frequency dwell time is about 13 usec (more precisely, the hop rate is 77 kHz - I'm too lazy to go back and look up the guard times :) ) so it is straightforward to create a frequency synthesizer that can match and jam or track it.

For a datalink that's not particularly jam resistant, non LPI, not LPD, the vulnerability of a pseudo-random hopping sequence is about
the least of the major concerns.

Aside from as a weapons datalink, Link-16 is pretty much moribund in the high-end threat environment. For weapons, it doesn't really
matter if you crack the encryption in near-realtime since you've been hit and destroyed in hard realtime.
 
Last edited:

stealthflanker

ACCESS: Top Secret
Senior Member
Joined
Feb 12, 2010
Messages
923
Reaction score
791
You mean allied key management? It's totally up to them. If they wish to share their keys with everyone else there are
formal/encrypted key sharing mechanisms for doing so.

They are free to share network keys for lower privilege networks while reserving higher privilege keys for their
own internal networks. It's how Link-16 was (kinda) designed; segregation by key.

Are those keys assigned by US or the nation in possession of Link 16 can generate their own key ?
 

newcomer22

ACCESS: Restricted
Joined
Jun 5, 2021
Messages
7
Reaction score
0
One thing that I don't know (and if I did know of course I could not say; thus I am free to speculate) is how cryptographically secure the hopping sequence is (note that link-16 uses different encryption for hopping (TSEC) and message content (MSEC)). The people who designed Link-16 were plenty smart, but I'm not sure how well they were able to predict the 2020 state of the art in fast cracking (a particular thing which is my speculation regarding the type of generator used for Link-16's pseudorandom hopping sequence).

Obviously anybody with Link-16 hardware and autonomous keymat generation capability can mount a chosen plaintext attack on the hopping sequence. If the sequence is crackable in near realtime, then it is also exploitable for both ELINT and jamming purposes. The frequency dwell time is about 13 usec (more precisely, the hop rate is 77 kHz - I'm too lazy to go back and look up the guard times :) ) so it is straightforward to create a frequency synthesizer that can match and jam or track it.

For a datalink that's not particularly jam resistant, non LPI, not LPD, the vulnerability of a pseudo-random hopping sequence is about
the least of the major concerns.

Aside from as a weapons datalink, Link-16 is pretty much moribund in the high-end threat environment. For weapons, it doesn't really
matter if you crack the encryption in near-realtime since you've been hit and destroyed in hard realtime.
1) In what sense is Link-16 "not particularly jam resistant, non LPI, not LPD". It is described as "a TDMA-based secure, jam-resistant, high-speed digital data link" in every document I can find on it. So what has changed to make it easy to find and jammable?
2) What datalinks is the U.S. using to replace Link-16 since it's so poorly able to operate in a high-end threat environment? How do those datalinks improve upon Link 16?
 

overscan (PaulMM)

Administrator
Staff member
Joined
Dec 27, 2005
Messages
13,445
Reaction score
7,115
  1. Its not designed to be hard to detect (non-LPI, not LPD) so its not really compatible with stealth aircraft use.
  2. Its original encryption / cryptographic standards were created in the 1980s. There's pretty much no 1980s era usable crypto algorithm that can't be cracked in real time by modern computing hardware.
  3. There have been references to Link 16 Cryptographic Modernization, so I assume the encryption has been or will be beefed up somewhat, but its potentially still technically limited by its age and basic technology, and any legacy equipment will presumably need upgrading to be more secure.
 

newcomer22

ACCESS: Restricted
Joined
Jun 5, 2021
Messages
7
Reaction score
0
I guess I'm not so much concerned about the cryptography as I am about the LPI/LPD. Your question does make me interested in what we have to replace Link 16 then? The F-22 and F-35 have their own data links, but no one can really tell me how they work (ie, *why* are they LPI/LPD)
 

overscan (PaulMM)

Administrator
Staff member
Joined
Dec 27, 2005
Messages
13,445
Reaction score
7,115
Radar / radio LPI techniques are fairly well known. Some are:

1) Dynamic power management so that the signal is only as high power as needed.
2) Directionality - a tight beam towards the target not a wide signal going in all directions.
3 ) Spread spectrum generally makes use of a sequential noise-like signal structure to spread the normally narrowband information signal over a relatively wideband (radio) band of frequencies.

"LPI radar signals generally adopt complex intra-pulse modulation methods and pulse compression transmission systems, such as linear frequency modulation (LFM), Costas codes, polytime codes (T1, T2, T3, and T4), and polyphase codes (comprising Frank, P1, P2, P3 and P4), frequency diversity and frequency agility"

So -make the signal low power, only send it to the intended recipient, and spread it around (pseudo)randomly in different frequencies so its hard to identify.
 

newcomer22

ACCESS: Restricted
Joined
Jun 5, 2021
Messages
7
Reaction score
0
And are these data link technologies standardized across the U.S. weapons platforms? LO 5th Gen fighters, but also drones, AWACS, ground stations, etc.?
 

Dragon029

ACCESS: Top Secret
Joined
Mar 17, 2009
Messages
852
Reaction score
312
Not really, not in terms of fielding systems comparable to the F-22's IFDL or F-35's MADL. One big challenge is that having a highly directional signal means you need your antenna to be constantly pointed at whoever you're talking to, which gets particularly tricky if you're in a network with several entities that need to receive your information.

The general solution is to use phased arrays as each emission can be instantaneously aimed in a different direction, but planar phased arrays have a limited field of view, so systems like the F-35's MADL utilise six arrays to cover all directions, with the arrays being built into places that minimise / practically eliminate blind spots that could be caused by munitions hanging off the wings, etc. Integrating phased arrays (even if the array hardware itself is made cheap by consumer / commercial 5G, satellite internet, etc developments) isn't cheap because of the work needed to create RF apertures, route cabling and possibly coolant, integrate with the proprietary avionics of that aircraft, etc.

Highly directional systems also have the problem of trying to figure out where to point the antenna / beam to initially establish contact with another system. Phased arrays can scan fairly quickly, but if a recipient slips out of a beam or gets lost due to heavy jamming, or physical terrain obstructions then it could potentially take tens of seconds to re-establish the connection. Some relatively new technologies like digital multi-beam arrays (like what DARPA's MIDAS program is seeking to integrate into a phased array data link) will be able to make this search time orders of magnitude shorter, but no fielded system uses the tech yet (to my knowledge at least).

Another issue too is that compact phased arrays (the kind you'd want on aircraft or mobile ground systems for example) are typically millimetre-band (because shorter wavelengths require smaller antennas, and the gain and directivity of a phased array is partially tied to how many antennas are in an array). The atmosphere is far more opaque to this band compared to L-band like with Link 16, and so while high gain antennas help to transmit over long distances, it can be difficult to produce (eg) a Ku-band phased arrays that are power efficient enough to be practical for battery-powered use by infantry forward air controllers or special forces, etc.
 

newcomer22

ACCESS: Restricted
Joined
Jun 5, 2021
Messages
7
Reaction score
0
Thanks for the really detailed response. A couple of follow ups if you don't mind.

1. Are there a good set of recommendations were I can learn more about the topics being discussed here: mmWave, AESA, phased array antennas, LPI/LPD techniques and/or IFDL/MADL specifically?
1a. One thing I don't quite understand is the difference between AESA - which the F-35 definitely has (APG-81)- and digital beamforming, which DARPA says they want (MIDAS) and which therefore we don't have fielded.

2. Are these technologies and the electronics behind them starting to be seen in 5G consumer cell networks? Beamforming, mmWave, and phased arrays are all technologies mentioned as part of the 5G upgrade package (https://spectrum.ieee.org/everything-you-need-to-know-about-5g) Am I misunderstanding something?

3. The fundamental reason I'm asking about Link 16, MADL, and IFDL specifically is because I'm trying to piece together a working picture of the main parts of the U.S. military communications/battlefield management/command&control network, incl. the ways voice & data (targeting data, command data) is sent between platforms. The reason I am interested in this is because of stories like this one (https://breakingdefense.com/2019/03/us-gets-its-ass-handed-to-it-in-wargames-heres-a-24-billion-fix/) and this one (https://www.defenseone.com/policy/2...verhauling-how-us-military-will-fight/184050/) and many others which point out that in war games against China, one of the biggest reasons we lose is because our data communications networks are annihilated early on in a conflict. Quote: "[The US] communications satellites, wireless networks, and other command-and-control systems suffer such heavy hacking and jamming that they are, in Ochmanek’s words, “suppressed, if not shattered.”" want to understand *why* our networks appear to be so brittle. With that in mind, do any of y'all know of a set of resources to learn more about the broader picture of military communications networks between key fighting assets? Realize there won't be one "complete" resource, but figured maybe everyone here had done some sleuthing for me.
 
Last edited:

overscan (PaulMM)

Administrator
Staff member
Joined
Dec 27, 2005
Messages
13,445
Reaction score
7,115
Thanks for the really detailed response. A couple of follow ups if you don't mind.

1. Are there a good set of recommendations were I can learn more about the topics being discussed here: mmWave, AESA, phased array antennas, LPI/LPD techniques and/or IFDL/MADL specifically?

1a. One thing I don't quite understand is the difference between AESA - which the F-35 definitely has (APG-81)- and digital beamforming, which DARPA says they want (MIDAS) and which therefore we don't have fielded.

AESA radars typically combine received signals from multiple T/R modules into subarrays and use analog signal combining and centralised Analog/Digital (A/D) converters which convert the combined signal to digital data.

Digital beamforming puts A/D and D/A converters directly behind each T/R module. This means each element's received signal is directly converted to the digital domain and then combined in software. This gives a lot more flexibility.

Transmission is similarly more flexible. Instead of one waveform being fed to multiple T/R modules, each transmittter can be given a unique waveform.
 

ferpe

ACCESS: Restricted
Senior Member
Joined
Mar 6, 2020
Messages
17
Reaction score
37
Design of AESA systems for radar, EW och COM, including datalinks, is revolutionized by RFSoCs like Xilinx's ZYNQ which has 8 off 4 Gbs 12-bit ADCs, 8 off 6Gbs 14-bit DACs combined with FPGA and multicore processors, etc: https://www.xilinx.com/products/silicon-devices/soc/rfsoc.html.
Add GaN LNA + Power amp behind a switch to the antenna and you have your software-controlled AESA unit. You can build it directsampling on baseband or mix it to any frequency block you want. Will be heavily used in 5G radios which are as close to a useful datalink you can get with commercial hardware.
 

LukaszK

I really should change my personal text
Joined
Jan 15, 2018
Messages
49
Reaction score
50
Slightly off topic, but this topic drifts from link to some digital antennas.

I found - some old page with explanation of basics in really simple words:
https://www.eetimes.com/radar-basics-part-3-beamforming-and-radar-digital-processing/

There is explanation of digital beamforming - creating simultinuesly many send - receive - beams - just using FFT
(FFT for space domain, not for time. In other words, for each sample in time domain, before there is a need to do FFT for beamforming. May be a lot of processing but not for up to date processors)

Other parts of series are also interesting, but I cannot reach them.
 
Last edited:

LukaszK

I really should change my personal text
Joined
Jan 15, 2018
Messages
49
Reaction score
50
Links to the previous and the next (from web archive) :



Part 4 (Space time adaptive processing) :
(SAR signal processing)
 
Last edited:
Top