Digital mobile radio

Digital mobile radio (DMR) is a digital radio standard for voice and data transmission in non-public radio networks. It was created by the European Telecommunications Standards Institute (ETSI), and is designed to be low-cost and easy to use. DMR, along with P25 phase II and NXDN are the main competitor technologies in achieving 6.25 kHz equivalent bandwidth using the proprietary AMBE+2 vocoder. DMR and P25 II both use two-slot TDMA in a 12.5 kHz channel, while NXDN uses discrete 6.25 kHz channels using frequency division and TETRA uses a four-slot TDMA in a 25 kHz channel.

DMR was designed with three tiers. DMR tiers I (Unlicensed) and II (Conventional Licensed) were first published in 2005, and DMR III (Trunked version) was published in 2012, with manufacturers producing products within a few years of each publication.

The primary goal of the standard is to specify a digital system with low complexity, low cost and interoperability across brands, so radio communications purchasers are not locked into a proprietary solution. In practice, given the current limited scope of the DMR standard, many vendors have introduced proprietary features that make their product offerings non-interoperable with other brands.

Specifications
The DMR interface is defined by the following ETSI standards:
 * TS 102 361-1: Air interface protocol
 * TS 102 361-2: Voice and General services and facilities
 * TS 102 361-3: Data protocol
 * TS 102 361-4: Trunking protocol

The DMR standard operates within the existing 12.5 kHz channel spacing used in land mobile frequency bands globally, but achieves two voice channels through two-slot TDMA technology built around a 30 ms structure. The modulation is 4-state FSK, which creates four possible symbols over the air at a rate of 4,800 symbols/s, corresponding to 9,600 bit/s. After overhead, forward error correction, and splitting into two channels, there is 2,450 bit/s left for a single voice channel using DMR, compared to 4,400 bit/s using P25 and 64,000 bit/s with traditional telephone circuits.

The standards are still (as of late 2015) under development with revisions being made regularly as more systems are deployed and improvements are discovered. It is very likely that further refinements will be made to the standard, which will necessitate firmware upgrades to terminals and infrastructure in the future to take advantage of these new improvements, with potential incompatibility issues arising if this is not done.

DMR covers the RF range 30 MHz to 1 GHz. There are DMR implementations, (as of early 2016), that operate as low as 66 MHz (within the European Union, in 'Lo-Band VHF' 66–88 MHz.)

The DMR Association and manufacturers often claim that DMR has superior coverage performance to analogue FM. Forward error correction can achieve a higher quality of voice when the receive signal is still relatively high. In practice, however, digital modulation protocols are much more susceptible to multipath interference and fail to provide service in areas where analogue FM would otherwise provide degraded but audible voice service. At a higher quality of voice, DMR outperforms analogue FM by about 11 dB; but at a lower quality of voice, analogue FM outperforms DMR by about 5 dB.

Where digital signal processing has been used to enhance the analogue FM audio quality then analogue FM generally outperforms DMR in all situations, with a typical 2–3 dB improvement for "high quality" voice and around 5 dB improvement for "lower quality" voice. Where digital signal processing is used to enhance analog FM audio, the overall "delivered audio quality" is also considerably better than DMR; however DSP processing of analog FM audio does not remove the 12.5 kHz requirement so DMR is still more spectrally efficient.

DMR Tier I
DMR Tier I products are for licence-free use in the European PMR446 band. Tier I products are specified for non-infrastructure use only (meaning without the use of repeaters). This part of the standard provides for consumer applications and low-power commercial applications, using a maximum of 0.5 watts RF power.

Note that a licence free allocation is not present at this frequency outside of Europe, which means that PMR446 radios including DMR Tier I radios can only be used legally in other countries once an appropriate radio licence is obtained by the operator.

Some DMR radios sold by Chinese manufacturers (most notably Baofeng) have been mis-labelled as DMR Tier I. A DMR Tier I radio would only use the PMR446 licence–free frequencies, and would have a maximum transmitted power of 0.5 watts as required by law for all PMR446 radios.

Although the DMR standard allows Tier I DMR radios to use continuous transmission mode, all known Tier I radios currently use TDMA, the same as Tier II. This is probably due to the battery savings that come with transmitting only half the time instead of continuously.

DMR Tier II
DMR Tier II covers licensed conventional radio systems, mobiles and hand portables operating in PMR frequency bands from 66–960 MHz. The ETSI DMR Tier II standard is targeted at those users who need spectral efficiency, advanced voice features and integrated IP data services in licensed bands for high-power communications. A number of manufacturers have DMR Tier II compliant products on the market. ETSI DMR specifies two slot TDMA in 12.5 kHz channels for Tier II and III.

DMR Tier III
DMR Tier III covers trunking operation in frequency bands 66–960 MHz. Tier III supports voice and short messaging handling similar to TETRA with built-in 128 character status messaging and short messaging with up to 288 bits of data in a variety of formats. It also supports packet data service in a variety of formats, including support for IPv4 and IPv6. Tier III compliant products were launched in 2012. In April 2013, Hytera participated in the completion of the DMR Tier III interoperability (IOP) test.

DMR Association
In 2005, a memorandum of understanding (MOU) was formed with potential DMR suppliers including Tait Communications, Fylde Micro, Selex, Motorola, Hytera, Sanchar Communication, Vertex Standard, Kenwood and Icom to establish common standards and interoperability. While the DMR standard does not specify the vocoder, MOU members agreed to use the half rate DVSI Advanced Multi-Band Excitation (AMBE) vocoder to ensure interoperability. In 2009, the MOU members set up the DMR Association to work on interoperability between vendors' equipment and to provide information about the DMR standard. Formal interoperability testing has been taking place since 2010. Results are published on the DMR Association web site. There are approximately 40 members of the DMR Association.

The standard allows DMR manufacturers to implement additional features on top of the standards which has led to practical non-interoperability issues between brands, in contravention to the DMR MOU.

Amateur radio use
DMR is used on the amateur radio VHF and UHF bands, started by DMR-MARC around 2010. The FCC officially approved the use of DMR by amateurs in 2014. In amateur spaces, Coordinated DMR Identification Numbers are assigned and managed by RadioID Inc. Their coordinated database can be uploaded to DMR radios in order to display the name, call sign, and location of other operators. Internet-linked systems such as DV Scotland Phoenix Network, BrandMeister network, TGIF, FreeDMR and several others (including several previously closed clusters which now connect to larger networks to facilitate wide-area accessibility), allow users to communicate with other users around the world via connected repeaters, or DMR "hotspots" often based on the Raspberry Pi single-board computer. There are currently more than 5,500 repeaters and 16,000 "hotspots" linked to the BrandMeister system worldwide. The low-cost and increasing availability of internet-linked systems has led to a rise in DMR use on the amateur radio bands. Some Raspberry Pi-based DMR hotspots, often those running the Pi-Star software, allow users to connect to multiple internet-linked DMR networks at the same time. DMR hotspots are often based on the open source Multimode Digital Voice Modem, or MMDVM, hardware with firmware developed by Jonathan Naylor.

Encryption
Encryption was not defined in the DMR standard initially. Each DMR radio manufacturer later added its own encryption protocol. The encryption protocols are therefore incompatible with each other. For example, Hytera's Basic Encrypt encryption is completely incompatible with Motorola's Basic Encrypt encryption or Tytera's Basic Encrypt encryption.

To address this issue, Motorola has proposed common encryption within the DMRA association. It offers 40-bit ARC4 encryption and 256-bit AES encryption.

The implementation of these two algorithms is not known because Motorola DMRA encryption is only available to manufacturers who sign a non-disclosure agreement in addition to paying usage royalties.

Some DMR encryption algorithms have been released, such as the PC4 released in 2015 with source code available. It's a block cipher specifically designed for DMR radio communication systems. It uses 253 rounds and the key size can vary from 8 bits to 2112 bits. The block size is 49 bits, the exact size of an AMBE+ DMR voiceframe.

A firmware that implements PC4 encryption is available for the Tytera MD-380 and MD-390 radios.

Although most DMR encryption protocols are proprietary and not public, there is some information that can be used to define the different encryption modes that exist: AMBE frames are encrypted with a key after digitizing the analog signal. And at the reception the AMBE frames are decrypted with the same key and only then that the digital-analog conversation is made.

In Motorola Basic mode there are actually 255 fixed keys. This is a 1-character key. For example, the No. 1 key in Motorola's Basic Encryption is: 1F001F001F0000 This means that each 49-bit AMBE frame is encrypted by XOR with the key 1F001F001F0000.

The Basic mode from other manufacturers offers 10, 32 or 64 character keys to produce a 882-bit fixed string of random characters that will be XOR with AMBE frames. But instead of encrypting each AMBE frame with a fixed key, an entire superframe is encrypted with this fixed string. A superframe contains 18 AMBE frames, i.e. 882 bits, and it is these 882 bits that will be encrypted with this 882-bit fixed string.

PC4 encryption mode encrypts an entire 49-bit frame in ECB mode. A single bit that differs makes the entire encrypted block completely different.

For the Enhanced (ARC4) or Advanced (AES) mode, a complete superframe is also encrypted, but a 32-bit IV (initialization vector) is added. Thus, each superframe will be encrypted differently. And there are 2^32 (2 power 32) possible vectors of initialization. Thanks to the initialization vector, the encryption is no longer fixed for the same key, but changes with each superframe.

In the DMR standard there was no place to store this IV, so the IV (with the addition of an error-correcting code, for a total of 72 bits) is inserted into each 49-bit AMBE frame due to 4 bits per frame (the low-order bits). These 4 bits are therefore lost and it degrades the voice quality, which is not the case with fixed ciphers in Basic mode. 18 AMBE frames of 49 bits with 4 bits in each gives 72 bits (18*4).

Weaknesses in ARC4 DMRA
Motorola has created its standard so that the 40-bit ARC4 (Alleged RC4) can withstand casual attackers. It is supposed to offer 40-bit security, where an attacker must test the 2 to the power of 40 possible keys to find the right one.

RC4 encryption is a stream cipher that must use an IV (Initialization_vector) each time it performs encryption. The size of this IV should be large enough so that there is no repetition of this IV during the entire use of the same key.

RC4 weak IV encryption have already been compromised in the WEP Wi-Fi encryption system because the IV size was too short (24 bits).

Motorola has opted to use a slightly longer IV size (32-bit) but not that much longer than the WEP's 24-bit IV. Motorola calls this IV the MI (Message Indicator).

Motorola's official explanation for this short IV, is that the DMR standard was not originally intended for encryption and that they had to use bits from voice frames to put the IV into it. To avoid degrading the voice too much, only 32 bits can be inserted.

According to the author of the DSD-FME software, a DMR specialist, this claim is false because there is the possibility of creating custom DMR frames. Such a frame could therefore have contained a large IV (128 bits for example).

Some users have discovered that in Anytone radios (such as the Anytone 878) that implement the ARC4 DMRA Motorola, the IV is constant (0x12345678) at the beginning of each transmission. The flaw also existed in the AES Anytone encryption and according to AnyTone D878UVII firmware update V3.03 (2023-12-18) the problem for AES encryprion was fixed: ''5. Modify the firmware to make the AES encryption have a variable Vector(IV) instead of fixed "12345678"''. Unfortunately, this firmware did not fix the flaw in the RC4 Anytone encryption and the fixed IV 12345678 is still present in RC4.

There is therefore no security in Anytone radios (for RC4 encryption) since one can decrypt communications without even looking for the key because the same cipher stream repeats over and over again with each transmission. These are depths a part of weak_keys.

The Motorola ARC4 DMRA should by design provide at least 4 billion different IVs, so there should be 4 billion superframes with a different IV (2^32-bits possible IVs).

But one user discovered that Motorola uses a non-primitive LFSR for the ARC4 to generate the IVs. The generator used x^32 + x^4 + x^2 + 1 is non-primitive and generates short cycles. Instead of 4 billion different IVs, there are only 294903 different IVs. So instead of a 32-bit IV, you get an 18-bit IV, which is much shorter than the 24-bit WEP Wi-Fi IV.

It doesn't seem conceivable that it was a mistake on Motorola's part to have used a non-primitive IV in its standard, so the mistake seems to be intentional. It may be a backdoor.

If such a backdoor has been introduced in the ARC4 DMRA standard, one can wonder about the security of the AES256 DMRA standard, although no backdoor has been made public at the moment.

According to cryptologist Eric Filiol, it is likely that all exported products with a key length of more than 56 bits have a backdoor, as this is a legal requirement due to the Wassenaar Arrangement.