Link 16 datalink

From my old notes: Link-16 a.k.a. TADIL-J is a TDMA-based secure, jam-resistant, high-speed digital data link which operates in the 960–1215 MHz band. Information is typically passed at one of three data rates at least in the older implementations: 31.6, 57.6, or 115.2 kilobits per second, although the radios and waveform FHSS itself can support throughput values well over 1 Mbit/s. Mode of operation: Fixed Frequency or Frequency Hopping. Believed to have a 3 MHz bandwidth.
 
Hi.
Look on game tutorial
I know this is only game but symbology and general approach may have sth from reality
 
This presentation covers the design of secure physical layer communication designs and includes Link 16/JTIDS. It's an L-band frequency hopping (960Mhz to 1215Mhz) Direct Sequence Spread Spectrum physical layer with a digital encryption layer.
 

Attachments

  • Link 16 secure modem design.pdf
    3.6 MB · Views: 110
I remember a moderate amount of detail about it. Do you have any particular questions?

This is a decent introduction, albeit a little bit dated at this point. Since I have been out of that world for more than 20 years, I'm not sure how much has changed (a few quick googles suggest that sending J-series messages over IP bearers is very much a thing at this point - I suspect that is primarily between fixed nodes, but the Link-16 physical layer is just insanely profligate in terms of spectrum utilized per delivered message bit.
 
I'm curious if one can arbitrarily change the encryption key/generate encryption key on their own for this datalink system without requiring permission from US.

It could be a very rare case but we know Greece and Turkey are at odds, which might turn explosive. Should it went south, we know both nations have US made fighters and naturally both may have Link-16 in their posession. This opens up opportunity to "listen" to each other's emission and potentially gain access to each other's network.
 
stealthflanker said:
I'm curious if one can arbitrarily change the encryption key/generate encryption key on their own for this datalink system without requiring permission from US.
Click to expand...

You mean allied key management? It's totally up to them. If they wish to share their keys with everyone else there are
formal/encrypted key sharing mechanisms for doing so.

They are free to share network keys for lower privilege networks while reserving higher privilege keys for their
own internal networks. It's how Link-16 was (kinda) designed; segregation by key.
 
One thing that I don't know (and if I did know of course I could not say; thus I am free to speculate) is how cryptographically secure the hopping sequence is (note that link-16 uses different encryption for hopping (TSEC) and message content (MSEC)). The people who designed Link-16 were plenty smart, but I'm not sure how well they were able to predict the 2020 state of the art in fast cracking (a particular thing which is my speculation regarding the type of generator used for Link-16's pseudorandom hopping sequence).

Obviously anybody with Link-16 hardware and autonomous keymat generation capability can mount a chosen plaintext attack on the hopping sequence. If the sequence is crackable in near realtime, then it is also exploitable for both ELINT and jamming purposes. The frequency dwell time is about 13 usec (more precisely, the hop rate is 77 kHz - I'm too lazy to go back and look up the guard times :) ) so it is straightforward to create a frequency synthesizer that can match and jam or track it.
 
badd said:
One thing that I don't know (and if I did know of course I could not say; thus I am free to speculate) is how cryptographically secure the hopping sequence is (note that link-16 uses different encryption for hopping (TSEC) and message content (MSEC)). The people who designed Link-16 were plenty smart, but I'm not sure how well they were able to predict the 2020 state of the art in fast cracking (a particular thing which is my speculation regarding the type of generator used for Link-16's pseudorandom hopping sequence).

Obviously anybody with Link-16 hardware and autonomous keymat generation capability can mount a chosen plaintext attack on the hopping sequence. If the sequence is crackable in near realtime, then it is also exploitable for both ELINT and jamming purposes. The frequency dwell time is about 13 usec (more precisely, the hop rate is 77 kHz - I'm too lazy to go back and look up the guard times :) ) so it is straightforward to create a frequency synthesizer that can match and jam or track it.
Click to expand...

For a datalink that's not particularly jam resistant, non LPI, not LPD, the vulnerability of a pseudo-random hopping sequence is about
the least of the major concerns.

Aside from as a weapons datalink, Link-16 is pretty much moribund in the high-end threat environment. For weapons, it doesn't really
matter if you crack the encryption in near-realtime since you've been hit and destroyed in hard realtime.
 
Last edited:
marauder2048 said:
You mean allied key management? It's totally up to them. If they wish to share their keys with everyone else there are
formal/encrypted key sharing mechanisms for doing so.

They are free to share network keys for lower privilege networks while reserving higher privilege keys for their
own internal networks. It's how Link-16 was (kinda) designed; segregation by key.
Click to expand...

Are those keys assigned by US or the nation in possession of Link 16 can generate their own key ?
 
marauder2048 said:
badd said:
One thing that I don't know (and if I did know of course I could not say; thus I am free to speculate) is how cryptographically secure the hopping sequence is (note that link-16 uses different encryption for hopping (TSEC) and message content (MSEC)). The people who designed Link-16 were plenty smart, but I'm not sure how well they were able to predict the 2020 state of the art in fast cracking (a particular thing which is my speculation regarding the type of generator used for Link-16's pseudorandom hopping sequence).

Obviously anybody with Link-16 hardware and autonomous keymat generation capability can mount a chosen plaintext attack on the hopping sequence. If the sequence is crackable in near realtime, then it is also exploitable for both ELINT and jamming purposes. The frequency dwell time is about 13 usec (more precisely, the hop rate is 77 kHz - I'm too lazy to go back and look up the guard times :) ) so it is straightforward to create a frequency synthesizer that can match and jam or track it.
Click to expand...

For a datalink that's not particularly jam resistant, non LPI, not LPD, the vulnerability of a pseudo-random hopping sequence is about
the least of the major concerns.

Aside from as a weapons datalink, Link-16 is pretty much moribund in the high-end threat environment. For weapons, it doesn't really
matter if you crack the encryption in near-realtime since you've been hit and destroyed in hard realtime.
Click to expand...
1) In what sense is Link-16 "not particularly jam resistant, non LPI, not LPD". It is described as "a TDMA-based secure, jam-resistant, high-speed digital data link" in every document I can find on it. So what has changed to make it easy to find and jammable?
2) What datalinks is the U.S. using to replace Link-16 since it's so poorly able to operate in a high-end threat environment? How do those datalinks improve upon Link 16?
 
  1. Its not designed to be hard to detect (non-LPI, not LPD) so its not really compatible with stealth aircraft use.
  2. Its original encryption / cryptographic standards were created in the 1980s. There's pretty much no 1980s era usable crypto algorithm that can't be cracked in real time by modern computing hardware.
  3. There have been references to Link 16 Cryptographic Modernization, so I assume the encryption has been or will be beefed up somewhat, but its potentially still technically limited by its age and basic technology, and any legacy equipment will presumably need upgrading to be more secure.
 
I guess I'm not so much concerned about the cryptography as I am about the LPI/LPD. Your question does make me interested in what we have to replace Link 16 then? The F-22 and F-35 have their own data links, but no one can really tell me how they work (ie, *why* are they LPI/LPD)
 
Radar / radio LPI techniques are fairly well known. Some are:

1) Dynamic power management so that the signal is only as high power as needed.
2) Directionality - a tight beam towards the target not a wide signal going in all directions.
3 ) Spread spectrum generally makes use of a sequential noise-like signal structure to spread the normally narrowband information signal over a relatively wideband (radio) band of frequencies.

"LPI radar signals generally adopt complex intra-pulse modulation methods and pulse compression transmission systems, such as linear frequency modulation (LFM), Costas codes, polytime codes (T1, T2, T3, and T4), and polyphase codes (comprising Frank, P1, P2, P3 and P4), frequency diversity and frequency agility"

So -make the signal low power, only send it to the intended recipient, and spread it around (pseudo)randomly in different frequencies so its hard to identify.
 
And are these data link technologies standardized across the U.S. weapons platforms? LO 5th Gen fighters, but also drones, AWACS, ground stations, etc.?
 
Not really, not in terms of fielding systems comparable to the F-22's IFDL or F-35's MADL. One big challenge is that having a highly directional signal means you need your antenna to be constantly pointed at whoever you're talking to, which gets particularly tricky if you're in a network with several entities that need to receive your information.

The general solution is to use phased arrays as each emission can be instantaneously aimed in a different direction, but planar phased arrays have a limited field of view, so systems like the F-35's MADL utilise six arrays to cover all directions, with the arrays being built into places that minimise / practically eliminate blind spots that could be caused by munitions hanging off the wings, etc. Integrating phased arrays (even if the array hardware itself is made cheap by consumer / commercial 5G, satellite internet, etc developments) isn't cheap because of the work needed to create RF apertures, route cabling and possibly coolant, integrate with the proprietary avionics of that aircraft, etc.

Highly directional systems also have the problem of trying to figure out where to point the antenna / beam to initially establish contact with another system. Phased arrays can scan fairly quickly, but if a recipient slips out of a beam or gets lost due to heavy jamming, or physical terrain obstructions then it could potentially take tens of seconds to re-establish the connection. Some relatively new technologies like digital multi-beam arrays (like what DARPA's MIDAS program is seeking to integrate into a phased array data link) will be able to make this search time orders of magnitude shorter, but no fielded system uses the tech yet (to my knowledge at least).

Another issue too is that compact phased arrays (the kind you'd want on aircraft or mobile ground systems for example) are typically millimetre-band (because shorter wavelengths require smaller antennas, and the gain and directivity of a phased array is partially tied to how many antennas are in an array). The atmosphere is far more opaque to this band compared to L-band like with Link 16, and so while high gain antennas help to transmit over long distances, it can be difficult to produce (eg) a Ku-band phased arrays that are power efficient enough to be practical for battery-powered use by infantry forward air controllers or special forces, etc.
 
Thanks for the really detailed response. A couple of follow ups if you don't mind.

1. Are there a good set of recommendations were I can learn more about the topics being discussed here: mmWave, AESA, phased array antennas, LPI/LPD techniques and/or IFDL/MADL specifically?
1a. One thing I don't quite understand is the difference between AESA - which the F-35 definitely has (APG-81)- and digital beamforming, which DARPA says they want (MIDAS) and which therefore we don't have fielded.

2. Are these technologies and the electronics behind them starting to be seen in 5G consumer cell networks? Beamforming, mmWave, and phased arrays are all technologies mentioned as part of the 5G upgrade package (https://spectrum.ieee.org/everything-you-need-to-know-about-5g) Am I misunderstanding something?

3. The fundamental reason I'm asking about Link 16, MADL, and IFDL specifically is because I'm trying to piece together a working picture of the main parts of the U.S. military communications/battlefield management/command&control network, incl. the ways voice & data (targeting data, command data) is sent between platforms. The reason I am interested in this is because of stories like this one (https://breakingdefense.com/2019/03/us-gets-its-ass-handed-to-it-in-wargames-heres-a-24-billion-fix/) and this one (https://www.defenseone.com/policy/2...verhauling-how-us-military-will-fight/184050/) and many others which point out that in war games against China, one of the biggest reasons we lose is because our data communications networks are annihilated early on in a conflict. Quote: "[The US] communications satellites, wireless networks, and other command-and-control systems suffer such heavy hacking and jamming that they are, in Ochmanek’s words, “suppressed, if not shattered.”" want to understand *why* our networks appear to be so brittle. With that in mind, do any of y'all know of a set of resources to learn more about the broader picture of military communications networks between key fighting assets? Realize there won't be one "complete" resource, but figured maybe everyone here had done some sleuthing for me.
 
Last edited:
newcomer22 said:
Thanks for the really detailed response. A couple of follow ups if you don't mind.

1. Are there a good set of recommendations were I can learn more about the topics being discussed here: mmWave, AESA, phased array antennas, LPI/LPD techniques and/or IFDL/MADL specifically?

1a. One thing I don't quite understand is the difference between AESA - which the F-35 definitely has (APG-81)- and digital beamforming, which DARPA says they want (MIDAS) and which therefore we don't have fielded.
Click to expand...

AESA radars typically combine received signals from multiple T/R modules into subarrays and use analog signal combining and centralised Analog/Digital (A/D) converters which convert the combined signal to digital data.

Digital beamforming puts A/D and D/A converters directly behind each T/R module. This means each element's received signal is directly converted to the digital domain and then combined in software. This gives a lot more flexibility.

Transmission is similarly more flexible. Instead of one waveform being fed to multiple T/R modules, each transmittter can be given a unique waveform.
 
Design of AESA systems for radar, EW och COM, including datalinks, is revolutionized by RFSoCs like Xilinx's ZYNQ which has 8 off 4 Gbs 12-bit ADCs, 8 off 6Gbs 14-bit DACs combined with FPGA and multicore processors, etc: https://www.xilinx.com/products/silicon-devices/soc/rfsoc.html.
Add GaN LNA + Power amp behind a switch to the antenna and you have your software-controlled AESA unit. You can build it directsampling on baseband or mix it to any frequency block you want. Will be heavily used in 5G radios which are as close to a useful datalink you can get with commercial hardware.
 
Slightly off topic, but this topic drifts from link to some digital antennas.

I found - some old page with explanation of basics in really simple words:
https://www.eetimes.com/radar-basics-part-3-beamforming-and-radar-digital-processing/

There is explanation of digital beamforming - creating simultinuesly many send - receive - beams - just using FFT
(FFT for space domain, not for time. In other words, for each sample in time domain, before there is a need to do FFT for beamforming. May be a lot of processing but not for up to date processors)

Other parts of series are also interesting, but I cannot reach them.
 
Last edited:
Links to the previous and the next (from web archive) :


Radar basics – Part 1

Radar is ubiquitous in military applications being used in aircraft, missiles, ships, tanks, helicopters, ground stations, and more.
web.archive.org web.archive.org
web.archive.org

Radar Basics - Part 2: Pulse Doppler Radar | EE Times

Doppler processing became possible with digital computers; today, nearly all radar systems incorporate Doppler processing.
web.archive.org web.archive.org

Part 4 (Space time adaptive processing) :
web.archive.org

Radar Basics - Part 4: Space-time adaptive processing | EE Times

A technique called space time adaptive processing (STAP) can be used to find targets that could otherwise not be detected.
web.archive.org web.archive.org
(SAR signal processing)
web.archive.org

Radar basics - Part 5: synthetic aperture radar | EE Times

Synthetic Aperture Radar, or SAR, is normally used to map ground features and terrain.
web.archive.org web.archive.org
 
Last edited:
badd said:
One thing that I don't know (and if I did know of course I could not say; thus I am free to speculate) is how cryptographically secure the hopping sequence is (note that link-16 uses different encryption for hopping (TSEC) and message content (MSEC)). The people who designed Link-16 were plenty smart, but I'm not sure how well they were able to predict the 2020 state of the art in fast cracking (a particular thing which is my speculation regarding the type of generator used for Link-16's pseudorandom hopping sequence).

Obviously anybody with Link-16 hardware and autonomous keymat generation capability can mount a chosen plaintext attack on the hopping sequence. If the sequence is crackable in near realtime, then it is also exploitable for both ELINT and jamming purposes. The frequency dwell time is about 13 usec (more precisely, the hop rate is 77 kHz - I'm too lazy to go back and look up the guard times :) ) so it is straightforward to create a frequency synthesizer that can match and jam or track it.
Click to expand...
All Link 16 systems were required to upgrade to stronger Cryptographic protection (look up Crypto Mod Mandate). All Link 16 systems were required to meet this standard by 01JAN22, those who don't will be left out of new networks.
 
newcomer22 said:
I guess I'm not so much concerned about the cryptography as I am about the LPI/LPD. Your question does make me interested in what we have to replace Link 16 then? The F-22 and F-35 have their own data links, but no one can really tell me how they work (ie, *why* are they LPI/LPD)
Click to expand...
F-35 uses MADL....highly directional datalink used to exchange data between F-35s. F-22 uses IFDL which serves the same purpose as MADL for F-35. When you couple low power with directionality it translates to LPI/LPD.
 
overscan (PaulMM) said:
  1. Its not designed to be hard to detect (non-LPI, not LPD) so its not really compatible with stealth aircraft use.
  2. Its original encryption / cryptographic standards were created in the 1980s. There's pretty much no 1980s era usable crypto algorithm that can't be cracked in real time by modern computing hardware.
  3. There have been references to Link 16 Cryptographic Modernization, so I assume the encryption has been or will be beefed up somewhat, but its potentially still technically limited by its age and basic technology, and any legacy equipment will presumably need upgrading to be more secure.
Click to expand...
Yes, encryption is being upgraded. Legacy keys will no longer be issued except for limited training uses.
 
Can't find an immediate easy link, but if you search for "Understanding_Voice-Data_Link_Networking.pdf" you'll find a very detailed Northrop-Grumman doc, describing LINK16 in stunning detail.
 
Interesting stuff. From my viewpoint the interchange of techniques between commercial and military applications is interesting as recent WiFi modems use MIMO to do beam forming and use adaptive power to maximise throughput in a spectrum constrained environment. Security is expected, but jamming resistance isn't usually a concern.
Commercial products are driving the semiconductor industry to produce the chips that will do spread spectrum, encryption and beam forming at low cost and high volume. The military could have some interest in this.
 
FAA is holding everyone up with regards to Link 16. The EMC cert process is what they are holding DoD systems to. SDA is testing Link 16 from Space OCONUS because of this. F-22 flies 200nm offshore with tanker support just to operate Link 16 due to FAA restrictions. It's ridiculous.
 
Tranche 0 is up and Link 16 from Space has been successfully demonstrated. Follow on Tranches are being launched and defined as we speak. Link 16 from Space operates a little differently in that you have to begin transmission before your assigned time slot due to the propagation distances.
 
badd said:
One thing that I don't know (and if I did know of course I could not say; thus I am free to speculate) is how cryptographically secure the hopping sequence is (note that link-16 uses different encryption for hopping (TSEC) and message content (MSEC)). The people who designed Link-16 were plenty smart, but I'm not sure how well they were able to predict the 2020 state of the art in fast cracking (a particular thing which is my speculation regarding the type of generator used for Link-16's pseudorandom hopping sequence).

Obviously anybody with Link-16 hardware and autonomous keymat generation capability can mount a chosen plaintext attack on the hopping sequence. If the sequence is crackable in near realtime, then it is also exploitable for both ELINT and jamming purposes. The frequency dwell time is about 13 usec (more precisely, the hop rate is 77 kHz - I'm too lazy to go back and look up the guard times :) ) so it is straightforward to create a frequency synthesizer that can match and jam or track it.
Click to expand...
Sure, it's an issue. But that's why it has 2 separate crypto keys. One for the frequency hopping and one for the actual message.

Even if you do get a lock on the freq hopping so you can theoretically hear what is begin said, you still can't read the message without a separate crypto attack on the message. Assuming that the message crypto isn't generated from a one-time pad, of course.

Crypto 101 is to use a separately generated key for each part of the process.
 
Yup, 46TH TS guys are creating the networks for SDA to participate in. A lot of the SDA Link 16 testing has to be done OCONUS due to FAA EMC restrictions near CONUS.
 

Similar threads

Please donate to support the forum.

Back
Top Bottom