Also known as: OTAR, over-the-air rekeying, over-the-air rekey
Over-the-Air Rekeying (OTAR) is the method by which a P25 radio system delivers and updates its encryption keys to fielded radios over the RF channel itself, rather than by touching each radio with a physical key loader.1 A central Key Management Facility (KMF) sends structured Key Management Messages (KMMs) to individual radios or to whole groups, letting an agency rotate keys, add a compromised radio to a stun list, or push a new keyset to a fleet of thousands without recalling a single unit.
How it works
OTAR relies on a two-level key hierarchy. Each radio holds a long-lived Key Encryption Key (KEK) — loaded once at provisioning time from a key loader — and the day-to-day Traffic Encryption Keys (TEKs) that actually protect voice are the ones rotated over the air. When the KMF wants to rekey a radio, it encrypts the new TEK under that radio’s KEK and sends the result inside a KMM. Because only that radio (and the KMF) knows the KEK, an eavesdropper who captures the KMM sees only ciphertext and cannot recover the TEK.
KMMs are carried as data on the P25 system and are individually addressed by a radio’s unique ID, so the KMF can rekey one unit, a subset, or an entire group. The protocol defines a family of message types beyond the basic rekey: warm-start and inventory commands to learn which keys a radio holds, changeover commands to switch the active keyset at a scheduled time, and zeroize commands that erase a lost or stolen radio’s keys remotely. Delivery is acknowledged, so the KMF knows which radios accepted the new key and which must be retried.
A crypto period is the operational lifetime of a TEK; when it expires the KMF pushes a fresh key and commands a coordinated changeover so the whole talkgroup switches keys at once and stays in sync.
Relevance to SDR
OTAR is the logistics layer that makes large encrypted P25 systems practical: without it, rotating AES or legacy DES keys across a metropolitan fleet would mean physically touching every radio. For a monitoring receiver, OTAR traffic is visible but opaque. GopherTrunk can see KMM data messages flow on a P25 control or data path and can log that rekeying activity is occurring, but the KMMs are themselves encrypted under KEKs the scanner does not hold, so no key material can be recovered from them — which is exactly the security property OTAR is designed to provide. The practical takeaway for a listener is diagnostic, not offensive: a burst of KMM activity often precedes a keyset changeover, after which previously followable clear talkgroups may go encrypted, or the message indicators on already-encrypted talkgroups change.
In practice
The security of OTAR rests entirely on the secrecy of the KEK, which is why KEKs are loaded only from a trusted key loader over a direct wired connection and are never sent over the air in the clear. Some systems add a still-higher Key Encryption Key for KEKs so that even the key-encryption keys can be updated remotely. The identifiers that select which stored key a message or call uses — the Key ID and algorithm ID — travel in the clear (see Key ID & ALGID); only the key values are protected. Mismatched keysets, expired crypto periods, or radios that missed a rekey are a common cause of “encrypted but unintelligible even to authorized users” faults, which is why inventory and acknowledgement messaging is a core part of the protocol.
Sources
-
Over-the-air rekeying — Wikipedia, for the KEK/TEK hierarchy, KMM/KMF roles, and remote zeroize/rekey capabilities. ↩