|
|
|
|
|
|
|
Data Philips ← Aroflex
Online/Offline cipher machine
- wanted item
Aroflex II is an online/offline encryption device
developed in the early 1990s jointly
by Siemens (Germany)
and Philips Usfa (Netherlands)
as the successor to the highly successful Aroflex cipher machine
used by NATO.
It is also known as PDLX-6141 (Philips) and as T-1285/CA (Siemens).
Development of the machine took many years and only
a limited quantity was ever produced.
|
The image on the right shows a basic Aroflex II setup. It consists of a main
unit – similar to a personal computer (PC) – a separate monitor and an
enhanced keyboard.
The output is delivered to an external printer that is similar in design.
At the front of the main unit is the Crypto Ignition Key (CIK), which
is used to protect the internally stored Traffic Encryption Keys (TEK).
An optional paper-tape reader/puncher can be attached for backward compatibility
with legacy 5-bit teleprinter equipment.
All units are fully shielded and meet NATO TEMPEST requirements.
|
|
|
The basic T-1285
teleprinter was completely developed by
Siemens AG in München (Germany).
It has a built-in text editor that allows text to be formatted in a
variety of ways.
Philips Crypto BV in Eindhoven (Netherlands)
was responsible for the crytographic part, in the form of a plug-in card.
The display is fully EMC shielded, whilst the matrix printer
is connected via optical fibres.
Aroflex II was available in two colours: green for military environments,
and cream for civil/office use.
The crypto-part consists of a Crypto Ignition Key (CIK),
an interface for a standard key filler
and a crypto module with two Philips-developed cryptographic algorithms:
(1) a new Aroflex II algorithm, and (2)
a legacy algorithm for backward compatibility with Aroflex I.
The latter allowed a smooth transition from the thousands of
original Aroflex units in the field, to the new Aroflex II.
|
PLEASE HELP —
Only a limited number of Aroflex II machines was ever built and even fewer
machines have survived.
We are still looking for an Aroflex II for our collection.
If you have more information about this machine, please contact us.
The diagram below shows a typical Aroflex II setup. Central to this setup
is the basic Siemens T-1285 teleprinter with its peripherals, shown here in
blue. The T-1285 teleprinter is converted into a cipher machine by installing
an (internal) crypto card with suitable firmware, shown here in red.
Keyboard, main unit (T-1285) and monitor are always present. A printer is used
for creating a physical message (when needed). Optionally,
a tape reader/puncher (TRP) can be added for saving an loading messages.
For TEMPEST reasons, printer and TRP
are both connected via optic fibres.
The crypto card has two connections: an NF7 receptacle for connection of a
Crypto Ignition Key (CIK), and a U229 receptacle for connection of a
standard DS-102 compatible KEY FILL device,
such as the KYK-13, the KSP-1
or the UP-2001. The CIK is used to store the randomly
generated Key Encryption Key (KEK), which in turn is used to
protect the Traffic Encryption Keys (TEK).
|
|
Aroflex II is suitable for encryption and decryption of text in
26, 32 and 256 character alphabets, both online and offline.
It has room for 2 x 32 cryptographic keys
that can be loaded with a DS-102 compatible fill device,
such as the KYK-13.
The Traffic Encryption Keys (TEK) are protected
by a Key Encryption Key (KEK), that is divided over the machine's
battery-backed Static RAM and the Crypto Ignition Key (CIK), so that both are
needed in order to recover the actual keys.
|
The image on the right shows two rare surviving Aroflex II Crypto Ignition Keys.
It consists of a robust metal enclosure with
a 7-pin NF-7 audio connector at the end, and is small enough to be carried in a pocket.
It is slighly shorter than the intial version and has a knurled edge to allow
it to be installed and removed more easily.
The CIK communicates with the Aroflex II via a standard 2-wire
I2C interface.
When loading the crypto keys, half of the Key Encryption Key (KEK) is stored
in the machine's battery-backed RAM, whilst the other half is stored inside the CIK.
|
|
|
Once the keys are loaded, the CIK and the Aroflex II are said to
be paired.
Removing the CIK from the Aroflex, renders the keys stored inside
the Aroflex II useless.
Likewise, a paired CIK can not be used on another Aroflex II unit which
has its own set of keys loaded. In case of an emergency or compromise,
the user would remove the CIK and destroy it (if possible) or throw
it away.
As an extra
safety measure, the user could also press the ZEROIZE button in order to
delete the other half of the KEK which was stored in battery-backed RAM.
The function of the CIK is similar to that of the
Spendex 40 and
Spendex 50.
More photographs of the CIK are available below.
Inside the CIK is a small PCB
with only six electronic components.
At the heart is one of the first EEPROMs that had just
become available in the early 1990s.
The small 8-pin PCD-8582 contains 256 bytes
of non-volatile memory and interfaces via a Philips-standard
I2C bus [4].
The rightmost photograph below shows
the PCB inside the CIK as it came from the assembly-line.
|
Aroflex II has its own built-in word processor with full formatting
capabilities, allowing text messages to be prepaired in a variety of ways,
including ACP127, or as standard 5-letter groups.
The 720 KB floppy disc drive, hidden behind a TEMPEST-safe door
at the front panel, allows text messages to be stored on proprietary
formatted discs.
For security reasons, the Aroflex used its own Siemens-developed proprietary
operating system, making it immune to virusses.
The machine further contains two independent 1
cryptographic units: the all-new
Aroflex II
crypto unit, using state-of-the art cryptographic algorithms, and a separate
Aroflex I crypto unit, making it interoperable with the existing
Aroflex.
It has a standard key-fill interface that was compatible with
DS-102
and CSESD.
The machine is TEMPEST-proof in accordance with the AMSG720B standard.
Obtaining TEMPEST approval for the monitor appeared to be the biggest challenge,
as a Cathode Ray Tube (CRT) is generally an enormous source of unwanted radiation. 2
The printer and the paper-tape unit are connected to the
main unit by means of optical fibres.
Aroflex II was capable of handling both 5-bit
(ITA-2 or
or Baudot-Murray code) and
8-bit data (ITA-5, derived from ASCII)
with automatic code conversion between the two standards.
This allowed encryption and decryption in 26, 32 and 256 character modes.
Data could be transmitted via existing telephone lines, using
an external modem connected to the CCITT V.24 (RS-232) interface,
or via legacy telex lines (TTY 15V/20mA or 60V/50mA).
|
 |
-
Although the brochure [2] suggests that there were two physically
independent crypto units, there was in fact just one.
The OQ4436 cryptographic chip
that was used, was backward compatible
with the older OQ4406 and supported both algorithms.
The firmware was able to select between the two algorithms.
-
It was known that adversaries could reconstruct the image that was
displayed on a CRT
from a considerable distance, by exploiting the emanations from the CRT.
This phenomenon is known as Van Eck Phreaking [9].
|
The original Aroflex machine (Aroflex I)
is arguably the most successful encryption device ever built by
Philips Usfa/Crypto.
As it was NATO-approved, many thousands of units were sold to the
NATO-countries, including, Canada, Germany,
The Netherlands, Sweden and Türkiye.
It was also used by the Dutch government and by the Dutch police.
The original Aroflex was based on a
Siemens T-1000 teleprinter,
that had a black Philips encryption module mounted to its bottom.
|
|
In the late 1980s, when the end-of-life for the
T-1000 teleprinter was nearing,
Siemens decided to develop a completely new fully-electronic alternative
that could be expanded with an (optional) internal encryption module.
Called T-1285 it was compatible with existing data-standards.
The optional crypto plug-in offered full backward compatibility with the older
Aroflex.
It was agreed that Siemens would take care of the basic
teleprinter, keyboard, monitor and (optional) puncher, whilst
Philips Crypto was responsible for
the development of the crypto module that could be installed inside the
T-1285. The complete setup, with the optional tape unit, is shown above.
|
Development of the T-1285 took several years and cost many millions of Euros.
It appeared to be extremely difficult to meet the tough NATO TEMPEST requirements
for the complete setup, but the end-result was a robust text encryptor that
fully complied with NATO specifications [1].
A range of options was available and the Aroflex II could be connected
to a variety of existing networks, including telex, telephone, radio and
(via PAD) to X.28 packet-switched networks.
The T-1285CA was available in two colours: cream for civil and
desktop use and olive green for NATO and other military applications.
Full-colour brochures were issued
both by Siemens
and by Philips,
the latter aming at the existing Aroflex users at NATO
and friendly governments.
A complete training program was developed in order to support customers
and maintenance personnel.
The certificate on the right was issued to 2nd and 3rd echelon
maintenance engineers who completed a training session at Siemens' own
training facilities in Unterschleissheim (Germany).
Although no dates are present on the certificate, it was probably issued
around 1993.
|
|
|
|
Nevertheless, the machine hit the market too late, as by the
mid-1990s, computers were rapidly replacing teletype units. As a result, the
machine was never taken into mass-production and only very few units were built.
It is known that a modest number was delivered to the Belgian Army [1].
|
|
At Philips, the Aroflex II project was given a place in its museum.
Siemens probably sold some more units and was offering it world-wide
in 1994 [5 p.524]. Apparently, they too discontinued the product soon thereafter,
as it is no longer listed in the Jane's Catalogue of 1997 [6].
The demise of the T-1285 also marked the end of the close cooperation
between the two companies.
|
The basic T-1285 terminal was also used in 1994 by
Crypto AG (Hagelin) in Switzerland,
a company that was rumoured at the time to be controlled by
Siemens [7],
giving them easy access to the hardware. In reality though, the company was
owned by the German intelligence service BND and the American CIA,
whilst Siemens
acted as a legend and supplied the company directors [8].
Crypto AG developed its own crypto logic (i.e. crypto heart) for the terminal
and called it HC-5700 and HC-5750,
the difference between the two probably being just the colour.
It was compatible with other members of the
HC-5000 CRYPTOMATIC family [6 p.547]. One of the differences with the Philips version
is the presence of a smart-card reader to the right of the CIK.
|
Device Online/offline text encryptor Purpose Secure exchange of preformatted telex messages Name Aroflex II Designator PLDX-6141 Manufacturer Siemens, Philips Crypto Year 1993 (est.) Predecessor Aroflex (UA-8116) Classification TOP SECRET, NATO COSMIC TEMPEST AMSG720B Algorithm Aroflex I (CEROFF), Aroflex II Keys 31 net variables, 31 spares Fill DS-102, CSESD Speed 50-2400 baud Data rate 300 baud (ITA-2), 2400 baud (ITA-5) Alphabet ITA-2 (Baudot-Murray), ITA-5 (ASCII) Formatting 5-letter groups, ACP127 Interfaces (see below) Memory (see below) Power 24V DC Mains 115, 120, 230, 240V AC, 42-70 Hz or 400 Hz Consumption 60W (AC), 50W (DC) Temperature 0°C to +40°C Storage -40°C to +60°C Enclosure Cream, Olive green Dimensions 425 × 145 × 378 mm Weight 18 kg
|
Program 640 KB (locked) Main 64 KB Message 192 KB Diskette 3.5" 720 KB (proprietary format)
|
TTY 15V/20mA (also: 60V/40mA with external supply) V.24 RS232-C (CCITT V.24), or MIL-STD 188-114 X.28 Packet switched data networks via PAD Phone Via optional modem
|
Manufacturer Siemens Layout UK layout Keys 112 keys (47 function keys) LEDs 24 LEDs Features Buzzer Colour Cream, Olive green Dimensions 425 × 22 (51) × 200 mm Weight 3 kg
|
Type Cathode Ray Tube (CRT) Manufacturer Siemens TEMPEST AMSG720B Size 12" (diagonal) Colour Monochrome (black on white or inverted) Characters 80 per line Lines 27 Mounting Tilt & swivel pedestal Control Brightness Shielding TEMPEST Interface TNC, 5-pin mil Temperature 0°C to +40°C Storage -40°C to +60°C Enclosure Cream, Olive green Dimensions 348 × 365 × 340 mm Weight 13 kg
|
Manufacturer Siemens TEMPEST AMSG720B System Dot-matrix Speed 60 characters per second bi-directional Paper Roll feed, original + 2 copies Interface Fibre optic Power 24V DC Mains 115, 120, 230, 240V AC, 42-70 Hz or 400 Hz Consumption 55W (AC), 45W (DC) Temperature 0°C to +40°C Storage -40°C to +60°C Enclosure Cream, Olive green Dimensions 425 × 145 × 378 mm (425 × 260 × 502 mm with paper cartridge) Weight 21 kg
|
Manufacturer Siemens TEMPEST AMSG788A Interface Fibre optic Power 24V DC Mains 115, 120, 230, 240V AC, 42-70 Hz or 400 Hz Consumption 55W (AC), 45W (DC) Temperature 0°C to +40°C Storage -40°C to +60°C Enclosure Cream, Olive green Dimensions 361 × 145 × 378 mm (361 × 365 × 504 mm with paper tape) Weight 18 kg
|
- Automatic key selection
- Automatic and manual remote keying
- Standard fill interface (DS-102, CSESD)
- Backward compatibility with Aroflex I
- Local and remote upate
- ZEROISE facility
- Crypto Ignition Key (CIK)
- Failsafe hardware and software design
- Traffic Flow Security (TFS)
- Bult-in Test Equipment (BITE)
|
- Mathieu Goudsmits, Aroflex II developer at Philips Crypto BV
Interview, Crypto Museum, July 2011.
- Philips Crypto BV, Crypto Communications System AROFLEX II
Full-colour 6-page brochure of the PDLX-6141 Aroflex II. NATO Restricted. 1993.
- Siemens, TEMPEST Crypto Communications System T1285CA
Full-colour 6-page brochure of the T-1285CA.
- Philips Semiconductors, PCX8582X-2 Datasheet
Datasheet of the EEPROM used inside the CIK. 1992-1994.
- Jane's Military Communications, Fifteenth Edition, 1994-95
ISBN 0-1706-1163-3.
- Jane's Military Communications, Eighteenth Edition, 1997-98
ISBN 0-1706-1530-2.
- Res Strehle, Verschlüsselt. Der Fall Hans Bühler
The full backgrounds about mr. Bühler's arrest in Iran in 1992.
ISBN 3-85932-141-2.
- Paul Reuvers & Marc Simons, Operation RUBICON
Crypto Museum, 19 March 2020.
- Wikipedia, Van Eck phreaking
Visited 15 June 2024.
|
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Tuesday 16 August 2011. Last changed: Monday, 03 March 2025 - 10:14 CET.
|
|
|
|
|
![Promotional photograph of the Aroflex II (taken from brochure) [2]](img/aroflex_II_full.jpg)
![Complete Siemens T-1285CA setup. Photograph taken from the brochure [3].](img/t1285_large.jpg)
