e-Navigation Netherlands
Published on e-Navigation Netherlands (https://www.e-navigation.nl)

Home > Modify Key Command (encrypted)

Introduction/Additional information: 

This ASM implements the Project 25 OTAR Modify Key Command message.

Usage Notes

  • This message is sent from the Key Management Facility to the Mobile Radio (MR) to modify one or more keys in the keyset.
  • This message is broadcast as a non-addressed message, to reduce the message size, and to avoid issues from a relocated RSI to a different MMSI.
  • The “Number of Keys” field is set at two per message, in order to reduce and fix message size within AIS slot count limits.

Version 0:

This is an RTCM compliant implementation of the Project 25 OTAR Modify Key Command.

This ASM only has an AIS Message 26 variant.

Permitted as from: 
12/05/2016
Registrant: 
USCG
Physical link: 
AIS
Message number (0=VDES-VDE): 
26
DAC or VPFI: 
366
FI / Message ID: 
24
Version: 
0
State: 
in force
Number of slots (max): 
5
Last modified: 
29/01/2021 - 23:19
Used by: 
USCG
Details: 

Modify Key Command (Message 26, broadcast)

 

 

Parameter

# of Bits

Description

 

 

Standard Message Header

Message ID

6

Identifier for Message 26; always (decimal) 26.

 

Repeat Indicator

 

2

Indicates how many times a message has been repeated. 0 – 3; 0 = default; 3 = do not repeat any more. Set to zero (default).

Source MMSI

30

MMSI number of source station. Varies according to the transmitter ID.

Destination Indicator

1

0 = broadcast (no Destination ID field)

1 = Addressed (30 bit Destination ID field). Set to zero (broadcast).

 

Binary Data Flag

 

1

0 = unstructured binary data (no Application Identifier bits used)

1 = binary data coded as defined by the 16-bit AI. Set to 1 (structured).

Destination ID

0

MMSI number of destination station. Not used.

 

Spare

 

0

 

Not used.

 

 

 

Binary Data

DAC

10

Designated Area Code. Set to 366.

Function Identifier

6

Function identifier. Set to (decimal) 24.

KMM Preamble

Reserved

3

Reserved for future use. Set to 0.

Version

5

Version of KMM Preamble Message Body. Set to 0.

MFID

8

Manufacturer’s ID, indicates conformance to standard. Set to 0.

Algorithm ID

8

Identifies the algorithm used to encrypt payload. Set to (hex) 85 = AES-128.

Key ID

16

Identifies the TEK used to encrypt the KMM.

Message Indicator

72

Provides the message indicator to synchronize the encryption of the OTAR KMM

Encrypted Payload

OTAR Message ID

8

Identifies the Project 25 “Message ID” type. One of 255 possible values assigned as the message type. Set to (decimal) 19 = Modify Key Command

Message Length

16

A 16 bit binary number that defines the length (in octets) of the subsequent OTAR fields, including MAC. Set to (decimal) 59 - 88.

Message Format

RSP

2

Response Kind defines acknowledgment to be returned to the sender of the KMM. 00 =Rsp Kind 1, 01 = Rsp Kind 2, 10 = Rsp Kind 3 and 11 is undefined.

 

MN

 

2

Message Number defines the size of the Message Number field in the KMM. 00 = no message number, 10 = a 2 octet message number. Set to (binary) 10

MAC Processing

2

Defines the type of MAC processing performed over the entire KMM. Set to (binary) 11 = Type 3 MAC

Spare

1

Set to zero.

Done

1

Indicates if KMM is last in a series. 1 = More to follow (Not Done), 0 = done.

Destination RSI

24

Radio Set Identifier number

Source RSI

24

Radio Set Identifier Number

KMF Message Number

16

A rolling sequence number to prevent message playback. Binary number representing values from 0 – 65535.

Decryption Instruction

Format

Reserved Bit

1

Set to zero (not used).

Message Indicator Block

1

Set to zero (not used).

Spare

6

Always zero.

KEK Algorithm ID

8

The algorithm ID is used in conjunction with the KeyID to uniquely select a KEK.

Set to (hex) 85 = AES-128

KEK Key ID

16

Identifies the Key ID for the KEK.

Message Indicator

0

Optional, not used for AES-ECB wrapped keys.

Keyset ID

8

The Keyset ID to be modified.

               
 

 

 

Binary Data

Encrypted Payload

Algorithm ID

8

The algorithm to be used for the keyset. Set to (hex) 85 = AES-128

Key Length

8

The number of octets to transfer the key. Set to (decimal) 16.

Number of Keys

8

The number of keys in this sequence. Set to (decimal) 1 - 2.

Key Format

Key Type

1

0 = TEK, 1 = KEK

Spare

1

Not used, set to zero.

Delete/Rekey

1

0 = rekey (add new or change existing key), 1 = delete existing key

Key Name Size

5

Defined the length in octets of the key name field. Set to (decimal) 8.

Storage Location Number

16

Identifies one of 65536 possible storage location indices.

Key ID

16

The Key ID of the key being modified.

Key

128

The key, either a KEK or a TEK.

Key Name

 

Function

 

16

Functional name or purpose of key. This will be a logical representation of the key (KEK, MAC key or TEK), as well as organization (USCG, NAVY, etc.)

Month

16

Month identifier, typically of the publish date. (8 bit ASCII) 1-12

Day

16

Day identifier, typically of the publish date. (8 bit ASCII) 1-31

Year

16

Year (century agnostic) identifier, typically of the publish date. (8 bit ASCII) 0-99.

Subsequent Key Items

0 - 232

Subsequent items are 232 bits apiece, Key Format to Key Name, inclusive repeated for each item.

Message Authentication Code

MAC

64

OTAR Message authentication code, concatenated to key length/2. Calculated per paragraph 13.5.2 of TIA 102.AACA-A, September 2014.

MAC Length

8

Length of message authentication code in octets. Set to (decimal) 8

MAC Algorithm ID

8

Used with MAC Key ID to uniquely determine key to used to produce MAC. Set to (hex) 85 = AES-128.

MAC Key ID

16

Identifies the Key to be used to compute the MAC

T

1

Not used. Set to zero.

D

1

Derived Key. Set to zero = Dedicated MAC Key

R

1

Reserved for future use. Set to zero.

Version

5

Defines the version of the MAC message body. Set to zero.

 

Encryption Bit Padding

 

variable

 

Sufficient spare bits to ensure that the binary data is a multiple of 128 bits for block encryption (512, 768). Set to zero.

 

Checksum

 

16

 

16-bit CRC calculated as per EAIS Specification

 

 

 

Footer

Spare

4

Four extra bits to ensure the message ends on a byte boundary. Set to zero.

Communications State Selector

1

0 = SOTDMA communication state follows 1 = ITDMA communication state follows

 

Communications State

 

19

SOTDMA communication state (see ITU 1371-5 § 3.3.7.2.1, Annex 2), if communication state selector flag is set to 0, or ITDMA communication state (§ 3.3.7.3.2, Annex 2), if communication state selector flag is set to 1.

Total bits

720 –

976

4 - 5 Slot Binary Message

Attachment: 
PDF icon eais_idd_v5_4_8may17.pdf [1]

Source URL (modified on 29/01/2021 - 23:19):https://www.e-navigation.nl/content/modify-key-command-encrypted

Links
[1] https://www.e-navigation.nl/sites/default/files/asm_files/eais_idd_v5_4_8may17_1.pdf