MIL-STD 188-220 suite (here MS-220D) was developed to meet the requirements for mobile Combat Net Radios (CNR) specified as SINCGARS (Single Ground and Airborne Radio System) or more fresh JTRS (Joint Tactical Radio System). The radios can handle voice and data communication, both safe and non-secure. SINCGARS radios work in the lower VHF band (30 to 88 MHz), with 25 kHz channel spacing and can operate on a single channel as wel as in Frequency Hopping mode (FH). It's so alternatively uncommon to find transmissions in HF that usage this protocol suite, especially in the low HF band (7 MHz)... but it may happen. Indeed, I was fortunate adequate to catch specified transmissions on the same day (1030Z and 1058Z) on 7510 KHz/U (and it's not the first time it occurs).
The transmissions under consideration (Figure 1) are in STANAG-4538 circuit service mode, where link setup is performed by FLSU request/confirm exchanges (BW5 bursts) and MIL-STD 188-110A is the utilized traffic waveform.
 |
| Fig. 1 - STANAG-4538 Circuiy Service mode |
Appendix D of of MIL-STD-188-220 regards Communications safety Standards (COMSEC) and describes the requirements of the transmission frame structure erstwhile link encryption is provided by "external COMSEC" (traditional COMSEC) or by "embedded COMSEC" devices. The demodulated bitstreams perfectly fit the COMSEC preamble for external COMSEC (Figs. 2,3), i.e. erstwhile link encryption is provided by external devices.
 |
| Fig. 2 - conventional COMSEC transmission frame structure (FIGURE D-1, MS-220D) |
 | |
| Fig. 3 - COMSEC preambles of the demodulated bitstreams |
Bit Synchronization subfield is utilized to supply a signal for achieving bit synchronization and for indicating activity on a data link to the receiver. The subfield consists of the data-rate clock signal, a string of alternating ones and zeros.
Frame Synchronization subfield is utilized to supply a framing signal indicating the start of the encoded MI to the receiving station. As for MS-220D "this subfield shall be 465 bits long, consisting of 31 Phi-encoded bits (1 encoded bit = 15 bits). The Phi patterns are a method of redundantly encoding data bits, a logical 1 data bit shall be encoded as Phi(l)=111101011001000, and logical 0 data bit shall be encoded as Phi(0)=000010100110111. A simple majority voting process may be performed at the receiver to decode the Phi-encoded frame pattern to its first format". Figure 4 shows the Frame Sync subfield of the demodulated bitstreams: as 1 can easy verify, the Phi-decoded content match perfectly the sync pattern indicated in Figure D.2 of MS-220D (#D.5.1.1.2).
 |
| Fig. 4 - Phi-encoded frame sync |
Message Indicator subfield contais the COMSEC-provided MI (or Initialization Vector), a stream of 87 random bits that are redundantly encoded utilizing the Phi patterns seen above. Cryptographic synchronization is achieved erstwhile the receiver acquires the correct MI. Decoding can be easy achieved (Figure 5).
 |
| Fig. 5 - Message Indicator subfield |
Since the COMSEC preamble of the analyzed streams match the "external COMSEC" frame structure, likely the encrypted parts (voice/data) are secured by an external crypto unit specified as the KY-57 (Vinson) or the more advanced KY-99.
Such uncommon (in HF band) transmissions are possibly a forward from a VHF link, who knows.
