Authentication

Radio authentication is the procedure for verifying that the station you are talking to is actually who it claims to be — not an impersonator with a captured radio, an infiltrator, or an adversary playing the role of a friendly unit. Without authentication, every clear-text radio message is just an unverified request.

What it prevents

• Impersonation via radios captured on the front (frequent in Ukraine)
• Enemy stations posing as friendly command to extract information or induce errors
• Injection of false orders (deception) that shift units into exposed positions
• Cross-confirmation in scenarios where callsign identity is doubtful
• Verification of critical requests: fires, MEDEVAC, change of plan, friendly position

CEOI / SOI — the foundation

All tactical authentication rests on the CEOI (Communications-Electronics Operating Instructions) or SOI (Signal Operating Instructions). A daily or cyclic document containing: frequencies, callsigns, authentication table, code words, additional prowords. Rotates on schedule (typically 24 h). Holding an expired CEOI is useless; holding someone else's CEOI without authorisation is an OPSEC breach. Destroy immediately if compromised.

Challenge / Response — two-letter system

The most widespread system. The challenger transmits two phonetic letters; the challenged station replies with the matching letter (or pair) from the current table. Wrong or missing reply: the station is not authenticated.

Sample table (not operational). In real environment the table comes from the day's CEOI and rotates.

Numeric authentication

Variant with numeric or alphanumeric strings for high-precedence traffic or double authentication. Often paired with a 3-character trigraph to reduce guessing probability.

DTG-based authentication

More modern systems tie the response to the current Date-Time Group, invalidating any intercepted-and-replayed response. Typically: authenticator is a function of (DTG, day key). The operator consults a pad or dedicated device (e.g. KYK-13, proprietary UA systems) to derive the response. Same principle: no access to the active key, no authentication.

Duress code

Pre-agreed word or sequence transmitted when the station is under coercion or the radio is in enemy hands. The reply looks valid but contains a covenanted marker. The receiver knows that, from then on, every information from that station is compromised. The duress word is never revealed in clear, never recorded on recoverable material, never shared with non-operational personnel.

Common mistakes

• Skipping authentication on critical requests "because the voice is recognised" — voice and phrasing get imitated
• Repeating the challenge if the answer is wrong instead of terminating the transmission
• Carrying expired CEOIs in pocket or pack
• Writing authentication answers on non-destructible paper
• Authenticating the wrong station (answering a challenge before correctly identifying it)
• Reusing the same table across different nets — compromise propagates

Lessons learned Ukraine

On the Ukrainian front, impersonation via captured radios is documented in both directions. Russians and Ukrainians call each other pretending to be units of the receiver's own side to obtain positions, falsified fires requests, MEDEVAC traps. The only working defence is disciplined authentication procedure, applied always, even when it "seems pointless". Units that skip authentication for speed are the same units that, with statistical regularity, lose teams to false orders. A fires request without authentication is treated as a potential trap.

Authentication checklist

• Day's CEOI known and accessible, not expired
• Challenge table memorised or quickly consultable
• Personal duress word memorised, never written
• Challenge procedure applied on all critical requests (fires, MEDEVAC, change of plan)
• Standard reaction to authentication failure: end transmission, report to command
• Immediate destruction of expired or compromised CEOI