Presentation on theme: "TETRA SECURITY Brian Murgatroyd UK Home Office. Agenda Why security is important in TETRA systems Overview of TETRA security features Authentication Air."— Presentation transcript:
Agenda Why security is important in TETRA systems Overview of TETRA security features Authentication Air interface encryption Key Management Terminal Disabling Using SIM’s End to End Encryption
Security Threats What are the main threats to your system? Confidentiality? Availability? Integrity?
Message Related Threats interception by hostile government agencies eavesdropping by hackers, criminals, terrorists Confidentiality masquerading pretending to be legitimate user manipulation of data Integrity changing messages Replay recording messages and replaying them later
User Related Threats traffic analysis Confidentiality getting intelligence from patterns of the traffic-frequency- message lengths-message types observability of user behaviour Confidentiality examining where the traffic is observed - times of day-number of users
System Related Threats denial of serviceAvailability preventing the system working by attempting to use up capacity jamming Availability Using RF energy to swamp receiver sites unauthorized use of resourcesIntegrity Illicit use of telephony, interrogation of secure databases
TETRA Security features Authentication Air Interface encryption Temporary /permanent disabling Aliasing/User logon Ambience listening Discrete Listening Lawful Interception
Authentication Used to ensure that terminal is genuine and allowed on network. Mutual authentication ensures that in addition to verifying the terminal, the SwMI can be trusted. Authentication requires both SwMI and terminal have proof of secret key. Successful authentication permits further security related functions to be downloaded.
Authentication process MobileBase station Authentication Centre K Random Seed (RS) RS KS Rand Expected Result K RS Rand Result TA11 TA12 TA11 KS ( Session key ) Same?
Deriving DCK from mutual authentication Result 1 Result 2 DCK2 DCK1 DCK RAND1 KS RAND2 KS’
Air Interface keys Four traffic keys are used in class 3 systems:- Derived cipher Key (DCK) derived from authentication process used for protecting uplink, one to one calls Common Cipher Key(CCK) protect downlink group calls and ITSI on initial registration Group Cipher Key(GCK) Provides crypto separation, combined with CCK Static Cipher Key(SCK) Used for protecting DMO and TMO fallback mode
Over the Air Re-Keying (OTAR) CCK BS MS GCK SCK CCK MGCKSCK DCK AI CCKGCK SCK KSO (GSKO) DCK KSO (GSKO)
Encryption Process Clear data in Encrypted data out Key Stream Generator (TEA[x]) Modulo 2 addition (XOR) Initialisation Vector (IV) ABCDEFGHIy4Mv#Qt q c Traffic Key Key Stream
Disabling of terminals Vital to ensure the reduction of risk of threats to system by stolen and lost terminals Relies on the integrity of the users to report losses quickly and accurately. May be achieved by removing subscription and/or disabling terminal Disabling may be either temporary or permanent Permanent disabling removes all keys including (k) Temporary disabling removes all traffic keys but allows ambience listening
Security and SIMs Many second generation terminals may use SIMs SIM contains all personalization information Secret key(k) and ITSI must be on SIM if complete SIM mobility required. Design must be able to prevent the secret key (k) and traffic keys being extracted May be possible to only have talkgroup and phonebook information on SIM (leave ITSI/K in terminal)
End to end encryption features No need to trust infrastructure- no intermediate decoding. Additional synchronization carried in stolen half frames Standard algorithms available or national solutions Local Key Management Centres managed by User Keys received from national COMSEC authority (depending on National policy)
End to end keys Traffic encryption key(TEK). Three editions used in terminal to give key overlap. Group Key encryption key(GEK) used to protection TEKs during OTAR. Unique KEK(long life) used to protect GEKs during OTAR. Signalling Encryption Keys (SEK) used optionally for control traffic
Conclusions Security functions built in from the start! User friendly and transparent key management. Air interface encryption protects control traffic, IDs as well as voice and user traffic. Key management comes without user overhead because of OTAR. Well developed end to end encryption for users with very sensitive data to protect.