View
220
Download
1
Tags:
Embed Size (px)
Citation preview
Security Encryption and Management
Brian Murgatroyd
Chairman:
TETRA Association Security and Fraud Prevention Group
13th June 2006 TETRA Experience - Poland
Agenda
Security threats TETRA security features Overall system security measures Air interface security functions End to end encryption Interoperability and practical security measures
13th June 2006 TETRA Experience - Poland
Security ThreatsWhat are the main threats to your
system?
Confidentiality?
Availability?
Integrity?
13th June 2006 TETRA Experience - Poland
Message and User Related ThreatsMessage threats
– Interception
– Eavesdropping
– Masquerading
– Manipulation of data.
– ReplayUser related threats
– traffic analysis
– observability of user behaviour.
13th June 2006 TETRA Experience - Poland
System Related Threats
Denial of service– Jamming – Attacks via the IP network
to switch off the functional boxes
– Natural disasters- • fire, flood, earthquake
•,
13th June 2006 TETRA Experience - Poland
Overall TETRA Security
Several aspects to TETRA security– Technical security countermeasures– Secure Network Management and procedure– Lawful Interception– Standard algorithms
13th June 2006 TETRA Experience - Poland
Network Security
IT security is vital in TETRA networks Gateways are particularly vulnerable.Operating staff need vettingFirewalls required at access points to the network
13th June 2006 TETRA Experience - Poland
TETRA security classes
Class Encryption OTAR Authentication 1 No No Optional 2 Static key Optional Optional
3 Dynamic key Mandatory Mandatory
13th June 2006 TETRA Experience - Poland
Authentication
Used to ensure that terminal is genuine and
allowed on network.
Mutual authentication ensures that in addition to
verifying the terminal, the SwMI can be trusted.
Authentication requires both SwMI and terminal
have proof of secret key.
Successful authentication permits further security
related functions to be downloaded.
13th June 2006 TETRA Experience - Poland
AuthenticationAuthentication Centre (AuC)
CallController
TA11
K RS
KS
Generate RS
KS (Session key)RS (Random seed)
TA12
KS RAND1
XRES1 DCK1
Generate RAND1
Compare RES1 and XRES1
TA11
TA12
K RS
KS RAND1
RES1 DCK1
RS, RAND1
RES1
Base station
DCK
K known only to AuC and MS
13th June 2006 TETRA Experience - Poland
Provisioning of authentication keys
Every terminal has a unique secret key (k) which has to be manually loaded to the terminal normally by the manufacturer
k associated with the TEI and sent to the network provider Needs to be done securely and to the SFPG recommendation
01 file format User organization provides the ISSI-TEI which it sends to the
network provider K-ISSI pairs in the authentication centre can be formed
13th June 2006 TETRA Experience - Poland
Air interface encryption protection
protected protectedvulnerable
standardair interface encryption
protectedEnd-to-endencryption
13th June 2006 TETRA Experience - Poland
Air interface encryption
As well as protecting voice, SDS and packet data transmissions:– AI encryption protects control channel messages as
well as voice and data payloads– encrypted registration protects identities and gives
anonymity– Protection against replay attacks using an initialization
vector derived form system timing (frame numbering)
13th June 2006 TETRA Experience - Poland
Over The Air Re-keying (OTAR)
Populations of terminals tend to be large and the only practical way to change encryption keys is by OTAR
This is done securely by using a derived cipher key or a session key to wrap the downloaded key
The security functionality is transparent to the user as the network provider would normally be responsible for OTAR and management of AI keys
13th June 2006 TETRA Experience - Poland
Air Interface traffic keys
Four traffic keys are used in class 3 systems:- Derived cipher Key (DCK)
– derived from authentication process used for protecting uplink, one to one calls
Common Cipher Key(CCK)– protects downlink group calls and ITSI on initial registration
Group Cipher Key(GCK)– Provides crypto separation, combined with CCK
Static Cipher Key(SCK)– Used for protecting DMO and TMO fallback mode
13th June 2006 TETRA Experience - Poland
Disabling of terminals
Vital to ensure the reduction of risk of threats to system by stolen and lost terminals
Relies on the integrity of the users to report losses quickly and accurately.
Disabling may be either temporary or permanent Disabling stops the terminal working as a radio and:
– Permanent disabling removes all keys including (k)
– Temporary disabling removes all traffic keys but allows ambience listening
The network or application must be able to remember disable commands to terminals that are not live on the network at the time of the original command being sent.
13th June 2006 TETRA Experience - Poland
Standard air interface algorithms
TEA1 and TEA4– Generally exportable outside Europe. Designed for
non public safety use TEA2
– Only for use in Europe for public safety and military organizations. Strictly export controlled
TEA3– For use by public safety and military organizations
where TEA2 is not allowed. Strictly export controlled
13th June 2006 TETRA Experience - Poland
Transfer of security parameters between networks The authentication parameters (based on k) are
very sensitive and should never be sent to a visited network
The way forward is to provide a set of parameters that will only be used in the visited network
WG6 are working on a revision to the standard to accommodate practical security functionality across an ISI
13th June 2006 TETRA Experience - Poland
Evaluation of security mechanisms
How can a system be judged secure?– Evaluate threats and risks, independently if possible– Ensure correct implementation of security– Ensure mobile terminals have been evaluated– Use standard encryption algorithms– Regular audit and inspection
13th June 2006 TETRA Experience - Poland
End to end encryption
End-to-end security between MS’s
Network MS
Air interface security between MS and network
MS
Protects messages across an untrusted infrastructureProvides enhanced confidentialityVoice and SDS servicesIP data services (soon)
13th June 2006 TETRA Experience - Poland
Benefits of end to end encryption in combination with Air Interface encryption
Air interface (AI) encryption alone and end to end encryption alone both have their limitations
For most users AI security measures are completely adequate Where either the network is untrusted, or the data is extremely
sensitive then end to end encryption may be used in addition as a overlay.
Brings the benefit of encrypting addresses and signalling as well as user data across the Air Interface and confidentiality right across the network
13th June 2006 TETRA Experience - Poland
Standard end to end encryption algorithms
There are no ‘standard’ algorithms defined by SFPG but: IDEA was defined as a good candidate 64 bit block cipher
algorithm for use with TETRA and test data and an example implementation was produced
AES128 (Rijndael) was defined as a good candidate 128 bit block cipher algorithm for use with TETRA and test data and an example implementation was produced
Both algorithms have proved popular with public safety organizations and give a good level of security assurance to sensitive data
13th June 2006 TETRA Experience - Poland
Export control of crypto material
All cryptographic material and terminals capable of encryption are subject to export control
The authority has to be satisfied that the key length and algorithms used are allowed to be exported.
Guidance is given in the Wassenaar arrangement www.wassenaar.org but the export control authority must be approached in all cases
13th June 2006 TETRA Experience - Poland
Lawful interception
In most countries public telecoms systems are subject to lawful interception by the security authorities
TETRA provides a standard interface to allow this functionality
Operators need to check with their security authorities whether their system needs to be equipped with this interface
13th June 2006 TETRA Experience - Poland
Question
What would be the main reason for using end to end encryption for your users and is the additional expense worth the money and additional management bearing in mind the threats?
13th June 2006 TETRA Experience - Poland
Conclusion
Security functions built in to TETRA from the start!
Air interface encryption protects, control traffic, IDs as well as voice and user traffic. End to end encryption gives higher level of assurance
Key management comes without user overhead because of OTAR.