TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization

TWC 2005 FrankfurtTWC 2005 Frankfurt 11

INTRODUCTION TO TETRA INTRODUCTION TO TETRA SECURITYSECURITY

Brian MurgatroydBrian MurgatroydUK Police IT OrganizationUK Police IT Organization


AgendaAgenda Threats to systemsThreats to systems Network SecurityNetwork Security Overview of standard TETRA security featuresOverview of standard TETRA security features

– Authentication Authentication – Air interface encryption Air interface encryption – Key ManagementKey Management– Terminal DisablingTerminal Disabling– DMO securityDMO security

End to End EncryptionEnd to End Encryption


Security ThreatsSecurity Threats

What are the main threats to What are the main threats to

your system?your system?

Confidentiality?Confidentiality?

Availability?Availability?

Integrity?Integrity?


Message and User Related ThreatsMessage and User Related Threats Message threats

– Interception

– Eavesdropping

– Masquerading

– Manipulation of data.

– Replay

User related threats

– traffic analysistraffic analysis – observability of user behaviour.observability of user behaviour.


System Related ThreatsSystem Related Threats


Network SecurityNetwork Security

IT security is vital in TETRA networks

Gateways are particularly vulnerable.

Operating staff need vetting


TETRA Communications SecurityTETRA Communications Security

Security is not just encryption!Security is not just encryption! Terminal AuthenticationTerminal Authentication User logon/AuthenticationUser logon/Authentication Stolen Terminal DisablingStolen Terminal Disabling Key Management with minimum overheadKey Management with minimum overhead All the network must be secure, particularly All the network must be secure, particularly

with a managed systemwith a managed system


User authentication (aliasing)User authentication (aliasing) Second layer of securitySecond layer of security Ensures the user is associated with terminalEnsures the user is associated with terminal User logon to network aliasing serverUser logon to network aliasing server log on with Radio User Identity and PINlog on with Radio User Identity and PIN Very limited functionality allowed prior to log onVery limited functionality allowed prior to log on Log on/off not associated with terminal Log on/off not associated with terminal

registrationregistration Could be used as access control for applications Could be used as access control for applications

as well as to the Radio systemas well as to the Radio system


AuthenticationAuthentication

Used to ensure that terminal isUsed to ensure that terminal is genuine and genuine and

allowed on network.allowed on network.

Mutual authentication ensures that in addition Mutual authentication ensures that in addition

to verifying the terminal, the SwMI can be to verifying the terminal, the SwMI can be

trusted.trusted.

Authentication requires both SwMI and Authentication requires both SwMI and

terminal have proof of secret key.terminal have proof of secret key.

Successful authentication permits further Successful authentication permits further

security related functions to be downloaded.security related functions to be downloaded.


AuthenticationAuthentication

Authentication Centre (AuC)

CallController

TA11

K RS

KS

Generate RS

KS (Session key)RS (Random seed)

TA12

KS RAND1

XRES1 DCK1

Generate RAND1

Compare RES1 and XRES1

TA11

TA12

K RS

KS RAND1

RES1 DCK1

RS, RAND1

RES1

EBTS

DCK

K known only to AuC and MS


Encryption ProcessEncryption Process

Clear data inClear data in Encrypted data out Encrypted data out

Key Stream Generator (TEA[x])

Initialization Vector (IV)

A BCDE F G H y 4 M v # Q t q c

Traffic Key (X)CK

Key Stream Segments

Combining algorithm (TB5)

I

CN

LA

CC


Air Interface traffic keysAir Interface traffic keys

Four traffic keys are used in class 3 systems:-Four traffic keys are used in class 3 systems:- Derived cipher Key (DCK)Derived cipher Key (DCK)

– derived from authentication process used for protecting derived from authentication process used for protecting uplink, one to one callsuplink, one to one calls

Common Cipher Key(CCK)Common Cipher Key(CCK)– protects downlink group calls and ITSI on initial registrationprotects downlink group calls and ITSI on initial registration

Group Cipher Key(GCK)Group Cipher Key(GCK)– Provides crypto separation, combined with CCKProvides crypto separation, combined with CCK

Static Cipher Key(SCKStatic Cipher Key(SCK))– Used for protecting DMO and TMO fallback modeUsed for protecting DMO and TMO fallback mode


DMO SecurityDMO Security

Implicit AuthenticationStatic Cipher keysNo disabling


TMO SCK OTAR schemeTMO SCK OTAR scheme

Key Management Centre

SwMI


Key Overlap scheme used for DMO SCKsKey Overlap scheme used for DMO SCKs

The scheme uses Past, Present and Future versions of an SCK.The scheme uses Past, Present and Future versions of an SCK. System RulesSystem Rules

– Terminals may only transmit on their Present version of the Terminals may only transmit on their Present version of the key.key.

– Terminals may receive on any of the three versions of the Terminals may receive on any of the three versions of the key.key.

This scheme allows a one key period overlap.This scheme allows a one key period overlap.

Past Present Future

Receive

Transmit


Disabling of terminalsDisabling of terminals

Vital to ensure the reduction of risk of threats to Vital to ensure the reduction of risk of threats to system by stolen and lost terminalssystem by stolen and lost terminals

Relies on the integrity of the users to report losses Relies on the integrity of the users to report losses quickly and accurately.quickly and accurately.

Disabling may be either temporary or permanentDisabling may be either temporary or permanent Permanent disabling removes all keys including (k)Permanent disabling removes all keys including (k) Temporary disabling removes all traffic keys but Temporary disabling removes all traffic keys but

allows ambience listeningallows ambience listening


End to end encryptionEnd to end encryption

End-to-end security between MS’s

Network MS

Air interface security between MS and network

MS

Protects messages Protects messages across an untrusted across an untrusted infrastructureinfrastructure

Provides enhanced Provides enhanced confidentialityconfidentiality

Voice and SDS servicesVoice and SDS services IP data services (soon)IP data services (soon)


Key management for end to end Key management for end to end encryptionencryption

SwMI

SDS Router

Firewall

Key management

Centre

End to end encrypted terminals


Benefits of end to end encryption in Benefits of end to end encryption in combination with Air Interface encryptioncombination with Air Interface encryption

Air interface (AI) encryption alone and end to end encryption Air interface (AI) encryption alone and end to end encryption alone both have their limitationsalone both have their limitations

For most users AI security measures are completely adequateFor most users AI security measures are completely adequate Where either the network is untrusted, or the data is Where either the network is untrusted, or the data is

extremely sensitive then end to end encryption may be used extremely sensitive then end to end encryption may be used in additionin addition

Brings the benefit of encrypting addresses and signalling as Brings the benefit of encrypting addresses and signalling as well as user data across the Air Interface and confidentiality well as user data across the Air Interface and confidentiality right across the networkright across the network


ConclusionsConclusions

Security functions built in to TETRA Security functions built in to TETRA from the start!from the start!

User friendly and transparent key User friendly and transparent key management.management.

Air interface encryption protects, Air interface encryption protects, control traffic, IDs as well as voice control traffic, IDs as well as voice and user traffic.and user traffic.

Key management comes without Key management comes without user overhead because of OTAR.user overhead because of OTAR.

Documents

TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization