Beruflich Dokumente
Kultur Dokumente
Brian Murgatroyd
UK Home Office
Agenda
Why security is important in TETRA systems
Overview of TETRA security features
Authentication
Air interface encryption
Key Management
Terminal Disabling
Using SIMs
End to End Encryption
Security Threats
What are the main threats to your system?
Confidentiality?
Availability?
Integrity?
eavesdropping
Confidentiality
masquerading
manipulation of data
changing messages
Replay
Integrity
traffic analysis
Confidentiality
getting intelligence from patterns of the traffic-frequencymessage lengths-message types
Confidentiality
examining where the traffic is observed - times of day-number
of users
Availability
jamming
Availability
Integrity
Security Classes
Class Authentication
Encryption
Other
Authentication
Used to ensure that terminal is genuine and
allowed on network.
Mutual authentication ensures that in
addition to verifying the terminal, the SwMI
can be trusted.
Authentication requires both SwMI and
terminal have proof of secret key.
Successful authentication permits further
security related functions to be
downloaded.
Authentication process
Mobile
Base station
Centre
K
Authentication
Random
Seed (RS)
TA11
KS
TA12
Result
RS
Rand
Rand
TA12
RS
TA11
Expected Result
Same?
KS
(Session key)
Result 1
KS
DCK1
DCK
RAND2
DCK2
KS
Result 2
DCK
GCK
CCK
SCK
BS
CCK
GCK
SCK
AI
MS
DCK
KSO
(GSKO)
CCK
MGCK
SCK
Encryption Process
Traffic
Key
Initialisation
Vector (IV)
Clear data in
A BC D E F G H I
Disabling of terminals
Vital to ensure the reduction of risk of
threats to system by stolen and lost
terminals
Relies on the integrity of the users to report
losses quickly and accurately.
May be achieved by removing subscription
and/or disabling terminal
Disabling may be either temporary or
permanent
Permanent disabling removes all keys
including (k)
Temporary disabling removes all traffic keys
but allows ambience listening
Conclusions
Security functions built in from the start!
User friendly and transparent key
management.
Air interface encryption protects control
traffic, IDs as well as voice and user traffic.
Key management comes without user
overhead because of OTAR.
Well developed end to end encryption for
users with very sensitive data to protect.