INTRODUCTION TO TETRA SECURITY - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

INTRODUCTION TO TETRA SECURITY

Description:

TWC 2005 Frankfurt. 1. INTRODUCTION TO TETRA SECURITY. Brian Murgatroyd. UK Police IT Organization ... TWC 2005 Frankfurt. 9. Authentication ... – PowerPoint PPT presentation

Number of Views:590
Avg rating:3.0/5.0
Slides: 21
Provided by: tetr
Category:

less

Transcript and Presenter's Notes

Title: INTRODUCTION TO TETRA SECURITY


1
INTRODUCTION TO TETRA SECURITY
Brian Murgatroyd UK Police IT Organization
2
Agenda
  • Threats to systems
  • Network Security
  • Overview of standard TETRA security features
  • Authentication
  • Air interface encryption
  • Key Management
  • Terminal Disabling
  • DMO security
  • End to End Encryption

3
Security Threats
  • What are the main threats to your system?
  • Confidentiality?
  • Availability?
  • Integrity?

4
Message and User Related Threats
  • Message threats
  • Interception
  • Eavesdropping
  • Masquerading
  • Manipulation of data.
  • Replay
  • User related threats
  • traffic analysis
  • observability of user behaviour.

5
System Related Threats
6
Network Security
IT security is vital in TETRA networks Gateways
are particularly vulnerable. Operating staff need
vetting
7
TETRA Communications Security
  • Security is not just encryption!
  • Terminal Authentication
  • User logon/Authentication
  • Stolen Terminal Disabling
  • Key Management with minimum overhead
  • All the network must be secure, particularly with
    a managed system

8
User authentication (aliasing)
  • Second layer of security
  • Ensures the user is associated with terminal
  • User logon to network aliasing server
  • log on with Radio User Identity and PIN
  • Very limited functionality allowed prior to log
    on
  • Log on/off not associated with terminal
    registration
  • Could be used as access control for applications
    as well as to the Radio system

9
Authentication
  • Used to ensure that terminal is genuine and
    allowed on network.
  • Mutual authentication ensures that in addition to
    verifying the terminal, the SwMI can be trusted.
  • Authentication requires both SwMI and terminal
    have proof of secret key.
  • Successful authentication permits further
    security related functions to be downloaded.

10
Authentication
Generate RS
Authentication Centre (AuC)
K known only to AuC and MS
K
RS
TA11
KS
K
RS
Generate RAND1
KS (Session key) RS (Random seed)
TA11
KS
RAND1
RS, RAND1
KS
RAND1
RES1
TA12
DCK
EBTS
TA12
XRES1
DCK1
Compare RES1 and XRES1
RES1
DCK1
11
Encryption Process
Traffic Key (X)CK
Key Stream Generator (TEAx)
CN LA CC
Combining algorithm (TB5)
Key Stream Segments
Initialization Vector (IV)
A
B
C
D
E
F
G
H
q
c
I
y
4
M
v

Q
t
Clear data in
Encrypted data out
12
Air Interface traffic keys
  • Four traffic keys are used in class 3 systems-
  • Derived cipher Key (DCK)
  • derived from authentication process used for
    protecting uplink, one to one calls
  • Common Cipher Key(CCK)
  • protects downlink group calls and ITSI on initial
    registration
  • Group Cipher Key(GCK)
  • Provides crypto separation, combined with CCK
  • Static Cipher Key(SCK)
  • Used for protecting DMO and TMO fallback mode

13
DMO Security
Implicit Authentication Static Cipher keys No
disabling
14
TMO SCK OTAR scheme
SwMI
Key Management Centre
15
Key Overlap scheme used for DMO SCKs
Transmit
Past
Present
Future
Receive
  • The scheme uses Past, Present and Future versions
    of an SCK.
  • System Rules
  • Terminals may only transmit on their Present
    version of the key.
  • Terminals may receive on any of the three
    versions of the key.
  • This scheme allows a one key period overlap.

16
Disabling of terminals
  • Vital to ensure the reduction of risk of threats
    to system by stolen and lost terminals
  • Relies on the integrity of the users to report
    losses quickly and accurately.
  • Disabling may be either temporary or permanent
  • Permanent disabling removes all keys including
    (k)
  • Temporary disabling removes all traffic keys but
    allows ambience listening

17
End to end encryption
  • Protects messages across an untrusted
    infrastructure
  • Provides enhanced confidentiality
  • Voice and SDS services
  • IP data services (soon)

Network
MS
MS
Air interface security between MS and network
End-to-end security between MSs
18
Key management for end to end encryption
19
Benefits of end to end encryption in combination
with Air Interface encryption
  • Air interface (AI) encryption alone and end to
    end encryption alone both have their limitations
  • For most users AI security measures are
    completely adequate
  • Where either the network is untrusted, or the
    data is extremely sensitive then end to end
    encryption may be used in addition
  • Brings the benefit of encrypting addresses and
    signalling as well as user data across the Air
    Interface and confidentiality right across the
    network

20
Conclusions
  • Security functions built in to TETRA from the
    start!
  • User friendly and transparent key management.
  • Air interface encryption protects, control
    traffic, IDs as well as voice and user traffic.
  • Key management comes without user overhead
    because of OTAR.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "INTRODUCTION TO TETRA SECURITY" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!