INTRODUCTION TO TETRA SECURITY

1
INTRODUCTION TO TETRA SECURITY
Brian Murgatroyd
2
Agenda

• Why security is important in TETRA systems
• Overview of TETRA security features
• Authentication
• Air interface encryption
• Key Management
• Terminal Disabling
• End to End Encryption

3
Security Threats

• What are the main threats to your system?
• Confidentiality?
• Availability?
• Integrity?

4
Message Related Threats

• interception
• by hostile government agencies Confidentiality
• eavesdropping
• by hackers, criminals, terrorists
• masquerading
• pretending to be legitimate user
• manipulation of data. Integrity
• changing messages
• Replay
• recording messages and replaying them later

5
User Related Threats

• traffic analysis Confidentiality
• getting intelligence from patterns of the
  traffic-frequency- message lengths-message types
• observability of user behaviour. examining
  where the traffic is observed - times of
  day-number of users

6
System Related Threats

• denial of service Availability
• preventing the system working by attempting to
  use up capacity
• jamming Availability
• Using RF energy to swamp receiver sites
• unauthorized use of resources Integrity
• Illicit use of telephony, interrogation of secure
  databases

7
Communications Security

• Security is not just encryption!
• Terminal Authentication
• User logon/Authentication
• Stolen Terminal Disabling
• Key Management with minimum overhead
• All the network must be secure, particularly with
  a managed system

8
TETRA Air Interface security functions

• Authentication
• TETRA has strong mutual authentication requiring
  knowledge of unique secret key
• Encryption
• Dynamic key encryption (class 3)
• Static key encryption (class2)
• Terminal Disabling
• Secure temporary or permanent disable
• Over the Air Re-keying (OTAR)
• for managing large populations without user
  overhead
• Aliasing/User logon
• To allow association of user to terminal

9
Authentication

• Used to ensure that terminal is genuine and
  allowed on network.
• Mutual authentication ensures that in addition to
  verifying the terminal, the SwMI can be trusted.
• Authentication requires both SwMI and terminal
  have proof of secret key.
• Successful authentication permits further
  security related functions to be downloaded.

10
User authentication (aliasing)

• Second layer of security
• Ensures the user is associated with terminal
• User logon to network aliasing server
• log on with Radio User Identity and PIN
• Very limited functionality allowed prior to log
  on
• Log on/off not associated with terminal
  registration
• Could be used as access control for applications
  as well as to the Radio system

11
Authentication

• Strong mutual authentication used for proving the
  user/terminal is who he claims to be.
• Only allows legitimate terminals on the network
• Only allows the genuine network to be used by
  terminals
• Uses Challenge- Response mechanism based on a
  unique secret key K stored in the terminal and in
  the Authentication Centre (AuC)
• All MSs must be properly authenticated prior to
  being granted access to the network
• One of the outputs is the Derived Cipher Key used
  for Air Interface Encryption

12
TETRA Authentication mapping to network elements
Generate RS
Authentication Centre (AuC)
K known only to AuC and MS
K
RS
TA11
KS
K
RS
Generate RAND1
KS (Session key) RS (Random seed)
TA11
KS
RAND1
RS, RAND1
KS
RAND1
RES1
TA12
DCK
EBTS
TA12
XRES1
DCK1
Compare RES1 and XRES1
RES1
DCK1
13
Encryption Process
Traffic Key (X)CK
Key Stream Generator (TEAx)
CN LA CC
Combining algorithm (TB5)
Key Stream Segments
Initialisation Vector (IV)
A
B
C
D
E
F
G
H
q
c
I
y
4
M
v

Q
t
Clear data in
Encrypted data out
14
Air Interface traffic keys

• Four traffic keys are used in class 3 systems-
• Derived cipher Key (DCK)
• derived from authentication process used for
  protecting uplink, one to one calls
• Common Cipher Key(CCK)
• protects downlink group calls and ITSI on initial
  registration
• Group Cipher Key(GCK)
• Provides crypto separation, combined with CCK
• Static Cipher Key(SCK)
• Used for protecting DMO and TMO fallback mode

15
DMO Security
Implicit Authentication Static Cipher keys No
disabling
16
TMO SCK OTAR scheme
TETRA Infrastructure
Key Management Centre

• DMO SCKs must be distributed when terminals are
  operating in TMO.
• In normal circumstances, terminals should return
  to TMO coverage within a key lifetime
• A typical DMO SCK lifetime may be between 2 weeks
  and 6 months

17
Group OTAR

• OTAR to individuals is inefficient if same keys
  going to many terminals
• Need to download to groups rather than individual
  terminals to save system capacity
• Requirement for many different sets of keys in
  large multi-user network-GCKs and DMO SCKs
• Ensure that the right terminal gets the right keys

18
Key Overlap scheme used for DMO SCKs
Transmit
Past
Present
Future
Receive

• The scheme uses Past, Present and Future versions
  of an SCK.
• System Rules
• Terminals may only transmit on their Present
  version of the key.
• Terminals may receive on any of the three
  versions of the key.
• This scheme allows a one key period overlap.

19
Disabling of terminals

• Vital to ensure the reduction of risk of threats
  to system by stolen and lost terminals
• Relies on the integrity of the users to report
  losses quickly and accurately.
• May be achieved by removing subscription and/or
  disabling terminal
• Disabling may be either temporary or permanent
• Permanent disabling removes all keys including
  (k)
• Temporary disabling removes all traffic keys but
  allows ambience listening

20
End to end encryption

• Protects messages across an untrusted
  infrastructure
• Provides enhanced confidentiality
• Voice and SDS services
• IP data services (soon)

Network
MS
MS
Air interface security between MS and network
End-to-end security between MSs
21
Features of End to End Encryption

• Only protects the user payload (confidentiality
  protection)
• Needs an additional synchronization vector
• Requires a transparent network - no
  transcoding-All the bits encrypted at the
  transmitting end must be decrypted at the
  receiver
• Will not work outside the TETRA domain
• Key Management in User Domain
• No need to trust network provider
• frequent transmission of synchronization vector
  needed to ensure good late entry capability but
  as frame stealing is used this may impact
  slightly on voice quality.

22
End to end keys

• Traffic encryption key(TEK). Three editions used
  in terminal to give key overlap.
• Group Key encryption key(GEK) used to protection
  TEKs during OTAR.
• Unique KEK(long life) used to protect GEKs during
  OTAR.
• Signalling Encryption Keys (SEK) used optionally
  for control traffic

23
E2e Key Management
Key Management System, GEK (y)
TEKGEK(y)
GEK(y)UKEK (x)
TerminalUKEK (x), GEK (y)
24
Benefits of end to end encryption with Air
Interface encryption

• Air interface (AI) encryption alone and end to
  end encryption alone both have their limitations
• For most users AI security measures are
  completely adequate
• Where either the network is untrusted, or the
  data is extremely sensitive then end to end
  encryption may be used in addition
• Brings the benefit of encrypting addresses and
  signalling as well as user data across the Air
  Interface and confidentiality right across the
  network

25
Conclusions

• Security functions built in from the start!
• User friendly and transparent key management.
• Air interface encryption protects, control
  traffic, IDs as well as voice and user traffic.
• Key management comes without user overhead
  because of OTAR.