TETRA SECURITY

1
TETRA SECURITY

• Brian Murgatroyd
• UK Home Office

2
Agenda

• Why security is important in TETRA systems
• Overview of TETRA security features
• Authentication
• Air interface encryption
• Key Management
• Terminal Disabling
• Using SIMs
• End to End Encryption

3
Security Threats

• What are the main threats to your system?
• Confidentiality?
• Availability?
• Integrity?

4
Message Related Threats

• interception
• by hostile government agencies
• eavesdropping
• by hackers, criminals, terrorists
  Confidentiality
• masquerading
• pretending to be legitimate user
• manipulation of data Integrity
• changing messages
• Replay
• recording messages and replaying them later

5
User Related Threats

• traffic analysis Confidentiality
• getting intelligence from patterns of the
  traffic-frequency- message lengths-message types
• observability of user behaviour Confidentiality
• examining where the traffic is observed - times
  of day-number of users

6
System Related Threats

• denial of service Availability
• preventing the system working by attempting to
  use up capacity
• jamming Availability
• Using RF energy to swamp receiver sites
• unauthorized use of resources Integrity
• Illicit use of telephony, interrogation of secure
  databases

7
TETRA Security features

• Authentication
• Air Interface encryption
• Temporary /permanent disabling
• Aliasing/User logon
• Ambience listening
• Discrete Listening
• Lawful Interception

8
Security Classes

• Class Authentication Encryption Other
• 1 Optional None -
• 2 Optional Static ESI
• 3 Mandatory Dynamic ESI

9
Authentication

• Used to ensure that terminal is genuine and
  allowed on network.
• Mutual authentication ensures that in addition to
  verifying the terminal, the SwMI can be trusted.
• Authentication requires both SwMI and terminal
  have proof of secret key.
• Successful authentication permits further
  security related functions to be downloaded.

10
Authentication process
Mobile Base station Authentication Centre
K
Random Seed (RS)
K
RS Rand
TA11
KS
Rand
RS
TA12
TA12
TA11
KS
(Session key)
Expected Result
Result
Same?
11
Deriving DCK from mutual authentication
Result 1
RAND1
KS
DCK1
DCK
DCK2
RAND2
KS
Result 2
12
Air Interface keys

• Four traffic keys are used in class 3 systems-
• Derived cipher Key (DCK)
• derived from authentication process used for
  protecting uplink, one to one calls
• Common Cipher Key(CCK)
• protect downlink group calls and ITSI on initial
  registration
• Group Cipher Key(GCK)
• Provides crypto separation, combined with CCK
• Static Cipher Key(SCK)
• Used for protecting DMO and TMO fallback mode

13
Over the Air Re-Keying (OTAR)
KSO (GSKO)
DCK
GCK
SCK
CCK
BS
SCK
AI
CCK
GCK
MS
DCK
KSO (GSKO)
MGCK
SCK
CCK
14
Encryption Process
Key Stream Generator (TEAx)
Traffic Key
Key Stream
Initialisation Vector (IV)
Clear data in
Encrypted data out
q
c
A
B
C
D
E
F
G
H
I
y
4
M
v

Q
t
Modulo 2 addition (XOR)
15
Disabling of terminals

• Vital to ensure the reduction of risk of threats
  to system by stolen and lost terminals
• Relies on the integrity of the users to report
  losses quickly and accurately.
• May be achieved by removing subscription and/or
  disabling terminal
• Disabling may be either temporary or permanent
• Permanent disabling removes all keys including
  (k)
• Temporary disabling removes all traffic keys but
  allows ambience listening

16
Security and SIMs

• Many second generation terminals may use SIMs
• SIM contains all personalization information
• Secret key(k) and ITSI must be on SIM if
  complete SIM mobility required.
• Design must be able to prevent the secret key (k)
  and traffic keys being extracted
• May be possible to only have talkgroup and
  phonebook information on SIM (leave ITSI/K in
  terminal)

17
End to End Encryption
18
End to end encryption features

• No need to trust infrastructure- no intermediate
  decoding.
• Additional synchronization carried in stolen half
  frames
• Standard algorithms available or national
  solutions
• Local Key Management Centres managed by User
• Keys received from national COMSEC authority
  (depending on National policy)

19
End to end keys

• Traffic encryption key(TEK). Three editions used
  in terminal to give key overlap.
• Group Key encryption key(GEK) used to protection
  TEKs during OTAR.
• Unique KEK(long life) used to protect GEKs during
  OTAR.
• Signalling Encryption Keys (SEK) used optionally
  for control traffic

20
Conclusions

• Security functions built in from the start!
• User friendly and transparent key management.
• Air interface encryption protects control
  traffic, IDs as well as voice and user traffic.
• Key management comes without user overhead
  because of OTAR.
• Well developed end to end encryption for users
  with very sensitive data to protect.