1 / 25

INTRODUCTION TO TETRA SECURITY

INTRODUCTION TO TETRA SECURITY. Brian Murgatroyd. Agenda. Why security is important in TETRA systems Overview of TETRA security features Authentication Air interface encryption Key Management Terminal Disabling End to End Encryption. Security Threats.

chesna
Download Presentation

INTRODUCTION TO TETRA SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. INTRODUCTION TO TETRA SECURITY Brian Murgatroyd TWC 2004 Vienna

  2. Agenda • Why security is important in TETRA systems • Overview of TETRA security features • Authentication • Air interface encryption • Key Management • Terminal Disabling • End to End Encryption TWC 2004 Vienna

  3. Security Threats • What are the main threats to your system? • Confidentiality? • Availability? • Integrity? TWC 2004 Vienna

  4. Message Related Threats • interception • by hostile government agencies Confidentiality • eavesdropping • by hackers, criminals, terrorists • masquerading • pretending to be legitimate user • manipulation of data. Integrity • changing messages • Replay • recording messages and replaying them later TWC 2004 Vienna

  5. User Related Threats • traffic analysis Confidentiality • getting intelligence from patterns of the traffic-frequency- message lengths-message types • observability of user behaviour. examining where the traffic is observed - times of day-number of users TWC 2004 Vienna

  6. System Related Threats • denial of service Availability • preventing the system working by attempting touse up capacity • jammingAvailability • Using RF energy to swamp receiver sites • unauthorized use of resources Integrity • Illicit use of telephony, interrogation of secure databases TWC 2004 Vienna

  7. Communications Security • Security is not just encryption! • Terminal Authentication • User logon/Authentication • Stolen Terminal Disabling • Key Management with minimum overhead • All the network must be secure, particularly with a managed system TWC 2004 Vienna

  8. TETRA Air Interface security functions • Authentication • TETRA has strong mutual authentication requiring knowledge of unique secret key • Encryption • Dynamic key encryption (class 3) • Static key encryption (class2) • Terminal Disabling • Secure temporary or permanent disable • Over the Air Re-keying (OTAR) • for managing large populations without user overhead • Aliasing/User logon • To allow association of user to terminal TWC 2004 Vienna

  9. Authentication • Used to ensure that terminal isgenuine and allowed on network. • Mutual authentication ensures that in addition to verifying the terminal, the SwMI can be trusted. • Authentication requires both SwMI and terminal have proof of secret key. • Successful authentication permits further security related functions to be downloaded. TWC 2004 Vienna

  10. User authentication (aliasing) • Second layer of security • Ensures the user is associated with terminal • User logon to network aliasing server • log on with Radio User Identity and PIN • Very limited functionality allowed prior to log on • Log on/off not associated with terminal registration • Could be used as access control for applications as well as to the Radio system TWC 2004 Vienna

  11. MS Switch EBTS Service Request False BTS Authentication • Strong mutual authentication used for proving the user/terminal is who he claims to be. • Only allows legitimate terminals on the network • Only allows the genuine network to be used by terminals • Uses Challenge- Response mechanism based on a unique secret key K stored in the terminal and in the Authentication Centre (AuC) • All MS’s must be properly authenticated prior to being granted access to the network • One of the outputs is the Derived Cipher Key used for Air Interface Encryption TWC 2004 Vienna

  12. Call Controller TETRA Authentication mapping to network elements Generate RS Authentication Centre (AuC) K known only to AuC and MS K RS TA11 KS K RS Generate RAND1 KS (Session key) RS (Random seed) TA11 KS RAND1 RS, RAND1 KS RAND1 RES1 TA12 DCK EBTS TA12 XRES1 DCK1 RES1 DCK1 Compare RES1 and XRES1 TWC 2004 Vienna

  13. Encryption Process Traffic Key (X)CK Key Stream Generator (TEA[x]) CN LA CC Combining algorithm (TB5) Key Stream Segments Initialisation Vector (IV) A B C D E F G H I q c y 4 M v # Q t Clear data in Encrypted data out TWC 2004 Vienna

  14. Air Interface traffic keys • Four traffic keys are used in class 3 systems:- • Derived cipher Key (DCK) • derived from authentication process used for protecting uplink, one to one calls • Common Cipher Key(CCK) • protects downlink group calls and ITSI on initial registration • Group Cipher Key(GCK) • Provides crypto separation, combined with CCK • Static Cipher Key(SCK) • Used for protecting DMO and TMO fallback mode TWC 2004 Vienna

  15. DMO Security Implicit Authentication Static Cipher keys No disabling TWC 2004 Vienna

  16. TMO SCK OTAR scheme TETRA Infrastructure • DMO SCKs must be distributed when terminals are operating in TMO. • In normal circumstances, terminals should return to TMO coverage within a key lifetime • A typical DMO SCK lifetime may be between 2 weeks and 6 months Key Management Centre TWC 2004 Vienna

  17. Group OTAR • OTAR to individuals is inefficient if same keys going to many terminals • Need to download to groups rather than individual terminals to save system capacity • Requirement for many different sets of keys in large multi-user network-GCKs and DMO SCKs • Ensure that the right terminal gets the right keys TWC 2004 Vienna

  18. Key Overlap scheme used for DMO SCKs • The scheme uses Past, Present and Future versions of an SCK. • System Rules • Terminals may only transmit on their Present version of the key. • Terminals may receive on any of the three versions of the key. • This scheme allows a one key period overlap. Transmit Past Present Future Receive TWC 2004 Vienna

  19. Disabling of terminals • Vital to ensure the reduction of risk of threats to system by stolen and lost terminals • Relies on the integrity of the users to report losses quickly and accurately. • May be achieved by removing subscription and/or disabling terminal • Disabling may be either temporary or permanent • Permanent disabling removes all keys including (k) • Temporary disabling removes all traffic keys but allows ambience listening TWC 2004 Vienna

  20. End to end encryption • Protects messages across an untrusted infrastructure • Provides enhanced confidentiality • Voice and SDS services • IP data services (soon) MS Network MS Air interface security between MS and network End-to-end security between MS’s TWC 2004 Vienna

  21. Features of End to End Encryption • Only protects the user payload (confidentiality protection) • Needs an additional synchronization vector • Requires a transparent network - no transcoding-All the bits encrypted at the transmitting end must be decrypted at the receiver • Will not work outside the TETRA domain • Key Management in User Domain • No need to trust network provider • frequent transmission of synchronization vector needed to ensure good late entry capability but as frame stealing is used this may impact slightly on voice quality. TWC 2004 Vienna

  22. End to end keys • Traffic encryption key(TEK). Three editions used in terminal to give key overlap. • Group Key encryption key(GEK) used to protection TEKs during OTAR. • Unique KEK(long life) used to protect GEKs during OTAR. • Signalling Encryption Keys (SEK) used optionally for control traffic TWC 2004 Vienna

  23. E2e Key Management Key Management System, GEK (y) [TEK]GEK(y) [GEK(y)]UKEK (x) Terminal:UKEK (x), GEK (y) TWC 2004 Vienna

  24. Benefits of end to end encryption with Air Interface encryption • Air interface (AI) encryption alone and end to end encryption alone both have their limitations • For most users AI security measures are completely adequate • Where either the network is untrusted, or the data is extremely sensitive then end to end encryption may be used in addition • Brings the benefit of encrypting addresses and signalling as well as user data across the Air Interface and confidentiality right across the network TWC 2004 Vienna

  25. Conclusions • Security functions built in from the start! • User friendly and transparent key management. • Air interface encryption protects, control traffic, IDs as well as voice and user traffic. • Key management comes without user overhead because of OTAR. TWC 2004 Vienna

More Related