250 likes | 688 Views
TETRA SECURITY. Brian Murgatroyd UK Home Office. Agenda. Why security is important in TETRA systems Overview of TETRA security features Authentication Air interface encryption Key Management Terminal Disabling Using SIM’s End to End Encryption. Security Threats.
E N D
TETRA SECURITY Brian Murgatroyd UK Home Office
Agenda • Why security is important in TETRA systems • Overview of TETRA security features • Authentication • Air interface encryption • Key Management • Terminal Disabling • Using SIM’s • End to End Encryption
Security Threats • What are the main threats to your system? • Confidentiality? • Availability? • Integrity?
Message Related Threats • interception • by hostile government agencies • eavesdropping • by hackers, criminals, terroristsConfidentiality • masquerading • pretending to be legitimate user • manipulation of dataIntegrity • changing messages • Replay • recording messages and replaying them later
User Related Threats • traffic analysis Confidentiality • getting intelligence from patterns of the traffic-frequency- message lengths-message types • observability of user behaviour Confidentiality • examining where the traffic is observed - times of day-number of users
System Related Threats • denial of service Availability • preventing the system working by attempting to use up capacity • jamming Availability • Using RF energy to swamp receiver sites • unauthorized use of resources Integrity • Illicit use of telephony, interrogation of secure databases
TETRA Security features • Authentication • Air Interface encryption • Temporary /permanent disabling • Aliasing/User logon • Ambience listening • Discrete Listening • Lawful Interception
Security Classes Class Authentication Encryption Other 1 Optional None - 2 Optional Static ESI 3 Mandatory Dynamic ESI
Authentication • Used to ensure that terminal is genuine and allowed on network. • Mutual authentication ensures that in addition to verifying the terminal, the SwMI can be trusted. • Authentication requires both SwMI and terminal have proof of secret key. • Successful authentication permits further security related functions to be downloaded.
Authentication process Mobile Base station Authentication Centre K Random Seed (RS) K RS Rand TA11 KS Rand RS TA12 TA12 TA11 KS (Session key) Expected Result Result Same?
Deriving DCK from mutual authentication Result 1 RAND1 KS DCK1 DCK RAND2 DCK2 KS’ Result 2
Air Interface keys • Four traffic keys are used in class 3 systems:- • Derived cipher Key (DCK) • derived from authentication process used for protecting uplink, one to one calls • Common Cipher Key(CCK) • protect downlink group calls and ITSI on initial registration • Group Cipher Key(GCK) • Provides crypto separation, combined with CCK • Static Cipher Key(SCK) • Used for protecting DMO and TMO fallback mode
Over the Air Re-Keying (OTAR) KSO (GSKO) DCK GCK SCK CCK BS SCK AI CCK GCK MS DCK KSO (GSKO) MGCK SCK CCK
Encryption Process Key Stream Generator (TEA[x]) Traffic Key Key Stream Initialisation Vector (IV) Clear data in Encrypted data out q c A B C D E F G H I y 4 M v # Q t Modulo 2 addition (XOR)
Disabling of terminals • Vital to ensure the reduction of risk of threats to system by stolen and lost terminals • Relies on the integrity of the users to report losses quickly and accurately. • May be achieved by removing subscription and/or disabling terminal • Disabling may be either temporary or permanent • Permanent disabling removes all keys including (k) • Temporary disabling removes all traffic keys but allows ambience listening
Security and SIMs • Many second generation terminals may use SIMs • SIM contains all personalization information • Secret key(k) and ITSI must be on SIM if complete SIM mobility required. • Design must be able to prevent the secret key (k) and traffic keys being extracted • May be possible to only have talkgroup and phonebook information on SIM (leave ITSI/K in terminal)
End to end encryption features • No need to trust infrastructure- no intermediate decoding. • Additional synchronization carried in stolen half frames • Standard algorithms available or national solutions • Local Key Management Centres managed by User • Keys received from national COMSEC authority (depending on National policy)
End to end keys • Traffic encryption key(TEK). Three editions used in terminal to give key overlap. • Group Key encryption key(GEK) used to protection TEKs during OTAR. • Unique KEK(long life) used to protect GEKs during OTAR. • Signalling Encryption Keys (SEK) used optionally for control traffic
Conclusions • Security functions built in from the start! • User friendly and transparent key management. • Air interface encryption protects control traffic, IDs as well as voice and user traffic. • Key management comes without user overhead because of OTAR. • Well developed end to end encryption for users with very sensitive data to protect.