INTRODUCTION TO TETRA SECURITY

1
INTRODUCTION TO TETRA SECURITY
Brian Murgatroyd
2
Agenda

• Why security is important in TETRA systems
• Overview of TETRA security features
• Authentication
• Air interface encryption
• Key Management
• Terminal Disabling
• End to End Encryption

3
Security Threats

• What are the main threats to your system?
• Confidentiality?
• Availability?
• Integrity?

4
Message Related Threats

• interception Confidentiality
• by hostile government agencies
• eavesdropping
• by hackers, criminals, terrorists
• masquerading
• pretending to be legitimate user
• manipulation of data. Integrity
• changing messages
• Replay
• recording messages and replaying them later

5
User Related Threats

• traffic analysis Confidentiality
• getting intelligence from patterns of the
  traffic-frequency- message lengths-message types
• observability of user behaviour. Confidentiality
• examining where the traffic is observed - times
  of day-number of users

6
System Related Threats

• denial of service Availability
• preventing the system working by attempting to
  use up capacity
• jamming Availability
• Using RF energy to swamp receiver sites
• unauthorized use of resources Integrity
• Illicit use of telephony, interrogation of secure
  databases

7
TETRA Air Interface security functions

• Authentication
• TETRA has strong mutual authentication requiring
  knowledge of secret key
• Encryption
• Dynamic key encryption (class 3)
• Static key encryption (class2)
• Terminal Disabling
• Secure temporary or permanent disable
• Over the Air Re-keying (OTAR)
• for managing large populations without user
  overhead
• Aliasing/User logon
• To allow association of user to terminal

8
User authentication (aliasing)

• Second layer of security
• Ensures the user is associated with terminal
• User logon to network aliasing server
• log on with Radio User Identity and PIN
• Very limited functionality allowed prior to log
  on
• Log on/off not associated with terminal
  registration
• Could be used as access control for applications
  as well as to the Radio system

9
Security Classes

• Class Authentication Encryption Other
• 1 Optional None -
• 2 Optional Static ESI
• 3 Mandatory Dynamic ESI

10
Authentication

• Used to ensure that terminal is genuine and
  allowed on network.
• Mutual authentication ensures that in addition to
  verifying the terminal, the SwMI can be trusted.
• Authentication requires both SwMI and terminal
  have proof of secret key.
• Successful authentication permits further
  security related functions to be downloaded.

11
Authentication process
Mobile Base station Authentication
Centre
K
K
Random Seed (RS)
RS Rand
TA11
Rand
KS
RS
TA12
TA12
TA11
KS
Expected Result
(Session key)
Same?
Result
12
Deriving DCK from mutual authentication
Infrastructure-MS authentication
DCK1
DCK
TB4
MS-Infrastructure authentication
DCK2
13
Encryption Process
Key Stream Generator (TEAx)
Traffic Key
CN LA CC
Combining algorithm (TB5)
Key Stream Segments
Initialisation Vector (IV)
Clear data in
Encrypted data out
A
B
C
D
E
F
G
H
q
c
I
y
4
M
v

Q
t
Modulo 2 addition (XOR)
14
Air Interface traffic keys

• Four traffic keys are used in class 3 systems-
• Derived cipher Key (DCK)
• derived from authentication process used for
  protecting uplink, one to one calls
• Common Cipher Key(CCK)
• protects downlink group calls and ITSI on initial
  registration
• Group Cipher Key(GCK)
• Provides crypto separation, combined with CCK
• Static Cipher Key(SCK)
• Used for protecting DMO and TMO fallback mode

15
DMO Security
Implicit Authentication Static Cipher keys No
disabling
16
TMO SCK OTAR scheme
TETRA Infrastructure
Key Management Centre

• DMO SCKs must be distributed when terminals are
  operating in TMO.
• In normal circumstances, terminals should return
  to TMO coverage within a key lifetime
• A typical DMO SCK lifetime may be between 2 weeks
  and 6 months

17
Key Overlap scheme used for DMO SCKs
Transmit
Past
Present
Future
Receive

• The scheme uses Past, Present and Future versions
  of an SCK.
• System Rules
• Terminals may only transmit on their Present
  version of the key.
• Terminals may receive on any of the three
  versions of the key.
• This scheme allows a one key period overlap.

18
Disabling of terminals

• Vital to ensure the reduction of risk of threats
  to system by stolen and lost terminals
• Relies on the integrity of the users to report
  losses quickly and accurately.
• May be achieved by removing subscription and/or
  disabling terminal
• Disabling may be either temporary or permanent
• Permanent disabling removes all keys including
  (k)
• Temporary disabling removes all traffic keys but
  allows ambience listening

19
End to end encryption

• Protects messages across an untrusted
  infrastructure
• Provides enhanced confidentiality
• Voice and SDS services
• IP data services (soon)

Network
MS
MS
Air interface security between MS and network
End-to-end security between MSs
20
End to end encryption features

• Additional synchronization carried in stolen half
  frames
• Standard algorithms available or national
  solutions
• Key Management in User Domain

21
Limitations of End to End Encryption

• Only protects the user payload (confidentiality
  protection)
• Requires a transparent network - no
  transcoding-All the bits encrypted at the
  transmitting end must be decrypted at the
  receiver
• Will not work outside the TETRA domain
• frequent transmission of synchronization vector
  needs to ensure good late entry capability but as
  frame stealing is used this may impact slightly
  on voice quality.

22
End to end keys

• Traffic encryption key(TEK). Three editions used
  in terminal to give key overlap.
• Group Key encryption key(GEK) used to protection
  TEKs during OTAR.
• Unique KEK(long life) used to protect GEKs during
  OTAR.
• Signalling Encryption Keys (SEK) used optionally
  for control traffic

23
Benefits of end to end encryption with Air
Interface encryption

• Air interface (AI) encryption alone and end to
  end encryption alone both have their limitations
• For most users AI security measures are
  completely adequate
• Where either the network is untrusted, or the
  data is extremely sensitive then end to end
  encryption may be used in addition
• Brings the benefit of encrypting addresses and
  signalling as well as user data across the Air
  Interface and confidentiality right across the
  network

24
Conclusions

• Security functions built in from the start!
• User friendly and transparent key management.
• Air interface encryption protects control
  traffic, IDs as well as voice and user traffic.
• Key management comes without user overhead
  because of OTAR.