TETRA Your Service

1
TETRA _at_ Your Service

• The Security mechanisms designed into TETRA a
  refresher
• How do you ensure the solution is secure?
• Jeppe Jepsen
• Motorola

2
Threats to communication and the threats to
security

• Message related threats
• interception, eavesdropping, masquerading,
  replay, manipulation of data
• User related threats
• traffic analysis, observability of user behaviour
• System related threats
• denial of service, jamming, unauthorized use of
  resources

3
Why TetraSchengenPolice Corporation
4
Key security features of TETRA

• Authentication
• Air Interface encryption
• End to end Encryption

5
Authentication
Authentication Centre
Session keys
Switch 1
Switch 2
Challenge and response from Switch
MS Authentication

• Authentication provides proof identity of all
  radios attempting use of the network.
• A session key system from a central
  authentication centre allows key storage
• Secret key need never be exposed
• Authentication process derives air interface key
  (TETRA standard)

6
What is Air Interface Encryption?

• First level encryption used to protect
  information over the Air Interface
• Typically software implementation
• AIE is System Wide
• 3 different Classes
• Class 1
• No Encryption, can include Authentication
• Class 2
• Static Cipher Key Encryption, can include
  Authentication
• Class 3
• Dynamic Cipher Key Encryption
• Requires Authentication

7
TETRA Air Interface Encryption

• Network fixed links are considered difficult to
  intercept.

Operational Information
8
Dimetra Air Interface Encryption

• Full Implementation of AIE
• Authentication
• Static Cipher Key
• Common Cipher Key
• Derived Cipher Key
• Group Cipher Key
• Modified Group Cipher Key
• TEA 1, 2, 3 and TEA 4 algorithms
• Authentication Centre
• Key Management Centre
• Key Loader for key distribution

9
Air Interface Encryption - the Keys
Clear audio
SCK, CCK and MGCK controlled by System Owner DCK
Generated through Authentication Process
10
The importance of Air Interface encryption

• Many threats other than eavesdropping
• traffic analysis, observance of user behaviour
• Strong authentication
• AI protects control channel messages as well as
  voice and data payloads
• encrypted registration protects ITSIs
• End to end encryption if used alone is much
  weaker (it only protects the payload)

11
Standardised end to end in TETRA

• Many organisations want their own algorithm
• Confidence in strength
• Better control over distribution
• ETSI Project TETRA provides standardised support
  for end to end Encryption
• To give TETRA standard alternative to proprietary
  offerings and technologies
• TETRA MoU Security and fraud Protection Group
• Provides detailed recommendation on how to
  implement end to end encryption in TETRA   
• Provides sample implementation using IDEA and
  AES128

12
Confidentiality Solutions Air interface
encryption

• Should provide security equivalent to the fixed
  network
• There are several issues of trust here
• Do I trust that the AIE has been implemented
  properly
• Do I trust the way that the network (or radio)
  stores keys
• Do I trust the fixed network itself
• A strong AIE implementation and an evaluated
  network can provide essential protection of
  information
• An untested implementation and network may need
  reinforcing, for example with end to end
  encryption

13
Processes for accreditation

• HANDLING PROCESSES
• Set Up Issues
• Getting from the Organization Chart to planning
  secure communications
• Getting the system setup properly
• Introducing new units and new secure
  communications groups
• Key Material Delivery Issues
• Getting the right encryption keys into the right
  radio
• Ensuring the security of key storage and
  distribution
• Accomplishing fast, efficient periodic rekeying
• Verifying readiness to communicate
• Avoiding interruptions of service
• Security Management Issues
• Dealing with compromised or lost units
• Integrating with key material distribution
  process
• Audit control, event archival, and maintaining
  rekeying history
• Controlling access to security management
  functions

• KEYLOAD PROCESS
• Protect National Security
• Key load in country of use
• Key load by security cleared nationals
• Remove keys from radios sent abroad for repair
• Key Load encrypted
• keys cannot be read while being programmed
• Customer Friendly
• Keys can be programmed In Vehicle ( away from
  secure area)
• Accurate
• Audit logs of key distribution
• In Country Key Generation
• Secure Storage

• CONNECTION PROCESSES
• Connected networks
• Security levels
• Assurance requirements
• Barriers
• Own operating procedures
• Virus protection

• PERSONNEL PROCESSES
• Ensure personnel are adequately cleared and
  trained
• Where do they live
• Criminal records
• Experience in secure environment
• Signed relevant agreements
• Procedures for security breaches

• REPORTING PROCESSES
• Stolen radio reporting
• Radio disabling procedures
• Radio key erasure procedures
• Intrusion detection reporting and response
• Attack detection and correlation

..and more.
14
Assuring your security solution

• Evaluation of solutions should be by a trusted
  independent body
• Who?
• Manufacturer?
• Vested interest
• Blindness to own weaknesses
• End user
• Do you have the skills?

15
Assuring your security solution

• Government
• Closest to own requirements and solutions
• Sets the rules as well as tests them
• Can lead to changing requirements as threats
  change
• Third party evaluation house
• Need to ensure you can trust them
• Proven capability, references, experience in the
  field
• Can have more bandwidth than government
• Typically evaluation of crypto solutions is
  undertaken by a government body, assurance of the
  rest of the network by a reputable company, but
  the accreditator has to be a member of the end
  user organisation
• Who else can be allowed to accept the risks?

16
And if you dont have this capability?

• Look for suppliers with track record and
  reputation
• Look for validations of an equivalent solution
  elsewhere
• Get some expert help on processes and procedures

17
Finally.cost

• Evaluation can be extremely expensive how to
  get best value for money?
• Stable requirements
• Understanding the context
• Strong implementations
• It can be cheaper to spend more putting in a
  strong solution than the evaluation cost of a
  cheap solution!

Proof for small lock
Proof for large lock
18
Does the government get good value?

• How much do you value national security?
• Do you understand the cost of security measures
  vs the cost of compromise?
• Can you afford to risk doing nothing?

19
Essentials of a secure system

• A strong standard
• A good implementation
• Experienced supplier
• Trusted evaluation

20
Example accreditation issue

• Your microwave link passes over a university with
  an MSc course in security

Switch Site
21
Security and Fraud Prevention Group a TETRA MoU
body

• REC 02 Framework for End to end Encryption and
  key Mangement
• REC 03 TETRA Threat Analysis
• REC 04 Implementation and use of TETRA Security
  Features

22
www.tetramou.comwww.etsi.orgwww.motorola.com/tet
raJeppe.Jepsen_at_Motorola.com
Thank You ?