Title: TETRA Your Service
1TETRA _at_ Your Service
- The Security mechanisms designed into TETRA a
refresher - How do you ensure the solution is secure?
- Jeppe Jepsen
- Motorola
2Threats to communication and the threats to
security
- Message related threats
- interception, eavesdropping, masquerading,
replay, manipulation of data - User related threats
- traffic analysis, observability of user behaviour
- System related threats
- denial of service, jamming, unauthorized use of
resources
3Why TetraSchengenPolice Corporation
4Key security features of TETRA
- Authentication
- Air Interface encryption
- End to end Encryption
5Authentication
Authentication Centre
Session keys
Switch 1
Switch 2
Challenge and response from Switch
MS Authentication
- Authentication provides proof identity of all
radios attempting use of the network. - A session key system from a central
authentication centre allows key storage - Secret key need never be exposed
- Authentication process derives air interface key
(TETRA standard)
6What is Air Interface Encryption?
- First level encryption used to protect
information over the Air Interface - Typically software implementation
- AIE is System Wide
- 3 different Classes
- Class 1
- No Encryption, can include Authentication
- Class 2
- Static Cipher Key Encryption, can include
Authentication - Class 3
- Dynamic Cipher Key Encryption
- Requires Authentication
7TETRA Air Interface Encryption
- Network fixed links are considered difficult to
intercept.
Operational Information
8Dimetra Air Interface Encryption
- Full Implementation of AIE
- Authentication
- Static Cipher Key
- Common Cipher Key
- Derived Cipher Key
- Group Cipher Key
- Modified Group Cipher Key
- TEA 1, 2, 3 and TEA 4 algorithms
- Authentication Centre
- Key Management Centre
- Key Loader for key distribution
9Air Interface Encryption - the Keys
Clear audio
SCK, CCK and MGCK controlled by System Owner DCK
Generated through Authentication Process
10The importance of Air Interface encryption
- Many threats other than eavesdropping
- traffic analysis, observance of user behaviour
- Strong authentication
- AI protects control channel messages as well as
voice and data payloads - encrypted registration protects ITSIs
- End to end encryption if used alone is much
weaker (it only protects the payload)
11Standardised end to end in TETRA
- Many organisations want their own algorithm
- Confidence in strength
- Better control over distribution
- ETSI Project TETRA provides standardised support
for end to end Encryption - To give TETRA standard alternative to proprietary
offerings and technologies - TETRA MoU Security and fraud Protection Group
- Provides detailed recommendation on how to
implement end to end encryption in TETRA - Provides sample implementation using IDEA and
AES128
12Confidentiality Solutions Air interface
encryption
- Should provide security equivalent to the fixed
network - There are several issues of trust here
- Do I trust that the AIE has been implemented
properly - Do I trust the way that the network (or radio)
stores keys - Do I trust the fixed network itself
- A strong AIE implementation and an evaluated
network can provide essential protection of
information - An untested implementation and network may need
reinforcing, for example with end to end
encryption
13Processes for accreditation
- HANDLING PROCESSES
- Set Up Issues
- Getting from the Organization Chart to planning
secure communications - Getting the system setup properly
- Introducing new units and new secure
communications groups - Key Material Delivery Issues
- Getting the right encryption keys into the right
radio - Ensuring the security of key storage and
distribution - Accomplishing fast, efficient periodic rekeying
- Verifying readiness to communicate
- Avoiding interruptions of service
- Security Management Issues
- Dealing with compromised or lost units
- Integrating with key material distribution
process - Audit control, event archival, and maintaining
rekeying history - Controlling access to security management
functions
- KEYLOAD PROCESS
- Protect National Security
- Key load in country of use
- Key load by security cleared nationals
- Remove keys from radios sent abroad for repair
- Key Load encrypted
- keys cannot be read while being programmed
- Customer Friendly
- Keys can be programmed In Vehicle ( away from
secure area) - Accurate
- Audit logs of key distribution
- In Country Key Generation
- Secure Storage
- CONNECTION PROCESSES
- Connected networks
- Security levels
- Assurance requirements
- Barriers
- Own operating procedures
- Virus protection
- PERSONNEL PROCESSES
- Ensure personnel are adequately cleared and
trained - Where do they live
- Criminal records
- Experience in secure environment
- Signed relevant agreements
- Procedures for security breaches
- REPORTING PROCESSES
- Stolen radio reporting
- Radio disabling procedures
- Radio key erasure procedures
- Intrusion detection reporting and response
- Attack detection and correlation
..and more.
14Assuring your security solution
- Evaluation of solutions should be by a trusted
independent body - Who?
- Manufacturer?
- Vested interest
- Blindness to own weaknesses
- End user
- Do you have the skills?
15Assuring your security solution
- Government
- Closest to own requirements and solutions
- Sets the rules as well as tests them
- Can lead to changing requirements as threats
change - Third party evaluation house
- Need to ensure you can trust them
- Proven capability, references, experience in the
field - Can have more bandwidth than government
- Typically evaluation of crypto solutions is
undertaken by a government body, assurance of the
rest of the network by a reputable company, but
the accreditator has to be a member of the end
user organisation - Who else can be allowed to accept the risks?
16And if you dont have this capability?
- Look for suppliers with track record and
reputation - Look for validations of an equivalent solution
elsewhere - Get some expert help on processes and procedures
17Finally.cost
- Evaluation can be extremely expensive how to
get best value for money? - Stable requirements
- Understanding the context
- Strong implementations
- It can be cheaper to spend more putting in a
strong solution than the evaluation cost of a
cheap solution!
Proof for small lock
Proof for large lock
18Does the government get good value?
- How much do you value national security?
- Do you understand the cost of security measures
vs the cost of compromise? - Can you afford to risk doing nothing?
19Essentials of a secure system
- A strong standard
- A good implementation
- Experienced supplier
- Trusted evaluation
20Example accreditation issue
- Your microwave link passes over a university with
an MSc course in security
Switch Site
21Security and Fraud Prevention Group a TETRA MoU
body
- REC 02 Framework for End to end Encryption and
key Mangement - REC 03 TETRA Threat Analysis
- REC 04 Implementation and use of TETRA Security
Features
22www.tetramou.comwww.etsi.orgwww.motorola.com/tet
raJeppe.Jepsen_at_Motorola.com
Thank You ?