TETRA Security - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

TETRA Security

Description:

Radio can authenticate the network in turn, protects against fake base stations' etc ... Both documents are restricted access requiring Non Disclosure Agreement ... – PowerPoint PPT presentation

Number of Views:104
Avg rating:3.0/5.0
Slides: 23
Provided by: tetr
Category:

less

Transcript and Presenter's Notes

Title: TETRA Security


1
TETRA Security
  • Security mechanisms in TETRA
  • and how to ensure that the
  • solution is secure
  • Jeppe Jepsen
  • Motorola

2
What we want to achieve with Security
  • Confidentiality
  • No one can eavesdrop on what we are saying
  • Authenticity
  • The people we are talking to are the right people
  • The wrong people cant try and join us
  • Integrity
  • The information gets there completely intact
  • Availability
  • Communications are possible where and when they
    are needed
  • Accountability (Non repudiation)
  • Whoever said something, cant deny it later

3
Threats to communication and the threats to
security
  • Message related threats
  • interception, eavesdropping, masquerading,
    replay, manipulation of data
  • User related threats
  • traffic analysis, observability of user behaviour
  • System related threats
  • denial of service, jamming, unauthorized use of
    resources

4
Key Functions of TETRA Security
  • TETRA has several security features allowing most
    customers security needs to be met in a cost
    efficient way.
  • Authentication - ensures only valid subscriber
    units have access to the system and subscribers
    will only try and access the authorized system
  • Air Interface Encryption protects all
    signalling, identity and traffic across the radio
    link
  • End-to-End Encryption - protects information as
    it passes through the system

5
Authentication
Authentication Centre
Challenge
Session keys
Calculated Response
Switch
Secret keys
Mutual Challenge
MS
Calculated Response
  • Authentication provides proof identity of all
    radios attempting use of the network
  • Radio can authenticate the network in turn,
    protects against fake base stations etc
  • A session key system from a central
    authentication centre allows highly secure key
    storage
  • Secret key need never be exposed
  • Authentication process derives air interface key
    (TETRA standard) automatic key changing!

6
Radio Security Provisioning And Key Storage
  • TETRA MoU SFPG Recommendation 01 provides a
    standardised format for importing authentication
    and other air interface encryption keys
  • Use of Recommendation 01 files will allow multi
    vendor terminal supply
  • Separation of logical key programming step from
    factory can allow all keys to be loaded in
    country
  • Meets national security requirements

SCK, GCK etc from national security authority
AuC
Standardised format Imports key material from any
vendor
TEI
Factory
TETRA SwMI
TEI
Key Programming
K
K, TEI
7
What is Air Interface Encryption?
  • First level encryption used to protect
    information over the Air Interface
  • Typically software implementation
  • Protects almost everything speech, data,
    signalling, identities
  • 3 different Classes
  • Class 1
  • No Encryption, can include Authentication
  • Class 2
  • Static Cipher Key Encryption, can include
    Authentication
  • Class 3
  • Dynamic Cipher Key Encryption
  • Individual Derived Cipher Key
  • Common Cipher Key
  • Group Cipher Key
  • Requires Authentication
  • Includes over the air key management protocols
  • Allows seamless key management

8
The purpose of Air Interface Encryption
  • Network fixed links are considered difficult to
    intercept.

Operational Information
9
Important properties of Air Interface encryption
  • Many threats other than eavesdropping
  • traffic analysis, observance of user behaviour
  • AIE protects control channel messages and
    identities as well as voice and data payloads
  • End to end encryption - if used alone - is
    insufficient (it only protects the voice payload)
  • Continuous authentication
  • Encryption key generated from authentication
    process
  • Encrypted registration protects ITSIs even at
    switch on
  • Security classes can be changed in operation
    essential for fallback measures if authentication
    cannot operate

10
End to end encryption in TETRA
  • ETSI Project TETRA provides standardised support
    for end to end Encryption
  • ETSI EN302109 contains specific end to end
    specification
  • Ensures TETRA provides a standard alternative to
    proprietary offerings and technologies
  • Ensures compatibility between infrastructures and
    terminals
  • Many organisations want their own algorithm
  • Confidence in strength
  • Better control over distribution
  • TETRA MoU Security and fraud Protection Group
  • Provides detailed recommendation on how to
    implement end to end encryption in TETRA
  • The result Standardisation and compatibility,
    with choice of algorithm
  • A big strength of TETRA

11
End To End Encryption Standardisation
  • TETRA MoU SFPG Recommendation 02
  • Framework for end to end encryption
  • Recommended synchronisation method for speech
    calls
  • Protocol for Over The Air Keying
  • Sample implementations including algorithm mode
    and key encryption for IDEA, and AES in progress
  • DOES NOT specify implementation can be
    implemented with module, software, SIM card etc..
  • DOES NOT provide module interface specification

12
Related Recommendations
  • TETRA MoU SFPG Recommendation 01
  • Key transfer specification
  • Currently being updated to include end to end
    encryption key import formats
  • TETRA MoU SFPG Recommendation 07
  • Short data service encryption
  • Currently being updated to reflect larger
    algorithm block sizes, e.g. 128 bits for AES
  • TETRA MoU SFPG Recommendation 08
  • Framework for dividing encryption functionality
    between a SIM (smartcard) and a radio
  • No defined bit level interface (export control
    issue)
  • TETRA MoU SFPG Recommendation 11
  • IP Packet data encryption
  • Work in process
  • Will provide a suitable means for high security
    packet data encryption, with commonality with
    voice encryption

13
Implementing TETRA security
  • TETRA security measures are by no means the
    complete picture
  • How well they are implemented and how the
    implementation is evaluated is critical
  • The rest of the network what else connects to
    TETRA is equally important
  • The operational process and procedures equally
    provide countermeasures to the threats

Link
Landline
14
Implementation considerations Air Interface
Encryption
  • AIE should provide security equivalent to the
    fixed network
  • There are several issues of trust here
  • Do I trust that the AIE has been implemented
    properly?
  • Does AIE always operate (during registration, in
    fallback modes etc)?
  • Do I trust the way that the network (or radio)
    stores keys?
  • Do I trust the fixed network itself or can
    someone break in?
  • A strong AIE implementation and an evaluated
    network can provide essential protection of
    information
  • An untested implementation and network may need
    reinforcing, for example with end to end
    encryption

15
Operational processes to consider
  • HANDLING PROCESSES
  • Set Up Issues
  • Getting from the Organization Chart to planning
    secure communications
  • Getting the system setup properly
  • Introducing new units and new secure
    communications groups
  • Key Material Delivery Issues
  • Getting the right encryption keys into the right
    radio
  • Ensuring the security of key storage and
    distribution
  • Accomplishing fast, efficient periodic rekeying
  • Verifying readiness to communicate
  • Avoiding interruptions of service
  • Security Management Issues
  • Dealing with compromised or lost units
  • Integrating with key material distribution
    process
  • Audit control, event archival, and maintaining
    rekeying history
  • Controlling access to security management
    functions
  • KEYLOAD PROCESS
  • Protect National Security
  • Key load in country of use
  • Key load by security cleared nationals
  • Remove keys from radios sent abroad for repair
  • Key Load encrypted
  • keys cannot be read while being programmed
  • Customer Friendly
  • Keys can be programmed In Vehicle ( away from
    secure area)
  • Accountability
  • Audit logs of key distribution
  • In Country Key Generation
  • Secure Storage
  • CONNECTION PROCESSES
  • Connected networks
  • Security levels
  • Assurance requirements
  • Barriers
  • Own operating procedures
  • Virus protection
  • PERSONNEL PROCESSES
  • Ensure personnel are adequately cleared and
    trained
  • Where do they live
  • Criminal records
  • Experience in secure environment
  • Signed relevant agreements
  • Procedures for security breaches
  • REPORTING PROCESSES
  • Stolen radio reporting
  • Radio disabling procedures
  • Radio key erasure procedures
  • Intrusion detection reporting and response
  • Attack detection and correlation

..and more.
16
Useful Recommendations
  • TETRA MoU SFPG Recommendation 03 TETRA threat
    analysis
  • Gives an idea of possible threats and
    countermeasures against a radio system
  • TETRA MoU SFPG Recommendation 04 Implementing
    TETRA security features
  • Provides guidance on how to design and configure
    a TETRA system
  • Both documents are restricted access requiring
    Non Disclosure Agreement with SFPG

17
Assuring your security solution
  • There are two important steps in assuring the
    security of the solution Evaluation and
    Accreditation
  • Evaluation of solutions should be by a trusted
    independent body
  • Technical analysis of design and implementation
  • Accreditation is the continual assessment of
    risks
  • Assessment of threats vs solutions
  • Procedural and technical solutions
  • Should be undertaken by end user representative

18
Maximising cost effectiveness
  • Evaluation can be extremely expensive how to
    get best value for money?
  • Establish the requirements in advance
  • as far as they are known security is always a
    changing requirement!
  • Look for suppliers with track record and
    reputation
  • Look for validations of an equivalent solution
    elsewhere
  • Consider expert help on processes and procedures

19
Summary The essentials of a secure system
  • A strong standard
  • A good implementation
  • Experienced supplier
  • Trusted evaluation
  • Continual assessment of threats and solutions

20
Security benefits in integrated system
  • Common security measures for all services
  • Government approved security measures rather than
    just commercial level security
  • No need for users to worry about which data
    service is security cleared for which application
  • The system availability and resilience are high
    for all services
  • Public data networks look attractive, but cannot
    provide the availability or the priority service
    levels
  • Single evaluation and common accreditation issues
    for entire network

21
What security level do you want?
  • TETRA Class 1
  • TETRA Class 2
  • TETRA Class 3
  • TETRA w/ E2E algoritm on Smart Card
  • TETRA w/ E2E SW algorithm in radio
  • TETRA w/ E2E hardware solution using AES128
  • TETRA w/ E2E hardware solution using own algorithm

TETRA is _at_ your Service
22
www.Tetramou.comwww.ETSI.orgwww.Motorola.com/Tet
raJeppe.Jepsen_at_Motorola.com
Thank You
Write a Comment
User Comments (0)
About PowerShow.com