TETRA Security

1
TETRA Security

• Security mechanisms in TETRA
• and how to ensure that the
• solution is secure
• from TETRA 1 through to TETRA 2

2
What we want to achieve with Security

• Confidentiality
• No one can eavesdrop on what we are saying
• Authenticity
• The people we are talking to are the right people
• The wrong people cant try and join us
• Integrity
• The information gets there completely intact
• Availability
• Communications are possible where and when they
  are needed
• Accountability (Non repudiation)
• Whoever said something, cant deny it later

3
Threats to communication and the threats to
security

• Message related threats
• interception, eavesdropping, masquerading,
  replay, manipulation of data
• User related threats
• traffic analysis, observability of user behaviour
• System related threats
• denial of service, jamming, unauthorized use of
  resources

4
Key Functions of TETRA Security

• TETRA has several security features allowing most
  customers security needs to be met in a cost
  efficient way.
• Authentication - ensures only valid subscriber
  units have access to the system and subscribers
  will only try and access the authorized system

• Air Interface Encryption protects all
  signalling, identity and traffic across the radio
  link
• End-to-End Encryption - protects information as
  it passes through the system

5
Authentication
Authentication Centre
Challenge
Session keys
Calculated Response
Switch
Secret keys
Mutual Challenge
MS
Calculated Response

• Authentication provides proof identity of all
  radios attempting use of the network
• Radio can authenticate the network in turn,
  protects against fake base stations etc
• A session key system from a central
  authentication centre allows highly secure key
  storage
• Secret key need never be exposed
• Authentication process derives air interface key
  (TETRA standard) automatic key changing!

6
Radio Security Provisioning And Key Storage

• TETRA MoU SFPG Recommendation 01 provides a
  standardised format for importing authentication
  and other air interface encryption keys
• Use of Recommendation 01 files will allow multi
  vendor terminal supply
• Separation of logical key programming step from
  factory can allow all keys to be loaded in
  country
• Meets national security requirements

SCK, GCK etc from national security authority
AuC
Standardised format Imports key material from any
vendor
TEI
Factory
TETRA SwMI
TEI
Key Programming
K
K, TEI
7
What is Air Interface Encryption?

• First level encryption used to protect
  information over the Air Interface
• Typically software implementation
• Protects almost everything speech, data,
  signalling, identities
• 3 different Classes
• Class 1
• No Encryption, can include Authentication
• Class 2
• Static Cipher Key Encryption, can include
  Authentication
• Class 3
• Dynamic Cipher Key Encryption
• Individual Derived Cipher Key
• Common Cipher Key
• Group Cipher Key
• Requires Authentication
• Includes over the air key management protocols
• Allows seamless key management

8
The purpose of Air Interface Encryption

• Network fixed links are considered difficult to
  intercept.

Operational Information
9
Important properties of Air Interface encryption

• Many threats other than eavesdropping
• traffic analysis, observance of user behaviour
• AIE protects control channel messages and
  identities as well as voice and data payloads
• End to end encryption - if used alone - is
  insufficient (it only protects the voice payload)
• Continuous authentication
• Encryption key generated from authentication
  process
• Encrypted registration protects ITSIs even at
  switch on
• Security classes can be changed in operation
  essential for fallback measures if authentication
  cannot operate

10
End to end encryption in TETRA

• ETSI Project TETRA provides standardised support
  for end to end Encryption
• ETSI EN302109 contains specific end to end
  specification
• Ensures TETRA provides a standard alternative to
  proprietary offerings and technologies
• Ensures compatibility between infrastructures and
  terminals
• Many organisations want their own algorithm
• Confidence in strength
• Better control over distribution
• TETRA MoU Security and fraud Protection Group
• Provides detailed recommendation on how to
  implement end to end encryption in TETRA
• The result Standardisation and compatibility,
  with choice of algorithm
• A big strength of TETRA

11
End To End Encryption Standardisation

• TETRA MoU SFPG Recommendation 02
• Framework for end to end encryption
• Recommended synchronisation method for speech
  calls
• Protocol for Over The Air Keying
• Sample implementations including algorithm mode
  and key encryption for IDEA, and AES in progress
• DOES NOT specify implementation can be
  implemented with module, software, SIM card etc..
• DOES NOT provide module interface specification

12
Related Recommendations

• TETRA MoU SFPG Recommendation 01
• Key transfer specification
• Currently being updated to include end to end
  encryption key import formats
• TETRA MoU SFPG Recommendation 07
• Short data service encryption
• Currently being updated to reflect larger
  algorithm block sizes, e.g. 128 bits for AES
• TETRA MoU SFPG Recommendation 08
• Framework for dividing encryption functionality
  between a SIM (smartcard) and a radio
• No defined bit level interface (export control
  issue)
• TETRA MoU SFPG Recommendation 11
• IP Packet data encryption
• Work in process
• Will provide a suitable means for high security
  packet data encryption, with commonality with
  voice encryption

13
Implementing TETRA security

• TETRA security measures are by no means the
  complete picture
• How well they are implemented and how the
  implementation is evaluated is critical
• The rest of the network what else connects to
  TETRA is equally important
• The operational process and procedures equally
  provide countermeasures to the threats

Link
Landline
14
Implementation considerations Air Interface
Encryption

• AIE should provide security equivalent to the
  fixed network
• There are several issues of trust here
• Do I trust that the AIE has been implemented
  properly?
• Does AIE always operate (during registration, in
  fallback modes etc)?
• Do I trust the way that the network (or radio)
  stores keys?
• Do I trust the fixed network itself or can
  someone break in?
• A strong AIE implementation and an evaluated
  network can provide essential protection of
  information
• An untested implementation and network may need
  reinforcing, for example with end to end
  encryption

15
Operational processes to consider

• HANDLING PROCESSES
• Set Up Issues
• Getting from the Organization Chart to planning
  secure communications
• Getting the system setup properly
• Introducing new units and new secure
  communications groups
• Key Material Delivery Issues
• Getting the right encryption keys into the right
  radio
• Ensuring the security of key storage and
  distribution
• Accomplishing fast, efficient periodic rekeying
• Verifying readiness to communicate
• Avoiding interruptions of service
• Security Management Issues
• Dealing with compromised or lost units
• Integrating with key material distribution
  process
• Audit control, event archival, and maintaining
  rekeying history
• Controlling access to security management
  functions

• KEYLOAD PROCESS
• Protect National Security
• Key load in country of use
• Key load by security cleared nationals
• Remove keys from radios sent abroad for repair
• Key Load encrypted
• keys cannot be read while being programmed
• Customer Friendly
• Keys can be programmed In Vehicle ( away from
  secure area)
• Accountability
• Audit logs of key distribution
• In Country Key Generation
• Secure Storage

• CONNECTION PROCESSES
• Connected networks
• Security levels
• Assurance requirements
• Barriers
• Own operating procedures
• Virus protection

• PERSONNEL PROCESSES
• Ensure personnel are adequately cleared and
  trained
• Where do they live
• Criminal records
• Experience in secure environment
• Signed relevant agreements
• Procedures for security breaches

• REPORTING PROCESSES
• Stolen radio reporting
• Radio disabling procedures
• Radio key erasure procedures
• Intrusion detection reporting and response
• Attack detection and correlation

..and more.
16
Useful Recommendations

• TETRA MoU SFPG Recommendation 03 TETRA threat
  analysis
• Gives an idea of possible threats and
  countermeasures against a radio system
• TETRA MoU SFPG Recommendation 04 Implementing
  TETRA security features
• Provides guidance on how to design and configure
  a TETRA system
• Both documents are restricted access requiring
  Non Disclosure Agreement with SFPG

17
Assuring your security solution

• There are two important steps in assuring the
  security of the solution Evaluation and
  Accreditation
• Evaluation of solutions should be by a trusted
  independent body
• Technical analysis of design and implementation
• Accreditation is the continual assessment of
  risks
• Assessment of threats vs solutions
• Procedural and technical solutions
• Should be undertaken by end user representative

18
Maximising cost effectiveness

• Evaluation can be extremely expensive how to
  get best value for money?
• Establish the requirements in advance
• as far as they are known security is always a
  changing requirement!
• Look for suppliers with track record and
  reputation
• Look for validations of an equivalent solution
  elsewhere
• Consider expert help on processes and procedures

19
Summary The essentials of a secure system

• A strong standard
• A good implementation
• Experienced supplier
• Trusted evaluation
• Continual assessment of threats and solutions

20
Maintaining security at higher data rates

• TETRA 2

21
Mission Critical Data Applications on TETRA

• Todays applications need data capacity
• Frequent messages, small payload
• AVLS from portables and vehicles
• Database access
• Status messaging
• But some applications starting to need more data
  throughput
• Less frequent messages, much bigger payloads
• Mug shots
• File transfer
• Slow scan video

TETRA Single Slot Packet Data
TETRA Multi Slot Packet Data
22
Evolution Applications vs. TETRA
today
Not suitable
Suitable
Effective
23
TETRA Enhanced Data Service-TEDS

• Backward compatible with TETRA Release 1
• Network integration capability
• Flexible data rates and spectrum use
• 25, 50, 100 and 150 kHz channels bandwidths
• Can trade off data rate, spectrum and range
• Integrated TETRA 1 and TEDS system
• i.e. can receive TETRA 1 calls on TEDS channels
• Technology selected for TEDS use
• Multi-carrier QAM (Quadrature Amplitude
  Modulation) in all bandwidths
• D8PSK in 25 kHz

TAPS - an alternative technology based on GSM
EDGE - has now been abandoned
24
High Speed Packet Data Deployment

• TEDS will be the solution for mission critical
• A range of channel bandwidths available in the
  standard
• Offer a single TEDS channel at each site, in
  addition to TETRA 1 voice channels
• Provision channel bandwidth based on number of
  users and their data application requirements
• The modulation scheme can adapt to radio
  transmission conditions

25
Applications of TETRA 2
26
The Power of TETRA 2
TETRA 2 at 25 kHz
TETRA 2 at 50 kHz
TETRA 1
TETRA 2 at 100 kHz
TETRA 2 at 150 kHz
TETRA 2 at 100 kHz
TETRA 2 at 150 kHz
TETRA 2 at 50 kHz
Legend Circle size coverage area Circle height
data capacity
All TETRA 2 sites includes TETRA 1
27
Security in TETRA 2

• TETRA 2 reuses TETRA 1 security features
• Authentication
• Air Interface Encryption
• TETRA 1 encryption currently being extended to
  much larger data packets
• End to end encryption
• Mechanism for packet data in MoU SFPG will
  operate independently of underlying TETRA service
• Security parameters can be established on TETRA 1
  carrier and used on TETRA 2 (etc).
• Its integrated!

28
Benefits of Integrated Voice and Data in TETRA

• Close integration between voice and data services
• Immediate jump from TETRA 2 data call into voice
  emergency call
• Less equipment to carry when voice and data
  applications on the same radio
• An efficient expansion path for existing
  operators
• Incremental investment to add TETRA 2 high speed
  data and maintain the high security level from
  your TETRA 1 investment.

29
Security benefits in integrated system

• Common security measures for all services
• Government approved security measures rather than
  just commercial level security
• No need for users to worry about which data
  service is security cleared for which application
• The system availability and resilience are high
  for all services
• Public data networks look attractive, but cannot
  provide the availability or the priority service
  levels
• Single evaluation and common accreditation issues
  for entire network

30
Conclusion

• TETRA release 1 already enables sophisticated
  highly secure mission critical data applications
• and is already being used today to protect and
  save lives
• TETRA 2 will enhance existing data capabilities
  and enable new advanced applications and keep
  them secure
• Standards are nearly ready
• End users should start influencing manufacturers
  by explaining their future needs and requirements

31
TETRA is an expanding universe
From Big Bang through to TETRA 3 and beyond

• TETRA Standards www.ETSI.org
• MoU and SFPG www.tetramou.com
• SFPG secretary sfpg_at_xs4all.nl
• david.chater-lea_at_motorola.com
• mark.edwards_at_motorola.com

TETRA will keep you secure The MoU will keep you
up to date.