project 25 security services overvie...kek selection, the air because each radio has its own ukek....

Project 25 Security Services Overview

Bill Janky

Director, System Design

Harris Corporation

March 7, 2011 1Project 25 Technology Interest Group

AgendaAgenda

• Overview of P25 Security Services

• What’s new; What’s coming

• Other topicsp

2March 7, 2011 Project 25 Technology Interest Group

If you’re in Public Safety....If you re in Public Safety....

Bad Guys Want to Hear YouBad Guys Want to Hear You

Reporters Want to Hear You

Bored Gas Station AttendantsR ll W t t H Y

Reporters Want to Hear You

Really Want to Hear You

You Want to Control What They Hear



Bad Guys Want to See Your Datay

Reporters Want to See Your DataReporters Want to See Your Data

Bored Technologically Sophisticated Teen-agersBored, Technologically Sophisticated Teen-agersReally Want to See Your Data

You Don’t Want Them To



Bad Guys Want to Steal Your AirtimeBad Guys Want to Steal Your Airtime

Other Bad Guys Want

Terrorists Want to Steal Your Radio

to Steal Your Phone Access

Terrorists Want to Steal Your Radioand Use It Against You

You Want to Stop Them


Why do we need security?Why do we need security?

• Information security is a vital component of LMR systems– Security threats exist; getting more every daySecurity threats exist; getting more every day

• Threats are basically actions that a hypothetical adversary might take to affect some aspect of an LMR system. Examples:– Message interception

– Message replay

– Spoofingp g

– Misdirection

– Jamming / Denial of Service

T ffi l i– Traffic analysis

– Subscriber duplication

– Theft of service


What P25 has for you…What P25 has for you…

• The TIA‐102 standard provides several standardized security p yservices that have been adopted for implementation in P25 systems.

Th it i b d t id it f• These security services may be used to provide security of information transferred across FDMA or TDMA P25 radio systems.

Note: most of the security services are optional and users must consider that when making procurements

7March 7, 2011

g p

Project 25 Technology Interest Group

The usual suspectsThe usual suspects

• P25 provides– Confidentiality

• Payload (i.e. voice and data) encryption

• Link layer encryption

Message interception,traffic analysis

– Integrity• User authentication

• Message authentication

Message replay, spoofing, misdirection, denial of service, theft of service, subscriber duplicationg

– Key Management• Manual key loading and over‐the‐air rekeying Facilitates

ConfidentialityConfidentiality and Integrity


ConfidentialityConfidentiality

• The confidentiality services are provided to ensure that the i li i f i h i ffi d h d ffisignaling information, the voice traffic and the data traffic are understandable only to the intended recipient(s).– Encryption/decryption is the way to achieve confidentiality

• Confidentiality service for end‐to‐end encryption is typically done at the subscriber unit, console and data hosts.

If you don’t want somebody to hear you, or see your data, you need to use encryption. y , y yp


IntegrityIntegrity

• Messages– A more sophisticated adversary may have the capability to not only record and replay– A more sophisticated adversary may have the capability to not only record and replay

messages, but to alter them as well. Message authentication guarantees that the received message was the one originally sent.

– The addition of air interface encryption makes message modification inherently more difficult (e g sharing of secret keys) but doesn’t eliminate the possibilitydifficult (e.g. sharing of secret keys), but doesn’t eliminate the possibility.

• Message Authentication Codes (MAC) are required to guarantee message and sender integrity.

• Users– An adversary may “pose” as a real user or as a real system. y y p y

– Link Layer (i.e. User) Authentication, LLA, guarantees that everybody is who they say they are.

• Integrity services are built into the P25 protocols.

If you don’t want somebody to fake your data or your identity, you need authentication services. y y, y


Key ManagementKey Management

• The Confidentiality, Integrity and Authentication services rely on cryptographic keys.services rely on cryptographic keys.

• Cryptographic key management encompasses every stage in the life cycle of a cryptographic key, including:

• generation, distribution, entry, use, storage, destruction and archiving

• P25 provides two ways to help manage keys – manual and OTAR.

Managing keys requires you to have some internal procedures to combine with P25 standard proceduresprocedures to combine with P25 standard procedures.


P25 Key Management Techniquesy g q

Key FillDevice

KeysManual Keying• Radio “touched” to program Keys• Radio touched to program Keys

and key bindings.• Compromised Radio Compromises

Keys; requires rekeying of fleetRadioProgrammer

Bindings (e.g. TG -> Key)

Key Encryption Keys (KEK) Key FillDeviceOTAR

• Radio “touched” for UKEK• Rekeying can be performed over

h i b h di h i

Key Encryption Keys (KEK)

KMFBindings (e.g. TG -> Key),KEK Selection,

the air because each radio has its own UKEK.

• Key Management Facility (KMF) needs to be secure

New Traffic Keys• Message Authentication and Encryption Employed


P25 Security Today and TomorrowP25 Security Today and Tomorrow


Raising the Bar...Raising the Bar...

2011+End-to-End Voice Encryption

June 2005End-to-End Voice Encryption

Data CAI EncryptionAES EncryptionOTARMultiple KeysSubscriber ValidationEnd-to-End Voice Encryption

Data CAI EncryptionDES Encryption3DES EncryptionAES Encryption

Subscriber ValidationSubscriber and FNE Authentication

- Anti-Alias- Anti-Spoofing

Inter-KMF InterfaceE d t E d D t E tiOTAR

Multiple KeysSubscriber ValidationSept 1998

End-to-End Voice Encryption Data CAI Encryption

End-to-End Data EncryptionKFD to SU/KMF/AF interfaceLink-Layer Encryption (Anti-Analysis)Control Message Authentication

Data CAI EncryptionDES EncryptionOTARMultiple Keys Subscriber Validation


What’s new, what’s comingWhat s new, what s coming

• Recent additions and updates to TIA‐102

• LLA LLA provisioning OTAR protocol updates• LLA, LLA provisioning, OTAR protocol updates

• New stuff being worked for TIA‐102

• Inter‐KMF Interface• Inter KMF Interface

• Packet Data Security

• KFD to SU/KMF/AF interfaceKFD to SU/KMF/AF interface

• Link Layer Encryption

• In addition, TIA is undergoing an analysis of old and newIn addition, TIA is undergoing an analysis of old and new security threats for possible enhancements to the 102 standard, while continuing to update existing standards

15March 7, 2011

Keep raising the bar and plugging new holes…

Project 25 Technology Interest Group

Other topicsOther topics


P25 Cyber SecurityP25 Cyber Security• P25 has defined security services for its own TIA‐102

standardized interfaces.

• Unfortunately, there’s a lot more to consider, especially when you are operating a large system with an IP network and COTS equipment.

• Security related vulnerabilities present in the design, i l t ti d ti f th t k dimplementation, and operation of the network, and new ones which are not understood and addressed, are threats to LMR network security. y

• The DOD is setting the standard for P25 network security. The following examples describe potential cyber threats and potential solutions.


Cyber Threat examples

P d i tt k (Di ti R i b H b id)

Cyber Threat Possible Solution

• Password guessing attacks (Dictionary, Rainbow, Hybrid)• Enforce “need to know” across entire system• Pivot Attacks from infected Devices to other machines

Access ControlAccess Control

• Rogue Computers (Man‐in‐the‐Middle Attack)• Attacks on new vulnerabilities in Applications and Operating Systems

Network IntrusionNetwork IntrusionOperating Systems

• Malware, Script Kiddie, and Professional Hacker discovery scanning

Intrusion PreventionIntrusion Prevention

• Hardware Malfunction• Destructive Malware• Altered Information or Databases (Integrity)

Disaster RecoveryDisaster RecoveryAltered Information or Databases (Integrity) RecoveryRecovery


Cyber Threat examples

M l t i t

Cyber Threat Possible Solution

• Malware entering system• Denial of Service• Malformed Packets or TCP sessions

FirewallsFirewalls

• Last line of defense to prevent malicious behavior• (external attacker) Host Host • Unauthorized or malicious behavior of insider• (disgruntled employee) SecuritySecurity• Malware utilizing flaws in the Application Code• Reduce the effectiveness of Script Kiddies, & Uneducated Attackers

• Capability of identifying and preventing new malware

Patch MgmtPatch MgmtCapability of identifying and preventing new malware

attacks (AV) MgmtMgmt


Thank you!Thank you!

email: william janky@harris comemail: [email protected]


project 25 security services overvie...kek selection, the air because each radio has its own ukek....

Documents