tetra experience 2006

TETRA Experience 2006

Sao Paulo

July 18th 2006

TETRA Security Encryption and Management

Ramón Montañez

July 18-19, 2006 TETRA Experience - Brazil

Agenda

Security threats TETRA security features Authentication Air interface Encryption End to End encryption Practical security measures


What we want to achieve with Security

Confidentiality– No one can eavesdrop on what we are saying

Integrity– The information gets there completely intact

Availability– Communications are possible where and when

they are needed Authenticity

– The people we are talking to are the right people– The wrong people can’t try and join us


Threats to communication and the threats to security

Message related threats– interception, eavesdropping, masquerading, replay,

manipulation of data

User related threats– traffic analysis, observability of user behavior

System related threats– denial of service, jamming, unauthorized use of resources


Network Security

IT security is vital in TETRA networks Gateways are particularly vulnerable.Operating staff need vettingFirewalls required at access points to the network


Key Definitions of TETRA Security– Authentication - ensures only valid subscriber units have

access to the system and subscribers will only try and access the authorized system

– Air Interface Encryption – protects all signaling, identity and traffic across the radio link

– End-to-End Encryption protects information as it passes through the system

Base Station Infrastructure

Dispatcher

“????”“????”

1. Authentication1. Authentication

2. Air Interface Encryption2. Air Interface Encryption

3. End3. End--toto--End EncryptionEnd Encryption

“XYZ”

Base Station


Authentication

Used to ensure that terminal is genuine and

allowed on network.

Mutual authentication ensures that in addition to

verifying the terminal, the SwMI can be trusted.

Authentication requires both SwMI and terminal

have proof of secret key.

Successful authentication permits further security

related functions to be downloaded.


Authentication

Authentication provides proof identity of all radios attempting use of the network

Radio can authenticate the network in turn, protects against ‘fake base stations’ etc

A session key system from a central authentication centre allows highly secure key storage – Secret key need never be exposed

Authentication process derives air interface key (TETRA standard) – automatic key changing!

MS

Switch

Session keysChallenge

Authentication Center

Mutual Challenge

Calculated Response

Calculated Response

Secret keys


Radio Security Provisioning And Key Storage

TETRA MoU SFPG Recommendation 01 provides a standardized format for importing authentication and other air interface encryption keys

Use of Recommendation 01 files will allow multi vendor terminal supply

Separation of logical key programming step from factory can allow all keys to be loaded in country

– Meets national security requirements

Factory

Key Programming

TEI

TEI

K K, TEI

AuCStandardized formatImports key material from any vendor

TETRASwMI

SCK, GCK etc…


What is Air Interface Encryption? First level encryption used to protect information over the Air

Interface– Typically software implementation– Protects almost everything – speech, data, signaling, identities…

Class Encryption OTAR Authentication 1 No No Optional 2 Static key Optional Optional

3 Dynamic key Mandatory Mandatory


The purpose of Air Interface Encryption

OperationalInformation

ClearClearAirAir

Interface!Interface!

The air interface was considered vulnerable.

Network fixed links are considered difficult to intercept.

Air Interface encryption was designed to make the air interface comparably as secure as the fixed line connection


Air Interface traffic keys

Four traffic keys are used in class 3 systems:- Derived cipher Key (DCK)

– derived from authentication process used for protecting uplink, one to one calls

Common Cipher Key (CCK)– protects downlink group calls and ITSI on initial registration

Group Cipher Key (GCK)– Provides crypto separation, combined with CCK

Static Cipher Key (SCK)– Used for protecting DMO and TMO fallback mode


Standard air interface algorithms

TEA1 and TEA4– General use including public safety

TEA2– Europe public safety and military organizations only.

TEA3– For use by public safety and military organizations

outside of Europe.


Over The Air Re-keying (OTAR)

Populations of terminals tend to be large and spread over wide areas so the only practical way to change encryption keys is by OTAR

This is done securely by using a derived cipher key or a session key to wrap the downloaded key

The security functionality is transparent to the user as the network provider would normally be responsible for OTAR and management of AI keys


End to end encryption in TETRA ETSI Project TETRA provides standardized support for end to end

Encryption – ETSI EN302109 contains specific end to end specification– Ensures TETRA provides a standard alternative to proprietary offerings

and technologies– Ensures compatibility between infrastructures and terminals

Many organizations want their own algorithm– Confidence in strength– Better control over distribution

TETRA MoU – Security and fraud Protection Group (SFPG)– Provides detailed recommendation on how to implement end to end

encryption in TETRA

The result – Standardization and compatibility, with choice of algorithm

– A big strength of TETRA


Standard end to end encryption algorithms

There are no ‘standard’ algorithms defined by SFPG but: IDEA was defined as a good candidate 64 bit block cipher

algorithm for use with TETRA and test data and an example implementation was produced

AES128 (Rijndael) was defined as a good candidate 128 bit block cipher algorithm for use with TETRA and test data and an example implementation was produced

Both algorithms have proved popular with public safety organizations and give a good level of security assurance to sensitive data


End To End Encryption ‘Standardization’

TETRA MoU SFPG Recommendation 02– Framework for end to end encryption– Recommended synchronization method for speech calls– Protocol for Over The Air Keying– Sample implementations including algorithm mode and key

encryption– DOES NOT specify implementation – can be implemented

with module, software, SIM card etc..– DOES NOT provide module interface specification


Related Recommendations TETRA MoU SFPG Recommendation 01

– Key transfer specification– Currently being updated to include end to end encryption

key import formats TETRA MoU SFPG Recommendation 07

– Short data service encryption TETRA MoU SFPG Recommendation 08

– Framework for dividing encryption functionality between a SIM (smartcard) and a radio

– No defined bit level interface (export control issue) TETRA MoU SFPG Recommendation 11

– IP Packet data encryption– Work in process– Will provide a suitable means for high security packet data encryption, with

commonality with voice encryption


Implementing TETRA security TETRA security measures are by no means the complete

picture How well they are implemented – and how the

implementation is evaluated is critical The rest of the network – what else connects to TETRA –

is equally important The operational process and procedures equally provide

countermeasures to the threats

Landline

TETRANetwork

OtherNetwor

k OtherNetwor

k OtherNetwor

k

Link


Implementation considerations – Air Interface Encryption

AIE should provide security equivalent to the fixed network There are several issues of trust here

– Do I trust that the AIE has been implemented properly?– Does AIE always operate (during registration, in fallback modes

etc)?– Do I trust the way that the network (or radio) stores keys?– Do I trust the fixed network itself or can someone break in?

A strong AIE implementation and an evaluated network can provide essential protection of information

An untested implementation and network may need reinforcing, for example with end to end encryption


Benefits of end to end encryption in combination with Air Interface encryption

Air interface (AI) encryption alone and end to end encryption alone both have their limitations

For most users AI security measures are completely adequate Where either the network is untrusted, or the data is extremely

sensitive then end to end encryption may be used in addition as a overlay.

Brings the benefit of encrypting addresses and signalling as well as user data across the Air Interface and confidentiality right across the network


Disabling of terminals

Vital to ensure the reduction of risk of threats to system by stolen and lost terminals

Relies on the integrity of the users to report losses quickly and accurately.

Disabling may be either temporary or permanent Disabling stops the terminal working as a radio and:

– Permanent disabling removes all keys including (k)

– Temporary disabling removes all traffic keys but allows ambience listening

The network or application must be able to remember disable commands to terminals that are not live on the network at the time of the original command being sent.


Useful Recommendations

TETRA MoU SFPG Recommendation 03 – TETRA threat analysis– Gives an idea of possible threats and countermeasures

against a radio system TETRA MoU SFPG Recommendation 04 – Implementing

TETRA security features– Provides guidance on how to design and configure a TETRA

system Both documents are restricted access requiring Non

Disclosure Agreement with SFPG


Assuring your security solution There are two important steps in assuring the security of

the solution: Evaluation and Accreditation

Evaluation of solutions should be by a trusted independent body– Technical analysis of design and implementation

Accreditation is the continual assessment of risks – Assessment of threats vs. solutions

• Procedural and technical solutions– Should be undertaken by end user representative and/or

their government national security organization


Maximizing cost effectiveness

Evaluation can be extremely expensive – how to get best value for money?

Establish the requirements in advance– as far as they are known – security is always a changing

requirement! Look for suppliers with track record and reputation Look for validations of an equivalent solution elsewhere Consider expert help on

processes and procedures


What security level do you want?TETRA Class 1TETRA Class 2TETRA Class 3TETRA w/ E2E algorithm on Smart Card TETRA w/ E2E SW algorithm in radioTETRA w/ E2E hardware solution

TETRA is @ your Service


www.Tetramou.comwww.ETSI.org

www.Motorola.com/[email protected]

Thank You


Sao Paulo

July 18th 2006

TETRA Experience Sao Paulo,18.-19.7.2006

TETRA Data Services & Applications

Ole Arrhenius

Contents

Basic data services in TETRA

The concern about data speed

TETRA data applications, examples

Wireless Application Protocol, WAP

Towards higher data speeds

Conclusions

Basic data services in TETRA

Status messages– efficient, real time

Short Data Service, SDS– text messaging +

application platform

IP packet data– advanced applications,

opens the world of Intranet and Internet connectivity

Circuit mode data– for specialized applications,

rarely used

36 kbits/sgross bit

rate

4 channels

1 2

3 4

Carrier

Status messages

Data sent as 16 bit numeric values

32768 values free for use, the rest reserved for system use

Converted into text in the receiving terminal or workstation

Fast and efficient

Easy to use

Sent over control channel, do not load traffic channels

Short Data ServiceFour SDS-types specified by TETRA standard:

SDS-1, SDS-2, SDS-3 and SDS-4 TL

SDS-1, -2 and -3 are fixed length (16, 32, 64 bits)

SDS-4 TL is variable length (max 1278 bits). Protocol identifier defines how SDS-4 is used, most typical use is text messaging (140/160 chars) and AVL

Data sent over control channel or traffic channel (simultaneous voice and data)

Text entry using the keypad of the phone, single device for voice and data

MM05 11:28 p12553: VIPs arriving in 5 minutes at gate 23, prepare security and transport.

OK

Hello, I will be back in the ioffice in 15 minutes. I will call you then. John

OK

IP-packet data

Similar to the GPRS service in GSM networks

Enables advanced data applications

Enables Intranet and Internet connectivity

Excellent application platformUses traffic channel, single slot

or multiple time slots

TETRA data services enable a wide range of applications

Database accessImage communicationsIntranet/internet accessReportinge-mail, calendarWorkforce management CC&C system integration File transmissionInformation push, alarm

distributionInformation pull Control and monitoring, telemetry

TETRA fullfils 95% of daily data needs

TETRA GPRS EDGE 3G

Data speed < 28 kbps < 40kbps < 160kbps < 1Mbps

Multimedia services Text, images

Text, images

Text, images, video

Text, images, video

Internet/intranet access Yes Yes Yes Yes

Complementing non-criticalservices 5%

Fundamental daily services 95%

Complementary wireless data services can be used to complement non-critical data services, if necessary

The concern of data speed

Single slot IP packet data provides approximately 3 … 4 kbps payload

Multislot data increases performance but has side effects– Increased power consumption in handsets– Decreases voice capacity

Robust basic data services more important than extreme speeds especially in public safety

Majority of daily data services consist of low data volume database queries in the range of 0.5 … 10 kB per transaction

Smart applications are more important than the raw data speed, bloated applications will eat available bandwidth, no matter how much bandwidth is available

The concern of data speed, example

• Original photo image taken with a digital camera. Original size is 1600x1200 and file size 1MByte

• Pixel size of a TETRA handheld terminal typically 100 x 130 pixels

• Compression and optimization for 100x130 pixel screen shrinks the 1MByte image into 7 kilobytes

100 x 130 x 16 (colour) = 26 kBytes

With further optimisation and compression from 26 kB to 7 kB

Optimized for handportable radio’s screen 7 kB

Example of an integrated, smart application

• Police field command application using AVL, on-board databases, status messaging, text messages and IP packet data

• Minimizes over-the-air data, yet very graphics intensive and informative

On screen AVL map with touch screen action buttons …

813

812

Off-duty

Car chase

Not in car

At scene

Transport

On the way

Free

F9MOB

POKE/K1F1Show

F7Forms/En

F6Equipment

F3Status

F4Maps/AVL

F2Report/His

F8Setup

F5Messages

814

811

ZOOM--

ZOOM+

Send only the necessary information over the air

Keep high volume, ‘static’ data (maps, images, floorplans of buildings) in onboard databases

Update static data at the station using fixed LAN or WLAN

Over the air information is typically low volume:– Location information– Status of field units– Text messaging– Compressed images

More examples of applications using TETRA data services

Automatic Vehicle/Person Location, AVL / APL

Integrated GPS in new terminals

Position of every unit in real time

– Location shown on GIS at Command and control room

TETRA SDS or TETRA IP can be used to deliver location information

New ETSI LIP standard for compact SDS location information, 76 bits instead of about 200 bits

Image communication

”One picture paints thousand words”

TETRA IP one slot packet data is sufficient for image transmission

Image compression technologies reduce data volumes for fast transmission, e.g. JPEG2000

Retrieve images from a database (pull)

Send images from command and control centre (push)

Increases efficiency and officer safety

Wireless Application Protocol (WAP)

Specified to create a global protocol to work across differing wireless network technologies

WAP offers bearer independence

Allows applications developed to work across TETRA and GSM and GPRS

Optimised for the constraints of handheld devices

Application Portal2. Locate

3. Mail

4. Report

5. Search

Link Menu

WAP Server

What about the future ?

TETRA High Speed Data

TETRA high speed data is part of TETRA 2 standardization

TETRA HSD will complement the current TETRA services with higher data speeds

User experience comparable to GPRS/EDGE

Very spectrum-efficient

Adapts its speed (modulation) when necessary

Development continues

Evolution

TETRA High Speed Data

Time

Integrated GPS

Colours

Next …

Imagecommunication

Advanced locationapplications

Java

Situationawareness

Multi-slot packet data

Summary

TETRA provides a rich set of basic and advanced data services

Data applications complement TETRA voice services

IP over TETRA is a solid and robust platform for data applications

Accessing data from the field opens totally new opportunities for public safety and other user segments

Data speed in TETRA IP cover the majority of current needs


Sao Paulo

July 18th 2006

tetra experience 2006

Documents

tetra security encryption

air interface encryption

proof of secret key

session key system

security related functions

air interface traffic

end encryption

tetra experience