INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization TWC 2005 Frankfurt 1 Agenda Threats to systems Network Security Overview of standard TETRA security features – – – – – Authentication Air interface encryption Key Management Terminal Disabling DMO security End to End Encryption TWC 2005 Frankfurt 2 Security Threats What are the main threats to your system? Confidentiality? Availability? Integrity? TWC 2005 Frankfurt 3 Message and User Related Threats Message threats – Interception – Eavesdropping – Masquerading – Manipulation of data. – Replay User related threats – traffic analysis – observability of user behaviour. TWC 2005 Frankfurt 4 System Related Threats TWC 2005 Frankfurt 5 Network Security IT security is vital in TETRA networks Gateways are particularly vulnerable. Operating staff need vetting TWC 2005 Frankfurt 6 TETRA Communications Security Security is not just encryption! Terminal Authentication User logon/Authentication Stolen Terminal Disabling Key Management with minimum overhead All the network must be secure, particularly with a managed system TWC 2005 Frankfurt 7 User authentication (aliasing) Second layer of security Ensures the user is associated with terminal User logon to network aliasing server log on with Radio User Identity and PIN Very limited functionality allowed prior to log on Log on/off not associated with terminal registration Could be used as access control for applications as well as to the Radio system TWC 2005 Frankfurt 8 Authentication Used to ensure that terminal is genuine and allowed on network. Mutual authentication ensures that in addition to verifying the terminal, the SwMI can be trusted. Authentication requires both SwMI and terminal have proof of secret key. Successful authentication permits further security related functions to be downloaded. TWC 2005 Frankfurt 9 Authentication Authentication Centre (AuC) K known only to AuC and MS Generate RS K RS TA11 KS K RS KS (Session key) RS (Random seed) TA11 Generate RAND1 KS RAND1 RS, RAND1 KS RAND1 RES1 TA12 DCK EBTS TA12 RES1 DCK1 XRES1 Call Controller TWC 2005 Frankfurt DCK1 Compare RES1 and XRES1 10 Encryption Process Traffic Key (X)CK Key Stream Generator (TEA[x]) CN LA Combining algorithm (TB5) Key Stream Segments CC Initialization Vector (IV) A BCDE F G H I Clear data in y 4M v# Qt q c Encrypted data out TWC 2005 Frankfurt 11 Air Interface traffic keys Four traffic keys are used in class 3 systems: Derived cipher Key (DCK) – derived from authentication process used for protecting uplink, one to one calls Common Cipher Key(CCK) – protects downlink group calls and ITSI on initial registration Group Cipher Key(GCK) – Provides crypto separation, combined with CCK Static Cipher Key(SCK) – Used for protecting DMO and TMO fallback mode TWC 2005 Frankfurt 12 DMO Security Implicit Authentication Static Cipher keys No disabling TWC 2005 Frankfurt 13 TMO SCK OTAR scheme SwMI Key Management Centre TWC 2005 Frankfurt 14 Key Overlap scheme used for DMO SCKs Past Transmit Present Receive Future The scheme uses Past, Present and Future versions of an SCK. System Rules – Terminals may only transmit on their Present version of the key. – Terminals may receive on any of the three versions of the key. TWC 2005 Frankfurt 15 Disabling of terminals Vital to ensure the reduction of risk of threats to system by stolen and lost terminals Relies on the integrity of the users to report losses quickly and accurately. Disabling may be either temporary or permanent Permanent disabling removes all keys including (k) Temporary disabling removes all traffic keys but allows ambience listening TWC 2005 Frankfurt 16 End to end encryption MS Network MS Protects messages across an untrusted infrastructure Provides enhanced confidentiality Voice and SDS services IP data services (soon) Air interface security between MS and network End-to-end security between MS’s TWC 2005 Frankfurt 17 Key management for end to end encryption TWC 2005 Frankfurt 18 Benefits of end to end encryption in combination with Air Interface encryption Air interface (AI) encryption alone and end to end encryption alone both have their limitations For most users AI security measures are completely adequate Where either the network is untrusted, or the data is extremely sensitive then end to end encryption may be used in addition Brings the benefit of encrypting addresses and signalling as well as user data across the Air Interface and confidentiality right across the network TWC 2005 Frankfurt 19 Conclusions Security functions built in to TETRA from the start! User friendly and transparent key management. Air interface encryption protects, control traffic, IDs as well as voice and user traffic. Key management comes without user overhead because of OTAR. TWC 2005 Frankfurt 20