TWC05_8_Security_Brian - TETRA + Critical Communications

INTRODUCTION TO TETRA
SECURITY
Brian Murgatroyd
UK Police IT Organization
TWC 2005 Frankfurt
1
Agenda
 Threats to systems
 Network Security
 Overview of standard TETRA security features
–
–
–
–
–
Authentication
Air interface encryption
Key Management
Terminal Disabling
DMO security
 End to End Encryption
TWC 2005 Frankfurt
2
Security Threats
 What are the main threats to your
system?
 Confidentiality?
 Availability?
 Integrity?
TWC 2005 Frankfurt
3
Message and User Related Threats


Message threats
–
Interception
–
Eavesdropping
–
Masquerading
–
Manipulation of data.
–
Replay
User related threats
– traffic analysis
– observability of user
behaviour.
TWC 2005 Frankfurt
4
System Related Threats
TWC 2005 Frankfurt
5
Network Security
IT security is vital in TETRA networks
Gateways are particularly vulnerable.
Operating staff need vetting
TWC 2005 Frankfurt
6
TETRA Communications Security






Security is not just encryption!
Terminal Authentication
User logon/Authentication
Stolen Terminal Disabling
Key Management with minimum overhead
All the network must be secure, particularly with a
managed system
TWC 2005 Frankfurt
7
User authentication (aliasing)







Second layer of security
Ensures the user is associated with terminal
User logon to network aliasing server
log on with Radio User Identity and PIN
Very limited functionality allowed prior to log on
Log on/off not associated with terminal registration
Could be used as access control for applications
as well as to the Radio system
TWC 2005 Frankfurt
8
Authentication
 Used to ensure that terminal is genuine and
allowed on network.
 Mutual authentication ensures that in addition to
verifying the terminal, the SwMI can be trusted.
 Authentication requires both SwMI and terminal
have proof of secret key.
 Successful authentication permits further
security related functions to be downloaded.
TWC 2005 Frankfurt
9
Authentication
Authentication Centre (AuC)
K known only to
AuC and MS
Generate RS
K
RS
TA11
KS
K
RS
KS (Session key)
RS (Random seed)
TA11
Generate RAND1
KS
RAND1
RS, RAND1
KS
RAND1
RES1
TA12
DCK
EBTS
TA12
RES1
DCK1
XRES1
Call
Controller
TWC 2005 Frankfurt
DCK1
Compare RES1 and
XRES1
10
Encryption Process
Traffic Key
(X)CK
Key Stream Generator
(TEA[x])
CN
LA
Combining
algorithm (TB5)
Key Stream Segments
CC
Initialization
Vector (IV)
A BCDE F G H I
Clear data in
y 4M v# Qt q c
Encrypted data out
TWC 2005 Frankfurt
11
Air Interface traffic keys
 Four traffic keys are used in class 3 systems: Derived cipher Key (DCK)
– derived from authentication process used for protecting uplink, one
to one calls
 Common Cipher Key(CCK)
– protects downlink group calls and ITSI on initial registration
 Group Cipher Key(GCK)
– Provides crypto separation, combined with CCK
 Static Cipher Key(SCK)
– Used for protecting DMO and TMO fallback mode
TWC 2005 Frankfurt
12
DMO Security
Implicit Authentication
Static Cipher keys
No disabling
TWC 2005 Frankfurt
13
TMO SCK OTAR scheme
SwMI
Key Management
Centre
TWC 2005 Frankfurt
14
Key Overlap scheme used for DMO SCKs
Past
Transmit
Present
Receive
Future
 The scheme uses Past, Present and Future versions of an
SCK.
 System Rules
– Terminals may only transmit on their Present version of
the key.
– Terminals may receive on any of the three versions of
the key.
TWC 2005 Frankfurt
15
Disabling of terminals
 Vital to ensure the reduction of risk of threats to system by
stolen and lost terminals
 Relies on the integrity of the users to report losses quickly
and accurately.
 Disabling may be either temporary or permanent
 Permanent disabling removes all keys including (k)
 Temporary disabling removes all traffic keys but allows
ambience listening
TWC 2005 Frankfurt
16
End to end encryption
MS
Network
MS
 Protects messages across
an untrusted infrastructure
 Provides enhanced
confidentiality
 Voice and SDS services
 IP data services (soon)
Air interface security between MS and network
End-to-end security between MS’s
TWC 2005 Frankfurt
17
Key management for end to end
encryption
TWC 2005 Frankfurt
18
Benefits of end to end encryption in
combination with Air Interface encryption
 Air interface (AI) encryption alone and end to end encryption alone
both have their limitations
 For most users AI security measures are completely adequate
 Where either the network is untrusted, or the data is extremely
sensitive then end to end encryption may be used in addition
 Brings the benefit of encrypting addresses and signalling as well as
user data across the Air Interface and confidentiality right across the
network
TWC 2005 Frankfurt
19
Conclusions
 Security functions built in to TETRA from
the start!
 User friendly and transparent key
management.
 Air interface encryption protects, control
traffic, IDs as well as voice and user
traffic.
 Key management comes without user
overhead because of OTAR.
TWC 2005 Frankfurt
20