Specific details of TETRA’s security techniques were covered in depth in Issue 4 of TETRA Today by Trevor Evans, chairman of the TETRA Association’s Security and Fraud Protection Group (SFPG). But they have to be considered in a wider, holistic context. Just as mainstream telecommunications service providers are finding, silo mentalities and point solutions alone are not sufficient to provide the kinds of security required by private users, let alone ones tasked with guaranteeing public security.

One particularly hot topic that is reaching right across the combined IT and telecoms worlds involves geopolitics – and specifically the restrictions, legal and otherwise, placed on the export, import and usage of particular devices, equipment and security techniques. 

One of the most significant initiatives in this area for the TETRA community is the Wassenaar Arrangement or, to give it its full title, The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. With around 40 current members, this agreement restricts the export of equipment using the TETRA Air Interface Encryption (AIE) algorithms TEA2 and TEA3. 

For countries outside this agreement – or multinational companies wishing to support their commercial operations with TETRA technologies – other options do exist. Gareth Jones, solutions architect at Sepura, explains: “Where export restrictions exist, TETRA networks can use instead what are known as In-Country Algorithms (ICA) approved by the local regulatory authority, or they can use a private algorithm.

“While these may have apparent benefits in that the strengths or weaknesses of the particular algorithms are not well known outside that country and the knowledge base is obviously much smaller, there is an obvious disadvantage as well, in that their security will not have been as robustly tested as those techniques already in use by the wider community.”

Crossing borders

As boundaries of all kinds around the world continue to fall, some of these restrictions – corporate, national and international – will become increasingly problematic. For example, while telecommunications equipment and software from some Asian countries are extremely attractive in both price and performance, telecoms operators and individual countries are now placing restrictions on their use in mission-critical or sensitive parts of their infrastructure. The recent planned acquisition of Rohde & Schwarz by the Chinese manufacturer Hytera – awaiting approval by the respective governments involved – highlights just some of the sensitivities involved in this territory.

Similar trans-border issues are also set to directly impact the operational TETRA environment itself, though in this context it involves the boundaries and overlaps between users, networks and applications.

For Robin von Post, chief technical officer at the Swedish communications security specialist Sectra, this is going to drive a need to implement and manage true end-to-end cryptographic security across these different devices and boundaries. “Cost, coverage and new technology issues mean that the TETRA environment of the future is going to require the equivalent of Virtual Private Network (VPN) techniques to keep user communications properly secure”, he comments. “On top of that, a large number of users of older, analogue systems are going to be migrating to TETRA and other digital platforms and they will need securing as well as they move out of their old ‘comfort zones’.

“In this context it’s vital to be able to consider the whole communications path as it transits through the network. The air interface to the base station might be secure – but is the base station itself physically protected? There have already, for example, been cases of activists breaking into base stations and leaving somewhat ominous graffiti.”

“This concern for the total communications environment”, Sectra’s von Post adds, “also has to extend to the end user themselves and how they use their devices in the day-to-day reality. As well as making systems hacker-proof, we also have to make them policeman- or fireman-proof ! This necessarily involves developing a deep understanding of the workers themselves.

“One particular concern here involves the complexity of configuration settings on the TETRA handsets or the PDAs and tablets that are increasingly coming into use. Finding appropriate ways to simplify and manage these remotely not only increases security, but also cuts costs in other areas such as training. Smart card based solutions have an invaluable part to play here. ”

New weaknesses

Similar emphasis on the need to take a wider perspective on security in the face of change is also emphasized by Jean-Pierre Quémard, chief security officer at Cassidian: “While P25 networks in the USA have seen evidence of hacking, TETRA remains a highly secure environment.
(中国集群通信网 | 责任编辑：陈晓亮)