With the privacy of communications very much in the news recently, Trevor Evans, chairman of the TETRA Association’s Security and Fraud Protection Group (SFPG), takes a look at why TETRA is considered the most secure radio system on the market today The TETRA standard specifies a large number of air interface security features. However, it stipulates only that security measures should be in place – i.e. an authentication mechanism between the mobile equipment and the TETRA infrastructure, and encryption of the information being transferred. The standard does not specify how and when to implement these features, or how to store and distribute security keys in a safe way. This is less of a problem when only one manufacturer and one network is involved. Where a number of different manufacturers supply equipment for the same TETRA system, it is necessary to make agreements in order to ensure interoperability. The SFPG’s work and recommendations help to ensure that the security implementations in systems supplied by different equipment manufacturers are compatible, and that the many TETRA security features are optimally implemented and securely used. TETRA is designed to meet the needs of many professional markets including public safety, transport, commercial, industrial, and major event management, and therefore includes a suite of security solutions to allow the needs of each of these markets to be addressed. TETRA standards are available for Trunked Mode Operation (TMO), where Mobile Stations (MSs) – mobile and handheld radios – operate in conjunction with a network. There are also standards for Direct Mode Operation (DMO) where radios communicate directly with each other without the use of a network. The main elements of TETRA system security are explained here. Authentication and key management The first major security element is authentication, which is used to prove the identity of two parties – in this case, the TETRA network and MS. These share a common, secret authentication key which is stored securely in the MS and in the centralized Authentication Centre (AuC) of the network. The process of ‘proving identity’ does not allow the key to be sent over the air interface, where it would be vulnerable to eavesdropping. Instead, a challenge-response protocol is used, where one party generates a random number and requires that the other party generates the result of a calculation using a standard TETRA authentication algorithm. To avoid using the secret key directly, a session key is first generated by the AuC from the secret key, followed by a further random seed. It is this random seed that is passed to the radio as part of the transaction. The authentication protocol allows either party to authenticate the other. The strongest solution is to use a mutual authentication protocol where both parties authenticate each other as part of the same transaction. An output of the authentication exchange is a Derived Cipher Key, which is used for encryption of individually addressed transmissions sent between the MS and the network. There are several types of encryption key, and the TETRA standard incorporates Over The Air Rekeying (OTAR) protocols for transmitting these keys securely over the air interface. Until recently, the security standard concentrated on the key management aspects of single TETRA systems. However the Inter-System Interface (ISI), which connects multiple TETRA systems together, has increasing focus and the latest work within ETSI TC TETRA WG6 was to expand the key management mechanisms to provide a secure means of sharing key material over the ISI between two trusted networks. Air Interface Encryption The second major security element to consider is Air Interface Encryption. This protects information sent between the network and MSs to prevent eavesdropping over the radio link. Apart from some basic synchronization information sent by the network, air interface encryption encrypts all information – user speech and data, signalling and identities – and can also encrypt most of the broadcast information required by an MS, once it has successfully registered and authenticated to the network. End-to-end voice encryption The end-to-end encryption process operates both in Trunked Mode and Direct Mode. The detailed implementation is specified within SFPG Recommendation 02. It provides solutions for both speech encryption and key management, including an Over The Air Key management (OTAK) solution. The term OTAK is used for the end-to-end encryption key management solution to distinguish it from the OTAR solution used for air interface encryption. The end-to-end encryption solution should be transparent to the TETRA system. The key management solution has been designed to use the Short Data Service as a bearer for OTAK messages. This means that end-to-end encryption can be operated and managed by an end user community without influence by the network operator. The OTAK system provides key material to MSs, but also provides the necessary security associations to configure the keys used by the MS for calls to different destinations. Secure means of erasing keys and disabling the end-to-end functionality of the MS are also included.
|