SFPG Recommendation 02 is designed to be a framework specification to allow different algorithms to be used according to the choice of the end user community. Annexes contain fully-worked sample solutions and related test data.

Work within the SFPG has extended Recommendation 02 to provide mechanisms that enable an MS to contain multiple, different, end-to-end encryption algorithms to allow interoperation between different groups, where those groups have adopted different encryption algorithms for normal use. This allows the end-to-end encryption solution to be fully used in international interoperability situations.

SFPG Recommendation 08 has been written to describe an implementation of end-to-end encryption functions using a Smart Card.

End-to-end data encryption

The SFPG has also provided end-to-end encryption solutions for TETRA data. The first work provided a solution for end-to-end encrypted Short Data, and this is described in SFPG Recommendation 07. The solution is designed to be compatible with the speech encryption solution described in Recommendation 02, and uses the same key management mechanisms.

A solution has also been designed for encrypted IP packet data, and this is described in SFPG Recommendation 11. It uses techniques from standard IP Security (IPSEC) specifications so that encryption can be applied at any point in a data network, and can remain compatible with standard IP transport. Recommendation 11 also uses the mechanisms described in SFPG Recommendation 02 for key management, together with some extra signalling messages which are required for data security associations.

Direct Mode security

There is no explicit authentication mechanism in Direct Mode Operation (DMO) because, to achieve this, every DMO MS would need to share some secret with every other MS. Therefore implicit authentication, as well as confidentiality, is achieved by encrypting transmissions with a common Static Cipher Key (SCK).

Classes 2A and 2B allow pre-emption of a transmitting MS by a third party who does not have the key that the transmitting MS is using. Class 2C requires an MS attempting to pre-empt a transmission to hold the same key.

Key management for air interface encryption DMO SCKs can be carried out by the TMO system, so that automatic key management can also apply in DMO. The key management system has been designed to avoid losing communications when key changes take place. In this case three keys are associated with each DMO communication group, intended for use as a ‘previous key’, ‘current key’ and ‘future key’. An MS always transmits on its ‘current key’, but can receive on any of the three. Therefore each MS can always receive transmissions sent by the other provided all MSs receive the current set of keys before the keys are changed again.

End-to-end encryption can also be used in DMO, using the same specifications as TMO.

The Security and Fraud Protection Group (SFPG) is an independent group of the TETRA Association dealing with security and fraud prevention issues. Development of the TETRA security standard is the responsibility of ETSI’s TETRA Working Group 6.

The SFPG has defined a framework for end-to-end security that is flexible enough to address the needs of all users and their security policies.

Even in the case of TETRA, which is currently the most secure standard for mobile communication, new developments can bring new challenges for hackers and defrauders. The composition of the SFPG, which brings together manufacturers, operators and users, provides a platform not only to keep track of current developments, but to stay one step ahead of attackers