1 TETRA @ Your Service The Security mechanisms designed into TETRA – a refresher How do you ensure...
-
Upload
myrtle-perry -
Category
Documents
-
view
225 -
download
0
Transcript of 1 TETRA @ Your Service The Security mechanisms designed into TETRA – a refresher How do you ensure...
1
TETRA @ Your Service
The Security mechanisms designed into TETRA – a refresher
How do you ensure the solution is secure?
“Jeppe” JepsenMotorola
Threats to communication and the threats to security
• Message related threats– interception, eavesdropping, masquerading, replay,
manipulation of data
• User related threats– traffic analysis, observability of user behaviour
• System related threats– denial of service, jamming, unauthorized use of
resources
Why Tetra
Schengen
Police Corporation
Key security features of TETRA
• Authentication• Air Interface encryption• End to end Encryption
Authentication
• Authentication provides proof identity of all radio’s attempting use of the network.
• A session key system from a central authentication centre allows key storage – Secret key need never be exposed
• Authentication process derives air interface key (TETRA standard)
MS Authentication
Switch 1 Switch 2Session keys
Challenge and response from Switch
Authentication Centre
What is Air Interface Encryption?• First level encryption used to protect information over the
Air Interface– Typically software implementation
• AIE is System Wide• 3 different Classes
– Class 1
No Encryption, can include Authentication– Class 2
Static Cipher Key Encryption, can include Authentication– Class 3
Dynamic Cipher Key Encryption
Requires Authentication
TETRA Air Interface Encryption
OperationalInformation
ClearClearAirAir
Interface!Interface!
• The air interface was considered vulnerable.
• Network fixed links are considered difficult to intercept.
• Air Interface encryption was designed to make the air interface as secure as the fixed line connection
Dimetra Air Interface Encryption
• Full Implementation of AIE– Authentication– Static Cipher Key– Common Cipher Key– Derived Cipher Key– Group Cipher Key– Modified Group Cipher Key– TEA 1, 2, 3 and TEA 4 algorithms
• Authentication Centre• Key Management Centre• Key Loader for key distribution
Infrastructure
Air Interface Encryption - the KeysClear audioDCK1
DCK2MS2
MS1
A
MS6 MS7SCK
SCK, CCK and MGCK controlled by System Owner
DCK Generated through Authentication Process
MS8 MS9SCK
Dispatcher 1MS3
DCK3
B
MS4
Group 1
MGCKB
MS5
MGCKC
C
The importance of Air Interface encryption• Many threats other than eavesdropping
– traffic analysis, observance of user behaviour
• Strong authentication • AI protects control channel messages as well
as voice and data payloads• encrypted registration protects ITSIs• End to end encryption if used alone is much
weaker (it only protects the payload)
Standardised end to end in TETRA
• Many organisations want their own algorithm– Confidence in strength
– Better control over distribution
• ETSI Project TETRA provides standardised support for end to end Encryption– To give TETRA standard alternative to proprietary offerings and
technologies
• TETRA MoU – Security and fraud Protection Group– Provides detailed recommendation on how to implement end to end
encryption in TETRA
– Provides sample implementation using IDEA and AES128
Confidentiality Solutions – Air interface encryption
• Should provide security equivalent to the fixed network
• There are several issues of trust here– Do I trust that the AIE has been implemented properly– Do I trust the way that the network (or radio) stores keys– Do I trust the fixed network itself
• A strong AIE implementation and an evaluated network can provide essential protection of information
• An untested implementation and network may need reinforcing, for example with end to end encryption
Processes for accreditation
KEYLOAD PROCESS• Protect National Security
– Key load in country of use – Key load by security cleared nationals – Remove keys from radios sent abroad for repair
• Key Load encrypted– keys cannot be read while being programmed
• Customer Friendly– Keys can be programmed “In Vehicle” (& away from
secure area)• Accurate
– Audit logs of key distribution• “In Country” Key Generation• Secure Storage
HANDLING PROCESSES• Set Up Issues
– Getting from the Organization Chart to planning secure communications
– Getting the system setup properly– Introducing new units and new secure communications groups
• Key Material Delivery Issues– Getting the right encryption keys into the right radio– Ensuring the security of key storage and distribution– Accomplishing fast, efficient periodic rekeying– Verifying readiness to communicate– Avoiding interruptions of service
• Security Management Issues– Dealing with compromised or lost units– Integrating with key material distribution process– Audit control, event archival, and maintaining rekeying history– Controlling access to security management functions
PERSONNEL PROCESSES• Ensure personnel are adequately cleared and trained
• Where do they live• Criminal records• Experience in secure environment• Signed relevant agreements• Procedures for security breaches
CONNECTION PROCESSES• Connected networks
– Security levels– Assurance requirements– Barriers– Own operating procedures– Virus protection
…..and more.
REPORTING PROCESSES• Stolen radio reporting• Radio disabling procedures• Radio key erasure procedures• Intrusion detection reporting and response• Attack detection and correlation
Assuring your security solution
• Evaluation of solutions should be by a trusted independent body
• Who?– Manufacturer?
Vested interest
Blindness to own weaknesses– End user
Do you have the skills?
Assuring your security solution• Government
– Closest to own requirements and solutionsSets the rules as well as tests them Can lead to changing requirements as threats change
• Third party evaluation house– Need to ensure you can trust them– Proven capability, references, experience in the field– Can have more bandwidth than government
• Typically evaluation of crypto solutions is undertaken by a government body, assurance of the rest of the network by a reputable company, but the accreditator has to be a member of the end user organisation– Who else can be allowed to accept the risks?
And if you don’t have this capability?• Look for suppliers with track record and
reputation • Look for validations of an equivalent
solution elsewhere• Get some expert help on processes and
procedures
Finally….cost• Evaluation can be extremely expensive – how
to get best value for money?– Stable requirements– Understanding the context– Strong implementations
• It can be cheaper to spend more putting in a strong solution than the evaluation cost of a cheap solution!
Proof for large lock
Proof for small lock
Does the government get good value?• How much do you value national
security?• Do you understand the cost of security
measures vs the cost of compromise?• Can you afford to risk doing nothing?
Essentials of a secure system• A strong standard• A good
implementation• Experienced
supplier• Trusted evaluation
Standard
EVALUATED
Example accreditation issue
• Your microwave link passes over a university with an MSc course in security
SwitchSiteUniversity
Cryptanalysis Department
Security and Fraud Prevention Group – a TETRA MoU body
• REC 02 – Framework for End to end Encryption and key Mangement
• REC 03 – TETRA Threat Analysis• REC 04 – Implementation and use of
TETRA Security Features