TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization.
-
Upload
clifford-fisher -
Category
Documents
-
view
213 -
download
0
Transcript of TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization.
TWC 2005 FrankfurtTWC 2005 Frankfurt 11
INTRODUCTION TO TETRA INTRODUCTION TO TETRA SECURITYSECURITY
Brian MurgatroydBrian MurgatroydUK Police IT OrganizationUK Police IT Organization
TWC 2005 FrankfurtTWC 2005 Frankfurt 22
AgendaAgenda Threats to systemsThreats to systems Network SecurityNetwork Security Overview of standard TETRA security featuresOverview of standard TETRA security features
– Authentication Authentication – Air interface encryption Air interface encryption – Key ManagementKey Management– Terminal DisablingTerminal Disabling– DMO securityDMO security
End to End EncryptionEnd to End Encryption
TWC 2005 FrankfurtTWC 2005 Frankfurt 33
Security ThreatsSecurity Threats
What are the main threats to What are the main threats to
your system?your system?
Confidentiality?Confidentiality?
Availability?Availability?
Integrity?Integrity?
TWC 2005 FrankfurtTWC 2005 Frankfurt 44
Message and User Related ThreatsMessage and User Related Threats Message threats
– Interception
– Eavesdropping
– Masquerading
– Manipulation of data.
– Replay
User related threats
– traffic analysistraffic analysis – observability of user behaviour.observability of user behaviour.
TWC 2005 FrankfurtTWC 2005 Frankfurt 55
System Related ThreatsSystem Related Threats
TWC 2005 FrankfurtTWC 2005 Frankfurt 66
Network SecurityNetwork Security
IT security is vital in TETRA networks
Gateways are particularly vulnerable.
Operating staff need vetting
TWC 2005 FrankfurtTWC 2005 Frankfurt 77
TETRA Communications SecurityTETRA Communications Security
Security is not just encryption!Security is not just encryption! Terminal AuthenticationTerminal Authentication User logon/AuthenticationUser logon/Authentication Stolen Terminal DisablingStolen Terminal Disabling Key Management with minimum overheadKey Management with minimum overhead All the network must be secure, particularly All the network must be secure, particularly
with a managed systemwith a managed system
TWC 2005 FrankfurtTWC 2005 Frankfurt 88
User authentication (aliasing)User authentication (aliasing) Second layer of securitySecond layer of security Ensures the user is associated with terminalEnsures the user is associated with terminal User logon to network aliasing serverUser logon to network aliasing server log on with Radio User Identity and PINlog on with Radio User Identity and PIN Very limited functionality allowed prior to log onVery limited functionality allowed prior to log on Log on/off not associated with terminal Log on/off not associated with terminal
registrationregistration Could be used as access control for applications Could be used as access control for applications
as well as to the Radio systemas well as to the Radio system
TWC 2005 FrankfurtTWC 2005 Frankfurt 99
AuthenticationAuthentication
Used to ensure that terminal isUsed to ensure that terminal is genuine and genuine and
allowed on network.allowed on network.
Mutual authentication ensures that in addition Mutual authentication ensures that in addition
to verifying the terminal, the SwMI can be to verifying the terminal, the SwMI can be
trusted.trusted.
Authentication requires both SwMI and Authentication requires both SwMI and
terminal have proof of secret key.terminal have proof of secret key.
Successful authentication permits further Successful authentication permits further
security related functions to be downloaded.security related functions to be downloaded.
TWC 2005 FrankfurtTWC 2005 Frankfurt 1010
AuthenticationAuthentication
Authentication Centre (AuC)
CallController
TA11
K RS
KS
Generate RS
KS (Session key)RS (Random seed)
TA12
KS RAND1
XRES1 DCK1
Generate RAND1
Compare RES1 and XRES1
TA11
TA12
K RS
KS RAND1
RES1 DCK1
RS, RAND1
RES1
EBTS
DCK
K known only to AuC and MS
TWC 2005 FrankfurtTWC 2005 Frankfurt 1111
Encryption ProcessEncryption Process
Clear data inClear data in Encrypted data out Encrypted data out
Key Stream Generator (TEA[x])
Initialization Vector (IV)
A BCDE F G H y 4 M v # Q t q c
Traffic Key (X)CK
Key Stream Segments
Combining algorithm (TB5)
I
CN
LA
CC
TWC 2005 FrankfurtTWC 2005 Frankfurt 1212
Air Interface traffic keysAir Interface traffic keys
Four traffic keys are used in class 3 systems:-Four traffic keys are used in class 3 systems:- Derived cipher Key (DCK)Derived cipher Key (DCK)
– derived from authentication process used for protecting derived from authentication process used for protecting uplink, one to one callsuplink, one to one calls
Common Cipher Key(CCK)Common Cipher Key(CCK)– protects downlink group calls and ITSI on initial registrationprotects downlink group calls and ITSI on initial registration
Group Cipher Key(GCK)Group Cipher Key(GCK)– Provides crypto separation, combined with CCKProvides crypto separation, combined with CCK
Static Cipher Key(SCKStatic Cipher Key(SCK))– Used for protecting DMO and TMO fallback modeUsed for protecting DMO and TMO fallback mode
TWC 2005 FrankfurtTWC 2005 Frankfurt 1313
DMO SecurityDMO Security
Implicit AuthenticationStatic Cipher keysNo disabling
TWC 2005 FrankfurtTWC 2005 Frankfurt 1414
TMO SCK OTAR schemeTMO SCK OTAR scheme
Key Management Centre
SwMI
TWC 2005 FrankfurtTWC 2005 Frankfurt 1515
Key Overlap scheme used for DMO SCKsKey Overlap scheme used for DMO SCKs
The scheme uses Past, Present and Future versions of an SCK.The scheme uses Past, Present and Future versions of an SCK. System RulesSystem Rules
– Terminals may only transmit on their Present version of the Terminals may only transmit on their Present version of the key.key.
– Terminals may receive on any of the three versions of the Terminals may receive on any of the three versions of the key.key.
This scheme allows a one key period overlap.This scheme allows a one key period overlap.
Past Present Future
Receive
Transmit
TWC 2005 FrankfurtTWC 2005 Frankfurt 1616
Disabling of terminalsDisabling of terminals
Vital to ensure the reduction of risk of threats to Vital to ensure the reduction of risk of threats to system by stolen and lost terminalssystem by stolen and lost terminals
Relies on the integrity of the users to report losses Relies on the integrity of the users to report losses quickly and accurately.quickly and accurately.
Disabling may be either temporary or permanentDisabling may be either temporary or permanent Permanent disabling removes all keys including (k)Permanent disabling removes all keys including (k) Temporary disabling removes all traffic keys but Temporary disabling removes all traffic keys but
allows ambience listeningallows ambience listening
TWC 2005 FrankfurtTWC 2005 Frankfurt 1717
End to end encryptionEnd to end encryption
End-to-end security between MS’s
Network MS
Air interface security between MS and network
MS
Protects messages Protects messages across an untrusted across an untrusted infrastructureinfrastructure
Provides enhanced Provides enhanced confidentialityconfidentiality
Voice and SDS servicesVoice and SDS services IP data services (soon)IP data services (soon)
TWC 2005 FrankfurtTWC 2005 Frankfurt 1818
Key management for end to end Key management for end to end encryptionencryption
SwMI
SDS Router
Firewall
Key management
Centre
End to end encrypted terminals
TWC 2005 FrankfurtTWC 2005 Frankfurt 1919
Benefits of end to end encryption in Benefits of end to end encryption in combination with Air Interface encryptioncombination with Air Interface encryption
Air interface (AI) encryption alone and end to end encryption Air interface (AI) encryption alone and end to end encryption alone both have their limitationsalone both have their limitations
For most users AI security measures are completely adequateFor most users AI security measures are completely adequate Where either the network is untrusted, or the data is Where either the network is untrusted, or the data is
extremely sensitive then end to end encryption may be used extremely sensitive then end to end encryption may be used in additionin addition
Brings the benefit of encrypting addresses and signalling as Brings the benefit of encrypting addresses and signalling as well as user data across the Air Interface and confidentiality well as user data across the Air Interface and confidentiality right across the networkright across the network
TWC 2005 FrankfurtTWC 2005 Frankfurt 2020
ConclusionsConclusions
Security functions built in to TETRA Security functions built in to TETRA from the start!from the start!
User friendly and transparent key User friendly and transparent key management.management.
Air interface encryption protects, Air interface encryption protects, control traffic, IDs as well as voice control traffic, IDs as well as voice and user traffic.and user traffic.
Key management comes without Key management comes without user overhead because of OTAR.user overhead because of OTAR.