Transcript Document

Security Encryption and Management
Brian Murgatroyd
Chairman:
TETRA Association Security and Fraud
Prevention Group
Agenda
 Security threats
 TETRA security features
 Overall system security measures
 Air interface security functions
 End to end encryption
 Interoperability and practical security measures
13th June 2006
TETRA Experience - Poland
Security Threats
What are the main threats to your
system?
Confidentiality?
Availability?
Integrity?
13th June 2006
TETRA Experience - Poland
Message and User Related Threats
Message threats
–
Interception
–
Eavesdropping
–
Masquerading
–
Manipulation of data.
–
Replay
User related threats
–
traffic analysis
–
observability of user
behaviour.
13th June 2006
TETRA Experience - Poland
System Related Threats
Denial of service
– Jamming
– Attacks via the IP network
to switch off the functional
boxes
– Natural disasters• fire, flood, earthquake
13th June 2006
TETRA Experience - Poland
•,
Overall TETRA Security
 Several aspects to TETRA security
–
–
–
–
13th June 2006
Technical security countermeasures
Secure Network Management and procedure
Lawful Interception
Standard algorithms
TETRA Experience - Poland
Network Security
IT security is vital in TETRA
networks
Gateways are particularly
vulnerable.
Operating staff need vetting
Firewalls required at access
points to the network
13th June 2006
TETRA Experience - Poland
TETRA security classes
 Class
Encryption
OTAR
Authentication
 1
 2
No
Static key
No
Optional
Optional
Optional
 3
Dynamic key Mandatory
13th June 2006
TETRA Experience - Poland
Mandatory
Authentication
 Used to ensure that terminal is genuine and
allowed on network.
 Mutual authentication ensures that in addition to
verifying the terminal, the SwMI can be trusted.
 Authentication requires both SwMI and terminal
have proof of secret key.
 Successful authentication permits further security
related functions to be downloaded.
13th June 2006
TETRA Experience - Poland
Authentication
Authentication Centre (AuC)
K known only to
AuC and MS
Generate RS
K
RS
TA11
KS
K
RS
KS (Session key)
RS (Random seed)
TA11
Generate RAND1
KS
RAND1
RS, RAND1
KS
RAND1
RES1
TA12
DCK
Base station
TA12
RES1
13th June 2006
XRES1
DCK1
Call
Controller
TETRA Experience - Poland
DCK1
Compare RES1 and
XRES1
Provisioning of authentication keys
 Every terminal has a unique secret key (k) which has to be
manually loaded to the terminal normally by the manufacturer
 k associated with the TEI and sent to the network provider
 Needs to be done securely and to the SFPG recommendation
01 file format
 User organization provides the ISSI-TEI which it sends to the
network provider
 K-ISSI pairs in the authentication centre can be formed
13th June 2006
TETRA Experience - Poland
Air interface encryption protection
protected
vulnerable
protected
13th June 2006
TETRA Experience - Poland
protected
standard
air interface
encryption
End-to-end
encryption
Air interface encryption
 As well as protecting voice, SDS and packet data
transmissions:
– AI encryption protects control channel messages as
well as voice and data payloads
– encrypted registration protects identities and gives
anonymity
– Protection against replay attacks using an
initialization vector derived form system timing (frame
numbering)
13th June 2006
TETRA Experience - Poland
Over The Air Re-keying (OTAR)
 Populations of terminals tend to be large and the
only practical way to change encryption keys is by
OTAR
 This is done securely by using a derived cipher key
or a session key to wrap the downloaded key
 The security functionality is transparent to the user
as the network provider would normally be
responsible for OTAR and management of AI keys
13th June 2006
TETRA Experience - Poland
Air Interface traffic keys
 Four traffic keys are used in class 3 systems: Derived cipher Key (DCK)
– derived from authentication process used for protecting uplink,
one to one calls
 Common Cipher Key(CCK)
– protects downlink group calls and ITSI on initial registration
 Group Cipher Key(GCK)
– Provides crypto separation, combined with CCK
 Static Cipher Key(SCK)
– Used for protecting DMO and TMO fallback mode
13th June 2006
TETRA Experience - Poland
Disabling of terminals
 Vital to ensure the reduction of risk of threats to system by
stolen and lost terminals
 Relies on the integrity of the users to report losses quickly
and accurately.
 Disabling may be either temporary or permanent
 Disabling stops the terminal working as a radio and:
– Permanent disabling removes all keys including (k)
– Temporary disabling removes all traffic keys but allows
ambience listening
 The network or application must be able to remember
disable commands to terminals that are not live on the
network at the time of the original command being sent.
13th June 2006
TETRA Experience - Poland
Standard air interface algorithms
 TEA1 and TEA4
– Generally exportable outside Europe. Designed for
non public safety use
 TEA2
– Only for use in Europe for public safety and military
organizations. Strictly export controlled
 TEA3
– For use by public safety and military organizations
where TEA2 is not allowed. Strictly export controlled
13th June 2006
TETRA Experience - Poland
Transfer of security parameters between
networks
 The authentication parameters (based on k) are very
sensitive and should never be sent to a visited
network
 The way forward is to provide a set of parameters
that will only be used in the visited network
 WG6 are working on a revision to the standard to
accommodate practical security functionality across
an ISI
13th June 2006
TETRA Experience - Poland
Evaluation of security mechanisms
 How can a system be judged secure?
–
–
–
–
–
13th June 2006
Evaluate threats and risks, independently if possible
Ensure correct implementation of security
Ensure mobile terminals have been evaluated
Use standard encryption algorithms
Regular audit and inspection
TETRA Experience - Poland
End to end encryption
MS
Network
Air interface security between MS and network
MS
Protects messages across
an untrusted infrastructure
Provides enhanced
confidentiality
Voice and SDS services
IP data services (soon)
End-to-end security between MS’s
13th June 2006
TETRA Experience - Poland
Benefits of end to end encryption in combination
with Air Interface encryption
 Air interface (AI) encryption alone and end to end encryption alone
both have their limitations
 For most users AI security measures are completely adequate
 Where either the network is untrusted, or the data is extremely
sensitive then end to end encryption may be used in addition as a
overlay.
 Brings the benefit of encrypting addresses and signalling as well as
user data across the Air Interface and confidentiality right across the
network
13th June 2006
TETRA Experience - Poland
Standard end to end encryption algorithms
 There are no ‘standard’ algorithms defined by SFPG but:
 IDEA was defined as a good candidate 64 bit block cipher
algorithm for use with TETRA and test data and an example
implementation was produced
 AES128 (Rijndael) was defined as a good candidate 128 bit
block cipher algorithm for use with TETRA and test data and
an example implementation was produced
 Both algorithms have proved popular with public safety
organizations and give a good level of security assurance to
sensitive data
13th June 2006
TETRA Experience - Poland
Export control of crypto material
 All cryptographic material and terminals capable of
encryption are subject to export control
 The authority has to be satisfied that the key length
and algorithms used are allowed to be exported.
 Guidance is given in the Wassenaar arrangement
www.wassenaar.org but the export control authority
must be approached in all cases
13th June 2006
TETRA Experience - Poland
Lawful interception
 In most countries public telecoms systems are
subject to lawful interception by the security
authorities
 TETRA provides a standard interface to allow this
functionality
 Operators need to check with their security
authorities whether their system needs to be
equipped with this interface
13th June 2006
TETRA Experience - Poland
Question
 What would be the main reason for using end to end
encryption for your users and is the additional
expense worth the money and additional
management bearing in mind the threats?
13th June 2006
TETRA Experience - Poland
Conclusion
 Security functions built in to TETRA from the start!
Air interface encryption protects, control traffic, IDs as
well as voice and user traffic. End to end encryption
gives higher level of assurance
 Key management comes without user overhead
because of OTAR.
13th June 2006
TETRA Experience - Poland