Transcript BRA06session3

TETRA Experience 2006
Sao Paulo
July 18th 2006
TETRA Security Encryption and
Management
Ramón Montañez
Agenda
 Security threats
 TETRA security features
 Authentication
 Air interface Encryption
 End to End encryption
 Practical security measures
July 18-19, 2006
TETRA Experience - Brazil
What we want to achieve with Security
 Confidentiality
– No one can eavesdrop on what we are saying
 Integrity
– The information gets there completely intact
 Availability
– Communications are possible where and when
they are needed
 Authenticity
– The people we are talking to are the right people
– The wrong people can’t try and join us
July 18-19, 2006
TETRA Experience - Brazil
Threats to communication and the
threats to security
 Message related threats
– interception, eavesdropping, masquerading, replay,
manipulation of data
 User related threats
– traffic analysis, observability of user behavior
 System related threats
– denial of service, jamming, unauthorized use of resources
July 18-19, 2006
TETRA Experience - Brazil
Network Security
IT security is vital in TETRA
networks
Gateways are particularly
vulnerable.
Operating staff need vetting
Firewalls required at access
points to the network
July 18-19, 2006
TETRA Experience - Brazil
Key Definitions of TETRA Security
– Authentication - ensures only valid subscriber units have
access to the system and subscribers will only try and
access the authorized system
– Air Interface Encryption – protects all signaling, identity and
traffic across the radio link
– End-to-End Encryption
protects information as it
passes through the
system
Dispatcher
Base Station
Infrastructure
“????”
“XYZ”
1. Authentication
3. EndEnd-toto-End Encryption
2. Air Interface Encryption
July 18-19, 2006
TETRA Experience - Brazil
Authentication
 Used to ensure that terminal is genuine and
allowed on network.
 Mutual authentication ensures that in addition to
verifying the terminal, the SwMI can be trusted.
 Authentication requires both SwMI and terminal
have proof of secret key.
 Successful authentication permits further security
related functions to be downloaded.
July 18-19, 2006
TETRA Experience - Brazil
Authentication Center
Authentication
Challenge
Session keys
Calculated Response
Switch
Mutual Challenge
MS
Secret keys
Calculated Response

Authentication provides proof identity of all radios attempting use of the network

Radio can authenticate the network in turn, protects against ‘fake base stations’ etc

A session key system from a central authentication centre allows highly secure key storage
–

Secret key need never be exposed
Authentication process derives air interface key (TETRA standard) – automatic key changing!
July 18-19, 2006
TETRA Experience - Brazil
Radio Security Provisioning And Key
Storage

TETRA MoU SFPG Recommendation 01 provides a standardized format for
importing authentication and other air interface encryption keys

Use of Recommendation 01 files will allow multi vendor terminal supply

Separation of logical key programming step from factory can allow all keys to be
loaded in country
–
Meets national security requirements
SCK, GCK etc…
Factory
Standardized format
Imports key material
from any vendor
TEI
TETRA
SwMI
TEI
Key
Programming
July 18-19, 2006
AuC
K
K, TEI
TETRA Experience - Brazil
What is Air Interface Encryption?
 First level encryption used to protect information over the Air
Interface
– Typically software implementation
– Protects almost everything – speech, data, signaling, identities…
 Class
Encryption
OTAR
Authentication
 1
 2
No
Static key
No
Optional
Optional
Optional
 3
Dynamic key Mandatory
July 18-19, 2006
TETRA Experience - Brazil
Mandatory
The purpose of Air Interface Encryption
 Network fixed links are considered difficult to intercept.
 The air interface was considered vulnerable.
 Air Interface encryption was designed to make the air interface
comparably as secure as the fixed line connection
Operational
Information
Clear
Air
Interface!
July 18-19, 2006
TETRA Experience - Brazil
Air Interface traffic keys
 Four traffic keys are used in class 3 systems: Derived cipher Key (DCK)
– derived from authentication process used for protecting uplink,
one to one calls
 Common Cipher Key (CCK)
– protects downlink group calls and ITSI on initial registration
 Group Cipher Key (GCK)
– Provides crypto separation, combined with CCK
 Static Cipher Key (SCK)
– Used for protecting DMO and TMO fallback mode
July 18-19, 2006
TETRA Experience - Brazil
Standard air interface algorithms
 TEA1 and TEA4
– General use including public safety
 TEA2
– Europe public safety and military organizations only.
 TEA3
– For use by public safety and military organizations
outside of Europe.
July 18-19, 2006
TETRA Experience - Brazil
Over The Air Re-keying (OTAR)
 Populations of terminals tend to be large and spread
over wide areas so the only practical way to change
encryption keys is by OTAR
 This is done securely by using a derived cipher key
or a session key to wrap the downloaded key
 The security functionality is transparent to the user
as the network provider would normally be
responsible for OTAR and management of AI keys
July 18-19, 2006
TETRA Experience - Brazil
End to end encryption in TETRA
 ETSI Project TETRA provides standardized support for end to end
Encryption
– ETSI EN302109 contains specific end to end specification
– Ensures TETRA provides a standard alternative to proprietary offerings
and technologies
– Ensures compatibility between infrastructures and terminals
 Many organizations want their own algorithm
– Confidence in strength
– Better control over distribution
 TETRA MoU – Security and fraud Protection Group (SFPG)
– Provides detailed recommendation on how to implement end to end
encryption in TETRA
 The result – Standardization and compatibility, with
choice of algorithm
– A big strength of TETRA
July 18-19, 2006
TETRA Experience - Brazil
Standard end to end encryption algorithms
 There are no ‘standard’ algorithms defined by SFPG but:
 IDEA was defined as a good candidate 64 bit block cipher
algorithm for use with TETRA and test data and an example
implementation was produced
 AES128 (Rijndael) was defined as a good candidate 128 bit
block cipher algorithm for use with TETRA and test data and
an example implementation was produced
 Both algorithms have proved popular with public safety
organizations and give a good level of security assurance to
sensitive data
July 18-19, 2006
TETRA Experience - Brazil
End To End Encryption
‘Standardization’
 TETRA MoU SFPG Recommendation 02
–
–
–
–
Framework for end to end encryption
Recommended synchronization method for speech calls
Protocol for Over The Air Keying
Sample implementations including algorithm mode and key
encryption
– DOES NOT specify implementation – can be implemented
with module, software, SIM card etc..
– DOES NOT provide module interface specification
July 18-19, 2006
TETRA Experience - Brazil
Related Recommendations
 TETRA MoU SFPG Recommendation 01
– Key transfer specification
– Currently being updated to include end to end encryption
key import formats
 TETRA MoU SFPG Recommendation 07
– Short data service encryption
 TETRA MoU SFPG Recommendation 08
– Framework for dividing encryption functionality between a SIM
(smartcard) and a radio
– No defined bit level interface (export control issue)
 TETRA MoU SFPG Recommendation 11
– IP Packet data encryption
– Work in process
– Will provide a suitable means for high security packet data encryption,
with commonality with voice encryption
July 18-19, 2006
TETRA Experience - Brazil
Implementing TETRA security
 TETRA security measures are by no means the complete
picture
 How well they are implemented – and how the
implementation is evaluated is critical
 The rest of the network – what else connects to TETRA –
is equally important
 The operational process and procedures equally provide
countermeasures to the threats
Link
Landline
July 18-19, 2006
TETRA
Network
TETRA Experience - Brazil
Other
Networ
k Other
Networ
k Other
Networ
k
Implementation considerations –
Air Interface Encryption
 AIE should provide security equivalent to the fixed network
 There are several issues of trust here
– Do I trust that the AIE has been implemented properly?
– Does AIE always operate (during registration, in fallback modes
etc)?
– Do I trust the way that the network (or radio) stores keys?
– Do I trust the fixed network itself or can someone break in?
 A strong AIE implementation and an evaluated network can
provide essential protection of information
 An untested implementation and network may need reinforcing,
for example with end to end encryption
July 18-19, 2006
TETRA Experience - Brazil
Benefits of end to end encryption in combination
with Air Interface encryption
 Air interface (AI) encryption alone and end to end encryption alone
both have their limitations
 For most users AI security measures are completely adequate
 Where either the network is untrusted, or the data is extremely
sensitive then end to end encryption may be used in addition as a
overlay.
 Brings the benefit of encrypting addresses and signalling as well as
user data across the Air Interface and confidentiality right across the
network
July 18-19, 2006
TETRA Experience - Brazil
Disabling of terminals
 Vital to ensure the reduction of risk of threats to system by
stolen and lost terminals
 Relies on the integrity of the users to report losses quickly
and accurately.
 Disabling may be either temporary or permanent
 Disabling stops the terminal working as a radio and:
– Permanent disabling removes all keys including (k)
– Temporary disabling removes all traffic keys but allows
ambience listening
 The network or application must be able to remember
disable commands to terminals that are not live on the
network at the time of the original command being sent.
July 18-19, 2006
TETRA Experience - Brazil
Useful Recommendations
 TETRA MoU SFPG Recommendation 03 – TETRA threat
analysis
– Gives an idea of possible threats and countermeasures
against a radio system
 TETRA MoU SFPG Recommendation 04 – Implementing
TETRA security features
– Provides guidance on how to design and configure a TETRA
system
 Both documents are restricted access requiring Non
Disclosure Agreement with SFPG
July 18-19, 2006
TETRA Experience - Brazil
Assuring your security solution
 There are two important steps in assuring the security of
the solution:
Evaluation and Accreditation
 Evaluation of solutions should be by a trusted independent
body
– Technical analysis of design and implementation
 Accreditation is the continual assessment of risks
– Assessment of threats vs. solutions
• Procedural and technical solutions
– Should be undertaken by end user representative and/or
their government national security organization
July 18-19, 2006
TETRA Experience - Brazil
Maximizing cost effectiveness
 Evaluation can be extremely expensive – how to get best value
for money?
 Establish the requirements in advance
– as far as they are known – security is always a changing
requirement!
 Look for suppliers with track record and reputation
 Look for validations of an equivalent solution elsewhere
 Consider expert help on
processes and procedures
July 18-19, 2006
TETRA Experience - Brazil
What security level do you want?
TETRA Class 1
TETRA Class 2
TETRA Class 3
TETRA w/ E2E algorithm on Smart Card
TETRA w/ E2E SW algorithm in radio
TETRA w/ E2E hardware solution
TETRA is @ your Service
July 18-19, 2006
TETRA Experience - Brazil
Thank You
www.Tetramou.com
www.ETSI.org
www.Motorola.com/Tetra
[email protected]
July 18-19, 2006
TETRA Experience - Brazil
TETRA Experience 2006
Sao Paulo
July 18th 2006
TETRA Data Services & Applications
Ole Arrhenius
TETRA Experience Sao Paulo,
18.-19.7.2006
Contents
Basic data services in TETRA
The concern about data speed
TETRA data applications,
examples
Wireless Application Protocol,
WAP
Towards higher data speeds
Conclusions
Basic data services in TETRA
4 channels
Status messages
– efficient, real time
Short Data Service, SDS
– text messaging +
application platform
IP packet data
– advanced applications,
opens the world of Intranet
and Internet connectivity
Circuit mode data
– for specialized applications,
rarely used
1 2
3 4
36 kbits/s
gross bit
rate
Carrier
Status messages
Data sent as 16 bit numeric values
32768 values free for use, the rest
reserved for system use
Converted into text in the receiving
terminal or workstation
Fast and efficient
Easy to use
Sent over control channel, do not load
traffic channels
Short Data Service
Four SDS-types specified by TETRA standard:
SDS-1, SDS-2, SDS-3 and SDS-4 TL
SDS-1, -2 and -3 are fixed length (16, 32, 64
bits)
SDS-4 TL is variable length (max 1278 bits).
Protocol identifier defines how SDS-4 is
used, most typical use is text messaging
(140/160 chars) and AVL
Data sent over control channel or traffic
channel (simultaneous voice and data)
Text entry using the keypad of the phone,
single device for voice and data
Hello, I will be
back in the
ioffice in 15
minutes. I will
call you then.
John
OK
MM05 11:28
p12553: VIPs
arriving in 5
minutes at gate
23, prepare
security and
transport.
OK
IP-packet data
Similar to the GPRS service in
GSM networks
Enables advanced data
applications
Enables Intranet and Internet
connectivity
Excellent application platform
Uses traffic channel, single slot
or multiple time slots
TETRA data services enable a wide range of
applications
Database access
Image communications
Intranet/internet access
Reporting
e-mail, calendar
Workforce management
CC&C system integration
File transmission
Information push, alarm
distribution
Information pull
Control and monitoring, telemetry
TETRA fullfils 95% of daily data needs
Fundamental daily services 95%
Data speed
Multimedia services
Internet/intranet access
TETRA
GPRS
EDGE
3G
< 28 kbps
< 40kbps
< 160kbps
< 1Mbps
Text,
images
Text,
images
Text,
images,
video
Text,
images,
video
Yes
Yes
Yes
Yes
Complementing non-critical
services 5%
Complementary wireless data services can be used to
complement non-critical data services, if necessary
The concern of data speed
Single slot IP packet data provides approximately 3 … 4 kbps payload
Multislot data increases performance but has side effects
– Increased power consumption in handsets
– Decreases voice capacity
Robust basic data services more important than extreme speeds
especially in public safety
Majority of daily data services consist of low data volume database
queries in the range of 0.5 … 10 kB per transaction
Smart applications are more important than the raw data speed,
bloated applications will eat available bandwidth, no matter how
much bandwidth is available
The concern of data speed, example
• Original photo image taken with a digital
camera. Original size is 1600x1200 and
file size 1MByte
• Pixel size of a TETRA handheld terminal
typically 100 x 130 pixels
• Compression and optimization for
100x130 pixel screen shrinks the 1MByte
image into 7 kilobytes
100 x 130 x 16 (colour) = 26 kBytes
With further optimisation and
compression from 26 kB to 7 kB
Optimized for
handportable radio’s
screen 7 kB
Example of an integrated, smart application
• Police field command
application using AVL,
on-board databases,
status messaging, text
messages and IP packet
data
• Minimizes over-the-air
data, yet very graphics
intensive and informative
On screen AVL map with touch screen
action buttons …
F1
Show
F2
Report/His
F3
Status
POKE/K1
F4
F5
F6
F7
F8
Maps/AVL Messages Equipment Forms/En
Setup
812
Free
On the way
813
At scene
Transport
Not in car
Car chase
Off-duty
ZOOM
+
811
814
ZOOM
-F9
MOB
Send only the necessary information over the air
Keep high volume, ‘static’ data (maps, images, floorplans of
buildings) in onboard databases
Update static data at the station using fixed LAN or WLAN
Over the air information is typically low volume:
– Location information
– Status of field units
– Text messaging
– Compressed images
More examples of applications using
TETRA data services
Automatic Vehicle/Person Location, AVL / APL
Integrated GPS in new terminals
Position of every unit in real time
– Location shown on GIS at
Command and control room
TETRA SDS or TETRA IP can be used
to deliver location information
New ETSI LIP standard for compact
SDS location information, 76 bits
instead of about 200 bits
Image communication
”One picture paints thousand words”
TETRA IP one slot packet data is sufficient
for image transmission
Image compression technologies reduce
data volumes for fast transmission, e.g.
JPEG2000
Retrieve images from a database (pull)
Send images from command and control
centre (push)
Increases efficiency and officer safety
Wireless Application Protocol (WAP)
Specified to create a global protocol to work across differing wireless
network technologies
WAP offers bearer independence HOME
ccessAllows
rapidly
with WAP
in TETRA
applications
developed
to work across TETRA and GSM and
GPRS
Optimised for the constraints of handheld devices
Application Portal
2. Locate
3. Mail
4. Report
5. Search
Link
Menu
WAP Server
What about the future ?
TETRA High Speed Data
TETRA high speed data is part of
TETRA 2 standardization
TETRA HSD will complement the
current TETRA services with
higher data speeds
User experience comparable to
GPRS/EDGE
Very spectrum-efficient
Adapts its speed (modulation) when
necessary
Development continues
Next …
TETRA High Speed Data
Evolution
Java
Multi-slot packet data
Situation
awareness
Integrated GPS
Colours
Advanced location
applications
Image
communication
Time
Summary
TETRA provides a rich set of basic and advanced
data services
Data applications complement TETRA voice
services
IP over TETRA is a solid and robust platform for
data applications
Accessing data from the field opens totally new
opportunities for public safety and other user
segments
Data speed in TETRA IP cover the majority of
current needs
TETRA Experience 2006
Sao Paulo
July 18th 2006