Transcript Dubai04_5_TETRA_Security
TETRA @ Your Service
The Security mechanisms designed into TETRA – a refresher How do you ensure the solution is secure?
“Jeppe” Jepsen Motorola
1
Threats to communication and the threats to security
• Message related threats
–
interception, eavesdropping, masquerading, replay, manipulation of data • User related threats
–
traffic analysis, observability of user behaviour • System related threats
–
denial of service, jamming, unauthorized use of resources
Why Tetra Schengen Police Corporation
Key security features of TETRA • Authentication • Air Interface encryption • End to end Encryption
Authentication
Authentication Centre Session keys Switch 1 Switch 2 Challenge and response from Switch MS Authentication • Authentication provides proof identity of all radio’s attempting use of the network.
• A session key system from a central authentication centre allows key storage
–
Secret key need never be exposed • Authentication process derives air interface key (TETRA standard)
What is Air Interface Encryption
?
• First level encryption used to protect information over the Air Interface
–
Typically software implementation • AIE is System Wide • 3 different Classes
–
Class 1
– – No Encryption, can include Authentication
Class 2
Static Cipher Key Encryption, can include Authentication
Class 3
Dynamic Cipher Key Encryption Requires Authentication
TETRA Air Interface Encryption • Network fixed links are considered difficult to intercept.
• The air interface was considered vulnerable.
• Air Interface encryption was designed to make the air interface as secure as the fixed line connection Operational Information Clear Air Interface!
Dimetra Air Interface Encryption • Full Implementation of AIE
– – – – – –
Authentication Static Cipher Key Common Cipher Key Derived Cipher Key Group Cipher Key Modified Group Cipher Key
–
TEA 1, 2, 3 and TEA 4 algorithms • Authentication Centre • Key Management Centre • Key Loader for key distribution
Air Interface Encryption - the Keys MS1 DCK1 Clear audio MS2 DCK2 A MS3 MS8 DCK3 SCK MS6 SCK MS7
Infrastructure
Dispatcher 1 C MS9 B MGCKB MS4 MGCKC MS5 Group 1
SCK, CCK and MGCK controlled by System Owner DCK Generated through Authentication Process
The importance of Air Interface encryption • Many threats other than eavesdropping
–
traffic analysis, observance of user behaviour • Strong authentication • AI protects control channel messages as well as voice and data payloads • encrypted registration protects ITSIs • End to end encryption if used alone is much weaker (it only protects the payload)
Standardised end to end in TETRA • Many organisations want their own algorithm
–
Confidence in strength
–
Better control over distribution • ETSI Project TETRA provides standardised support for end to end Encryption
–
To give TETRA standard alternative to proprietary offerings and technologies • TETRA MoU – Security and fraud Protection Group
–
Provides detailed recommendation on how to implement end to end encryption in TETRA
–
Provides sample implementation using IDEA and AES128
Confidentiality Solutions – Air interface encryption
• Should provide security equivalent to the fixed network • There are several issues of trust here
– –
Do I trust that the AIE has been implemented properly Do I trust the way that the network (or radio) stores keys
–
Do I trust the fixed network itself • A strong AIE implementation and an evaluated network can provide essential protection of information • An untested implementation and network may need reinforcing, for example with end to end encryption
Processes for accreditation
• • • • •
HANDLING PROCESSES KEYLOAD PROCESS • Protect National Security
– Key load in country of use – Key load by security cleared nationals
• • • • •
• Set Up Issues –
Getting from the Organization Chart to planning secure communications
– –
Getting the system setup properly Introducing new units and new secure communications groups
– Remove keys from radios sent abroad for repair
Key Load encrypted
– keys cannot be read while being programmed
Customer Friendly
– Keys can be programmed “In Vehicle” (& away from secure area)
Accurate
– Audit logs of key distribution
“In Country” Key Generation Secure Storage
• • Key Material Delivery Issues –
Getting the right encryption keys into the right radio CONNECTION PROCESSES
– – – – Security Management Issues –
Dealing with compromised or lost units
– – –
Ensuring the security of key storage and distribution Accomplishing fast, efficient periodic rekeying Verifying readiness to communicate Avoiding interruptions of service Integrating with key material distribution process Audit control, event archival, and maintaining rekeying history Controlling access to security management functions
• Connected networks –
Security levels
– – – –
Assurance requirements Barriers Own operating procedures Virus protection
•
PERSONNEL PROCESSES
Ensure personnel are adequately cleared and trained • Where do they live
REPORTING PROCESSES
• Criminal records • Experience in secure environment Stolen radio reporting Radio disabling procedures Radio key erasure procedures Intrusion detection reporting and response Attack detection and correlation • • Signed relevant agreements Procedures for security breaches
…..and more.
Assuring your security solution
• Evaluation of solutions should be by a trusted independent body • Who?
–
Manufacturer?
Vested interest Blindness to own weaknesses –
End user
Do you have the skills?
Assuring your security solution
• Government
–
Closest to own requirements and solutions
Sets the rules as well as tests them Can lead to changing requirements as threats change
• Third party evaluation house
– – –
Can have more bandwidth than government • Typically evaluation of crypto solutions is undertaken by a government body, assurance of the rest of the network by a reputable company, but the accreditator has to be a member of the end user organisation
–
Need to ensure you can trust them Proven capability, references, experience in the field Who else can be allowed to accept the risks?
And if you don’t have this capability?
• Look for suppliers with track record and reputation • Look for validations of an equivalent solution elsewhere • Get some expert help on processes and procedures
Finally….cost
• Evaluation can be extremely expensive – how to get best value for money?
– –
Stable requirements Understanding the context
–
Strong implementations • It can be cheaper to spend more putting in a strong solution than the evaluation cost of a cheap solution!
Proof for small lock Proof for large lock
Does the government get good value?
• How much do you value national security?
• Do you understand the cost of security measures vs the cost of compromise?
• Can you afford to risk doing nothing?
Essentials of a secure system
• A strong standard • A good implementation • Experienced supplier • Trusted evaluation
Standard
Example accreditation issue
• Your microwave link passes over a university with an MSc course in security Switch Site
University Cryptanalysis Department
Security and Fraud Prevention Group – a TETRA MoU body
• REC 02 – Framework for End to end Encryption and key Mangement • REC 03 – TETRA Threat Analysis • REC 04 – Implementation and use of TETRA Security Features
Thank You
?