TETRA Security Security mechanisms in TETRA and how to ensure that the solution is secure… …from TETRA 1 through to TETRA 2

What we want to achieve with Security Confidentiality No one can eavesdrop on what we are saying Authenticity The people we are talking to are the right people The wrong people can’t try and join us Integrity The information gets there completely intact Availability Communications are possible where and when they are needed Accountability (Non repudiation) Whoever said something, can’t deny it later

Threats to communication and the threats to security Message related threats interception, eavesdropping, masquerading, replay, manipulation of data User related threats traffic analysis, observability of user behaviour System related threats denial of service, jamming, unauthorized use of resources

Key Functions of TETRA Security TETRA has several security features allowing most customers security needs to be met in a cost efficient way. Authentication - ensures only valid subscriber units have access to the system and subscribers will only try and access the authorized system Base Station Infrastructure Dispatcher “ ????” 1. Authentication 2. Air Interface Encryption 3. End - to End Encryption XYZ” Air Interface Encryption – protects all signalling, identity and traffic across the radio link End-to-End Encryption - protects information as it passes through the system

Authentication Authentication Centre Challenge Session keys Calculated Response Switch Secret keys Mutual Challenge MS Calculated Response Authentication provides proof identity of all radios attempting use of the network Radio can authenticate the network in turn, protects against ‘fake base stations’ etc A session key system from a central authentication centre allows highly secure key storage Secret key need never be exposed Authentication process derives air interface key (TETRA standard) – automatic key changing!

Radio Security Provisioning And Key Storage TETRA MoU SFPG Recommendation 01 provides a standardised format for importing authentication and other air interface encryption keys Use of Recommendation 01 files will allow multi vendor terminal supply Separation of logical key programming step from factory can allow all keys to be loaded in country Meets national security requirements SCK, GCK etc… from national security authority Standardised format Imports key material from any vendor AuC TEI Factory TEI TETRA SwMI Key Programming K K, TEI

What is Air Interface Encryption? First level encryption used to protect information over the Air Interface Typically software implementation Protects almost everything – speech, data, signalling, identities… 3 different Classes Class 1 No Encryption, can include Authentication Class 2 Static Cipher Key Encryption, can include Authentication Class 3 Dynamic Cipher Key Encryption Individual Derived Cipher Key Common Cipher Key Group Cipher Key Requires Authentication Includes over the air key management protocols Allows seamless key management

The purpose of Air Interface Encryption Network fixed links are considered difficult to intercept. Clear Air Interface! The air interface was considered vulnerable. Air Interface encryption was designed to make the air interface as secure as the fixed line connection Air Interface Encryption Fixed Links Operational Information ANIMATED SLIDE So what is the point of Air Interface Encryption? Well the best way to describe this is to think of the following scenario. The TETRA information is available at the Air Interface and on the fixed links. (next slide). The fixed links have an inherent security associated with them. As an attacker I have to physically get access to a network and then determine the routing etc. Therefore there is a wall of a specific height I have to climb. (next slide). However, the Air Interface is still relatively vulnerable, the argument that it is digital and even TDMA is not valid for anything other than the extremely casual attack! (next slide) So Air Interface Encryption was designed to increase the security of the air interface to the same level as that inherently provided by the network. There is no point in making the Air Interface more protected than the network, otherwise the attack is moved to the now relatively vulnerable network. There is some talk about extending Air Interface Encryption to some point further down the network to give more protection. This gains nothing, effectively you are building one wall behind another, both of equal height, all this does is give the attacker a firmer base to stand upon when he climbs over!

Important properties of Air Interface encryption Many threats other than eavesdropping traffic analysis, observance of user behaviour AIE protects control channel messages and identities as well as voice and data payloads End to end encryption - if used alone - is insufficient (it only protects the voice payload) Continuous authentication Encryption key generated from authentication process Encrypted registration protects ITSIs even at switch on Security classes can be changed in operation – essential for fallback measures if authentication cannot operate

End to end encryption in TETRA ETSI Project TETRA provides standardised support for end to end Encryption ETSI EN302109 contains specific end to end specification Ensures TETRA provides a standard alternative to proprietary offerings and technologies Ensures compatibility between infrastructures and terminals Many organisations want their own algorithm Confidence in strength Better control over distribution TETRA MoU – Security and fraud Protection Group Provides detailed recommendation on how to implement end to end encryption in TETRA The result – Standardisation and compatibility, with choice of algorithm A big strength of TETRA

End To End Encryption ‘Standardisation’ TETRA MoU SFPG Recommendation 02 Framework for end to end encryption Recommended synchronisation method for speech calls Protocol for Over The Air Keying Sample implementations including algorithm mode and key encryption for IDEA, and AES in progress DOES NOT specify implementation – can be implemented with module, software, SIM card etc.. DOES NOT provide module interface specification

Related Recommendations TETRA MoU SFPG Recommendation 01 Key transfer specification Currently being updated to include end to end encryption key import formats TETRA MoU SFPG Recommendation 07 Short data service encryption Currently being updated to reflect larger algorithm block sizes, e.g. 128 bits for AES TETRA MoU SFPG Recommendation 08 Framework for dividing encryption functionality between a SIM (smartcard) and a radio No defined bit level interface (export control issue) TETRA MoU SFPG Recommendation 11 IP Packet data encryption Work in process Will provide a suitable means for high security packet data encryption, with commonality with voice encryption

Implementing TETRA security TETRA security measures are by no means the complete picture How well they are implemented – and how the implementation is evaluated is critical The rest of the network – what else connects to TETRA – is equally important The operational process and procedures equally provide countermeasures to the threats Link Other Network Other Network TETRA Network Other Network Landline

Implementation considerations – Air Interface Encryption AIE should provide security equivalent to the fixed network There are several issues of trust here Do I trust that the AIE has been implemented properly? Does AIE always operate (during registration, in fallback modes etc)? Do I trust the way that the network (or radio) stores keys? Do I trust the fixed network itself or can someone break in? A strong AIE implementation and an evaluated network can provide essential protection of information An untested implementation and network may need reinforcing, for example with end to end encryption

Operational processes to consider HANDLING PROCESSES Set Up Issues Getting from the Organization Chart to planning secure communications Getting the system setup properly Introducing new units and new secure communications groups Key Material Delivery Issues Getting the right encryption keys into the right radio Ensuring the security of key storage and distribution Accomplishing fast, efficient periodic rekeying Verifying readiness to communicate Avoiding interruptions of service Security Management Issues Dealing with compromised or lost units Integrating with key material distribution process Audit control, event archival, and maintaining rekeying history Controlling access to security management functions KEYLOAD PROCESS Protect National Security Key load in country of use Key load by security cleared nationals Remove keys from radios sent abroad for repair Key Load encrypted keys cannot be read while being programmed Customer Friendly Keys can be programmed “In Vehicle” (& away from secure area) Accountability Audit logs of key distribution “In Country” Key Generation Secure Storage CONNECTION PROCESSES Connected networks Security levels Assurance requirements Barriers Own operating procedures Virus protection PERSONNEL PROCESSES Ensure personnel are adequately cleared and trained Where do they live Criminal records Experience in secure environment Signed relevant agreements Procedures for security breaches REPORTING PROCESSES Stolen radio reporting Radio disabling procedures Radio key erasure procedures Intrusion detection reporting and response Attack detection and correlation …..and more.

Useful Recommendations TETRA MoU SFPG Recommendation 03 – TETRA threat analysis Gives an idea of possible threats and countermeasures against a radio system TETRA MoU SFPG Recommendation 04 – Implementing TETRA security features Provides guidance on how to design and configure a TETRA system Both documents are restricted access requiring Non Disclosure Agreement with SFPG

Assuring your security solution There are two important steps in assuring the security of the solution: Evaluation and Accreditation Evaluation of solutions should be by a trusted independent body Technical analysis of design and implementation Accreditation is the continual assessment of risks Assessment of threats vs solutions Procedural and technical solutions Should be undertaken by end user representative

Maximising cost effectiveness Evaluation can be extremely expensive – how to get best value for money? Establish the requirements in advance as far as they are known – security is always a changing requirement! Look for suppliers with track record and reputation Look for validations of an equivalent solution elsewhere Consider expert help on processes and procedures

Summary: The essentials of a secure system A strong standard A good implementation Experienced supplier Trusted evaluation Continual assessment of threats and solutions Standard EVALUATED

Maintaining security at higher data rates TETRA 2

Mission Critical Data Applications on TETRA Today’s applications need data capacity Frequent messages, small payload: AVLS from portables and vehicles Database access Status messaging But some applications starting to need more data throughput Less frequent messages, much bigger payloads Mug shots File transfer Slow scan video TETRA Single Slot Packet Data TETRA Multi Slot Packet Data

Evolution: Applications vs. TETRA today TETRA 1 Circuit Data TETRA 1 Short Data Services Single Slot Packet Data TETRA 1 Multi-slot Packet Data TETRA 2 High Speed Data Database search AVL Email File transfer e.g Still images Slow scan video QoS managed video Not suitable Suitable Effective

TETRA Enhanced Data Service-TEDS Backward compatible with TETRA Release 1 Network integration capability Flexible data rates and spectrum use 25, 50, 100 and 150 kHz channels bandwidths Can trade off data rate, spectrum and range Integrated TETRA 1 and TEDS system i.e. can receive TETRA 1 calls on TEDS channels Technology selected for TEDS use Multi-carrier QAM (Quadrature Amplitude Modulation) in all bandwidths D8PSK in 25 kHz TAPS - an alternative technology based on GSM EDGE - has now been abandoned

High Speed Packet Data Deployment TEDS will be the solution for mission critical A range of channel bandwidths available in the standard Offer a single TEDS channel at each site, in addition to TETRA 1 voice channels Provision channel bandwidth based on number of users and their data application requirements The modulation scheme can adapt to radio transmission conditions

Applications of TETRA 2 TETRA 2 Data Application User Benefits Police Mobile surveillance camera that doesn’t alert the suspect Greater detail can prove vital to remotely monitor the operation Fire Text and image results from search of chemical labelling database Firefighters get clearer information to identify hazards Ambulance Camera can send real time images of crash scene Doctors can make more accurate predictions of expected injuries Transport Live updates of arrival/departures boards More relevant and accurate information to passengers

The Power of TETRA 2 Legend: Circle size = coverage area TETRA 2 at 25 kHz TETRA 2 at 50 kHz TETRA 1 TETRA 2 at 100 kHz TETRA 2 at 150 kHz TETRA 2 at 100 kHz TETRA 2 at 150 kHz TETRA 2 at 50 kHz Legend: Circle size = coverage area Circle height = data capacity All TETRA 2 sites includes TETRA 1

Security in TETRA 2 TETRA 2 reuses TETRA 1 security features Authentication Air Interface Encryption TETRA 1 encryption currently being extended to much larger data packets End to end encryption Mechanism for packet data in MoU SFPG will operate independently of underlying TETRA service Security parameters can be established on TETRA 1 carrier and used on TETRA 2 (etc). It’s integrated!

Benefits of Integrated Voice and Data in TETRA Close integration between voice and data services Immediate jump from TETRA 2 data call into voice emergency call Less equipment to carry when voice and data applications on the same radio An efficient expansion path for existing operators Incremental investment to add TETRA 2 high speed data and maintain the high security level from your TETRA 1 investment.

Security benefits in integrated system Common security measures for all services Government approved security measures rather than just commercial level security No need for users to worry about which data service is security cleared for which application The system availability and resilience are high for all services Public data networks look attractive, but cannot provide the availability or the priority service levels Single evaluation and common accreditation issues for entire network

Conclusion TETRA release 1 already enables sophisticated highly secure mission critical data applications and is already being used today to protect and save lives TETRA 2 will enhance existing data capabilities and enable new advanced applications – and keep them secure Standards are nearly ready End users should start influencing manufacturers by explaining their future needs and requirements

TETRA is an expanding universe From Big Bang through to …TETRA 3 and beyond TETRA Standards: www.ETSI.org MoU and SFPG: www.tetramou.com SFPG secretary: sfpg@xs4all.nl david.chater-lea@motorola.com mark.edwards@motorola.com TETRA will keep you secure The MoU will keep you up to date….