Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Encryption and Management

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Encryption and Management"— Presentation transcript:

1 Security Encryption and Management
Brian Murgatroyd Chairman: TETRA Association Security and Fraud Prevention Group

2 TETRA Experience - Poland
Agenda Security threats TETRA security features Overall system security measures Air interface security functions End to end encryption Interoperability and practical security measures 13th June 2006 TETRA Experience - Poland

3 TETRA Experience - Poland
Security Threats What are the main threats to your system? Confidentiality? Availability? Integrity? Threats to communications systems are not just those caused by illicit eavesdropping but fall into three areas: Confidentiality: The ability of the system to keep user data and traffic secret. Availability: The continuance of the service reliably and without interruption. Integrity: The systems strength in ensuring user traffic and data is not altered 13th June 2006 TETRA Experience - Poland

4 Message and User Related Threats
Message threats Interception Eavesdropping Masquerading Manipulation of data. Replay Message related threats are concerned with the user traffic. Interception and eavesdropping may occur easily in systems without encryption and are a threat to confidentiality. Masquerading as a legitimate user may occur often if terminals can be cloned and the subscriber identity copied. Manipulation of data may occur if an intermediary can capture the message and change it, an example of this is replay where the message is recorded, stored and replayed over the system. There is a considerable threat from replaying messages that have been recorded off-air User related threats differ from message related threats in that they do not attempt to decode messages and eavesdrop but gain intelligence from analyzing user traffic from its length, type of message and location. User related threats traffic analysis observability of user behaviour. 13th June 2006 TETRA Experience - Poland

5 System Related Threats
, Denial of service Jamming Attacks via the IP network to switch off the functional boxes Natural disasters- fire, flood, earthquake This group of threats do not attack the individual user in any way but aim to stop the system working . They include: denial of service, i.e. preventing the system working by attempting to use up capacity An example of this is jamming, using RF energy to swamp receiver sites. Attacks on the wider network which could affect large parts or all of it. Natural disasters, freak weather. Unauthorized use of resources Illicit use of telephony, interrogation of secure databases The other threats in this category involve unauthorised access to databases and changing their content so that for example user registration details are removed or changed. 13th June 2006 TETRA Experience - Poland

6 Overall TETRA Security
Several aspects to TETRA security Technical security countermeasures Secure Network Management and procedure Lawful Interception Standard algorithms 13th June 2006 TETRA Experience - Poland

7 TETRA Experience - Poland
Network Security IT security is vital in TETRA networks Gateways are particularly vulnerable. Operating staff need vetting Firewalls required at access points to the network The network can be vulnerable to many attacks. This is particularly the case where there is an underlying IP infrastructure. Gateways in to the user domain i.e. data gateways must be properly protected and the systems the other side of the gateway have to be assured. The network will have its system management and maintenance. Personnel staffing these functions must be vetted to ensure they are unlikely to be subverted. Availability of the network is very important. Are there single points of failure where a component failure can cause the loss of a significant art of the network? 13th June 2006 TETRA Experience - Poland

8 TETRA security classes
Class Encryption OTAR Authentication 1 No No Optional 2 Static key Optional Optional 3 Dynamic key Mandatory Mandatory 13th June 2006 TETRA Experience - Poland

9 TETRA Experience - Poland
Authentication Used to ensure that terminal is genuine and allowed on network. Mutual authentication ensures that in addition to verifying the terminal, the SwMI can be trusted. Authentication requires both SwMI and terminal have proof of secret key. Successful authentication permits further security related functions to be downloaded. Authentication is a very powerful security feature which is useful in different ways depending on the type of system. In public access systems authentication protects against spoof terminals from using the system Public safety systems need strong authentication to ensure that only bona fide terminals are allowed on the system and that systems may be trusted. 13th June 2006 TETRA Experience - Poland

10 TETRA Experience - Poland
Authentication Generate RS K known only to AuC and MS Authentication Centre (AuC) K RS TA11 KS K RS KS (Session key) RS (Random seed) Generate RAND1 TA11 KS RAND1 RS, RAND1 Used to ensure that terminal is genuine and allowed on network. Mutual authentication ensures that in addition to verifying the terminal, the SwMI can be trusted. Authentication requires both SwMI and terminal have proof of secret key. Successful authentication permits further security related functions to be downloaded. Strong mutual authentication used for proving the user/terminal is who he claims to be. Only allows legitimate terminals on the network Only allows the genuine network to be used by terminals Uses Challenge- Response mechanism based on a unique secret key K stored in the terminal and in the Authentication Centre (AuC) All MS’s must be properly authenticated prior to being granted access to the network One of the outputs is the Derived Cipher Key used for Air Interface Encryption The session key is generated in the Authentication Centre using a Random Seed and K. The information is passed to the network, which now has the capability of performing Authentication of the subscriber.. Authentication is completed if the subscriber result, RES1, matches the Zone Controller result XRES1. The secret key K is never exposed to any part of the system outside the Authentication Centre or subscriber. KS RAND1 RES1 TA12 DCK TA12 Base station XRES1 DCK1 RES1 DCK1 Call Controller Compare RES1 and XRES1 13th June 2006 TETRA Experience - Poland

11 Provisioning of authentication keys
Every terminal has a unique secret key (k) which has to be manually loaded to the terminal normally by the manufacturer k associated with the TEI and sent to the network provider Needs to be done securely and to the SFPG recommendation 01 file format User organization provides the ISSI-TEI which it sends to the network provider K-ISSI pairs in the authentication centre can be formed 13th June 2006 TETRA Experience - Poland

12 Air interface encryption protection
protected vulnerable standard air interface encryption The standard security mechanisms described in ETS are all concerned with protecting the vulnerable air interface. From the operator’s perspective they are there to prevent fraudulent use of the system. A strong authentication mechanism ensures that only genuine subscribers may connect to the system, and the air interface encryption mechanism provides on-going implicit authentication of the MSs. The SwMi-MS signalling is also protected by the encryption to prevent more sophisticated types of attack such as the hijacking of existing connections or the manipulation of the signalling to gain system access. From the user’s perspective nobody equipped with a suitable receiver and decoder can eavesdrop on their traffic unless they are also able to obtain the correct encryption key. However the user traffic passes in clear within the system infrastructure in a similar way to the normal telephone network and theoretically can be accessed by an attacker if they have sufficient motivation. To those users passing highly sensitive information regard the residual risk to their data as significant and require additional steps to protect it. By encrypting the traffic at source (the transmitting MS) and only decrypting it at the destination (the receiving MS) their concerns are met as their data is no longer exposed in the SwMi. protected End-to-end encryption 13th June 2006 TETRA Experience - Poland

13 Air interface encryption
As well as protecting voice, SDS and packet data transmissions: AI encryption protects control channel messages as well as voice and data payloads encrypted registration protects identities and gives anonymity Protection against replay attacks using an initialization vector derived form system timing (frame numbering) 13th June 2006 TETRA Experience - Poland

14 Over The Air Re-keying (OTAR)
Populations of terminals tend to be large and the only practical way to change encryption keys is by OTAR This is done securely by using a derived cipher key or a session key to wrap the downloaded key The security functionality is transparent to the user as the network provider would normally be responsible for OTAR and management of AI keys 13th June 2006 TETRA Experience - Poland

15 Air Interface traffic keys
Four traffic keys are used in class 3 systems:- Derived cipher Key (DCK) derived from authentication process used for protecting uplink, one to one calls Common Cipher Key(CCK) protects downlink group calls and ITSI on initial registration Group Cipher Key(GCK) Provides crypto separation, combined with CCK Static Cipher Key(SCK) Used for protecting DMO and TMO fallback mode DCK is used wherever possible as it is the most secure. It only has a life equivalent to the authentication period (perhaps 24 hours) and is unique to the terminal. It should always be used for the uplink(MS-BS) link. It cannot be used for downlink group calls(because all MS’s have a different DCK) The CCK is used primarily for protecting downlink group calls. It may also be used for protecting ITSI’s on initial registration (as long as the stored CCK is still valid. CCK will probably be a short life key (up to one week) The GCK is used to enable crypto separation between groups. It is used in conjunction with CCK. It tends to have a longer life than CCK. The traffic key is called MGCK (modified GCK) The SCK is used as the traffic key in Class 2 systems. In Class 3 systems it is used for protecting DMO transmissions and may be used as a fallback key in TMO in case BS’s lose contact with the SwMI. 13th June 2006 TETRA Experience - Poland

16 Disabling of terminals
Vital to ensure the reduction of risk of threats to system by stolen and lost terminals Relies on the integrity of the users to report losses quickly and accurately. Disabling may be either temporary or permanent Disabling stops the terminal working as a radio and: Permanent disabling removes all keys including (k) Temporary disabling removes all traffic keys but allows ambience listening The network or application must be able to remember disable commands to terminals that are not live on the network at the time of the original command being sent. The system must be protected against lost or stolen terminals being used by unauthorized persons. It is likely that in large systems a considerable number of terminals will be lost every year. In public safety systems it is vital that users report that they have lost their terminals quickly so that their subscription can be removed form the system and the terminal cannot register. Removing subscription is only partly satisfactory in that it still allows the terminals to be used in DMO and repeated attempts may be made to register thereby reducing capacity on that base site. Terminals may be disabled either temporarily or permanently which prevents them operating until they are enabled. 13th June 2006 TETRA Experience - Poland

17 Standard air interface algorithms
TEA1 and TEA4 Generally exportable outside Europe. Designed for non public safety use TEA2 Only for use in Europe for public safety and military organizations. Strictly export controlled TEA3 For use by public safety and military organizations where TEA2 is not allowed. Strictly export controlled 13th June 2006 TETRA Experience - Poland

18 Transfer of security parameters between networks
The authentication parameters (based on k) are very sensitive and should never be sent to a visited network The way forward is to provide a set of parameters that will only be used in the visited network WG6 are working on a revision to the standard to accommodate practical security functionality across an ISI 13th June 2006 TETRA Experience - Poland

19 Evaluation of security mechanisms
How can a system be judged secure? Evaluate threats and risks, independently if possible Ensure correct implementation of security Ensure mobile terminals have been evaluated Use standard encryption algorithms Regular audit and inspection 13th June 2006 TETRA Experience - Poland

20 TETRA Experience - Poland
End to end encryption Protects messages across an untrusted infrastructure Provides enhanced confidentiality Voice and SDS services IP data services (soon) MS Network MS Air interface security between MS and network Only protects the user payload (confidentiality protection) Needs an additional synchronization vector Requires a transparent network - no transcoding-All the bits encrypted at the transmitting end must be decrypted at the receiver Will not work outside the TETRA domain Key Management in User Domain No need to trust network provider frequent transmission of synchronization vector needed to ensure good late entry capability but as frame stealing is used this may impact slightly on voice quality. End-to-end security between MS’s 13th June 2006 TETRA Experience - Poland

21 TETRA Experience - Poland
Benefits of end to end encryption in combination with Air Interface encryption Air interface (AI) encryption alone and end to end encryption alone both have their limitations For most users AI security measures are completely adequate Where either the network is untrusted, or the data is extremely sensitive then end to end encryption may be used in addition as a overlay. Brings the benefit of encrypting addresses and signalling as well as user data across the Air Interface and confidentiality right across the network 13th June 2006 TETRA Experience - Poland

22 Standard end to end encryption algorithms
There are no ‘standard’ algorithms defined by SFPG but: IDEA was defined as a good candidate 64 bit block cipher algorithm for use with TETRA and test data and an example implementation was produced AES128 (Rijndael) was defined as a good candidate 128 bit block cipher algorithm for use with TETRA and test data and an example implementation was produced Both algorithms have proved popular with public safety organizations and give a good level of security assurance to sensitive data 13th June 2006 TETRA Experience - Poland

23 Export control of crypto material
All cryptographic material and terminals capable of encryption are subject to export control The authority has to be satisfied that the key length and algorithms used are allowed to be exported. Guidance is given in the Wassenaar arrangement but the export control authority must be approached in all cases 13th June 2006 TETRA Experience - Poland

24 TETRA Experience - Poland
Lawful interception In most countries public telecoms systems are subject to lawful interception by the security authorities TETRA provides a standard interface to allow this functionality Operators need to check with their security authorities whether their system needs to be equipped with this interface 13th June 2006 TETRA Experience - Poland

25 TETRA Experience - Poland
Question What would be the main reason for using end to end encryption for your users and is the additional expense worth the money and additional management bearing in mind the threats? 13th June 2006 TETRA Experience - Poland

26 TETRA Experience - Poland
Conclusion Security functions built in to TETRA from the start! Air interface encryption protects, control traffic, IDs as well as voice and user traffic. End to end encryption gives higher level of assurance Key management comes without user overhead because of OTAR. 13th June 2006 TETRA Experience - Poland

Download ppt "Security Encryption and Management"

Similar presentations

Brian Murgatroyd UK Home Office

Brian Murgatroyd UK Home Office
GSM Security and Encryption

GSM Security and Encryption
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Su Youn Lee, Su Mi Lee and Dong Hoon Lee 2007.1.24 Current Trends in Theory and Practice of Computer Science Baekseok College of Cultural Studies GSIS.

Su Youn Lee, Su Mi Lee and Dong Hoon Lee Current Trends in Theory and Practice of Computer Science Baekseok College of Cultural Studies GSIS.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Security WG Areas of Interest FYI - Strawman Vancouver June 2001 Sprint PCS ®

Security WG Areas of Interest FYI - Strawman Vancouver June 2001 Sprint PCS ®
TETRA Inter System Interface (ISI)

TETRA Inter System Interface (ISI)
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization.

TWC 2005 Frankfurt 1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd UK Police IT Organization.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
802.11 Networks Olga Agnew Bryant Likes Daewon Seo.

Networks Olga Agnew Bryant Likes Daewon Seo.
Definitions, Concepts and Applications of TETRA Hannu Villpunen Nokia 14.11.2001.

Definitions, Concepts and Applications of TETRA Hannu Villpunen Nokia

Similar presentations

Ads by Google