This page contains a Flash digital edition of a book.
security


Setting the standard for communications security


With the privacy of communications very much in the news recently, Trevor Evans, chairman of the TETRA Association’s Security and Fraud Protection Group (SFPG), takes a look at why TETRA is considered the most secure radio system on the market today


T


he TETRA standard specifies a large number of air interface security features. However, it stipulates only that security measures should be in place – i.e. an authentication mechanism between the mobile equipment and the TETRA infrastructure, and encryption of the information being transferred. Te standard does not specify how and when to implement these features, or how to store and distribute security keys in a safe way. Tis is less of a problem when only one manufacturer


and one network is involved. Where a number of different manufacturers supply equipment for the same TETRA system, it is necessary to make agreements in order to ensure interoperability. Te SFPG’s work and recommendations help to ensure that the security implementations in systems supplied by different equipment manufacturers are compatible, and that the many TETRA security features are optimally implemented and securely used. TETRA is designed to meet the needs of many professional


markets including public safety, transport, commercial, industrial, and major event management, and therefore includes a suite of security solutions to allow the needs of each of these markets to be addressed.


TETRA standards are available for Trunked Mode


Operation (TMO), where Mobile Stations (MSs) – mobile and handheld radios – operate in conjunction with a network. Tere are also standards for Direct Mode Operation (DMO) where radios communicate directly with each other without the use of a network. Te main elements of TETRA system security are explained


on these pages.


Authentication and key management Te first major security element is authentication, which is used to prove the identity of two parties – in this case, the TETRA network and MS. Tese share a common, secret authentication key which is stored securely in the MS and in the centralized Authentication Centre (AuC) of the network. Te process of ‘proving identity’ does not allow the key to


be sent over the air interface, where it would be vulnerable to eavesdropping. Instead, a challenge-response protocol is used, where one party generates a random number and requires that the other party generates the result of a calculation using a standard TETRA authentication algorithm. To avoid using the secret key directly, a session key is first generated by the


Secure


communications – a key requirement for


mission-critical radio users (picture: Selex Communications)


42 TE TRA TODAY Issue 4 2011


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48