This page contains a Flash digital edition of a book.
security


to the end user themselves and how they use their devices in the day-to-day reality. As well as making systems hacker-proof, we also have to make them policeman- or fireman-proof ! Tis necessarily involves developing a deep understanding of the workers themselves. “One particular concern here involves the complexity of


configuration settings on the TETRA handsets or the PDAs and tablets that are increasingly coming into use. Finding appropriate ways to simplify and manage these remotely not only increases security, but also cuts costs in other areas such as training. Smart card based solutions have an invaluable part to play here. ”


New weaknesses Similar emphasis on the need to take a wider perspective on security in the face of change is also emphasized by Jean-Pierre Quémard, chief security officer at Cassidian: “While P25 networks in the USA have seen evidence of hacking, TETRA remains a highly secure environment. “Tat said, new issues do have to be addressed as any


network is only as strong as its weakest link. For example, in the UK, the governmental security body – the CESG – has banned the use of Bluetooth headsets with TETRA public safety terminals because of security concerns there. “When it comes to the broadband future – and, more


specifically, the use and sharing of LTE networks – this is an area that we’re very actively involved in with our partners Alcatel-Lucent. LTE already gives us a good toolbox to start with, although the integration of TETRA into this environment will bring new levels of complexity that will require a degree of customization in handsets, for example, to support closed VPN services. “Similar issues apply to the increased use of IP-based


backbones,” he adds. “Tis move can – in theory – lead to some new weaknesses emerging, but the technologies such as end-to-end encryption needed to operate over shared IP infrastructure are well understood.” A similar perspective is shared by Iain Ivory, strategic planner at Motorola. He comments, “Many people don’t appreciate the layering of security in TETRA. AIE protects the TETRA signalling as well as the payload, and we also


have the ability to partition shared networks in TETRA using Group Cipher Keys and many European public safety organizations have migrated to use this platform. “As we move into using other networks and technologies,


it’s also possible – and indeed desirable – to look at encrypting the payload end-to-end as it moves through various networks and backbones. As ever, though, your security is only as good as the key management principles that support it. If you don’t change and protect your crypto keys, then encryption won’t offer you the protection you need.” Tose human and organizational issues – within the


TETRA context – are supported by Euros Evans, chief technical officer at Airwave, the UK TETRA service provider: “Due to the technical security that TETRA affords, where the security features are implemented, the weakest link is generally going to be the human one. Here the TETRA compromise functions such as Stun, Kill and Ambience Listening can help – but only as long as reporting processes are followed effectively when radio terminals are lost or stolen.”


New devices Te introduction of new classes of devices like tablets and PDAs to the public safety arena is also driving innovation. At the European Security and Information Security Congress in October in Paris, Tales, for example, launched its TEOPAD security environment for PDAs and tablets. Initially supporting the Android operating system, TEOPAD creates a secure, end-to-end applications platform for enterprise and public safety users that can safely coexist alongside the unsecured free-for-all world of downloadable personal applications that users may want to run. Te secured applications space runs on a corporate server, with all those applications verified by Tales. “Te current move to LTE interworking is going to increase


the need for devices that can play dual-mode roles as both personal and commercial/public safety devices”, says Sébastien Sabatier, in charge of strategy and sales at Tales Professional Mobile Radio. “Tat’s also going to increase the need for end- to-end security using techniques such as IPSec as well to deal with what is going to be a very dynamic environment that potentially includes roaming between networks as well.”


This smart card crypto system for TETRA was


developed by Sectra in co-operation


with the Swedish Defense Materiel Administration for


users of the Swedish public safety


network, Rakel. It is designed to be used with various TETRA terminals in emergency collaboration situations


18


Encryption keys and associations


TETRA security cycle 1. The Crypto Custodian personalizes the crypto


TETRA network


Central OTAK server


smart card. The smart card is assigned a user and a configuration defining what key series will protect which TETRA user.


2. The TETRA crypto Smart Card is delivered with PIN and PUK codes together with an individual Key Encryption Key and an individual Signalling Encryption Key.


Personalized smart sards


TETRA users


3. Sectra’s over-the-air key server sends keys and associations encrypted with the user-specific Signalling Encryption Key. The OTAK Server periodically updates the keys in the smart card.


TE TRA TODAY Issue 5 2011


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40