Escolar Documentos
Profissional Documentos
Cultura Documentos
Part.-No.: 90FB6038DF02
DVers.: 3.0 / 03.03.2008
90FB6038DF02_V3.0.DOC
History
DVers.:
01
Date
01.03.2004
02
02.04.2004
produced by
E1-me, -ug,
E2-sc
E2-ah
3.0
03.03.2008
E4-vs
State
Release
Release
Release
90FB6038DF02_V3.0.DOC
Page 2 / 19
Contents
1 Notes on the Document ................................................................................................................ 4
2 Introduction .................................................................................................................................... 4
2.1 Definition and Abbreviation for Air Interface Encryption .......................................................... 5
3 Encryption and Sealing of Addresses ......................................................................................... 6
4 Key Management and Key Distribution....................................................................................... 7
4.1 Generating Static Cipher Keys (SCK)...................................................................................... 8
4.2 Contribution and Distribution of the SCKs in the MS ............................................................... 9
4.3 Contribution and Distribution of the SCKs in the SwMI ......................................................... 10
4.4 Usage and Decryption of the SSCK in the MS ...................................................................... 11
4.5 Usage and Decryption of the SSCK in the SwMI................................................................... 12
5 Operational procedures .............................................................................................................. 13
5.1 System Configuration............................................................................................................. 13
5.2 Subscriber Administration ...................................................................................................... 13
6 Call Handling ................................................................................................................................ 15
6.1 Individual Calls ....................................................................................................................... 15
6.2 Group Calls ............................................................................................................................ 15
7 Restrictions and Limits ............................................................................................................... 16
8 Prospect to further development ............................................................................................... 17
9 Bibliography, Reference ............................................................................................................. 17
10 Glossary, Index .......................................................................................................................... 18
90FB6038DF02_V3.0.DOC
Page 3 / 19
2 Introduction
This document describes the feature Air Interface Encryption within the ACCESSNET -T. Air Interface
Encryption is understood as encryption of data and voice on the air interface. The objective of this
encryption is to make the transmission tap-proof. Both individually addressed data as well as groupaddressed data is encrypted.
The feature Air Interface Encryption is an important element of security functionality within a TETRA
radio system. Regarding the scale of security functions the following security classes can be
distinguished between (see bibliography: ETSI 300 392-7):
y
y
y
This feature documentation will only take a closer look at the aspects of Security Class 2.
A Class-2-radio-system additionally enables the user to authenticate Mobile Stations (MS) and Base
Stations (BS) and requires an Air Interface Encryption with a Static Cipher Key. Furthermore a Class-2System requires an address sealing.
As the Authentication is described in a separate feature document (see Ref.: 1) this AIE feature
document will only take a closer look at the encryption and sealing of addresses.
In addition to this the key contribution for TETRA Air Interface Encryption into the Switching and
The contribution of key information into the Mobile Station is proprietary and is performed within the
context of personalization but the general procedures are described in this feature documentation.
DVers.: 3.0 / 03.03.2008
90FB6038DF02_V3.0.DOC
Page 4 / 19
Base Station
ITSI
Authentication Key
KSO
MF
Manipulation Flag Is used for signalling that a Static Cipher Key (SCK) could not have
been restored correctly.
MM
Mobility Management
MS
Mobile Station
RSO
SCK
SCKN
SCK-VN
SCN
SSCK
Sealed SCK
SSI
SwMI
TEA
TOS
Tab.: 1
90FB6038DF02_V3.0.DOC
Page 5 / 19
90FB6038DF02_V3.0.DOC
Page 6 / 19
AC, KMC
BS
...
SCN
BS
Personalization
MS
Standard-PC
Fig.: 1
The single process steps for contributing static keys into the infrastructure and into the Mobile Station
are described in the following chapters.
90FB6038DF02_V3.0.DOC
Page 7 / 19
~
Random Sequence
Generator
SCK
______
______
______
NMC-514
Fig.: 2
The generated SCK record is used in the SwMI (in all Class-2-radio cells) and in the mobiles. For this
the SCK record is personalized in the mobiles (see chapters 4.2 and 4.3).
Right now the modification of one or more SCKs from the SCK record is not possible because no
solution for transmitting the SCKs via Air Interface to the mobiles has been realized (Over the air
rekeying, OTAR). Only the current to be used SCK from the 32 possible ones can be selected.
If SCKs shall be contributed into the Mobile Stations later the record on the NMC-514 for the prevailing
network is used.
90FB6038DF02_V3.0.DOC
Page 8 / 19
______
______
______
K (TEI)
T
A
4
1
SSI (TEI),
MNC,
MCC
KSO
NDB-512
RSO
T
A
5
1
Random Sequence
Generator
SSCK
...
______
______
______
______
______
______
each
SCKN
______
______
______
SCK-VN
SCK
SCK file
NMC-514
Fig.: 3
Element
SSCK
SCK-VN
RSO
SCKN
Tab.: 2
Description
Sealed SCK
Version Number of SCK
Random Value
Number of SCK
Possible Values
variable
variable
variable
1.. 32
Dimension
120 Bit
16 Bit
80 Bit
8 Bit
90FB6038DF02_V3.0.DOC
Page 9 / 19
For a safe handling and distribution of the SCK record each single SCK is sealed (SSCK). For this the
same methods are used that are mandatory for the transmission of new SCK to the mobiles via OTAR
(see Ref.: 2).
Due to the sealing (see above) each mobile receives an individual SCK record that is stored in a file.
The formate of this file is described in Ref.: 3. The SCK record is contributed into the mobile during the
personalization.
______
______
______
T
A
4
1
KSO
RSO
T
A
5
1
Random Sequence
Generator
SSCK
______
______
______
______
______
______
SCKN
SCK-VN
SCK
SCK file
NMC-514
Fig.: 4
90FB6038DF02_V3.0.DOC
Page 10 / 19
The SSCK file for the SwMI is contributed into the TOS via configuration and is stored reset-resistant.
The file can be used equally for each TOS.
RSO
______
______
______
T
A
4
1
MF
KSO
SCK-VN
SSCK
T
A
5
1
SCKN
SCK
MS
Fig.: 5
90FB6038DF02_V3.0.DOC
Page 11 / 19
RSO
______
______
______
Fig.: 6
T
A
4
1
MF
KSO
SCK-VN
SSCK
T
A
5
1
SCKN
SCK
The TOS automatically selects the SCK to be used on basis of the current date and time.
The function of the automatic key exchange ensures that not always the same SCK is used within the
radio system. The currently available SCK is required for performing the encryption in the TOS as well
as in the transceivers. It is the TOS task to transfer the current SCK to the transceivers.
For the key exchange a time interval can be configured within the TOS that defines in which intervals an
SCK exchange will be performed. This can be an interval between 1 and 21 days at most. In addition to
this a time is configured that defines the exact instant of key exchange. When this exchange time has
come the TOS automatically takes over the new SCK.
The SCKs are used consecutively, i. e. for each exchange the SCK with the next higher SCKN is used.
If the SCKN reaches the maximum value it starts again with SCKN 1. The maximum value and therefore
the range of keys to be used is limited to the number of SCKs within the generated record but can
further be restricted.
Due to identic time information in all TOS components and to identic configuration for the key exchange
it is maintained that the same SCK is used within the whole radio system.
90FB6038DF02_V3.0.DOC
Page 12 / 19
5 Operational procedures
5.1 System Configuration
The supported security class can be configured for each radio cell of the SwMI. With regard to
encryption the security class describes which kinds of Mobile Stations are supported in the radio cell.
y
Class 1
Only Security-Class-1-Mobile Stations are supported (no encryption).
Class 2
Only Security-Class-2-Mobile Stations with static encryption are supported (SCK).
Class 1 and 2
Both Security-Class-1- and Security-Class-2-Mobile Stations are supported.
Class-1 MS/Group
The subscriber or the group can only operate plain in the system.
Class-2 MS/Group
The subscriber or the group can only operate with SCK encryption in the system.
Class-1+2 MS/Group
The subscriber or the group can operate plain or with SCK encryption in the system.
This characteristic is binding for an Individual Subscriber so that he has to log in with the greatest
possible Security Class to radio cells that support more than one Security Class so that the registration
is accepted.
The greatest possible Security Class results from the combination of the Security Class supported in the
radio cell with the Security Class configured for the subscriber.
90FB6038DF02_V3.0.DOC
Page 13 / 19
The following Matrix explains which operative Security Class results for a subscriber from the Security
Class supported in the radio cell with the Security Class configured for the subscriber. The operative
Security Class is set during the registration.
Cell Class
1+2
1+2
MS Class
Tab.: 3
In the operative Security Class 1 the subscriber is registered without encryption and therefore operates
plain in the radio system. In the operative Security Class 2 the subscriber is registered with encryption
and operates encrypted in the radio system. In all other cases the registration of the subscriber is
rejected.
In addition to the subscriber attribute Security Class the processing for skipping calls of encrypted
operating subscribers in the radio system can be configured for each subscriber. It can be defined that
this subscriber either may only perform encrypted calls or may also perform plain calls with Class-1Individual Subscribers or Class-1/1+2 Groups.
A subscriber with the attribute Security Class-2 who is not authorized to perform plain calls also can
only activate groups with Security Class-2. The attempt to activate other groups will be rejected by the
system.
The authorization flags and subscriber characteristics are set at the Subscriber Management Client
NMC-512.
90FB6038DF02_V3.0.DOC
Page 14 / 19
6 Call Handling
6.1 Individual Calls
Individual Calls are differently handled with regard to encryption:
The call between encrypted operating Mobile Stations is processed completely encrypted.
The set-up of skipping calls is processed individually, i. e. an encrypted operating Mobile Station is
called encrypted whereas a plain operating Mobile Station is called plain. At the end of establishing
a call (change to traffic channel) such a call is continued plain.
The call from an encrypted operating Mobile Station that is not authorized to perform plain calls to a
plain operating Mobile Station is rejected. The same applies to plain calls to this Mobile Station.
The call from an encrypted operating Mobile Station to a Class 1+2 group is set-up encrypted in
Class-2-radio cells and set-up plain in all other cells. The call set-up with the call initiator is
performed encrypted. After the call set-up the call is continued plain.
The call from an encrypted operating Mobile Station to a Class-1-Group is only performed plain in
Class-1 and Class-1+2 radio cells. The call set-up with the call initiator is performed encrypted. After
the call set-up the call is continued plain. The call of a plain operating Mobile Station to a Class-2Group is rejected.
The call of a plain operating Mobile Station to a Class-1+2-Group is set-up encrypted in Class-2radio cells and set-up plain in all other cells. The call set-up with the call initiator is performed plain.
After the call set-up the call is continued plain.
The call from a plain operating Mobile Station to a Class-1-Group is performed completely plain. In
Class-2-radio cells the call is not set-up.
90FB6038DF02_V3.0.DOC
Page 15 / 19
The functionality for transmitting new SCKs to the mobiles (OTAR) is not supported.
The selection (and therefore also the exchange) of an SCK is limited to the SCKs that are included
in the SCK record.
If several Mobile Network Codes are used all networks use the same SCK.
90FB6038DF02_V3.0.DOC
Page 16 / 19
The application for the Authentication and Key Management Center will be devided into a Security
Client (NMC-514) part and a Server part with database functionality and protected data carrier
(NDB-514).
9 Bibliography, Reference
The following referenced include detailed information about the topics mentioned in this document:
Ref.: 1
FB
90FB6011DF01
Ref.: 2
EN
Ref.: 3
MoU
Edition 3 (2003-04)
Ref.: 4
MoU
Ref.: 5
MoU
Ref.: 6
MoU
Ref.: 7
AH
90NMC512DB02
Ref.: 8
AH
90NMC514DB02
90FB6038DF02_V3.0.DOC
Page 17 / 19
10 Glossary, Index
A
AC - Authentication Centre 7
B
BS - Base Station 4, 5
D
DCK - Derived Cipher Key 4
E
ESI - Encrypted Short Identity 6
ETSI - European Telecommunications Standards Institute 4, 9, 10, 11
I
ITSI - Individual TETRA Subscriber Identity 5
K
KMC - Key Management Centre 7
M
MM - Mobility Management 5
MS - Mobile Station 3, 4, 5, 9, 11, 13, 14
N
NDB-512 - Network DataBase for NMC-512 4
NMC - Network Management Client 4, 7, 8, 13, 14, 17
NMC-512 - Subscriber Management Client 4, 13, 14, 17
NMC-514 - Security Management Client 4, 7, 8, 17
NMS - Network Management System 4
NMS-500 - Network Management System ACCESSNET -T NMS-500 4
O
OTAR - Over The Air Re-keying 5, 8, 10, 16
S
SCK - Static Cipher Key 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 16
SCN - Switching Controller Node 5
SSI - Short Subscriber Identity 5, 6
SwMI - Switching and Management Infrastructure 3, 4, 5, 8, 10, 11, 12, 13
T
TETRA - TErrestrial Trunked RAdio 4, 5, 6, 9, 10, 17
TETRA MoU - TETRA Memorandum of Understanding 9, 10
TOS - TETRA Operation Server 5, 6, 11, 12
DVers.: 3.0 / 03.03.2008
90FB6038DF02_V3.0.DOC
Page 18 / 19
90FB6038DF02_V3.0.DOC
Page 19 / 19