You are on page 1of 19

Feature Sheet ACCESSNET -T

Air Interface Encryption

Part.-No.: 90FB6038DF02
DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Print Date: 08.05.2008


Page 1 / 19

Air Interface Encryption

History
DVers.:
01

Date
01.03.2004

02

02.04.2004

produced by
E1-me, -ug,
E2-sc
E2-ah

3.0

03.03.2008

E4-vs

changes and reasons


First Release

State
Release

Additions and corrections: Key


Management Centre,
addition of procedure descriptions,
replacement of graphics
Addition Notes on the Document

Release

Release

2008 R&S BICK Mobilfunk GmbH


No part of this document may be reproduced or processed and distributed in any form or by any
electronic means without the prior permission in writing by R&S BICK Mobilfunk GmbH. Offenders will
be held liable for damages.
All copyrights of this document and other rights including rights concerning patent, utility model or design
registration are reserved.
The name of actual companies and products mentioned herein may be the trademarks of their
respective owners.
Encryption components described in this document are subject to German and/or European export
regulations and require an export license.
Subject to change without notice.
R&S BICK Mobilfunk GmbH
Fritz-Hahne-Strae 7
31848 Bad Mnder
Germany
Phone (+49) 50 42 998-0
Fax (+49) 50 42 998-105
Internet: www.rsbick.de

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 2 / 19

Air Interface Encryption

Contents
1 Notes on the Document ................................................................................................................ 4
2 Introduction .................................................................................................................................... 4
2.1 Definition and Abbreviation for Air Interface Encryption .......................................................... 5
3 Encryption and Sealing of Addresses ......................................................................................... 6
4 Key Management and Key Distribution....................................................................................... 7
4.1 Generating Static Cipher Keys (SCK)...................................................................................... 8
4.2 Contribution and Distribution of the SCKs in the MS ............................................................... 9
4.3 Contribution and Distribution of the SCKs in the SwMI ......................................................... 10
4.4 Usage and Decryption of the SSCK in the MS ...................................................................... 11
4.5 Usage and Decryption of the SSCK in the SwMI................................................................... 12
5 Operational procedures .............................................................................................................. 13
5.1 System Configuration............................................................................................................. 13
5.2 Subscriber Administration ...................................................................................................... 13
6 Call Handling ................................................................................................................................ 15
6.1 Individual Calls ....................................................................................................................... 15
6.2 Group Calls ............................................................................................................................ 15
7 Restrictions and Limits ............................................................................................................... 16
8 Prospect to further development ............................................................................................... 17
9 Bibliography, Reference ............................................................................................................. 17
10 Glossary, Index .......................................................................................................................... 18

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 3 / 19

Air Interface Encryption

1 Notes on the Document


The Feature Sheet describes the service and/or performance features and its functionality.
Validation of Feature Sheet Contents
The Feature Sheet contents will be replaced step by step with the contents
of the new document type Service Feature Description.The Service Feature
Description defines and describes the functionality of all ACCESSNET -T
services.
The contents of the current Feature Sheet are valid until all services and
performance features have been included into the Service Feature
Description but may overlap with Service Feature Description contents
where appropriate.

2 Introduction
This document describes the feature Air Interface Encryption within the ACCESSNET -T. Air Interface
Encryption is understood as encryption of data and voice on the air interface. The objective of this
encryption is to make the transmission tap-proof. Both individually addressed data as well as groupaddressed data is encrypted.
The feature Air Interface Encryption is an important element of security functionality within a TETRA
radio system. Regarding the scale of security functions the following security classes can be
distinguished between (see bibliography: ETSI 300 392-7):
y
y
y

Class 1 (no encryption)


Class 2 (encryption with Static Cipher Key - SCK)
Class 3 (encryption with Dynamic Cipher Key - DCK)

This feature documentation will only take a closer look at the aspects of Security Class 2.
A Class-2-radio-system additionally enables the user to authenticate Mobile Stations (MS) and Base
Stations (BS) and requires an Air Interface Encryption with a Static Cipher Key. Furthermore a Class-2System requires an address sealing.
As the Authentication is described in a separate feature document (see Ref.: 1) this AIE feature
document will only take a closer look at the encryption and sealing of addresses.
In addition to this the key contribution for TETRA Air Interface Encryption into the Switching and

Management Infrastructure (SwMI) of ACCESSNET -T is described. The following components of the


Network Management System NMS-500 are involved in the key contribution into the radio system
(SwMI) and in the configuration of the Air Interface Parameters.
y
y
y
y

Authentication & Key Management Center (NMC-514)


NMS-500 Subscriber Database (NDB-512)
Subscriber Database Client (NMC-512)
Download Manager (NMC-522)

The contribution of key information into the Mobile Station is proprietary and is performed within the
context of personalization but the general procedures are described in this feature documentation.
DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 4 / 19

Air Interface Encryption

2.1 Definition and Abbreviation for Air Interface Encryption


BS

Base Station

ITSI

Individual TETRA Subscriber Identity

Authentication Key

KSO

Session Key for OTAR

MF

Manipulation Flag Is used for signalling that a Static Cipher Key (SCK) could not have
been restored correctly.

MM

Mobility Management

MS

Mobile Station

RSO

Random Seed for OTAR

SCK

Static Cipher Key

SCKN

Static Cipher Key Number

SCK-VN

SCK Version Number

SCN

Switching and Controller Node

SSCK

Sealed SCK

SSI

Short Subscriber Identity

SwMI

Switching and Management Infrastructure

TEA

TETRA Encryption Algorithm

TOS

TETRA Operation Server

Tab.: 1

Definition and Abbreviation

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 5 / 19

Air Interface Encryption

3 Encryption and Sealing of Addresses


The actual encryption of data is performed in the transceivers (TR). The data is encrypted together with
the encryption key by using the TETRA Encryption Algorithm (TEA). The algorithm is preset by the
software variant of the transceiver and can only be edited by replacing the software.
The network component TOS controls the encryption function. It decides if the transmission of signaling
messages via Air Interface shall be encrypted or plain and in which mode (encrypted/plain) a traffic
channel is run.
While registering a terminal it is examined if it has to operate encrypted or plain within the radio system.
In case of an encryption the encryption parameters which are displayed by the mobile are examined.
These parameters must match the system- and cellparameters. If not the Mobile Stations access to the
system will be denied.
In order to ensure security on a high degree during each signalling of an encrypted operating Mobile
Station will be checked if the received data have been encrypted. Depending on the context (e. g. if the
Mobile Station is just performing a plain call or not) plain signaling messages received are ignored if
necessary.
In a Security-Class-2 radio cell the identity (SSI) to the ESI is sealed via SCK. The ESI is used for each
encrypted signalling instead of SSI. For plain signalling the SSI is still used.

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 6 / 19

Air Interface Encryption

4 Key Management and Key Distribution


The component Authentication and Key Management Centre (AC, KMC) which is realized on basis of
the NMC-514 Application is the central element of the network architecture (see Fig.: 1) for the Key
Management and the Key Distribution within the ACCESSNET -T.
On one hand the NMC-514 generates the authentication parameters that are necessary for the
authentication on basis of the authentication key and on the other hand it generates the encryption keys
(red key in figure 1) that are necessary for the Air Interface Encryption. They are transferred sealed to
the infrastructure (Base Station, black key in figure 1) and to a proprietary personalization-tool in order
to contribute it into the Mobile Station (black key).

AC, KMC

BS

...
SCN

BS

Personalization
MS
Standard-PC
Fig.: 1

Network Architecture for Air Interface Encryption

The single process steps for contributing static keys into the infrastructure and into the Mobile Station
are described in the following chapters.

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 7 / 19

Air Interface Encryption

4.1 Generating Static Cipher Keys (SCK)


In the NMC-514 a record of 32 SCKs is generated via a random algorithm and stored on the NMC-514
in an encrypted SCK file (see Fig.: 2).

~
Random Sequence
Generator

SCK

______
______
______

SCK file (SCK)

NMC-514

Fig.: 2

Generating Static Cipher Keys

The generated SCK record is used in the SwMI (in all Class-2-radio cells) and in the mobiles. For this
the SCK record is personalized in the mobiles (see chapters 4.2 and 4.3).
Right now the modification of one or more SCKs from the SCK record is not possible because no
solution for transmitting the SCKs via Air Interface to the mobiles has been realized (Over the air
rekeying, OTAR). Only the current to be used SCK from the 32 possible ones can be selected.
If SCKs shall be contributed into the Mobile Stations later the record on the NMC-514 for the prevailing
network is used.

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 8 / 19

Air Interface Encryption

4.2 Contribution and Distribution of the SCKs in the MS


The SSCK files for mobiles are generated according to the standard ETSI EN390 392-7 (see Ref.: 2,
Fig.: 3) in the format TETRA MoU SFPG Recommendation 01 format (see Ref.: 3).

______
______
______

K (TEI)

Confidential file from


MS vendor

T
A
4
1

SSI (TEI),
MNC,
MCC
KSO
NDB-512

RSO

T
A
5
1

Random Sequence
Generator

SSCK

...

______
______
______

______
______
______

each

SSCK file for MS (SCKN,


SCK-VN, SSCK, RSO)

SCKN

______
______
______

SCK-VN
SCK

SCK file

NMC-514

Fig.: 3

Generating Sealed Static Cipher Keys (SSCK) for MS

Each entry of a SCK record includes the following elements:

Element
SSCK
SCK-VN
RSO
SCKN
Tab.: 2

Description
Sealed SCK
Version Number of SCK
Random Value
Number of SCK

Possible Values
variable
variable
variable
1.. 32

Dimension
120 Bit
16 Bit
80 Bit
8 Bit

Information Elements of an SCK Entry

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 9 / 19

Air Interface Encryption

For a safe handling and distribution of the SCK record each single SCK is sealed (SSCK). For this the
same methods are used that are mandatory for the transmission of new SCK to the mobiles via OTAR
(see Ref.: 2).
Due to the sealing (see above) each mobile receives an individual SCK record that is stored in a file.
The formate of this file is described in Ref.: 3. The SCK record is contributed into the mobile during the
personalization.

4.3 Contribution and Distribution of the SCKs in the SwMI


The SSCK files for mobiles are generated according to the standard ETSI EN390 392-7 (see Ref.: 2,
Fig.: 3) in the format TETRA MoU SFPG Recommendation 01 format (see Ref.: 3).
For a safe handling and distribution of the SCK record each single SCK is sealed (SSCK). For this the
same methods are used that are mandatory for the transmission of new SCK to the mobiles via OTAR
(see Ref.: 2).

______
______
______

Confidential file from


SwMI (TOS)

T
A
4
1

KSO

RSO

T
A
5
1

Random Sequence
Generator

SSCK

______
______
______

SSCK file for SwMI

______
______
______

SCKN
SCK-VN
SCK

SCK file

NMC-514

Fig.: 4

Generating SSCKs for SwMI

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 10 / 19

Air Interface Encryption

The SSCK file for the SwMI is contributed into the TOS via configuration and is stored reset-resistant.
The file can be used equally for each TOS.

4.4 Usage and Decryption of the SSCK in the MS


After personalizing the Mobile Station the SCK information is decrypted analogous to the generation of
the SSCK information according to the standard: ETSI EN390 392-7 for SSCK (see Ref.: 2) and is
used in the Mobile Station afterwards (see Fig.: 5).

RSO
______
______
______

SSCK file for MS

T
A
4
1

MF
KSO

SCK-VN
SSCK

T
A
5
1

SCKN
SCK

MS

Fig.: 5

Usage of the SSCKs in the MS

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 11 / 19

Air Interface Encryption

4.5 Usage and Decryption of the SSCK in the SwMI


The configuration files are generated in the TOS specific configuration formate. The SCK information is
decrypted analogous to the generation of the SSCK information and is used in the Mobile Station
afterwards.

RSO
______
______
______

SSCK file for SwMI

Fig.: 6

T
A
4
1

MF
KSO

SCK-VN
SSCK

T
A
5
1

SCKN
SCK

Usage of the SSCKs in the SwMI

The TOS automatically selects the SCK to be used on basis of the current date and time.
The function of the automatic key exchange ensures that not always the same SCK is used within the
radio system. The currently available SCK is required for performing the encryption in the TOS as well
as in the transceivers. It is the TOS task to transfer the current SCK to the transceivers.
For the key exchange a time interval can be configured within the TOS that defines in which intervals an
SCK exchange will be performed. This can be an interval between 1 and 21 days at most. In addition to
this a time is configured that defines the exact instant of key exchange. When this exchange time has
come the TOS automatically takes over the new SCK.
The SCKs are used consecutively, i. e. for each exchange the SCK with the next higher SCKN is used.
If the SCKN reaches the maximum value it starts again with SCKN 1. The maximum value and therefore
the range of keys to be used is limited to the number of SCKs within the generated record but can
further be restricted.
Due to identic time information in all TOS components and to identic configuration for the key exchange
it is maintained that the same SCK is used within the whole radio system.

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 12 / 19

Air Interface Encryption

5 Operational procedures
5.1 System Configuration
The supported security class can be configured for each radio cell of the SwMI. With regard to
encryption the security class describes which kinds of Mobile Stations are supported in the radio cell.
y

Class 1
Only Security-Class-1-Mobile Stations are supported (no encryption).

Class 2
Only Security-Class-2-Mobile Stations with static encryption are supported (SCK).

Class 1 and 2
Both Security-Class-1- and Security-Class-2-Mobile Stations are supported.

5.2 Subscriber Administration


At the Subscriber Management Client (NMC-512) the characteristical Security Class of a subscriber
(Individual Subscriber and Group) can be configured that the subscriber is allowed to use in the radio
system. The following classes can be configured:
y

Class-1 MS/Group
The subscriber or the group can only operate plain in the system.

Class-2 MS/Group
The subscriber or the group can only operate with SCK encryption in the system.

Class-1+2 MS/Group
The subscriber or the group can operate plain or with SCK encryption in the system.

This characteristic is binding for an Individual Subscriber so that he has to log in with the greatest
possible Security Class to radio cells that support more than one Security Class so that the registration
is accepted.
The greatest possible Security Class results from the combination of the Security Class supported in the
radio cell with the Security Class configured for the subscriber.

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 13 / 19

Air Interface Encryption

The following Matrix explains which operative Security Class results for a subscriber from the Security
Class supported in the radio cell with the Security Class configured for the subscriber. The operative
Security Class is set during the registration.

Cell Class

1+2

1+2

MS Class

Tab.: 3

Operative Security Class

In the operative Security Class 1 the subscriber is registered without encryption and therefore operates
plain in the radio system. In the operative Security Class 2 the subscriber is registered with encryption
and operates encrypted in the radio system. In all other cases the registration of the subscriber is
rejected.
In addition to the subscriber attribute Security Class the processing for skipping calls of encrypted
operating subscribers in the radio system can be configured for each subscriber. It can be defined that
this subscriber either may only perform encrypted calls or may also perform plain calls with Class-1Individual Subscribers or Class-1/1+2 Groups.
A subscriber with the attribute Security Class-2 who is not authorized to perform plain calls also can
only activate groups with Security Class-2. The attempt to activate other groups will be rejected by the
system.
The authorization flags and subscriber characteristics are set at the Subscriber Management Client
NMC-512.

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 14 / 19

Air Interface Encryption

6 Call Handling
6.1 Individual Calls
Individual Calls are differently handled with regard to encryption:

The call between encrypted operating Mobile Stations is processed completely encrypted.

The set-up of skipping calls is processed individually, i. e. an encrypted operating Mobile Station is
called encrypted whereas a plain operating Mobile Station is called plain. At the end of establishing
a call (change to traffic channel) such a call is continued plain.

The call from an encrypted operating Mobile Station that is not authorized to perform plain calls to a
plain operating Mobile Station is rejected. The same applies to plain calls to this Mobile Station.

6.2 Group Calls


Group Calls are differently handled:
y The call from an encrypted operating Mobile Station to a Class-2-Group is performed completely
encrypted. The set-up is only performed in radio cells that either support Class-2- or Class-1+2. In
Class-1-radio cells the Group Call is not set-up.
y

The call from an encrypted operating Mobile Station to a Class 1+2 group is set-up encrypted in
Class-2-radio cells and set-up plain in all other cells. The call set-up with the call initiator is
performed encrypted. After the call set-up the call is continued plain.

The call from an encrypted operating Mobile Station to a Class-1-Group is only performed plain in
Class-1 and Class-1+2 radio cells. The call set-up with the call initiator is performed encrypted. After
the call set-up the call is continued plain. The call of a plain operating Mobile Station to a Class-2Group is rejected.

The call of a plain operating Mobile Station to a Class-1+2-Group is set-up encrypted in Class-2radio cells and set-up plain in all other cells. The call set-up with the call initiator is performed plain.
After the call set-up the call is continued plain.

The call from a plain operating Mobile Station to a Class-1-Group is performed completely plain. In
Class-2-radio cells the call is not set-up.

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 15 / 19

Air Interface Encryption

7 Restrictions and Limits


y

The functionality for transmitting new SCKs to the mobiles (OTAR) is not supported.

The selection (and therefore also the exchange) of an SCK is limited to the SCKs that are included
in the SCK record.

Even data that is addressed to groups is encrypted with the SCK.

If several Mobile Network Codes are used all networks use the same SCK.

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 16 / 19

Air Interface Encryption

8 Prospect to further development


This chapter includes a prospect to the future development.
y

Supporting Security Class 3

Using a hardware generator to generate random numbers.

The application for the Authentication and Key Management Center will be devided into a Security
Client (NMC-514) part and a Server part with database functionality and protected data carrier
(NDB-514).

9 Bibliography, Reference
The following referenced include detailed information about the topics mentioned in this document:

Ref.: 1

FB

Feature-Doc ACCESSNET-T Authentication

90FB6011DF01

Ref.: 2

EN

EN 300 392-7 TETRA Voice plus Data (V+D)


Part 7: Security

Version 2.1.1 (2001-02)

Ref.: 3

MoU

TETRA Key Distribution


MoU SFPG Recommendation 01

Edition 3 (2003-04)

Ref.: 4

MoU

TTR 001-11 Air Interface Encryption

Ver 1.0.0 Dec 2001

Ref.: 5

MoU

IOP 001-11 Air Interface Encryption

Ver 1.1.0 July 2003

Ref.: 6

MoU

prTTR 001-14 TETRA Key Distribution

ver 0.0.9 January 2004

Ref.: 7

AH

User Guide Subscriber Management


Client NMC-512

90NMC512DB02

Ref.: 8

AH

User Guide Authentication and Key


Management Centre NMC-514

90NMC514DB02

Some of these documents are only available to TETRA-MoU members!

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 17 / 19

Air Interface Encryption

10 Glossary, Index
A
AC - Authentication Centre 7

B
BS - Base Station 4, 5

D
DCK - Derived Cipher Key 4

E
ESI - Encrypted Short Identity 6
ETSI - European Telecommunications Standards Institute 4, 9, 10, 11

I
ITSI - Individual TETRA Subscriber Identity 5

K
KMC - Key Management Centre 7

M
MM - Mobility Management 5
MS - Mobile Station 3, 4, 5, 9, 11, 13, 14

N
NDB-512 - Network DataBase for NMC-512 4
NMC - Network Management Client 4, 7, 8, 13, 14, 17
NMC-512 - Subscriber Management Client 4, 13, 14, 17
NMC-514 - Security Management Client 4, 7, 8, 17
NMS - Network Management System 4
NMS-500 - Network Management System ACCESSNET -T NMS-500 4

O
OTAR - Over The Air Re-keying 5, 8, 10, 16

S
SCK - Static Cipher Key 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 16
SCN - Switching Controller Node 5
SSI - Short Subscriber Identity 5, 6
SwMI - Switching and Management Infrastructure 3, 4, 5, 8, 10, 11, 12, 13

T
TETRA - TErrestrial Trunked RAdio 4, 5, 6, 9, 10, 17
TETRA MoU - TETRA Memorandum of Understanding 9, 10
TOS - TETRA Operation Server 5, 6, 11, 12
DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 18 / 19

Air Interface Encryption


V
V+D - Voice plus Data 17

DVers.: 3.0 / 03.03.2008

90FB6038DF02_V3.0.DOC

Page 19 / 19

You might also like