FREE ELECTRONIC LIBRARY - Abstracts, books, theses

Pages:     | 1 ||

«ETSI TR 102 512 V1.1.1 (2006-08) Technical Report Terrestrial Trunked Radio (TETRA); Security; Security requirements analysis for modulation enhancements ...»

-- [ Page 2 ] --

certain value associated to the occurrence likelihood of a particular threat is explained as follows:

–  –  –

Each of these attack factors are summed (i.e. Elapsed time + Expertise + Knowledge of TOE + Window of opportunity + Equipment) to give an overall vulnerability rating as shown in table 2. The vulnerability rating is then mapped to the Occurrence likelihood as shown in table 3.

–  –  –

The impact of a threat is also estimated with values from "1" to "3". The meaning of a certain value associated to the

impact is explained as follows:

–  –  –

1 for "low impact" The concerned party (asset) is not harmed very strongly; the possible damage is low.

2 for "medium impact" The threat addresses the interests of providers/subscribers and cannot be neglected.

3 for "high impact" A basis of business is threatened and severe damage might occur in this context.

The product of occurrence likelihood and impact value gives the risk which serves as a measurement for the risk that

the concerned management function is compromised. The result is classified into the following three categories:

–  –  –

6.2 TETRA system under evaluation The TETRA system considered for evaluation has a very small set of open interfaces as shown in figure 3.

–  –  –

6.3 TETRA use cases (security scenarios) 6.3.1 Point to point communication within single TETRA SwMI A call made using ITSI as the source and destination address.

6.3.2 Point to multipoint communication within single TETRA SwMI A call made using ITSI as source address and GTSI as destination address.

6.3.3 Broadcast communication within single TETRA SwMI A call made with reserved broadcast address as destination address.

6.3.4 Point to point communication within multiple TETRA SwMIs A call made using ITSI as the source and destination address utilising ISI as communications (media and signaling) link between SwMIs.

6.3.5 Point to multipoint communication within multiple TETRA SwMIs A call made using ITSI as the source and GTSI as destination address utilising ISI as communications (media and signaling) link between SwMIs.

6.3.6 Broadcast communication within multiple TETRA SwMIs A call made with reserved broadcast address as destination address utilising ISI as communications (media and signaling) link between SwMIs.

–  –  –

6.4 Overview of existing TETRA security measures 6.4.1 Security analysis and recommendation The analysis presented as design input for TETRA in ETR 086-3 [1] and the ongoing development of EN 300 392-7 [3] has offered a set of security solutions to counter those threats identified in the referred documents.

The current countermeasures defined in EN 300 392-7 [3] and the ongoing work of the TETRA MoU SFPG group address the risks present at the Air Interface and the risks involved in deploying the mechanisms defined to ensure that best practice is maintained.

6.4.2 Air interface capabilities Security profiles or classes TETRA security is defined in terms of class (see EN 300 392-7 [3]). Each class has associated features that are mandatory or optional and are summarized in table 6.

–  –  – Authentication All authentication services in TETRA release 1 are enabled by the secret key relationship of the root key K to ITSI and

support the following services:

–  –  –

• mutual authentication (where the decision to make the authentication mutual is made by the challenged party).

The authentication protocol is of the challenge-response format described in ISO/IEC 9798-2 [2] with the random variable being provided by random numbers. Over the air key management support Keys may be provided for one or more of the encryption services over the air in TETRA. In each case both individual and group distribution is defined. The former uses a key sealing service using K as the root key. The latter uses a group sealing key which may itself be distributed by the former method.

In addition for class 3 systems the core key CCK is provided over the air. The Derived Cipher Key (DCK) is derived during the authentication process. The Common Cipher Key (CCK) is sealed with the DCK resulting from authentication and transmitted in sealed form over the air.

–  –  – Encryption The encryption service in TETRA offers confidentiality of traffic, both voice and data, and some protection of the signaling.

The Encrypted Short Identity (ESI) mechanism provides a means of protection of identities transmitted over the air interface. The mechanism applies only to those networks with air interface encryption applied (class 2 and class 3 systems). When encrypted signaling is used the ESI is sent instead of the true identity Over the Air enable and disable The enable disable capability in TETRA (sometimes referred to as "stun' n' kill") allows a malfunctioning or stolen terminal to be either temporarily or permanently prevented from operation. In the former case the terminal can be re-enabled over the air, whereas in the latter case to reinstate operation requires a visit to a service centre.

–  –  – TAA1 TAA1 is the authentication and key management algorithm set defined by SAGE in accordance with the algorithm specifications given in EN 300 392-7 [3] and the rules of management given in TR 101 052 [8].

–  –  –

An independent analysis of the TEAx algorithms in order to determine the impact of requesting a longer key stream segment from the TEAx algorithms identified no security or cryptanalysis concerns in the definition of any of the TEAx algorithms. The analysis is available on request from the ETSI TETRA WG6 chair.

The conclusion of the study is that there is no change in the level of risk to loss of confidentiality for encrypted air interface traffic when moving from the existing TETRA to the modified air interface being standardized in TETRA. TEA1 For use in the region specified in the rules of procedure for TEA1 [4]. TEA2 For use in the region specified in the rules of procedure for TEA2 [5]. TEA3 For use in regions specified in the rules of procedure for TEA3 [6]. TEA4 For use in regions specified in the rules of procedure for TEA4 [7].

–  –  – Overview The Peripheral Equipment Interface is defined in EN 300 392-5 [9] and allows for a split of the TETRA terminal to two separate devices connected using the PEI at reference point RT: Terminal Equipment type 2 (TE2); and a Mobile Termination type 2 (MT2).

The equipment that may act as TE2 includes PCs and PDAs as well as specialist data equipment (including sensors).

The existing scope of PEI restricts MT2 to be a TETRA Trunked Mode equipment, and further restricts PEI to a single point to point connection.

With respect to data services, the TETRA PEI will be used for the following:

• transmission and reception of packet data (including setting of packet data parameters);

• transmission and reception of circuit data (including setting of circuit data parameters);

• transmission and reception of short data (including setting of short data parameters).

In addition to data services the TETRA PEI may be used for the following:

• set-up and control of speech calls (including setting of speech call parameters);

• access to general information of MT2 and network;

• access to user applications located in MT2.

The TETRA PEI includes components which are not required by all the functions listed above and therefore, depending on the functionality that a MT2 supports, not all aspects of the PEI need to be implemented.

TETRA PEI has been designed to fulfil the following key requirements:

• a standard physical interface, widely adopted in the Information Technology (IT) world;

–  –  –

• broad compatibility with other wireless data systems;

• access to the full range of MT2 functionality (TE applications may use profiles to restrict functionality).

The impact of adoption of standard physical interfaces may allow a number of standard PC connectivity arrangements

to be adopted and the security models of these should be considered. The range of physical interfaces include:

–  –  –

The purpose of PEI is to enable control therefore only the call set up, maintenance and clear down signaling for speech calls are sent on the PEI, and therefore voice packets are never sent over the PEI (voice packets go directly from the MT codec to the TMD-SAP). However it is noted that circuit mode data may be sent over the PEI.

–  –  – Objectives The objectives of PEI are to enable remote control of MT2 and thus to allow expanded functionality within TE2.

The security objectives to be met by PEI are to ensure that the remote TE2 offers the same risk to the TETRA user and TETRA SwMI as if the TE and MT were collocated.

–  –  –

Any unprotected PEI may allow access to any of the three service categories.

The following key differences are noted:

• TNP1 commands can be sent in parallel with ongoing packet data services.

• AT commands can only be sent in the command state.

The primary assumption in PEI is that the connection is between two trusted equipments (TE and MT) and there is no authentication or authorization. It is further assumed that the connection is wired using a short non-radiating cable (within the constraints set for V.24 [24] and V.28 [25] in ITU-T).

Where the physical connection does not comply with clause 5 of EN 300 392-5 [9] and instead adopts wireless modes, the MT, and all capabilities open to TNP1 and the AT command set, are open to attack. To counter this Bluetooth should not be set to discoverable mode. Summary of unwanted incidents

The following unwanted incidents may arise when PEI is exploited:

• harvesting of data on the SIM (this is currently restricted to the PSTN phonebook and some local configuration data); and

• remote invocation of packet data connections.

6.5.2 ISI The ISI provides the technical links between two TETRA networks that have agreed to allow intercommunication. The form of physical link used for the ISI is not specified. There are two specifications for the transmission of TETRA speech that may apply (references TS 100 392-3-6 [22] and TS 100 392-3-7 [23]) on the ISI which will allow support of encrypted speech across the ISI.

Details of the ISI are currently insufficient to permit a full TVRA to be carried out but a general assumption that the end-points are trusted but that the linking network is itself untrusted may be applied. In this way the general assumptions and TVRA models for use of untrusted networks apply.

ETSI 20 ETSI TR 102 512 V1.1.1 (2006-08) 6.5.3 IP The use of Internet Protocol in TETRA is possible but not explicitly protected other than by the existing radio interface mechanisms and by the explicit TETRA identity authentication. The bulk of air interface protocols for establishment of an IP connection in TETRA share a common root with those of GPRS and 3GPP in the use of the PDP-context activation and deactivation and the use of IPsec in the TETRA environment is able to share the profiles being developed in both 3GPP for 3rd generation cellular and wireless access, and in TISPAN for IP access.

NOTE: Work in progress in ETSI and with the IPv6 forum towards a suite of interoperability and conformance tests for IPv6 covering the capabilities of IPsec in addition to the core and mobility capabilities of IPv6 may be used as the basis of a formal TETRA IPsec profile.

6.5.4 Application level security All applications in TETRA are assumed to exist within the trusted TETRA SwMI space and therefore considered out of scope for this TVRA (within the trusted zone).

There are a number of solutions for security within applications but the selection of countermeasures and identification of risk cannot be generalized. The use of tools such as Digital Rights Management and Kerberos like models of distributed secure access control may be usefully reviewed in the application context.

7 Identification of requirements for countermeasures 7.1 Overview Countermeasures should be applied to those vulnerability/asset relationships where the risk is significant (i.e. where the

risk identified in clause 6 is critical or major). Countermeasures can take a number of forms:

• Redesign to eliminate the weakness (as with no weakness there is no threat-weakness pair hence no vulnerability).

• New assets offering specific protection for specific vulnerabilities.

NOTE 1: Any new asset introduced to the system has to be assessed for vulnerabilities and any concurrent risk identified.

NOTE 2: A single asset performing as a countermeasure may reduce the risk associated with many vulnerabilities and assets.

7.2 TETRA air interface modifications The major areas in TETRA where additional risk is to be encountered that lie within the scope of TETRA to provide countermeasures for are in the areas of the ISI and PEI. In both cases ongoing work in both TETRA and the TETRA MoU SFPG are addressing these areas. For those areas outside of TETRA's immediate control such as application level security and IP security the TETRA MoU SFPG is addressing the principal areas of risk and appropriate countermeasures to be applied. This work allied with ongoing best practice in the market and in particular the trends in 3GPP and TISPAN for use of IPsec should be followed and applied where appropriate.

One of the biggest changes arising from the update of the TETRA air interface is the greater data carrying capacity and as such there are requirements to modify the KSS length output from the KSG (see clause to support confidentiality of both /8-D8PSK and QAM modulation. One further consequence of the greater data carrying π capacity is that there will be greater likelihood of PDU association in /8-D8PSK and QAM channels. Changes have π been developed in WG6 to provide for additional precautions in the case of QAM modulation to avoid KSS repeat where PDU association occurs.

ETSI 21 ETSI TR 102 512 V1.1.1 (2006-08) 7.2.1 Outline of modifications to TETRA air interface security The TETRA air interface security specification has been progressively updated during the period of development of the present document. The main changes are summarised in the table below and refers to specific Change Requests to be incorporated.

Table 7: Outline CRs updating TETRA Air interface security in response to ongoing TVRA work

Pages:     | 1 ||

Similar works:

«BNL-108129-2015-JA Millisecond Ordering of Block-copolymer Films via Photo-thermal Gradients Pawel W. Majewski, Kevin G. Yager* Center for Functional Nanomaterials, Brookhaven National Laboratory, Upton, NY 11973 email: kyager@bnl.gov Abstract For the promise of self-assembly to be realized, processing techniques must be developed that simultaneously enable control of the nanoscale morphology, rapid assembly, and, ideally, the ability to pattern the nanostructure. Here, we demonstrate how...»

«Processing Natural Language Software Requirement Speci cations Miles Osborne and Craig MacNish Department of Computer Science, University of York, Heslington, York YO1 5DD, U. K. fmiles,craigg@minster.york.ac.uk August 1, 1995 Abstract Ambiguity in requirement speci cations causes numerous problems; for example in de ning customer/supplier contracts, ensuring the integrity of safetycritical systems, and analysing the implications of system change requests. A direct appeal to formal speci cation...»

«Machuco Clint Eastwood's Gran Torino Anthropoetics 16, no. 2 (Spring 2011) Violence and Truth in Clint Eastwood's Gran Torino Antonio Machuco Universidade do Porto, Portugal machuco.antonio@gmail.com Abstract This article presents a thematic analysis of the latest movie that Clint Eastwood has directed and participated in as an actor, Gran Torino. We claim that Gran Torino is a cinema masterpiece. To support this view, we show that the subject of the movie is the mechanical logic of violence,...»

«Metaphor and Artificial Intelligence: Why They Matter to Each Other John A. Barnden School of Computer Science; University of Birmingham Birmingham, B15 2TT, United Kingdom J.A.Barnden@cs.bham.ac.uk Tel: (+44)(0)121-414-3816 Fax: (+44)(0)121-414-4281 Introduction Why is Artificial Intelligence concerned with metaphor, and what special contributions can AI offer to metaphor research? This chapter will indicate why AI needs to study metaphor and will outline what AI has been contributing to the...»

«Health, Wealth & Happiness Has the Prosperity Gospel Overshadowed the Gospel of Christ? David W. Jones Russell S. Woodbridge Health, Wealth & Happiness: Has the Prosperity Gospel Overshadowed the Gospel of Christ? © 2011 David W. Jones and Russell S. Woodbridge Published by Kregel Publications, a division of Kregel, Inc., P.O. Box 2607, Grand Rapids, MI 49501. All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any...»

«A RESEARCH / SEMINAR REPORT ON: ELECTRO-DYNAMIC TETHER -BY ASHISH RACHMALE VIT,Pune,India ashish.rachmale92@gmail.com ELECTRODYNAMIC TETHER A TECHNICAL SEMINAR REPORT ON “ELECTRODYNAMIC TETHER” Ashish V. Rachmale Department of Electronics Engineering Vishwakarma Institute of Technology ELECTRODYNAMIC TETHER DEPARTMENT OF ELECTRONICS ENGINEERING VISHWAKARMA INSTITUTE OF TECHNOLOGY (An Autonomous Institute,Affiliated to Pune University) Academic Year 2012-13 Department of Electronics...»

«The owner, on the behalf of Yıldız Technical University / Yıldız Teknik Üniversitesi adına, Sahibi Prof.Dr. İsmail YÜKSEK Editör / Editor Haluk GÖRGÜN Yayın Kurulu / Editorial Board Sabri ALTINTAŞ (Boğaziçi Ün.) Salih DİNÇER (Y.T.Ü.) Avadis Simon HACİNLİYAN (Yeditepe Ün.) Olcay KINCAY (Y.T.Ü.) Levent OVACIK (İ.T.Ü.) Kutay ÖZAYDIN (Y.T.Ü.) Tülay ÖZBELGE (O.D.T.Ü.) Bülent SANKUR (Boğaziçi Ün.) Zerrin ŞENTÜRK (İ.T.Ü.) Galip G. TEPEHAN (Kadir Has Ün.) Canbolat...»

«Department of Computer & Information Science Technical Reports (CIS) University of Pennsylvania Year 2003 Reasoning about the updatability of XML views over relational databases Vanessa P. Braganholo∗ Susan B. Davidson† Carlos A. Heuser‡ ∗ Universidade Federal do Rio Grande do Sul † University of Pennsylvania, susan@cis.upenn.edu ‡ Universidade Federal do Rio Grande do Sul This paper is posted at ScholarlyCommons. http://repository.upenn.edu/cis reports/29 Reasoning about the...»

«Use of Representative Operation Counts in Computational Testings of Algorithms WP #3459 July 1992 Ravindra K. Ahuja* Indian Institute of Technology James B. Orlin* Massachusetts Institute of Technology * see page bottom for complete address Ravindra K. Ahuja Department of Industrial & Management Engineering Indian Institute of Technology Kanpur 208 016, INDIA James B. Orlin Sloan School of Management Massachusetts Institute of Technology Cambridge, MA 01239 USE OF REPRESENTATIVE OPERATION...»

«Commonwealth of Massachusetts Department of Housing & Community Development Fiscal Year 2016 Community Services Block Grant (CSBG) 2nd Year State Plan Submission Dated September 1, 2015 Table of Contents Mandatory Grant Application SF-424 Section 1: CSBG Lead Agency, CSBG Authorized Official, CSBG Point of Contact, and Official State Designation Letter Section 2: State Legislation and Regulation** Section 3: State Plan Development and Statewide Goals Section 4: CSBG Hearing Requirements**...»

«Textural development and hydrogen adsorption of carbon materials from PET waste J.B. Parraa, C.O. Aniaa, A. Arenillasa, F. Rubieraa, J.M. Palaciosb and J.J. Pisa* a Instituto Nacional del Carbón, CSIC, Apartado 73, 33080 Oviedo, Spain b Instituto de Catálisis y Petroleoquímica, CSIC. Campus UAM-Cantoblanco. 28049 Madrid, Spain Abstract Polyethyleneterephthalate, PET, has become one of the major post-consumer plastic wastes. PET products present a problem of considerable concern due to the...»

«Inter-American Development Bank Environmental Safeguards Unit (VPS/ESG) TECHNICAL NOTE No. IDB-TN-760 Best Practices In Chemical Management for Textile Manufacturing Doug Cahn Robert Clifford December 2014 Best Practices In Chemical Management for Textile Manufacturing Doug Cahn Robert Clifford Inter-American Development Bank Cataloging-in-Publication data provided by the Inter-American Development Bank Felipe Herrera Library Cahn, Doug Best practices in chemical management for textile...»

<<  HOME   |    CONTACTS
2017 www.sa.i-pdf.info - Abstracts, books, theses

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.