SIST ETS 300 396-6:1999
(Main)Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security
Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security
Option to DE/RES-06001 for Direct Mode Operation of mobile terminals with or without network coverage. Split on 2/95 into three parts: Part 1: General network design Part 2: Air interface Part 3: Security
Prizemni snopovni radio (TETRA) - Vseevropski snopovni radijski sistem (TETRA) - Neposredni način zveze (DMO) - 6. del: Varnost
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST ETS 300 396-6:1999
01-november-1999
3UL]HPQLVQRSRYQLUDGLR7(75$9VHHYURSVNLVQRSRYQLUDGLMVNLVLVWHP7(75$
1HSRVUHGQLQDþLQ]YH]H'02GHO9DUQRVW
Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security
Ta slovenski standard je istoveten z: ETS 300 396-6 Edition 1
ICS:
33.070.10 Prizemni snopovni radio Terrestrial Trunked Radio
(TETRA) (TETRA)
SIST ETS 300 396-6:1999 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST ETS 300 396-6:1999
---------------------- Page: 2 ----------------------
SIST ETS 300 396-6:1999
EUROPEAN ETS 300 396-6
TELECOMMUNICATION April 1998
STANDARD
Source: TETRA Reference: DE/RES-06007-6
ICS: 33.020
Key words: Direct Mode, security, TETRA
Terrestrial Trunked Radio (TETRA);
Direct Mode Operation (DMO);
Part 6: Security
ETSI
European Telecommunications Standards Institute
ETSI Secretariat
Postal address: F-06921 Sophia Antipolis CEDEX - FRANCE
Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE
Internet: secretariat@etsi.fr - http://www.etsi.fr - http://www.etsi.org
Tel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16
Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the
foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 1998. All rights reserved.
---------------------- Page: 3 ----------------------
SIST ETS 300 396-6:1999
Page 2
ETS 300 396-6: April 1998
Whilst every care has been taken in the preparation and publication of this document, errors in content,
typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to
"ETSI Editing and Committee Support Dept." at the address shown on the title page.
---------------------- Page: 4 ----------------------
SIST ETS 300 396-6:1999
Page 3
ETS 300 396-6: April 1998
Contents
Foreword .7
1 Scope .9
2 Normative references.9
3 Definitions and abbreviations .10
3.1 Definitions .10
3.2 Abbreviations .11
4 Operational Security.12
4.1 Single-Hop Calls .12
4.2 Multi-Hop Calls.13
4.3 Call Synchronization .15
4.3.1 Synchronization of calls through a repeater .15
4.3.2 Synchronization of data calls where data is multi-slot interleaved .16
4.3.2.1 Recovery of stolen frames from interleaved data.17
5 Authentication Mechanisms .17
5.1 Mobile to mobile operation.17
5.2 Dual Watch Operation .17
5.3 Gateway mode operation.17
6 Air Interface (AI) encryption.19
6.1 General principles.19
6.2 Key Stream Generator (KSG).19
6.2.1 KSG numbering and selection.19
6.3 Encryption mechanism .20
6.3.1 Interface parameters .20
6.3.1.1 Time Variant Parameter (TVP).20
6.3.1.2 Cipher Key .21
6.3.1.3 Identification of cipher keys .21
6.3.2 Data to be encrypted .21
6.3.2.1 Encryption of MAC header elements.21
6.3.2.1.1 DMAC-SYNC PDU encryption .23
6.3.2.1.2 DMAC-DATA PDU encryption .24
6.3.2.2 Traffic channel encryption control.24
6.4 AI encryption protocol .24
6.4.1 General.24
6.4.1.1 Positioning of encryption process.25
6.4.2 Service description and primitives.25
6.4.2.1 DMCC-ENCRYPT primitive .27
6.4.2.2 DMC-ENCRYPTION primitive .28
6.4.3 Protocol Functions.28
7 Air Interface (AI) key management mechanisms.29
7.1 Key numbering and storage.29
7.2 Over The Air Rekeying.29
7.3 OTAR service description and primitives.30
7.3.1 SCK transfer primitives.30
7.4 OTAR SCK protocol functions .30
7.4.1 OTAR protocol models.32
7.5 OTAR Protocol MSCs.33
7.5.1 Case 1: KU requests key from KH .33
7.5.2 Case 2: KU requests key from KH acting as a relay for KSL .34
7.5.3 Case 3: KH distributing SCK unsolicited .35
7.5.4 Case 4: Error scenarios with SDS timeout from KU or KH .36
---------------------- Page: 5 ----------------------
SIST ETS 300 396-6:1999
Page 4
ETS 300 396-6: April 1998
7.5.5 Case 5: Error scenarios where KH provides no keys in response to
demand. 37
7.6 PDU descriptions. 37
7.6.1 OTAR SCK Provide . 38
7.6.2 OTAR SCK Demand. 38
7.6.3 OTAR SCK Result . 39
7.7 PDU Information elements coding . 39
7.7.1 Address extension . 39
7.7.2 ITSI . 39
7.7.3 ITSI flag . 40
7.7.4 Mobile country code. 40
7.7.5 Mobile network code. 40
7.7.6 Number of SCKs provided. 40
7.7.7 Number of SCKs requested. 41
7.7.8 OTAR SCK sub-type. 41
7.7.9 Proprietary . 41
7.7.10 Provision result . 41
7.7.11 Random seed (OTAR). 42
7.7.12 SCK key and identifier . 42
7.7.13 SCK number . 42
7.7.14 SCK number and result . 42
7.7.15 SCK version number. 43
7.7.16 Sealed Key. 43
7.7.17 Session key (OTAR). 43
7.7.18 Short subscriber identity . 43
8 Secure Enable and Disable mechanism. 43
8.1 Overview . 43
8.2 General relationships .44
8.3 Enable/Disable state transitions. 45
8.4 Mechanisms . 45
8.4.1 Disable of MS equipment. 46
8.4.2 Disable of MS subscription . 46
8.4.3 Disable an MS subscription and equipment . 46
8.4.4 Enable an MS equipment . 46
8.4.5 Enable an MS subscription . 46
8.4.6 Enable an MS equipment and subscription . 46
8.5 Enable/disable authentication mechanism. 47
8.6 Enable/Disable service description and primitives . 47
8.6.1 Enable/Disable primitives . 47
8.7 Enable - disable protocol. 49
8.7.1 General Case. 49
8.7.2 Enable-Disable protocol models. 49
8.7.3 Specific Protocol Exchanges . 50
8.7.3.1 Successful disabling of a target with mutual
authentication. 51
8.7.3.2 Successful enabling of a target with mutual authentication 52
8.7.3.3 Successful delivery of TEI with mutual authentication . 54
8.7.3.4 Rejection of ENDIS command . 55
8.7.3.5 Authentication failure during ENDIS exchange. 56
8.7.4 Protocol messages . 57
8.7.4.1 ENDIS COMMAND . 57
8.7.4.2 ENDIS AUTHENTICATE . 57
8.7.4.3 ENDIS COMMAND CONFIRM . 57
8.7.4.4 ENDIS RESULT. 58
8.7.4.5 ENDIS TEI PROVIDE . 58
8.7.4.6 ENDIS REJECT . 58
8.7.5 Information elements coding . 59
8.7.5.1 Address extension . 59
8.7.5.2 Authentication challenge. 59
8.7.5.3 Authentication response. 59
8.7.5.4 Authentication result. 59
8.7.5.5 Command . 60
---------------------- Page: 6 ----------------------
SIST ETS 300 396-6:1999
Page 5
ETS 300 396-6: April 1998
8.7.5.6 Enable/Disable result.60
8.7.5.7 ENDIS PDU type .60
8.7.5.8 Equipment status.61
8.7.5.9 ITSI .61
8.7.5.10 Mobile country code.61
8.7.5.11 Mobile network code.61
8.7.5.12 Proprietary .61
8.7.5.13 Random seed .62
8.7.5.14 Reject reason .62
8.7.5.15 Session key .62
8.7.5.16 Short subscriber identity .62
8.7.5.17 Subscription status .63
8.7.5.18 TETRA equipment identity.63
9 End-to-end encryption .63
9.1 Introduction .63
9.2 Voice encryption and decryption mechanism .63
9.2.1 Protection against replay.64
9.3 Data encryption mechanism .65
9.4 Exchange of information between encryption units .65
9.4.1 Synchronization of encryption units.65
9.4.2 Encrypted information between encryption units.66
9.4.3 Transmission.67
9.4.4 Reception .69
9.4.5 Stolen frame format.69
9.5 Location of security components in the functional architecture .70
9.6 End-to-end Key Management.72
Annex A (normative): Protocol mapping between V+D and DMO for gateway operations .73
A.1 OTAR mapping .73
A.1.1 DM-GWAY requests provision of SCK(s) from SwMI on behalf of a DM-MS.73
A.2 Enable-Disable mapping .75
A.2.1 DM-GWAY acting as intermediary in Secure enable/disable procedure .75
A.2.1.1 Disable .75
A.2.1.2 Enable .77
History.79
---------------------- Page: 7 ----------------------
SIST ETS 300 396-6:1999
Page 6
ETS 300 396-6: April 1998
Blank page
---------------------- Page: 8 ----------------------
SIST ETS 300 396-6:1999
Page 7
ETS 300 396-6: April 1998
Foreword
This European Telecommunication Standard (ETS) has been produced by the Terrestrial Trunked Radio
(TETRA) Project of the European Telecommunications Standards Institute (ETSI).
This ETS is a multi-part standard and will consist of the following parts:
Part 1: "General network design".
Part 2: "Direct MS-MS Air Interface- Radio Aspects".
Part 3: "Direct MS-MS Air Interface- Protocol".
Part 4: "Repeater Mode Air Interface".
Part 5: "Gateway Mode Air Interface".
Part 6: "Security".
Transposition dates
Date of adoption of this ETS: 3 April 1998
Date of latest announcement of this ETS (doa): 31 July 1998
Date of latest publication of new National Standard
or endorsement of this ETS (dop/e): 31 January 1999
Date of withdrawal of any conflicting National Standard (dow): 31 January 1999
---------------------- Page: 9 ----------------------
SIST ETS 300 396-6:1999
Page 8
ETS 300 396-6: April 1998
Blank page
---------------------- Page: 10 ----------------------
SIST ETS 300 396-6:1999
Page 9
ETS 300 396-6: April 1998
1 Scope
This ETS defines the Terrestrial Trunked Radio system (TETRA) Direct Mode of operation. It specifies the
basic Air Interface (AI), the interworking between Direct Mode Groups via Repeaters, and interworking
with the TETRA trunked system via Gateways. It also specifies the security aspects in TETRA Direct
Mode, and the intrinsic services that are supported in addition to the basic bearer and teleservices.
This part describes the security mechanisms in TETRA Direct Mode. It provides mechanisms for
confidentiality of control signalling and user speech and data at the AI.
- Clause 4 describes the general condition for which security of calls at the AI can be met. This
introduces conditions that all other clauses must follow.
- Clause 5 describes authentication mechanisms for direct mode. The differences between peer-to-
peer authentication mechanisms and client-server authentication mechanisms are covered by this
clause as are the principles of operation in gateway mode.
- Clause 6 describes the confidentiality mechanisms using encryption on the AI, for circuit mode
speech, circuit mode data, packet (short) data and control information. This clause then details the
protocol concerning control of encryption at the AI.
- Clause 7 describes the key management mechanism, and includes a description of the OTAR
mechanism and protocol.
- Clause 8 describes the enable/disable mechanism and includes a description of the protocol.
- Clause 9 describes the mechanism to be used to support end-to-end encryption using synchronous
stream cipher units for U-plane traffic by means of a frame stealing device for synchronization of
the units.
- Annex A defines the mapping of protocols in TETRA V+D Security to those of DMO Security for
each of OTAR and Enable/Disable.
The use of AI encryption gives confidentiality protection against eavesdropping only. The addition of a
synchronized time variant initialization value for the encryption algorithm gives a restrictive degree of
replay protection.
2 Normative references
This ETS incorporates by dated and undated reference, provisions from other publications. These
normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications
apply to this ETS only when incorporated in it by amendment or revision. For undated references the latest
edition of the publication referred to applies.
[1] ETS 300 392-2: "Radio Equipment and Systems (RES); Trans-European
Trunked Radio (TETRA); Voice plus Data (V+D); Part 2: Air Interface (AI)".
[2] ISO 7498-2: "Information processing systems - Open Systems Interconnection -
Basic reference model - Part 2: Security Architecture".
[3] ETS 300 396-1: "Radio Equipment and Systems (RES); Trans-European
Trunked Radio (TETRA); Direct Mode; Part 1: General network design".
[4] ETS 300 396-2: "Radio Equipment and Systems (RES); Trans-European
Trunked Radio (TETRA); Direct Mode; Part 2: Direct MS-MS Air Interface -
Radio Aspects".
[5] ETS 300 392-7: "Radio Equipment and Systems (RES); Trans-European
Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security"
---------------------- Page: 11 ----------------------
SIST ETS 300 396-6:1999
Page 10
ETS 300 396-6: April 1998
[6] ETS 300 396-3: "Radio Equipment and Systems (RES); Trans-European
Trunked Radio (TETRA); Direct Mode; Part 3: Direct MS-MS Air Interface -
Protocol".
[7] ETS 300 396-5: "Radio Equipment and Systems (RES); Trans-European
Trunked Radio (TETRA); Speech codec for full-rate traffic channel Part 1:
General description of speech functions".
[8] ETS 300 392-1: "Radio Equipment and Systems (RES); Trans-European
Trunked Radio (TETRA); Voice plus Data (V+D); Part 1: General network
design".
[9] ETS 300 395-1: "Terrestrial Trunked Radio (TETRA); Speech CODEC for full-
rate traffic channel; Part 1: General description of speech functions".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of this ETS, the following definitions apply:
Authentication Key (K):
The primary secret, the knowledge of which has to be demonstrated for
authentication.
cipher key: A value that is used to determine the transformation of plain text to cipher text in a
cryptographic algorithm.
cipher text: The data produced through the use of encipherment. The semantic content of the resulting
data is not available (ISO 7498-2 [2]).
decipherment:
The reversal of a corresponding reversible encipherment (ISO 7498-2 [2]).
encipherment: The cryptographic transformation of data to produce cipher text (ISO 7498-2 [2]).
encryption state: Encryption on or off.
end-to-end encryption: The encryption within or at the source end system, with the corresponding
decryption occurring only within or at the destination end system.
flywheel: A mechanism to keep the KSG in the receiving terminal synchronized with the Key Stream
Generator (KSG) in the transmitting terminal in case synchronization data is not received correctly.
Initialization Value (IV):
A sequence of symbols that initializes the KSG inside the encryption unit.
key stream:
A pseudo random stream of symbols that is generated by a KSG for encipherment and
decipherment.
Key Stream Generator (KSG):
A cryptographic algorithm which produces a stream of binary digits which
can be used for encipherment and decipherment. The initial state of the KSG is determined by the
initialization value.
Key Stream Segment (KSS):
A key stream of arbitrary length.
Manipulation Flag (MF): Used to indicate that the Static Cipher Key SCK has been incorrectly recovered
in an OTAR exchange.
plain text:
The unencrypted source data. The semantic content is available.
proprietary algorithm:
An algorithm which is the intellectual property of a legal entity.
---------------------- Page: 12 ----------------------
SIST ETS 300 396-6:1999
Page 11
ETS 300 396-6: April 1998
SCK-set: The collective term for the group of 32 SCK associated with each Individual TETRA Subscriber
Identity (ITSI).
Sealed Static Cipher Key (SSCK): A static cipher key cryptographically sealed with a particular user's
secret key. In this form the keys are distributed over the AI.
spoofer: An entity attempting to obtain service from or interfere with the operation of the system by
impersonation of an authorized system user or system component.
Static Cipher Key (SCK): A cipher key that is independent of any other key.
synchronization value: A sequence of symbols that is transmitted to the receiving terminal to
synchronize the KSG in the receiving terminal with the KSG in the transmitting terminal.
synchronous stream cipher: An encryption method in which a cipher text symbol completely represents
the corresponding plain text symbol. The encryption is based on a key stream that is independent of the
cipher text. In order to synchronize the KSGs in the transmitting and the receiving terminal synchronization
data is transmitted separately.
TETRA algorithm: The mathematical description of a cryptographic process used for either of the
security processes authentication or encryption.
time stamp: Is a sequence of symbols that represents the time of day.
3.2 Abbreviations
For the purposes of this ETS, the following abbreviations apply.
AC Authentication Centre
AI Air Interface
C-PLANE Control-PLANE
CT Cipher Text
DLL Data Link Layer
DM Direct Mode
DMCC Direct Mode Call Control
DMO Direct Mode Operation
EKSG End-to-end Key Stream Generator
EKSS End-to-end Key Stream Segment
F Function
FN Frame Number
HSC Half-Slot Condition
HSI Half-Slot Importance
HSN Half-Slot Number
HSS Half-Slot Stolen
HSSE Half-Slot Stolen by Encryption unit
ITSI Individual TETRA Subscriber Identity
IV Initialization Value
K authentication Key
KH Key Holder
KS Session Key
KSG Key Stream Generator
KSL Key SeaLer
KSO Session Key OTAR
KSS Key Stream Segment
KU Key User
LLC Logical Link Control
MAC Medium Access Control
MF Manipulation Flag
MNI Mobile Network Identity
MS Mobile Station
MSC Message Sequence Chart
OTAR Over The Air Rekeying
PDU Protocol Data Unit
---------------------- Page: 13 ----------------------
SIST ETS 300 396-6:1999
Page 12
ETS 300 396-6: April 1998
PT Plain Text
RAND RANDom challenge
RES RESponse
RS Random Seed
RSO Random Seed for OTARSession Key OTAR
SAP Service Access Point
SCH Signalling CHannel
SCH/F Full SCH
SCH/H Half SCH
SCH/S Synchronization SCH
SCK Static Cipher Key
SCK-VN SCK Version Number
SCKN Static Cipher Key Number
SDS Short Data Service
SDU Service Data Unit
SHSI Stolen Half-Slot Identifier
SS Synchronization Status
SSCK Sealed Static Cipher Key
STCH STolen CHannel
SV Synchronization Value
SwMI Switching and Management Infrastructure
TA TETRA Algorithm
TCH Traffic CHannel
TDMA Time Division Media Access
TEI TETRA Equipment Identity
TN Timeslot Number
TSI TETRA Subscriber Identity
TVP Time Variant Parameter
Tx Transmit
U-PLANE User-PLANE
V+D Voice + Data
XRES eXpected RESponse
4 Operational Security
This clause describes the operational use of security features in TETRA Direct Mode Operation (DMO).
For this clause a call is defined as the group of transmissions and changeovers that are bounded by initial
call setup and final call cleardown. Call pre-emption when successful may mark the start of a new call.
NOTE: A DMO call may be considered as a series of unidirectional call transactions with each
new call transaction having a new call master (the current transmitter).
A new call master (i.e. call master for the current call transaction) should not be able to change the
encryption parameters set at the start of the call. A call shall remain in the same encryption state in all call
transactions.
In a standard direct mode call slot 1 of the TDMA structure shall be used by the transmitter for
transmission, and slot 3 of the TDMA structure shall be used by the transmitter to send or receive control
messages. In frequency efficient operation the other 2 slots of the TDMA structure shall be used in like
manner.
4.1 Single-Hop Calls
A DMO call is considered a single-hop call in the following cases:
- MS to individual MS;
- MS to group of MSs.
A single hop call can only be made secure (encrypted) if the following conditi
...
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security33.070.10Prizemni snopovni radio (TETRA)Terrestrial Trunked Radio (TETRA)33.020Telekomunikacije na splošnoTelecommunications in generalICS:Ta slovenski standard je istoveten z:ETS 300 396-6 Edition 13SIST ETS 300 396-6:1999en01-MXOLM-19993SIST ETS 300 396-6:1999SLOVENSKI
STANDARD
SIST ETS 300 396-6:1999
EUROPEANETS 300 396-6TELECOMMUNICATIONApril 1998STANDARDSource: TETRAReference: DE/RES-06007-6ICS:33.020Key words:Direct Mode, security, TETRATerrestrial Trunked Radio (TETRA);Direct Mode Operation (DMO);Part 6: SecurityETSIEuropean Telecommunications Standards InstituteETSI SecretariatPostal address: F-06921 Sophia Antipolis CEDEX - FRANCEOffice address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCEInternet: secretariat@etsi.fr - http://www.etsi.fr - http://www.etsi.orgTel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and theforegoing restriction extend to reproduction in all media.© European Telecommunications Standards Institute 1998. All rights reserved.SIST ETS 300 396-6:1999
Page 2ETS 300 396-6: April 1998Whilst every care has been taken in the preparation and publication of this document, errors in content,typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to"ETSI Editing and Committee Support Dept." at the address shown on the title page.SIST ETS 300 396-6:1999
Page 3ETS 300 396-6: April 1998ContentsForeword.71Scope.92Normative references.93Definitions and abbreviations.103.1Definitions.103.2Abbreviations.114Operational Security.124.1Single-Hop Calls.124.2Multi-Hop Calls.134.3Call Synchronization.154.3.1Synchronization of calls through a repeater.154.3.2Synchronization of data calls where data is multi-slot interleaved.164.3.2.1Recovery of stolen frames from interleaved data.175Authentication Mechanisms.175.1Mobile to mobile operation.175.2Dual Watch Operation.175.3Gateway mode operation.176Air Interface (AI) encryption.196.1General principles.196.2Key Stream Generator (KSG).196.2.1KSG numbering and selection.196.3Encryption mechanism.206.3.1Interface parameters.206.3.1.1Time Variant Parameter (TVP).206.3.1.2Cipher Key.216.3.1.3Identification of cipher keys.216.3.2Data to be encrypted.216.3.2.1Encryption of MAC header elements.216.3.2.1.1DMAC-SYNC PDU encryption.236.3.2.1.2DMAC-DATA PDU encryption.246.3.2.2Traffic channel encryption control.246.4AI encryption protocol.246.4.1General.246.4.1.1Positioning of encryption process.256.4.2Service description and primitives.256.4.2.1DMCC-ENCRYPT primitive.276.4.2.2DMC-ENCRYPTION primitive.286.4.3Protocol Functions.287Air Interface (AI) key management mechanisms.297.1Key numbering and storage.297.2Over The Air Rekeying.297.3OTAR service description and primitives.307.3.1SCK transfer primitives.307.4OTAR SCK protocol functions.307.4.1OTAR protocol models.327.5OTAR Protocol MSCs.337.5.1Case 1: KU requests key from KH.337.5.2Case 2: KU requests key from KH acting as a relay for KSL.347.5.3Case 3: KH distributing SCK unsolicited.357.5.4Case 4: Error scenarios with SDS timeout from KU or KH.36SIST ETS 300 396-6:1999
Page 4ETS 300 396-6: April 19987.5.5Case 5: Error scenarios where KH provides no keys in response todemand.377.6PDU descriptions.377.6.1OTAR SCK Provide.387.6.2OTAR SCK Demand.387.6.3OTAR SCK Result.397.7PDU Information elements coding.397.7.1Address extension.397.7.2ITSI.397.7.3ITSI flag.407.7.4Mobile country code.407.7.5Mobile network code.407.7.6Number of SCKs provided.407.7.7Number of SCKs requested.417.7.8OTAR SCK sub-type.417.7.9Proprietary.417.7.10Provision result.417.7.11Random seed (OTAR).427.7.12SCK key and identifier.427.7.13SCK number.427.7.14SCK number and result.427.7.15SCK version number.437.7.16Sealed Key.437.7.17Session key (OTAR).437.7.18Short subscriber identity.438Secure Enable and Disable mechanism.438.1Overview.438.2General relationships.448.3Enable/Disable state transitions.458.4Mechanisms.458.4.1Disable of MS equipment.468.4.2Disable of MS subscription.468.4.3Disable an MS subscription and equipment.468.4.4Enable an MS equipment.468.4.5Enable an MS subscription.468.4.6Enable an MS equipment and subscription.468.5Enable/disable authentication mechanism.478.6Enable/Disable service description and primitives.478.6.1Enable/Disable primitives.478.7Enable - disable protocol.498.7.1General Case.498.7.2Enable-Disable protocol models.498.7.3Specific Protocol Exchanges.508.7.3.1Successful disabling of a target with mutualauthentication.518.7.3.2Successful enabling of a target with mutual authentication528.7.3.3Successful delivery of TEI with mutual authentication.548.7.3.4Rejection of ENDIS command.558.7.3.5Authentication failure during ENDIS exchange.568.7.4Protocol messages.578.7.4.1ENDIS COMMAND.578.7.4.2ENDIS AUTHENTICATE.578.7.4.3ENDIS COMMAND CONFIRM.578.7.4.4ENDIS RESULT.588.7.4.5ENDIS TEI PROVIDE.588.7.4.6ENDIS REJECT.588.7.5Information elements coding.598.7.5.1Address extension.598.7.5.2Authentication challenge.598.7.5.3Authentication response.598.7.5.4Authentication result.598.7.5.5Command.60SIST ETS 300 396-6:1999
Page 5ETS 300 396-6: April 19988.7.5.6Enable/Disable result.608.7.5.7ENDIS PDU type.608.7.5.8Equipment status.618.7.5.9ITSI.618.7.5.10Mobile country code.618.7.5.11Mobile network code.618.7.5.12Proprietary.618.7.5.13Random seed.628.7.5.14Reject reason.628.7.5.15Session key.628.7.5.16Short subscriber identity.628.7.5.17Subscription status.638.7.5.18TETRA equipment identity.639End-to-end encryption.639.1Introduction.639.2Voice encryption and decryption mechanism.639.2.1Protection against replay.649.3Data encryption mechanism.659.4Exchange of information between encryption units.659.4.1Synchronization of encryption units.659.4.2Encrypted information between encryption units.669.4.3Transmission.679.4.4Reception.699.4.5Stolen frame format.699.5Location of security components in the functional architecture.709.6End-to-end Key Management.72Annex A (normative):Protocol mapping between V+D and DMO for gateway operations.73A.1OTAR mapping.73A.1.1DM-GWAY requests provision of SCK(s) from SwMI on behalf of a DM-MS.73A.2Enable-Disable mapping.75A.2.1DM-GWAY acting as intermediary in Secure enable/disable procedure.75A.2.1.1Disable.75A.2.1.2Enable.77History.79SIST ETS 300 396-6:1999
Page 6ETS 300 396-6: April 1998Blank pageSIST ETS 300 396-6:1999
Page 7ETS 300 396-6: April 1998ForewordThis European Telecommunication Standard (ETS) has been produced by the Terrestrial Trunked Radio(TETRA) Project of the European Telecommunications Standards Institute (ETSI).This ETS is a multi-part standard and will consist of the following parts:Part 1:"General network design".Part 2:"Direct MS-MS Air Interface- Radio Aspects".Part 3:"Direct MS-MS Air Interface- Protocol".Part 4:"Repeater Mode Air Interface".Part 5:"Gateway Mode Air Interface".Part 6:"Security".Transposition datesDate of adoption of this ETS:3 April 1998Date of latest announcement of this ETS (doa):31 July 1998Date of latest publication of new National Standardor endorsement of this ETS (dop/e):31 January 1999Date of withdrawal of any conflicting National Standard (dow):31 January 1999SIST ETS 300 396-6:1999
Page 8ETS 300 396-6: April 1998Blank pageSIST ETS 300 396-6:1999
Page 9ETS 300 396-6: April 19981ScopeThis ETS defines the Terrestrial Trunked Radio system (TETRA) Direct Mode of operation. It specifies thebasic Air Interface (AI), the interworking between Direct Mode Groups via Repeaters, and interworkingwith the TETRA trunked system via Gateways. It also specifies the security aspects in TETRA DirectMode, and the intrinsic services that are supported in addition to the basic bearer and teleservices.This part describes the security mechanisms in TETRA Direct Mode. It provides mechanisms forconfidentiality of control signalling and user speech and data at the AI.-Clause 4 describes the general condition for which security of calls at the AI can be met. Thisintroduces conditions that all other clauses must follow.-Clause 5 describes authentication mechanisms for direct mode. The differences between peer-to-peer authentication mechanisms and client-server authentication mechanisms are covered by thisclause as are the principles of operation in gateway mode.-Clause 6 describes the confidentiality mechanisms using encryption on the AI, for circuit modespeech, circuit mode data, packet (short) data and control information. This clause then details theprotocol concerning control of encryption at the AI.-Clause 7 describes the key management mechanism, and includes a description of the OTARmechanism and protocol.-Clause 8 describes the enable/disable mechanism and includes a description of the protocol.-Clause 9 describes the mechanism to be used to support end-to-end encryption using synchronousstream cipher units for U-plane traffic by means of a frame stealing device for synchronization ofthe units.-Annex A defines the mapping of protocols in TETRA V+D Security to those of DMO Security foreach of OTAR and Enable/Disable.The use of AI encryption gives confidentiality protection against eavesdropping only. The addition of asynchronized time variant initialization value for the encryption algorithm gives a restrictive degree ofreplay protection.2Normative referencesThis ETS incorporates by dated and undated reference, provisions from other publications. Thesenormative references are cited at the appropriate places in the text and the publications are listedhereafter. For dated references, subsequent amendments to or revisions of any of these publicationsapply to this ETS only when incorporated in it by amendment or revision. For undated references the latestedition of the publication referred to applies.[1]ETS 300 392-2: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Voice plus Data (V+D); Part 2: Air Interface (AI)".[2]ISO 7498-2: "Information processing systems - Open Systems Interconnection -Basic reference model - Part 2: Security Architecture".[3]ETS 300 396-1: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Direct Mode; Part 1: General network design".[4]ETS 300 396-2: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Direct Mode; Part 2: Direct MS-MS Air Interface -Radio Aspects".[5]ETS 300 392-7: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security"SIST ETS 300 396-6:1999
Page 10ETS 300 396-6: April 1998[6]ETS 300 396-3: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Direct Mode; Part 3: Direct MS-MS Air Interface -Protocol".[7]ETS 300 396-5: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Speech codec for full-rate traffic channel Part 1:General description of speech functions".[8]ETS 300 392-1: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Voice plus Data (V+D); Part 1: General networkdesign".[9]ETS 300 395-1: "Terrestrial Trunked Radio (TETRA); Speech CODEC for full-rate traffic channel; Part 1: General description of speech functions".3Definitions and abbreviations3.1DefinitionsFor the purposes of this ETS, the following definitions apply:Authentication Key (K): The primary secret, the knowledge of which has to be demonstrated forauthentication.cipher key: A value that is used to determine the transformation of plain text to cipher text in acryptographic algorithm.cipher text: The data produced through the use of encipherment. The semantic content of the resultingdata is not available (ISO 7498-2 [2]).decipherment: The reversal of a corresponding reversible encipherment (ISO 7498-2 [2]).encipherment: The cryptographic transformation of data to produce cipher text (ISO 7498-2 [2]).encryption state: Encryption on or off.end-to-end encryption: The encryption within or at the source end system, with the correspondingdecryption occurring only within or at the destination end system.flywheel: A mechanism to keep the KSG in the receiving terminal synchronized with the Key StreamGenerator (KSG) in the transmitting terminal in case synchronization data is not received correctly.Initialization Value (IV): A sequence of symbols that initializes the KSG inside the encryption unit.key stream: A pseudo random stream of symbols that is generated by a KSG for encipherment anddecipherment.Key Stream Generator (KSG): A cryptographic algorithm which produces a stream of binary digits whichcan be used for encipherment and decipherment. The initial state of the KSG is determined by theinitialization value.Key Stream Segment (KSS): A key stream of arbitrary length.Manipulation Flag (MF): Used to indicate that the Static Cipher Key SCK has been incorrectly recoveredin an OTAR exchange.plain text: The unencrypted source data. The semantic content is available.proprietary algorithm: An algorithm which is the intellectual property of a legal entity.SIST ETS 300 396-6:1999
Page 11ETS 300 396-6: April 1998SCK-set: The collective term for the group of 32 SCK associated with each Individual TETRA SubscriberIdentity (ITSI).Sealed Static Cipher Key (SSCK): A static cipher key cryptographically sealed with a particular user'ssecret key. In this form the keys are distributed over the AI.spoofer: An entity attempting to obtain service from or interfere with the operation of the system byimpersonation of an authorized system user or system component.Static Cipher Key (SCK): A cipher key that is independent of any other key.synchronization value: A sequence of symbols that is transmitted to the receiving terminal tosynchronize the KSG in the receiving terminal with the KSG in the transmitting terminal.synchronous stream cipher: An encryption method in which a cipher text symbol completely representsthe corresponding plain text symbol. The encryption is based on a key stream that is independent of thecipher text. In order to synchronize the KSGs in the transmitting and the receiving terminal synchronizationdata is transmitted separately.TETRA algorithm: The mathematical description of a cryptographic process used for either of thesecurity processes authentication or encryption.time stamp: Is a sequence of symbols that represents the time of day.3.2AbbreviationsFor the purposes of this ETS, the following abbreviations apply.ACAuthentication CentreAIAir InterfaceC-PLANEControl-PLANECTCipher TextDLLData Link LayerDMDirect ModeDMCCDirect Mode Call ControlDMODirect Mode OperationEKSGEnd-to-end Key Stream GeneratorEKSSEnd-to-end Key Stream SegmentFFunctionFNFrame NumberHSCHalf-Slot ConditionHSIHalf-Slot ImportanceHSNHalf-Slot NumberHSSHalf-Slot StolenHSSEHalf-Slot Stolen by Encryption unitITSIIndividual TETRA Subscriber IdentityIVInitialization ValueKauthentication KeyKHKey HolderKSSession KeyKSGKey Stream GeneratorKSLKey SeaLerKSOSession Key OTARKSSKey Stream SegmentKUKey UserLLCLogical Link ControlMACMedium Access ControlMFManipulation FlagMNIMobile Network IdentityMSMobile StationMSCMessage Sequence ChartOTAROver The Air RekeyingPDUProtocol Data UnitSIST ETS 300 396-6:1999
Page 12ETS 300 396-6: April 1998PTPlain TextRANDRANDom challengeRESRESponseRSRandom SeedRSORandom Seed for OTARSession Key OTARSAP Service Access PointSCHSignalling CHannelSCH/FFull SCHSCH/HHalf SCHSCH/SSynchronization SCHSCKStatic Cipher KeySCK-VNSCK Version NumberSCKNStatic Cipher Key NumberSDSShort Data ServiceSDU Service Data UnitSHSIStolen Half-Slot IdentifierSSSynchronization StatusSSCKSealed Static Cipher KeySTCHSTolen CHannelSVSynchronization ValueSwMISwitching and Management InfrastructureTATETRA AlgorithmTCHTraffic CHannelTDMATime Division Media AccessTEITETRA Equipment IdentityTNTimeslot NumberTSITETRA Subscriber IdentityTVPTime Variant ParameterTxTransmitU-PLANEUser-PLANEV+DVoice + DataXRESeXpected RESponse4Operational SecurityThis clause describes the operational use of security features in TETRA Direct Mode Operation (DMO).For this clause a call is defined as the group of transmissions and changeovers that are bounded by initialcall setup and final call cleardown. Call pre-emption when successful may mark the start of a new call.NOTE:A DMO call may be considered as a series of unidirectional call transactions with eachnew call transaction having a new call master (the current transmitter).A new call master (i.e. call master for the current call transaction) should not be able to change theencryption parameters set at the start of the call. A call shall remain in the same encryption state in all calltransactions.In a standard direct mode call slot 1 of the TDMA structure shall be used by the transmitter fortransmission, and slot 3 of the TDMA structure shall be used by the transmitter to send or receive controlmessages. In frequency efficient operation the other 2 slots of the TDMA structure shall be used in likemanner.4.1Single-Hop CallsA DMO call is considered a single-hop call in the following cases:-MS to individual MS;-MS to group of MSs.A single hop call can only be made secure (encrypted) if the following conditions apply:-Source and Destination MS share SCK;-Source and Destination MS have common KSG.SIST ETS 300 396-6:1999
Page 13ETS 300 396-6: April 1998Call setup in DMO is a single pass operation with an allowed exception for individual calls to allow apresence check acknowledgement (2 pass call setup). All call parameters are contained in thesynchronization bursts which contain two data blocks of 60 bits and 124 bits respectively. The first datablock (logical channel SCH/S) shall contain the parameters for encryption. The second data block (logicalchannel SCH/H) shall contain the addressing data for the call (see ETS 300 396-3 [6], subclause 9.1.1).4.2Multi-Hop CallsDMO calls that pass through a repeater or gateway shall be considered multi-hop calls.A multi-hop call can only be made secure (encrypted) if one of the following apply (in addition to theconditions for single hop calls):- the Time Variant Parameter (TVP) used to synchronize the Key Stream Generator (KSG) isunaltered by the transmission;- intermediate terminations decrypt and re-encrypt the call on each side of the hop.Calls made through a layer-1 repeater shall not be considered by this ETS. The term repeater when usedin later clauses of this ETS shall refer to a layer-2 repeater.In the case of a call through a gateway to TETRA V+D the DMO call initiator shall be synchronized to thegateway.SIST ETS 300 396-6:1999
Page 14ETS 300 396-6: April 1998Layer 1Layer 2Layer 3Layer 1Layer 2Layer 3Layer 1Layer 1Mobile 1Mobile 2Layer 1Layer 2Layer 3Layer 1Layer 2Layer 3Layer 1Layer 2Layer 1Layer 2Mobile 1Mobile 2Layer 1Layer 2Layer 3Layer 1Layer 2Layer 3Layer
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.