SIST EN 300 396-6 V1.2.1:2006

SLOVENSKI STANDARD
SIST EN 300 396-6 V1.2.1:2006
01-april-2006
3UL]HPQLVQRSRYQLUDGLR7(75$±1HSRVUHGQLQDþLQ]YH]H'02±GHO
9DUQRVW
Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security
Ta slovenski standard je istoveten z: EN 300 396-6 Version 1.2.1
ICS:
33.070.10 Prizemni snopovni radio Terrestrial Trunked Radio
(TETRA) (TETRA)
SIST EN 300 396-6 V1.2.1:2006 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 300 396-6 V1.2.1:2006

---------------------- Page: 2 ----------------------

SIST EN 300 396-6 V1.2.1:2006

ETSI EN 300 396-6 V1.2.1 (2004-05)
European Standard (Telecommunications series)


Terrestrial Trunked Radio (TETRA);
Direct Mode Operation (DMO);
Part 6: Security

---------------------- Page: 3 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 2 ETSI EN 300 396-6 V1.2.1 (2004-05)



Reference
REN/TETRA-06070
Keywords
air interface, data, DMO, security, speech,
TETRA
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, send your comment to:
editor@etsi.org
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2004.
All rights reserved.

TM TM TM
DECT , PLUGTESTS and UMTS are Trade Marks of ETSI registered for the benefit of its Members.
TM
TIPHON and the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 4 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 3 ETSI EN 300 396-6 V1.2.1 (2004-05)
Contents
Intellectual Property Rights.5
Foreword.5
Introduction .6
1 Scope .7
2 References .7
3 Definitions and abbreviations.8
3.1 Definitions.8
3.2 Abbreviations .9
4 DMO security class .10
4.1 General .10
4.2 DM-2-A.11
4.3 DM-2-B .11
4.4 DM-2-C .11
5 DMO call procedures .11
5.1 General .11
5.1.1 Security profile .11
5.1.2 Indication of security parameters.12
5.2 Security class on call setup.12
5.2.1 General.12
5.2.2 Normal behaviour .12
5.2.3 Exceptional behaviour .12
5.2.3.1 Call-setup with presence check .12
5.2.3.2 Call-setup without presence check.13
5.2.3.3 Behaviour post call-setup.13
5.3 Security class on call follow-on .13
5.3.1 General.13
5.3.2 Normal behaviour .13
5.3.3 Exceptional behaviour .13
6 Air interface authentication and key management mechanisms .14
6.1 Authentication .14
6.2 Repeater mode operation.14
6.3 Gateway mode operation.14
6.4 Air Interface (AI) key management mechanisms.16
6.4.1 Key grouping .16
6.4.2 Identification of cipher keys in signalling.18
7 Enable and disable mechanism.18
8 Air Interface (AI) encryption .18
8.1 General principles.18
8.2 Encryption mechanism.19
8.2.1 Allocation of KSS to logical channels .19
8.3 Application of KSS to specific PDUs.20
8.3.1 Class DM-1.20
8.3.2 Class DM-2A.20
8.3.2.1 DMAC-SYNC PDU encryption.20
8.3.2.2 DMAC-DATA PDU encryption .21
8.3.2.3 DMAC-FRAG PDU encryption.21
8.3.2.4 DMAC-END PDU encryption .21
8.3.2.5 DMAC-U-SIGNAL PDU encryption.22
8.3.2.6 Traffic channel encryption .22
8.3.3 Class DM-2B .22
8.3.3.1 DMAC-SYNC PDU encryption.23
ETSI

---------------------- Page: 5 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 4 ETSI EN 300 396-6 V1.2.1 (2004-05)
8.3.3.2 DMAC-DATA PDU encryption .23
8.3.3.3 DMAC-FRAG PDU encryption.23
8.3.3.4 DMAC-END PDU encryption .24
8.3.3.5 DMAC-U-SIGNAL PDU encryption.24
8.3.3.6 Traffic channel encryption .24
8.3.4 Class DM-2C .24
8.3.4.1 DMAC-SYNC PDU encryption.25
8.3.4.2 DMAC-DATA PDU encryption .26
8.3.4.3 DMAC-FRAG PDU encryption.26
8.3.4.4 DMAC-END PDU encryption .26
8.3.4.5 DMAC-U-SIGNAL PDU encryption.26
8.3.4.6 Traffic channel encryption .27
9 Encryption synchronization.27
9.1 General .27
9.1.1 Algorithm to establish frame number to increment TVP.28
9.1.1.1 Master DM-MS operation .28
9.1.1.2 Slave DM-MS operation .28
9.2 TVP used for reception of normal bursts.28
9.3 Synchronization of calls through a repeater .29
9.3.1 Algorithm to establish frame number to increment TVP.29
9.3.1.1 Master DM-MS operation .29
9.3.1.2 Slave DM-MS operation .30
9.4 Synchronization of calls through a gateway.30
9.5 Synchronization of data calls where data is multi-slot interleaved.31
9.5.1 Recovery of stolen frames from interleaved data .31
Annex A (normative): Key Stream Generator (KSG) boundary conditions .32
A.1 Overview .32
A.2 Use.33
A.3 Interfaces to the algorithm.33
A.3.1 ECK.33
A.3.1.1 Use of ECK in class DM-2-A and DM-2-B.33
A.3.1.2 Use of ECK in class DM-2-C .34
A.3.2 Keystream.34
A.3.3 Time Variant Parameter (TVP) .34
Annex B (normative): Boundary conditions for cryptographic algorithm TB6 .35
Annex C (informative): Encryption control in DM-MS.36
C.1 General .36
C.2 Service description and primitives .36
C.2.1 DMCC-ENCRYPT primitive .37
C.2.2 DMC-ENCRYPTION primitive.39
C.3 Protocol functions .40
Annex D (informative): Bibliography.41
History .42

ETSI

---------------------- Page: 6 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 5 ETSI EN 300 396-6 V1.2.1 (2004-05)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This European Standard (Telecommunications series) has been produced by ETSI Project Terrestrial Trunked Radio
(TETRA).
The present document is part 6 of a multi-part deliverable covering Direct Mode Operation, as identified below:
ETS 300 396-1: "General network design";
EN 300 396-2: "Radio aspects";
ETS 300 396-3: "Mobile Station to Mobile Station (MS-MS) Air Interface (AI) protocol";
EN 300 396-4: "Type 1 repeater air interface";
ETS 300 396-5: "Gateway air interface";
EN 300 396-6: "Security";
EN 300 396-7: "Type 2 repeater air interface";
EN 300 396-8 "Protocol Implementation Conformance Statement (PICS) proforma specification";
EN 300 396-10: "Managed Direct Mode Operation (M-DMO)".
NOTE: Part 8 of this multi-part deliverable is of status "historical" and will not be updated according to this
version of the standard.

National transposition dates
Date of adoption of this EN: 21 May 2004
Date of latest announcement of this EN (doa): 31 August 2004
Date of latest publication of new National Standard
or endorsement of this EN (dop/e): 28 February 2005
Date of withdrawal of any conflicting National Standard (dow): 28 February 2005

ETSI

---------------------- Page: 7 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 6 ETSI EN 300 396-6 V1.2.1 (2004-05)
Introduction
The present document differs from edition 1 of the DMO security specification in the following key areas:
• algorithm specifications have been moved to normative annexes:
- annex A gives the specification of the Key Stream Generator used in providing confidentiality on the air
interface; and
- annex B gives the specification of the Static Cipher Key modification algorithm TB6 that adds variability
to the Key Stream Segment output by the Key Stream Generator.
• the enable-disable operations have been deleted in favour of operations from a SwMI (TETRA Trunked
Operation);
• the re-keying protocol and mechanisms have been deleted in favour of operations from a SwMI (TETRA
Trunked Operation);
• the end-to-end encryption clause has been deleted (and is available in ETSI deliverable EN 302 109 [7]);
• the annexes describing mappings between DMO and TMO security protocols have been deleted as the OTAR
and ENDIS functions that need to be mapped no longer exist;
• DMO security classes have been defined replacing the "Encryption mode element" and aligning behaviour to
EN 300 392-7 [4]. The description of these classes has been moved to clause 4 as this is the most significant
aspect of the document;
• a new clause describing the interaction of security with the DM call is added which describes both the normal
and exceptional behaviour to take on examination of the security elements contained in the synchronization
burst;
• "hanging" clauses have been eliminated as per the ETSI drafting rules;
• references to V+D have been replaced by reference to TMO (Trunked Mode Operation); and
• encryption synchronization has been promoted to a full clause.
In addition the "protocol" description identifying the service primitives has been identified as informative (not testable)
and has been moved to an informative annex.
ETSI

---------------------- Page: 8 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 7 ETSI EN 300 396-6 V1.2.1 (2004-05)
1 Scope
The present document defines the Terrestrial Trunked Radio system (TETRA) Direct Mode of operation. It specifies the
basic Air Interface (AI), the interworking between Direct Mode Groups via Repeaters and interworking with the
TETRA Trunked system via Gateways. It also specifies the security aspects in TETRA Direct Mode and the intrinsic
services that are supported in addition to the basic bearer and teleservices.
This part describes the security mechanisms in TETRA Direct Mode. It provides mechanisms for confidentiality of
control signalling and user speech and data at the AI. It also provided some implicit authentication as a member of a
group by knowledge of a shared secret encryption key.
The use of AI encryption gives both confidentiality protection against eavesdropping, and some implicit authentication.
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
• References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
[1] ETSI EN 300 392-2: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 2: Air
Interface (AI)".
[2] ISO 7498-2: "Information processing systems - Open Systems Interconnection - Basic Reference
Model - Part 2: Security Architecture".
[3] ETSI EN 300 396-2: "Terrestrial Trunked Radio (TETRA); Technical requirements for Direct
Mode Operation (DMO); Part 2: Radio aspects".
[4] ETSI EN 300 392-7: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D);
Part 7: Security".
[5] ETSI ETS 300 396-3: "Terrestrial Trunked Radio (TETRA); Technical requirements for Direct
Mode Operation (DMO); Part 3: Mobile Station to Mobile Station (MS-MS) Air Interface (AI)
protocol".
[6] ETSI TS 100 392-15: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D);
Part 15: TETRA frequency bands, duplex spacings and channel numbering".
[7] ETSI EN 302 109: "Terrestrial Trunked Radio (TETRA); Security; Synchronization mechanism
for end-to-end encryption".
[8] ETSI ETS 300 396-5: "Terrestrial Trunked Radio (TETRA); Technical requirements for Direct
Mode Operation (DMO); Part 5: Gateway air interface".
[9] ETSI EN 300 396-4: "Terrestrial Trunked Radio (TETRA); Technical requirements for Direct
Mode Operation (DMO); Part 4: Type 1 repeater air interface".
ETSI

---------------------- Page: 9 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 8 ETSI EN 300 396-6 V1.2.1 (2004-05)
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
air interface encryption state: status of encryption in a call (on or off)
call transaction: all of the functions associated with a complete unidirectional transmission of information during a call
NOTE: A call is made up of one or more call transactions. In a simplex call these call transactions are sequential.
(Source: ETS 300 396-3 [5]).
carrier number: integer, N, used in TETRA to represent the frequency of the RF carrier
NOTE: Source: TS 100 392-15 [6].
cipher key: value that is used to determine the transformation of plain text to cipher text in a cryptographic algorithm
cipher text: data produced through the use of encipherment
NOTE: The semantic content of the resulting data is not available (ISO 7498-2 [2]).
decipherment: reversal of a corresponding reversible encipherment
NOTE: ISO 7498-2 [2]
Direct Mode Operation (DMO): mode of simplex operation where mobile subscriber radio units may communicate
using radio frequencies which may be monitored by, but which are outside the control of, the TETRA TMO network
NOTE: DM operation is performed without intervention of any base station. (Source: ETS 300 396-3 [5]).
DMO-net: number of DMO MSs communicating together and using common cryptographic parameters
encipherment: cryptographic transformation of data to produce cipher text
NOTE: ISO 7498-2 [2]
encryption cipher key: cipher key used as input to the KSG, derived from an address specific cipher key and randomly
varied per channel using algorithm TB6
end-to-end encryption: encryption within or at the source end system, with the corresponding decryption occurring
only within or at the destination end system
explicit authentication: transaction initiated and completed specifically to demonstrate knowledge of a shared secret
where the secret is not revealed
implicit authentication: authenticity demonstrated by proof of knowledge of a shared secret where that demonstration
is a by-product of another function
key stream: pseudo random stream of symbols that is generated by a KSG for encipherment and decipherment
Key Stream Generator (KSG): A cryptographic algorithm which produces a stream of binary digits which can be used
for encipherment and decipherment
NOTE: The initial state of the KSG is determined by the initialization value.
Key Stream Segment (KSS): key stream of arbitrary length
plain text: unencrypted source data.
NOTE: The semantic content is available.
proprietary algorithm: algorithm which is the intellectual property of a legal entity
ETSI

---------------------- Page: 10 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 9 ETSI EN 300 396-6 V1.2.1 (2004-05)
SCK-set: collective term for the group of 32 SCKs associated with each Individual TETRA Subscriber Identity
SCK-subset: collection of SCKs from an SCK-set, with SCKNs in numerical sequence, where every SCK in the subset
is associated with one or more different GSSIs
NOTE: Multiple SCK subsets have corresponding SCKs associated with the same GSSIs.
Static Cipher Key (SCK): predetermined cipher key that may be used to provide confidentiality in class DM-2-A,
DM-2-B and DM-2-C systems with a corresponding algorithm
Synchronization value: sequence of symbols that is transmitted to the receiving terminal to synchronize the KSG in
the receiving terminal with the KSG in the transmitting terminal
synchronous stream cipher: encryption method in which a cipher text symbol completely represents the
corresponding plain text symbol
NOTE: The encryption is based on a key stream that is independent of the cipher text. In order to synchronize the
KSGs in the transmitting and the receiving terminal synchronization data is transmitted separately.
TETRA algorithm: mathematical description of a cryptographic process used for either of the security processes
authentication or encryption
Trunked Mode Operation (TMO): operations of TETRA specified in EN 300 392-2 [1]
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
ACK ACKnowledgement
AI Air Interface
CK Cypher Key
CN Carrier Number
DM Direct Mode
DMAC Direct Mode Media Access Control
DMC A layer 2 Service Access Point (DMC-SAP)
DMCC Direct Mode Call Control
DMO Direct Mode Operation
ECK Encryption Cipher Key
EDSI Encrypted Direct-mode Short Identity
FN Frame Number
GSSI Group Short Subscriber Identity
GTSI Group TETRA Subscriber Identity
KAG Key Association Group
KSG Key Stream Generator
KSS Key Stream Segment
KST Key Stream Generator
MAC Medium Access Control
MDE Message Dependent Elements
MNI Mobile Network Identity
MS Mobile Station
OTAR Over The Air Rekeying
PDU Protocol Data Unit
PICS Protocol Implementation Conformance Statement
REP Repeater
RF Radio Frequency
SAP Service Access Point
SCH Signalling CHannel
SCH/F Full SCH
SCH/H Half SCH
SCH/S Synchronization SCH
SCK Static Cipher Key
SCKN Static Cipher Key Number
SCK-VN SCK Version Number
ETSI

---------------------- Page: 11 ----------------------

SIST EN 300 396-6 V1.2.1:2006
 10 ETSI EN 300 396-6 V1.2.1 (2004-05)
SDS Short Data Service
SDU Service Data Unit
SSI Short Subscriber Identity
STCH ST
...