Implementing OBDA for an end-user query answering service ...
Implementing End-to-End Security in TETRA
description
Transcript of Implementing End-to-End Security in TETRA
1 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Implementing End-to-End Security in TETRA
Author: Heikki Lavanti
Instructor: M.Sc Olli-Pekka Lahtinen
Supervisor: Professor Raimo Kantola
2 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
AGENDA
1. Introduction & background for the thesis
2. Goals and methods of the thesis
3. TETRA
4. Smart card technology
5. Implementing E2EE in the NTS
6. Results of tests
7. Conclusions
3 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Introduction & background for the thesis
• Work was done at Nokia Networks’ Professional Mobile Radio business unit situated in Helsinki
• Background for the thesis is the need for a module that implements end-to-end encryption (E2EE) of circuit switched voice in the Nokia TETRA System (NTS)
• The module must also support (relatively) easy replacement of the algorithm
• E2EE is done between the end-user terminals, i.e. the network itself is unaware of the type of communication
• There is a network element called the Dispatcher WorkStation (DWS) that can monitor several calls at once and thus presents some special requirements for the module used for E2EE
• The thesis studied the applicability of smart cards as the E2EE module in the DWS
4 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Goals and methods of the thesis
• Goals:• investigate how E2EE is implemented in the current NTS
(especially the DWS)• investigate if the implementation could make use of smart card
technology and to this end• study smart cards• estimate requirements of E2EE
• analyze the suitability of smart cards
• Methods:• the suggested implementation was tested using
• calculations• simulations
5 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
TETRA
• TErrestrial Trunked RAdio
• Professional mobile radio standard done by ETSI
• Advantages over PLMNs (e.g. GSM) include• fast call set-up • group communication• security (e.g. AIE)
• Users (and customers) from the• public sector (e.g. governments)
• called PSS (Public Safety and Security) networks • private sector (e.g. gas companies)
• called PC (Professional Cellular) networks
• AIE offers a robust encryption scheme over the AI, but inside the SwMI, the user data is in clear format and susceptible to eavesdropping
AIE = Air Interface Encryption
SwMI=Switching and Management Infrastructure
6 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Nokia TETRA SYSTEM (NTS)
CDD – Configuration and Data Distribution
server
DWS – Dispatcher WorkStation
DXT – Digital eXchange for TETRA
TBS – TETRA Base Station
TCS – TETRA Connectivity Server
TBS
TBS
NetAct
CDD
THR 880i
TMR880
TBS
DSC
DWS
TCS
3rd partyDWS
ISDN PSTN/PABX traditional PMR ISI
DXT
...
3rd party without audio
TBS
TBS
TETRA IPBACKBONE
7 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
The DWS
• Has four variants: •DWSe1 – uses an E1 connection •DWSi – uses an ISDN connection•DWSr – uses the air interface and TETRA packet data •DWSx – can use both E1 and ISDN + supports E2EE
• The DWSx has a PCI card called the Xgear, which has a module called the GEM (General Encryption Module), which encrypts the data
• The GEM is controlled via a GEI (General Encryption Interface) the GEM can be any technology
• The thesis studied smart cards as the new GEM technology
8 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Smart card technology
• A credit card- (or SIM card) sized plastic token with an embedded microchip (integrated circuit chip)
• Comprised of• a plastic card• micro controller• interfaces• application
• Provides• Persistent, protected storage• Memory capacity (4K - 160K is typical)• Computational capability and processing power (a small CPU)
• Self-contained Doesn’t need to depend on potentially vulnerable external
resources
9 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Smart card technology
• An important aspect of smart cards is the prevention of unauthorized users gaining access to information contained on the card
• The advantage smart cards have over magnetic stripe cards is that the smart card contains the computer chip which stores the password or PIN
• The password is not sent over a communication line to a computer system for verification, which can easily be tapped
• The most important part of a smart card is the software that provides the applications
• After a smart card is issued to the consumer, protection of the card will be mainly controlled by the application and the operating system
• Access of data has to be done through the logical file structure on the card
10 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
The ISO/IEC 7816
• Set of standards that define e.g. the physical layout and data transfer methods of a smart card
• The protocol stack is divided into three according to the ISO OSI model:
Application Layer
Data Link Layer
Physical Layer
Application Layer
Data Link Layer
Physical Layer
Terminal Smart card
11 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
The ISO/IEC 7816
• The ISO/IEC 7816 places several restrictions to smart card-terminal communications:
• the physical layer has several performance degrading factors – e.g. 8 data bits are encapsulated inside 10 bits and communication is half-duplex
• there are several guard times as well to ensure that the terminal and smart card have enough time to respond
• communication is defined as master-slave with the card always the slave. ETSI has defined a CAT (Card Application Toolkit) to alleviate this, but communication is still quite cumbersome
• The CAT commands are known as proactive commands
• The End-to-end Application Toolkit (EAT) is a subset of the CAT
12 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
TETRA & E2EE
• E2EE encrypts user data at the sender and decrypts it at the receiver the network is a transparent medium
• E2EE does not encrypt signaling, which is encrypted using AIE E2EE does not replace AIE but is an additional security feature
TETRA NETWORK
AIE AIEUnencrypted
E2EE
DWS
13 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
TETRA & E2EE
• TETRA uses an algebraic code-exited linear predictive (ACELP) codec for speech compression
• In the TETRA codec, speech samples of 30 ms are used. This sample is digitized to a speech frame of 137 bits. After the codec two subslots each consisting of a speech frame are fitted into one TDMA timeslot
• Thus, one TETRA timeslot consists of 274 bits of data
• The DWS can monitor 16 group calls and communicate with one timeslot, i.e. it has to be able to simultaneously decrypt 16 speech frames and decrypt one speech frame
• New timeslots arrive with an interval of 32ms. One Key Stream Operation (KSO) would have to be done in 32ms/17=1.88ms
14 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Implementing E2EE in the NTS
• The following illustrates the Key Stream Operation (KSO) of a TETRA terminal in E2EE
• The KSG takes as it input a key and the IV in the first round (or SV in subsequent rounds)
• Next the KSG uses an algorithm to generate the KSS
• The KSS is XORed with the input
• The ciphertext is sent with the SV
• The receiver does the same
KSO in reverse
• The KSO is a flywheel• the receiver can calculate the KSS without the SVs
• However, the SV is sent at
regular intervals
KSG
XOR
Synchcontrol
Framestealing
Synchdetec
XOR
Synchcontrol
KSG
Channel
Terminal Terminal
Key IV
KSSSynchframe
SV SV
Synchframe
KSS
Plain text
Cipher text
Cipher text + Synch vector
Key and synchronization data
IV = Initialization Vector
KSG = Key Stream Generator
KSS = Key Stream Segment
SV = Synchronization Vector
Key
15 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Tests
• The requirements for the smart card’s I/O contact’s capacity were estimated using calculations based on the DWS and the ISO 7816
• These were then compared to the figures given by Infineon, a large manufacturer of smart cards
• Also, the KSG was simulated using a smart card controller simulator provided by Infineon
• the OS was provided by Infineon• the application used was a simple AES algorithm that took as
its input the lengths of the key and the SV
16 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Results of tests
• The calculations showed that the requirements for the I/O contact is approximately 435 kbit/s
• The Infineon SLE88 family of smart card controllers have a maximum rate of 625 kbit/s the I/O contact could manage the load
• The KSG would have to be able to generate one KSS in approximately 50 μs
• The simulated KSG needs 160 μs at 55 MHz to be able to generate the KSS clearly over the limit
17 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Conclusions
• The I/O contact is fast enough to handle the requirements of E2EE in the DWS
• The application was not fast enough, there may be several reasons for this:• The OS was a simple implementation and in no way optimized• The application itself was written in C and not assembler, and was not
optimized• However, although the solution that makes use of only one smart card, an
implementation of 2 to 4 smart card could probably be possible• Next steps:
• The calculations done on the I/O contact should be verified using hardware tests
• The application and OS should be further developed in order to gain more accurate results
• Also, alternatives to the smart card technology should be considered• e.g. Field Programmable Gate Arrays
• All in all, smart card technology is continuously developing towards faster CPUs and larger transfer rates and probably the performance bottlenecks will not exist in the near future
18 © NOKIA Implementing End-to-end Security in TETRA.PPT / 01-02-2005 / HLa
Thank You !
Questions ?