Security Feature
Mode
Security Class 1 Security Class 2 Security Class 3 Security Class 3G
Mutual Authentica-
tion
Optional Optional Optional Optional
OTAR N/A Optional Mandatory Mandatory
SCK AIE N/A Mandatory N/A N/A
DCK AIE N/A N/A Mandatory Mandatory
GCK AIE N/A N/A N/A Mandatory
Note: In the current release the radio does not support the following security features:
• Radio initiated authentication
• Support for TEA4
• Explicit authentication during DGNA
Enhanced Security, which consists of TMO Air Interface Encryption class 3G and DMO class 2, is a selling feature.
Clear Radios (Class 1)
A radio can be configured as a clear radio. In such case the radio identifies itself in registration as a Security Class 1
radio and does not support encryption. A Security Class 1 radio does not contain any encryption algorithms in its
software.
Static Cipher Key Encryption (Class 2)
The radio supports static AIE using a set of up to 32 static cipher keys (SCK) shared by the SwMI and all authorized
radios. The radio then determines which static keys to use based on the SCK Number (SCKN) and SCK version
number (SCK-VN) broadcast by the SwMI.
A radio can be configured to support static key encryption. In such case it identifies itself in registration as a Security
Class 2 radio, and attempts to negotiate Security Class 2 encryption. Each radio then uses either the TEA1 or the
TEA2 (TEA 3 — for Asia and Pacific) Key Stream Generator (KSG) algorithm. Each radio contains only one of
those algorithms in its software.
When Security Class 2 Encryption has been negotiated, encrypted PDUs are encrypted using SCK.
In DMO, the system manager may choose the SCK and the key may be distributed from the TMO SwMI using the
OTAR mechanism or provided manually using KVL.
Derived Cipher Key and Common Cipher Keys Encryption (Class 3)
DCK/CCK are required to prevent over-exposure of key material. Existing encryption systems use Static Cipher Keys
(SCK), where one key is used for all radios and all calls. Key material is often exposed and SCK logistics of changing
keys consist in programming all radios and base stations.
DCK is used for individually addressed TM-SDU (Service Data Unit). DCK/CCK encryption provides Derived
Cipher Key (DCK) for uplink (from the radio to the BTS) communication and Common Cipher Key (CCK) for
downlink (from the BTS to the radios) group communication. The DCK is derived from either the one way or mutual
authentication process and the CCK is received during registry.
The radios supporting the dynamic key encryption identify themselves to the system as Class 3 radios during registry
and attempt to negotiate Class 3 encryption. A Class 3 radio supports group addressed signaling and group call traffic
encryption using CCKs as well as encryption of uplink and down link individually addressed signaling messages and
individual call traffic (private or phone) using its DCKs. The radios support Over-the-Air-Rekeying (OTAR) of the
CCK by the system.
Services and Features | 41
| | Send Feedback
To Next Page
Loading...
