Security Services 2-37
March 2009 Chapter 2 - MTP850 Ex/MTP810 Ex Product Information Manual 6866588D21-D
12.3 Air Interface Encryption (AIE)
The terminal supports TETRA Air Interface Encryption AIE by using the Standard TETRA Public
Encryption algorithms, as defined in [Ref 3] Clause 6, TEA1 and TEA2.
The Focus of Cryptography in TETRA is the Encryption Key:
TETRA AIE provides 12 000 000 000 000 000 000 000 000 key combinations
Benefits:
• The number of key combinations makes unauthorized deciphering almost impossible.
TETRA has 3 Classes of Encryption:
• Class 1 - Clear (None)
• Class 2 - Static Key Encryption
• Class 3 - Derived Key Encryption (sometimes called Dynamic key), Common Cipher Key and
Group Cipher Key
In Direct Mode only the Static Cipher Key (SCK) type is defined.
12.3.1 Clear Terminals (Class 1)
A terminal can be configured as a “clear” terminal, in which case it will identify itself in registration as
a “Security Class 1” terminal and not support encryption. A Security Class 1 terminal will not contain
any encryption algorithms in its software.
12.3.2 Static Cipher Key Encryption (Class 2)
The terminal supports static air interface encryption, using a set of up to 32 static cipher keys (SCK)
which is shared by the SwMI and all authorized terminals. The terminal will determine which static
key to use based on the SCK Number (SCKN) and SCK version number (SCK-VN) broadcast by the
SwMI.
A terminal can be configured to support static key encryption, in which case it will identify itself in
registration as a ’Security Class 2’ terminal, and attempt to negotiate Security Class 2 encryption.
Each terminal will use either the TEA1 or the TEA2 (TEA 3 - AsiaPac) Key Stream Generator (KSG)
algorithm, and contain only one of those algorithms in its software.
When Security Class 2 Encryption has been negotiated, encrypted PDUs will be encrypted using
SCK.
In Direct Mode the SCK can be chosen by the system manager and may be distributed from the
TMO SwMI using the OTAR mechanism or it can be entered manually.
12.3.3 Derived Cipher Key Encryption and Group Cipher Keys GCK (Class 3)
Background:
DCK/CCK/GCK required to prevent over-exposure of key material.
Existing encryption systems use Static Cipher Keys (SCK), one key is used for all terminals and all
calls:
Key material is often exposed
SCK logistics of changing keys = reprogram all terminals & Base Stations
Feature description:
DCK is used for both uplink and downlink for private calls
To Next Page
Loading...
