Derived Cipher Key and Common Cipher Keys Encryption (Class 3)
DCK/CCK are required to prevent over-exposure of key material. Existing encryption systems use Static Cipher Keys
(SCK), where one key is used for all radios and all calls. Key material is often exposed and SCK logistics of changing
keys consist in programming all radios and base stations.
DCK is used for individually addressed TM-SDU (Service Data Unit). DCK/CCK encryption provides Derived
Cipher Key (DCK) for uplink (from the radio to the BTS) communication and Common Cipher Key (CCK) for
downlink (from the BTS to the radios) group communication. The DCK is derived from either the one way or mutual
authentication process and the CCK is received during registry.
The radios supporting the dynamic key encryption identify themselves to the system as Class 3 radios during registry
and attempt to negotiate Class 3 encryption. A Class 3 radio supports group addressed signaling and group call traffic
encryption using CCKs. The radios support Over-the-Air-Rekeying (OTAR) of the CCK by the system.
A clear radio can set up calls to and receive calls from encrypted radios. The system informs the encrypted radios that
the call is with a clear radio and they switch to clear operation. Class 2 and 3 radios can only act as described if they
are allowed to operate in a lower class.
Group Cipher Keys Encryption (Class 3G)
For the Security Class 3G the system allows grouping addressed signaling and dedicated group call traffic encryption
using GCKs to cryptographically isolate talkgroups. The downlink signaling is encrypted using MGCK that is
cryptographically derived from the CCK associated with the serving cell and the GCK associated with a given
talkgroup. The SwMI does not change GCK and CCK simultaneously. Whenever a GCK change occurs, CCK
changes are frozen for this time period.
The DCK is derived from either the one way or mutual authentication process and the CCK is received during
registry, whereas the GCK is received through OTAR mechanism only.
The radio supports over-the-air and manual provisioning of key associations that link a GCK to one or more TMO
talkgroups, and manual provisioning of KAG to one or more DMO talkgroups.
The system can provide the ability for the operator to group contiguous ranges of TMO SSI. This case occurs where
any talkgroup residing within the address range is assigned using the same GCK association. These ranges, referred to
as Key Association Ranges (KAR), are used to convey the TMO talkgroup and GCK relationships to the relevant
SwMI and radios responsible for GCK functions.
End-to-End Encryption
The TETRA standard supports air encryption. The radio creates the PDU (Protocol Data Unit) and the PDU is
encrypted before transmission. The base station receives this PDU and must decrypt it, to know what to do with it and
where to send it. Thus, if a PDU contains voice information, the voice part of the message has been decrypted and is
now unprotected, until it is transmitted out to the caller.
Services and Features | 35
| | Send Feedback
To Next Page
Loading...
Need help?
General
