- Email: [email protected]
Research on End-to-End Encryption of TETRA
THE JOURNAL OF CHINA UNIVERSITIES OF POSTS AND TELECOMMUNICATIONS Vol.13, No.2, Jun.2006
Research on End-to=EndEncryption of TETRA ZHANG Zhi-hui'.
2,
YANG Yi-xian2
1.Beijing FORICH Software Technology Co., Ltd., Network Security Division, Beijing 100083, P. R . China; 2 . Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, P. R . China
Abstract: The Terrestrial Trunked Radio (TETRA) system uses end-to-end encryption in addition to the air interfuce encryption to provide enhanced security. The TETRA system uses a synchronization technique known as jrume stealing to provide synchronization of end-to-end encrypted data . However, the frame stealing process degrades the quulity of video. This paper proposes an end-to-end encryption system with the frame stealing technique f o r voice and frame insertion for video. A block cipher in the output feedback mode is used to implement the end-to-end key stream generator. Moreover. In the Short Datu Service(SDS) message encryption, a block cipher in the Cipher Buck Chaining (CBC) made is used to calculate the cryptographically secure checksum, which is sufficient to certify the integrity. Key words: TETRA; end-to-end encryption ; confidentiality; integrity CLC number: TN918.1 Document code: A Article ID: 1005-8885(2006)02-0070-04
cryption system based on IDEA is presented and analyzed. The encryption algorithms for voice mode and for SDS short messages are stream cipher generators. We TETRA is an ETSI-standardized digital radio operat- use block cipher in Output FeedBack (OFB) mode to ing system based on trunked mobile radio technolo- achieve the end-to-end Key Stream Generator (EKSG) . gy[ 1 - 31 . It is typically designed for the Professional Mo- Frame stealing technique for voice and frame insertion bile Radio (PMR) market and includes systems, typi- for video are discussed. In SDS message encryption, a cally for Military and Public Safety organizations, as block cipher in CBC mode is used to calculate the crypwell as Public Access Mobile Radio Systems for public tographically secure checksum, which is sufficient to service^[^-^^. While, in any radio system, the air inter- test the integrity. IDEA is a symmetrical block cipher face is especially at risk, since it is vulnerable to unde- working with 128 bit keys. tectable interception. TETRA has built on the DECTL6-'] security and added features which are rele- 2 End-to-End Voice Encryption vant for professional mobile radio users, such as end-toFig. 1 shows a synchronization mechanism of the end encryption, encryption for closed user groups, secure enabling and disabling of mobile terminals[']. Only voice encryption and decryption based on the synthe air interface security has been fully specified in the chronous stream cipher principle. The symmetry of TETRA standard, and the definition of end-to-end se- transmitter and receiver has common encryption units. curity is left to the user. The TETRA MoU Security The End-to-end Key Stream Generator[12- 13' ( EKSG) and Fraud Prevention Group (SFPG) has produced a se- is the place where block cipher in output feedback mode ries of recommendation documents which enable T E - is used to encrypt data. In OFB mode the previous outTRA users to optimally customize the security require- put of the encryption process is fed back as the input to m e n t ~ " ~ .Air interface security protects data only be- the encryption process through a register. The plaintext tween the terminals and the network. Within the net- is XORed with the output of encryption process to obwork infrastructure, the data is transported unencrypt- tain the cipher text as shown in Fig. 2. EKSG shall ed. Thus end-to-end and air interface security comple- have two inputs, a cipher key and an initialization valment, and do not impede, each other. Any one of them ue. The initialization value should be a time variant pacannot fulfill all security requirements independent- rameter (e.g. a sequence number or a timestamp) used ly['O-lll. The following article provides an overview of to initialize synchronization of the encryption units. end-to-end encryption of TETRA. The end-to-end en- Function of multiplexer shall replace a half slot of cipher
1
Introduction
Received date: 2005-06-02 Fomndath item: This project is supported by National Natural Science Foundation of China(60372094).
No. 2
ZHANG Zhi-hui, et a l . : Research on End-to-End Encryption of TETRA
text with a synchronization frame provided by the "Sync Frame" functional unit, the frame stealing. The frame stealing process periodically replaces the contents of a half slot of data with synchronization information. The replaced portions of data stream are lost. The TETRA speech codec is capable of tolerating some loss of data,
71
while never effect greatly for speech. Moreover, since speech frames are directly mapped on to the transmission time slots of the radio, the frame stealing strategy can be efficiently adopted for synchronization of end-toend encrypted speech.
Control
y3-
P l a i d
OF-----
unit
-
Cipher text
Fig. 1
Synchronization mechanism at the transmitter and the receiver
IV of the receiver decryption unit is updated according
Key%ijc! IDEA
encrypt
IV
64 bit
Register
P"
Fig. 2
Key stream generator based on IDEA
To provide a high level of security traffic, end-to-end encryption is needed. The channels involved in mobile communication systems are very noisy and time varying. Communications over these channels result errors in the received data, and, consequently, loss of synchronization of the receiver to the incoming data stream. IBSS of synchronization in a stream of encrypted data will result in an erroneously deciphered data stream. If the key stream K , at the receiver looses synchronization to incoming cipher text stream C, the corresponding decrypted data stream P , at the receiver will be in error. Therefore, some means of providing synchronization at the receiver are required. Synchronization is provided by sending synchronization information to the receiver. The transmitter sends IV updates within a synchronization frame to the receiver to recover from loss of synchronization. The synchronization frame contains additional elements which allow the receiver to select the correct key and key algorithm. Two further elements, a timestamp and a cryptographic check sum, secure the integrity of the synchronization frame and prevent imposture through repetition ( replay attacks ) . When a frame is received, the encryption synchronization unit detects the synchronization information, and changes the current key and the algorithm according to the received key number and the algorithm number, and the
to the received IV. IDEA is the symmetrical block cipher working with 128-bit keys. It was developed in 1991 at the Technical University of Zurich, and at present has no known weakne~ses"~'. Key stream generator based on IDEA is shown in Fig. 2 . An encryption speed of 177 Mb/s can be obtained using IDEA based on VISI. In order to generate enough bits for a TETRA half-slot, IDEA is executed four times. The last 64 bit then serve as a possible Synchronization Vector (SV) . The SV is part of a 119 bit long synchronization frame, which is transmitted between one and four times per second. The frame stealing makes it possibIe to transmit signaling data instead of user data, and is achieved by replacing half a timeslot of user data with signaling data.
3 End-to-End Video Encryption The TETRA speech codec is capable of tolerating some loss of data, and cause no problems for speech. So the frame stealing strategy can be efficiently adopted for the synchronization of end-to-end encrypted speech. Moreover, unlike speech, video is coded in the host computer at the application layer. Thus, there is no direct mapping of video frames to the transmission time slots of the radio. This makes it difficult to determine the timing for stealing half slots to send synchronization frames. Therefore an alternative technique is required to provide synchronization to encrypted video streams. M. I . Samarakoon"'] proposed a technique termed frame insertion which is more appropriate for video transmission. In frame insertion, synchronization frames are inserted to the transmitted video streams
72
The Journal of CHUPT
2006
between successive video frames. Unlike frame stealing the legitimate receiver can decode the data. The data in where there is no loss of data. However, to permit the the Enc. Ctrl. Data element contain the IV, and tell insertion of application has to reduce the data rate to the receiver the information to use. maintain the same overall transmission rate. The receivMessage integrity er has to check whether the received frame is a synchronization frame by verifying the size of received frame. The main problem about dropped packets is the size of a dropped packet to the receiver, especially the variable F L K IV lengths. The solution to this problem is to generate fixed length key stream segment to encrypt the variable length data packets. The length of each of these key stream segments is independent of the data packet sizes Fig. 3 Construction of an encrypted SDS message and should be equal to an allowable or expected maximum data packet size. After encrypting each data packEven when an attacker cannot read the contents of a et whose size if less than the expected maximum, the data packet, it still can be interest to him which kind of excess portion of the key stream segment is discarded. data packet is concerned. To prevent an attacker from The fly-wheeling technique"'] offers a method of recov- drawing any useful conclusions about the nature of a ering synchronization from dropped packets. short data message, the original the Protocol Identifier We also consider coding video cipher text in order to ( P I D ) of the unencrypted SDS message ( 0 - P I D ) is use the frame stealing technique for synchronization of transmitted and replaced with a new protocol identifier end-to-end video encryption. After video cipher text ( E S P I D ) . Logging the ES-PID is no use to the attackgenerated with EKSG, an amount of redundancy are in- er, since all it reveals is an encrypted short data message serted to cipher text periodically. In transmission pro- which is being sent. cess, the frame stealing mechanism makes it possible to The receiver should decrypt the SDS data using the transmit signaling data instead of the redundancy, and right cipher key and calculate the CCSUM. If the result is achieved by replacing half timeslot of the redundancy is equal to the CCSUM received, the communication is with signaling data. Thus, the frame stealing strategy successful as shown in Fig. 4 . When a SDS is received, can be efficiently adopted for speech and video encryp- the receiver checks whether the SDS is encrypted by tion. verifying the ES-PID. If an encrypted SDS message is received the current key and algorithm are changed ac4 The SDS Encryption cording to the received key number and the algorithm number, and the IV of the receiver decryption unit is Within TETRA, as in GSM, a short message service is also defined. In TETRA, it is called the short data service"*'. Depended on the SDS type, the amount of Identify ES-PID bits, from 16 to 2 048, can be transmitted. An SDS N short data message is protected in such a way. its content remains confidential, and its integrity can be Analyze Enc.trl.Data checked on reception as shown in Fig. 3 . Data is confiGet the control data for dentiality achieved through data encryption. The proceencryption dure is the same with that in end-to-end voice encryption. A CrypTographically Secure Checksum (CCSUM) t and other control data (Enc. Ctrl. Data) comprise the I Calculate the CCSUM I i synchronization vector"6'. It is not necessary to encrypt the SV elements, since they are not confidential. It is sufficient to able to test their integrity, and the exisSDS receive tence of the CCSUM also made it possible. As long as failed an attacker does not know the key used to calculate the checksum, he cannot change data in the SDS message or recalculate the CCSUM without being detected. A block cipher in CBC mode can be used to calculate the CCFig. Flow chart chart o off aa receiver receiver SIX SIX process process Fig. 4 4 Flow SUM. The SV delivers all necessary information so that
I
\
4
No. 2
ZHANG Zhi-hui, et
u1. :
Research on End-to-End Encryption of TETRA
updated according to the received IV. After the decryption process, the CCSUM of the decrypted SDS should be calculated. If the CCSUM is equal to the received one, the received SDS is valid.
[81 [93
[lo1
S
Conclusions [111
An end-to-end voice encryption system based on a synchronization mechanism, frame stealing, is introduced. When the system is used to encrypt the video, frame insertion is adopted. This technique has the advantage over the conventional frame stealing technique of not loosing any data. But the frame insertion will reduce the data rate. So how to code video effectively should be taken into account. End-to-end SDS encryption system base on block cipher is proposed. The procedure to achieve data confidentiality is the same with end-to-end voice encryption. Data integrity is achieved through calculation of the CCSUM.
References : ETSI EN 300 392-1 V1.3.0, TETRA: teneral network design [ EB/OI.] . 2005-02-01. http: //www. etsi. org. TETRA Security Mechanisms [ EB/OL 1. 2003-02-10. http: // www. tetramou. mm/files/tetra- security- mechanisms. ppt. Wireless Distributed Communication Systems [ EH/OI, ] . 2004-05-10. http: // www2. rfsworld. com/RFS Edition31 pdfs/WIXS- Introduction. 525-527. pdf. TETRA Security-An overview [ EB/OI,]. 2003-08-01. http: // www. tetramou. com/resources/files/Tetra - secRl . pdf . SUI Ai-fen, WANG Jiao. Research and comparison of security mechanisms in GSM and I S 4 1 [ J 1. Journal of Chongqing Institute of Posts and Telecommunications ( in Chinese), 2004, 1611): 66-69. ETSI EN 300 175-7. V1.8.1, DECT Common Interface Security features [ EB/OIz]. 2004-11-10. http: //www. etsi.org. LIN H, I E I N HARN. Authentication in wireless communications[ C ] // Proceedings of IEEE Global Telecommunications Conference: Vol 1, Nov 29 - Dec 2, 1993, Houston, Tx, USA. Piscataway, NJ, USA: IEEE, 1993: 550 554.
[I21
[I31
[14]
[I51
73
ETSI EN 300 392-7. TETRA: Security aspects, Version 2.2.1[EB/OL]. 2004-09-01. http://www.etsi.org. End-teEnd TETRA MoU SFPG Recommendation 02 Encryption [ EB/OL]. 2003-08-01. http: // www. tet ramou .corn/ MoU . ZHANG Zhi-hui, HU Bing, YANG Yi-xian. Research on encryption mechanism of TETRA [ J 1. Communications Technology, 2004(2):118- 120. ROEILIFSEN G. Cryptographic algorithms in telecommunications systems[ J 3. Information Security Technical Report, 1999,4(1): 29-37. ETSI EN 302 109. TETRA: Synchronization mechanism for end-to-end encryption, Version 1.1.1 [ EB/OL]. 200306-15. http: //www. etsi.org. Security for TETRA [ EB/OI;]. 2001-12-15. http: // www. ascom. com/secsol/de/filel99161- 0 - tetra- security. pdf. SCHNEIER B. Applied cryptography: protocols, algorithms, and murce code in C [ M ] . 2nd ed. New York, NY, USA: John Wiley & Sons Inc., 1996: 225 - 230. SAMARAKOON M I, HONARY B, RAYNE M . Encrypted video over TETRA [ J ]. IEE Colloquium Digest, 20001 7 ) :29 - 33. TETRA End-to-End Security [ EB/OI,]. 2003-10-25. http: //www. ascom. com/secsol/de/file199164- 0 - tetrae2e- article. pdf. ~
Biographies: ZHANG Zhi-hui, male, doctor of Beijing University of Posts and Telecommunications, R and D engineer of Beijing FORICH Software Technology Co., Ltd., interested in the research on information and network security, distributed system security.
YANG Yi-xian, male, Doctor of Beijing University of Pcsts and Telecommunications, Professor, Tutor of Doctor students, interested in the research on coding cryptology, information and network security, signal and information processing, etc.
Research on End-to=EndEncryption of TETRA ZHANG Zhi-hui'.
2,
YANG Yi-xian2
1.Beijing FORICH Software Technology Co., Ltd., Network Security Division, Beijing 100083, P. R . China; 2 . Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, P. R . China
Abstract: The Terrestrial Trunked Radio (TETRA) system uses end-to-end encryption in addition to the air interfuce encryption to provide enhanced security. The TETRA system uses a synchronization technique known as jrume stealing to provide synchronization of end-to-end encrypted data . However, the frame stealing process degrades the quulity of video. This paper proposes an end-to-end encryption system with the frame stealing technique f o r voice and frame insertion for video. A block cipher in the output feedback mode is used to implement the end-to-end key stream generator. Moreover. In the Short Datu Service(SDS) message encryption, a block cipher in the Cipher Buck Chaining (CBC) made is used to calculate the cryptographically secure checksum, which is sufficient to certify the integrity. Key words: TETRA; end-to-end encryption ; confidentiality; integrity CLC number: TN918.1 Document code: A Article ID: 1005-8885(2006)02-0070-04
cryption system based on IDEA is presented and analyzed. The encryption algorithms for voice mode and for SDS short messages are stream cipher generators. We TETRA is an ETSI-standardized digital radio operat- use block cipher in Output FeedBack (OFB) mode to ing system based on trunked mobile radio technolo- achieve the end-to-end Key Stream Generator (EKSG) . gy[ 1 - 31 . It is typically designed for the Professional Mo- Frame stealing technique for voice and frame insertion bile Radio (PMR) market and includes systems, typi- for video are discussed. In SDS message encryption, a cally for Military and Public Safety organizations, as block cipher in CBC mode is used to calculate the crypwell as Public Access Mobile Radio Systems for public tographically secure checksum, which is sufficient to service^[^-^^. While, in any radio system, the air inter- test the integrity. IDEA is a symmetrical block cipher face is especially at risk, since it is vulnerable to unde- working with 128 bit keys. tectable interception. TETRA has built on the DECTL6-'] security and added features which are rele- 2 End-to-End Voice Encryption vant for professional mobile radio users, such as end-toFig. 1 shows a synchronization mechanism of the end encryption, encryption for closed user groups, secure enabling and disabling of mobile terminals[']. Only voice encryption and decryption based on the synthe air interface security has been fully specified in the chronous stream cipher principle. The symmetry of TETRA standard, and the definition of end-to-end se- transmitter and receiver has common encryption units. curity is left to the user. The TETRA MoU Security The End-to-end Key Stream Generator[12- 13' ( EKSG) and Fraud Prevention Group (SFPG) has produced a se- is the place where block cipher in output feedback mode ries of recommendation documents which enable T E - is used to encrypt data. In OFB mode the previous outTRA users to optimally customize the security require- put of the encryption process is fed back as the input to m e n t ~ " ~ .Air interface security protects data only be- the encryption process through a register. The plaintext tween the terminals and the network. Within the net- is XORed with the output of encryption process to obwork infrastructure, the data is transported unencrypt- tain the cipher text as shown in Fig. 2. EKSG shall ed. Thus end-to-end and air interface security comple- have two inputs, a cipher key and an initialization valment, and do not impede, each other. Any one of them ue. The initialization value should be a time variant pacannot fulfill all security requirements independent- rameter (e.g. a sequence number or a timestamp) used ly['O-lll. The following article provides an overview of to initialize synchronization of the encryption units. end-to-end encryption of TETRA. The end-to-end en- Function of multiplexer shall replace a half slot of cipher
1
Introduction
Received date: 2005-06-02 Fomndath item: This project is supported by National Natural Science Foundation of China(60372094).
No. 2
ZHANG Zhi-hui, et a l . : Research on End-to-End Encryption of TETRA
text with a synchronization frame provided by the "Sync Frame" functional unit, the frame stealing. The frame stealing process periodically replaces the contents of a half slot of data with synchronization information. The replaced portions of data stream are lost. The TETRA speech codec is capable of tolerating some loss of data,
71
while never effect greatly for speech. Moreover, since speech frames are directly mapped on to the transmission time slots of the radio, the frame stealing strategy can be efficiently adopted for synchronization of end-toend encrypted speech.
Control
y3-
P l a i d
OF-----
unit
-
Cipher text
Fig. 1
Synchronization mechanism at the transmitter and the receiver
IV of the receiver decryption unit is updated according
Key%ijc! IDEA
encrypt
IV
64 bit
Register
P"
Fig. 2
Key stream generator based on IDEA
To provide a high level of security traffic, end-to-end encryption is needed. The channels involved in mobile communication systems are very noisy and time varying. Communications over these channels result errors in the received data, and, consequently, loss of synchronization of the receiver to the incoming data stream. IBSS of synchronization in a stream of encrypted data will result in an erroneously deciphered data stream. If the key stream K , at the receiver looses synchronization to incoming cipher text stream C, the corresponding decrypted data stream P , at the receiver will be in error. Therefore, some means of providing synchronization at the receiver are required. Synchronization is provided by sending synchronization information to the receiver. The transmitter sends IV updates within a synchronization frame to the receiver to recover from loss of synchronization. The synchronization frame contains additional elements which allow the receiver to select the correct key and key algorithm. Two further elements, a timestamp and a cryptographic check sum, secure the integrity of the synchronization frame and prevent imposture through repetition ( replay attacks ) . When a frame is received, the encryption synchronization unit detects the synchronization information, and changes the current key and the algorithm according to the received key number and the algorithm number, and the
to the received IV. IDEA is the symmetrical block cipher working with 128-bit keys. It was developed in 1991 at the Technical University of Zurich, and at present has no known weakne~ses"~'. Key stream generator based on IDEA is shown in Fig. 2 . An encryption speed of 177 Mb/s can be obtained using IDEA based on VISI. In order to generate enough bits for a TETRA half-slot, IDEA is executed four times. The last 64 bit then serve as a possible Synchronization Vector (SV) . The SV is part of a 119 bit long synchronization frame, which is transmitted between one and four times per second. The frame stealing makes it possibIe to transmit signaling data instead of user data, and is achieved by replacing half a timeslot of user data with signaling data.
3 End-to-End Video Encryption The TETRA speech codec is capable of tolerating some loss of data, and cause no problems for speech. So the frame stealing strategy can be efficiently adopted for the synchronization of end-to-end encrypted speech. Moreover, unlike speech, video is coded in the host computer at the application layer. Thus, there is no direct mapping of video frames to the transmission time slots of the radio. This makes it difficult to determine the timing for stealing half slots to send synchronization frames. Therefore an alternative technique is required to provide synchronization to encrypted video streams. M. I . Samarakoon"'] proposed a technique termed frame insertion which is more appropriate for video transmission. In frame insertion, synchronization frames are inserted to the transmitted video streams
72
The Journal of CHUPT
2006
between successive video frames. Unlike frame stealing the legitimate receiver can decode the data. The data in where there is no loss of data. However, to permit the the Enc. Ctrl. Data element contain the IV, and tell insertion of application has to reduce the data rate to the receiver the information to use. maintain the same overall transmission rate. The receivMessage integrity er has to check whether the received frame is a synchronization frame by verifying the size of received frame. The main problem about dropped packets is the size of a dropped packet to the receiver, especially the variable F L K IV lengths. The solution to this problem is to generate fixed length key stream segment to encrypt the variable length data packets. The length of each of these key stream segments is independent of the data packet sizes Fig. 3 Construction of an encrypted SDS message and should be equal to an allowable or expected maximum data packet size. After encrypting each data packEven when an attacker cannot read the contents of a et whose size if less than the expected maximum, the data packet, it still can be interest to him which kind of excess portion of the key stream segment is discarded. data packet is concerned. To prevent an attacker from The fly-wheeling technique"'] offers a method of recov- drawing any useful conclusions about the nature of a ering synchronization from dropped packets. short data message, the original the Protocol Identifier We also consider coding video cipher text in order to ( P I D ) of the unencrypted SDS message ( 0 - P I D ) is use the frame stealing technique for synchronization of transmitted and replaced with a new protocol identifier end-to-end video encryption. After video cipher text ( E S P I D ) . Logging the ES-PID is no use to the attackgenerated with EKSG, an amount of redundancy are in- er, since all it reveals is an encrypted short data message serted to cipher text periodically. In transmission pro- which is being sent. cess, the frame stealing mechanism makes it possible to The receiver should decrypt the SDS data using the transmit signaling data instead of the redundancy, and right cipher key and calculate the CCSUM. If the result is achieved by replacing half timeslot of the redundancy is equal to the CCSUM received, the communication is with signaling data. Thus, the frame stealing strategy successful as shown in Fig. 4 . When a SDS is received, can be efficiently adopted for speech and video encryp- the receiver checks whether the SDS is encrypted by tion. verifying the ES-PID. If an encrypted SDS message is received the current key and algorithm are changed ac4 The SDS Encryption cording to the received key number and the algorithm number, and the IV of the receiver decryption unit is Within TETRA, as in GSM, a short message service is also defined. In TETRA, it is called the short data service"*'. Depended on the SDS type, the amount of Identify ES-PID bits, from 16 to 2 048, can be transmitted. An SDS N short data message is protected in such a way. its content remains confidential, and its integrity can be Analyze Enc.trl.Data checked on reception as shown in Fig. 3 . Data is confiGet the control data for dentiality achieved through data encryption. The proceencryption dure is the same with that in end-to-end voice encryption. A CrypTographically Secure Checksum (CCSUM) t and other control data (Enc. Ctrl. Data) comprise the I Calculate the CCSUM I i synchronization vector"6'. It is not necessary to encrypt the SV elements, since they are not confidential. It is sufficient to able to test their integrity, and the exisSDS receive tence of the CCSUM also made it possible. As long as failed an attacker does not know the key used to calculate the checksum, he cannot change data in the SDS message or recalculate the CCSUM without being detected. A block cipher in CBC mode can be used to calculate the CCFig. Flow chart chart o off aa receiver receiver SIX SIX process process Fig. 4 4 Flow SUM. The SV delivers all necessary information so that
I
\
4
No. 2
ZHANG Zhi-hui, et
u1. :
Research on End-to-End Encryption of TETRA
updated according to the received IV. After the decryption process, the CCSUM of the decrypted SDS should be calculated. If the CCSUM is equal to the received one, the received SDS is valid.
[81 [93
[lo1
S
Conclusions [111
An end-to-end voice encryption system based on a synchronization mechanism, frame stealing, is introduced. When the system is used to encrypt the video, frame insertion is adopted. This technique has the advantage over the conventional frame stealing technique of not loosing any data. But the frame insertion will reduce the data rate. So how to code video effectively should be taken into account. End-to-end SDS encryption system base on block cipher is proposed. The procedure to achieve data confidentiality is the same with end-to-end voice encryption. Data integrity is achieved through calculation of the CCSUM.
References : ETSI EN 300 392-1 V1.3.0, TETRA: teneral network design [ EB/OI.] . 2005-02-01. http: //www. etsi. org. TETRA Security Mechanisms [ EB/OL 1. 2003-02-10. http: // www. tetramou. mm/files/tetra- security- mechanisms. ppt. Wireless Distributed Communication Systems [ EH/OI, ] . 2004-05-10. http: // www2. rfsworld. com/RFS Edition31 pdfs/WIXS- Introduction. 525-527. pdf. TETRA Security-An overview [ EB/OI,]. 2003-08-01. http: // www. tetramou. com/resources/files/Tetra - secRl . pdf . SUI Ai-fen, WANG Jiao. Research and comparison of security mechanisms in GSM and I S 4 1 [ J 1. Journal of Chongqing Institute of Posts and Telecommunications ( in Chinese), 2004, 1611): 66-69. ETSI EN 300 175-7. V1.8.1, DECT Common Interface Security features [ EB/OIz]. 2004-11-10. http: //www. etsi.org. LIN H, I E I N HARN. Authentication in wireless communications[ C ] // Proceedings of IEEE Global Telecommunications Conference: Vol 1, Nov 29 - Dec 2, 1993, Houston, Tx, USA. Piscataway, NJ, USA: IEEE, 1993: 550 554.
[I21
[I31
[14]
[I51
73
ETSI EN 300 392-7. TETRA: Security aspects, Version 2.2.1[EB/OL]. 2004-09-01. http://www.etsi.org. End-teEnd TETRA MoU SFPG Recommendation 02 Encryption [ EB/OL]. 2003-08-01. http: // www. tet ramou .corn/ MoU . ZHANG Zhi-hui, HU Bing, YANG Yi-xian. Research on encryption mechanism of TETRA [ J 1. Communications Technology, 2004(2):118- 120. ROEILIFSEN G. Cryptographic algorithms in telecommunications systems[ J 3. Information Security Technical Report, 1999,4(1): 29-37. ETSI EN 302 109. TETRA: Synchronization mechanism for end-to-end encryption, Version 1.1.1 [ EB/OL]. 200306-15. http: //www. etsi.org. Security for TETRA [ EB/OI;]. 2001-12-15. http: // www. ascom. com/secsol/de/filel99161- 0 - tetra- security. pdf. SCHNEIER B. Applied cryptography: protocols, algorithms, and murce code in C [ M ] . 2nd ed. New York, NY, USA: John Wiley & Sons Inc., 1996: 225 - 230. SAMARAKOON M I, HONARY B, RAYNE M . Encrypted video over TETRA [ J ]. IEE Colloquium Digest, 20001 7 ) :29 - 33. TETRA End-to-End Security [ EB/OI,]. 2003-10-25. http: //www. ascom. com/secsol/de/file199164- 0 - tetrae2e- article. pdf. ~
Biographies: ZHANG Zhi-hui, male, doctor of Beijing University of Posts and Telecommunications, R and D engineer of Beijing FORICH Software Technology Co., Ltd., interested in the research on information and network security, distributed system security.
YANG Yi-xian, male, Doctor of Beijing University of Pcsts and Telecommunications, Professor, Tutor of Doctor students, interested in the research on coding cryptology, information and network security, signal and information processing, etc.