summaryrefslogtreecommitdiff
path: root/2011/tetra-eh2011/osmocom-tetra.tex
diff options
context:
space:
mode:
Diffstat (limited to '2011/tetra-eh2011/osmocom-tetra.tex')
-rw-r--r--2011/tetra-eh2011/osmocom-tetra.tex607
1 files changed, 607 insertions, 0 deletions
diff --git a/2011/tetra-eh2011/osmocom-tetra.tex b/2011/tetra-eh2011/osmocom-tetra.tex
new file mode 100644
index 0000000..9ad0650
--- /dev/null
+++ b/2011/tetra-eh2011/osmocom-tetra.tex
@@ -0,0 +1,607 @@
+% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $
+
+\documentclass{beamer}
+
+\usepackage{url}
+\makeatletter
+\def\url@leostyle{%
+ \@ifundefined{selectfont}{\def\UrlFont{\sf}}{\def\UrlFont{\tiny\ttfamily}}}
+\makeatother
+%% Now actually use the newly defined style.
+\urlstyle{leo}
+
+
+% This file is a solution template for:
+
+% - Talk at a conference/colloquium.
+% - Talk length is about 20min.
+% - Style is ornate.
+
+
+
+% Copyright 2004 by Till Tantau <tantau@users.sourceforge.net>.
+%
+% In principle, this file can be redistributed and/or modified under
+% the terms of the GNU Public License, version 2.
+%
+% However, this file is supposed to be a template to be modified
+% for your own needs. For this reason, if you use this file as a
+% template and not specifically distribute it as part of a another
+% package/program, I grant the extra permission to freely copy and
+% modify this file as you see fit and even to delete this copyright
+% notice.
+
+
+\mode<presentation>
+{
+ \usetheme{Warsaw}
+ % or ...
+
+ \setbeamercovered{transparent}
+ % or whatever (possibly just delete it)
+}
+
+
+\usepackage[english]{babel}
+% or whatever
+
+\usepackage[latin1]{inputenc}
+% or whatever
+
+\usepackage{times}
+\usepackage[T1]{fontenc}
+% Or whatever. Note that the encoding and the font should match. If T1
+% does not look nice, try deleting the line with the fontenc.
+
+
+\title{OsmocomTETRA}
+
+\subtitle
+{Researching TETRA and its security}
+
+\author{Harald Welte}
+
+\institute
+{gnumonks.org\\gpl-violations.org\\OpenBSC\\OsmocomBB\\hmw-consulting.de}
+% - Use the \inst command only if there are several affiliations.
+% - Keep it simple, no one is interested in your street address.
+
+\date[easterhegg 2011] % (optional, should be abbreviation of conference name)
+{EH2011, April 2011, Hamburg/Germany}
+% - Either use conference name or its abbreviation.
+% - Not really informative to the audience, more for people (including
+% yourself) who are reading the slides online
+
+\subject{Communications Security}
+% This is only inserted into the PDF information catalog. Can be left
+% out.
+
+
+
+% If you have a file called "university-logo-filename.xxx", where xxx
+% is a graphic format that can be processed by latex or pdflatex,
+% resp., then you can add a logo as follows:
+
+% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename}
+% \logo{\pgfuseimage{university-logo}}
+
+
+
+% Delete this, if you do not want the table of contents to pop up at
+% the beginning of each subsection:
+%\AtBeginSubsection[]
+%{
+% \begin{frame}<beamer>{Outline}
+% \tableofcontents[currentsection,currentsubsection]
+% \end{frame}
+%}
+
+
+% If you wish to uncover everything in a step-wise fashion, uncomment
+% the following command:
+
+%\beamerdefaultoverlayspecification{<+->}
+
+
+\begin{document}
+
+\begin{frame}
+ \titlepage
+\end{frame}
+
+\begin{frame}{Outline}
+ \tableofcontents[hideallsubsections]
+ % You might wish to add the option [pausesections]
+\end{frame}
+
+
+% Structuring a talk is a difficult task and the following structure
+% may not be suitable. Here are some rules that apply for this
+% solution:
+
+% - Exactly two or three sections (other than the summary).
+% - At *most* three subsections per section.
+% - Talk about 30s to 2min per frame. So there should be between about
+% 15 and 30 frames, all told.
+
+% - A conference audience is likely to know very little of what you
+% are going to talk about. So *simplify*!
+% - In a 20min talk, getting the main ideas across is hard
+% enough. Leave out details, even if it means being less precise than
+% you think necessary.
+% - If you omit details that are vital to the proof/implementation,
+% just say so once. Everybody will be happy with that.
+
+\begin{frame}{About the speaker}
+\begin{itemize}
+ \item Using + playing with Linux since 1994
+ \item Kernel / bootloader / driver / firmware development since 1999
+ \item IT security expert, focus on network protocol security
+ \item Core developer of Linux packet filter netfilter/iptables
+ \item Board-level Electrical Engineering
+ \item Always looking for interesting protocols (RFID, DECT, GSM)
+\end{itemize}
+\end{frame}
+
+\section{TETRA Introduction}
+
+\subsection{What is TETRA?}
+
+\begin{frame}{Introducing TETRA}
+TErrestrial Trunked RAdio
+\begin{itemize}
+ \item Digital PMR (Professional Mobile Radio) standard
+ \item Standardization Body ETSI started work in 1990
+ \item First specified in 1995, endorsed by EU Radiocomms Committee
+ \item Commercial Vendors: Motorola, EADS/Nokia, Arteva/Simoco/Pye/Philips, Rohde \& Schwarz
+ \item Chinese vendors are expected to appear on the market soon
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA vs GSM}
+\begin{itemize}
+ \item Longer range due to lower frequency (but not vs. GSM 410/450!)
+ \item Higher spectral efficiency (4 speech channels in 25kHz vs. 16 speech channels in 270kHz)
+ \item Specified to work at speeds above 400 km/h
+ \item one-to-one, one-to-many and many-to-many (but: GSM-R ASCI)
+ \item offers direct mode between handsets in case base station is out of range
+ \item separate infrastructure from public networks (but: GSM-R)
+ \item de-central fall-back, i.e. base stations switching local calls
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA vs GSM}
+Summary
+\begin{itemize}
+ \item Most of the TETRA advantages could be achieved using GSM-R in a lower frequency band
+ \item Local call switching can be implemented in GSM (think of OpenBSC)
+ \item GSM requires modifications on the air interface for direct mode, but even in TETRA, direct mode is {\em very} different from trunked mode
+\end{itemize}
+It seems, the industry rather re-invented an entirely different system to ensure
+the resulting equipment can be sold at multiples of the commercial-grade GSM
+equipment.
+\end{frame}
+
+
+\subsection{Where is TETRA deployed?}
+
+\begin{frame}{TETRA deployments}
+\begin{itemize}
+ \item In 2009, TETRA was deployed in 114 countries (every continent except North America)
+ \item Typical users: Police, Transportation, Army, Fire Service, Ambulance, Customs, Coast Guard
+ \item But also: Private company networks (industrial plants)
+ \item In Germany there are 63 registered networks (only 5 are BOS)
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA deployments}
+\begin{itemize}
+ \item Follow TETRA Newsletter released by TETRA MoU organization
+ \item Majority of recent deployments seems to be in Asia, specifically China.
+ \item Examples typically include police, public transportation, airports, harbours, industrial plants
+\end{itemize}
+\end{frame}
+
+\section{TETRA Technical Intro}
+
+\subsection{TETRA Air Interface}
+
+\begin{frame}{TETRA Frequencies}
+\begin{itemize}
+ \item European Emergency Services
+ \begin{itemize}
+ \item 380-383 MHz and 390-393 MHz
+ \item 383-385 MHz and 393-395 MHz (optional)
+ \end{itemize}
+ \item European Private/Commercial Systems
+ \begin{itemize}
+ \item 410-430 MHz
+ \item 450-470 MHz
+ \end{itemize}
+ \item Other Countries
+ \begin{itemize}
+ \item Depending on local regulatory requirements
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA Frequency plan}
+\begin{itemize}
+ \item Single TETRA carrier normally 25kHz wide, no guard bands
+ \item Channel grid can align on 6.25, 12.5 and 25kHz offset
+ \item This allows seamless migration / co-existence with analog FM PMR in same band
+ \item Uplink/Downlink spacing can depend on band, typically 10MHz
+ \item Advanced TETRA-2 modes can operate at 50, 75 or 100kHz bandwidth
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA Modulation}
+\begin{itemize}
+ \item pi/4 DQPSK (Differential Quaternary Phase Shift Keying)
+ \item 2 bits per symbol
+ \item Phase {\em difference} encodes information
+ \item 8 phase constellations, 4 possible transitions
+ \item Requires very linear amplifier as it is not constant envelope
+ \item Used within TETRA at 36 kbits/sec (18 kSymbols/sec)
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA Modulation}{pi/4 DQPSK (8 constellations, 4 transitions)}
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=55mm]{500px-Pi-by-4-QPSK_Gray_Coded.png}
+\end{figure}
+Source: Wikipedia / User:Splash
+\end{frame}
+
+\begin{frame}{TETRA TDMA Frame structure}
+\begin{itemize}
+ \item Each time-slot contains 510 bits (GSM: 156)
+ \item TDMA frame with 4 time-slots (GSM: 8)
+ \item Duration of TDMA frame: 56.67 ms (GSM: FIXME)
+ \item Multiframe: 18 TDMA frames (GSM: 26/51)
+ \item Hyperframe: 60 Multiframes (GSM: FIXME)
+\end{itemize}
+\end{frame}
+
+\subsection{TETRA Protocol Stack}
+
+\begin{frame}{TETRA Protocol Stack}
+\begin{itemize}
+ \item The TETRA protocol stack is more complex than GSM
+ \item Shared Stacking: PHY/lowerMAC/upperMAC/LLC
+ \item Above LLC there is MLE (resembles GSM RR), on top:
+ \begin{itemize}
+ \item MM (Mobility Management)
+ \item CMCE (Circuit Mode Control Entity)
+ \item CONS (Connection Oriented Service)
+ \item CNLS (Connectionless Service)
+ \end{itemize}
+ \item Call Control, Supplementary services on top of CMCE
+ \item Packet data on top of CNLS and CONS
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA Protocol Stack}
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=80mm]{tetra_mac_llc.png}
+\end{figure}
+\end{frame}
+
+
+\begin{frame}{TETRA Protocol Stack}
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=80mm]{tetra_protocol_stack.png}
+\end{figure}
+\end{frame}
+
+\subsection{TETRA Security}
+
+\begin{frame}{TETRA Security}
+\begin{itemize}
+ \item Once again all security features optional, like in GSM
+ \item Security features include
+ \begin{itemize}
+ \item Authentication
+ \item Air interface encryption
+ \item End-to-End encryption
+ \item Over-the-air re-keying (OTAR)
+ \item Remote locking of stolen devices
+ \end{itemize}
+ \item Not all handsets support all features
+ \item Key material can be stored in handset flash or in SIM
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA Authentication}
+\begin{itemize}
+ \item Authentication messages part of Mobility Management (MM)
+ \item Based on secret User Authentication Key (UAK) in SIM, generating Authentication key K by use of Algorithms TB1, TB2 or TB3
+ \item Supports three modes
+ \begin{itemize}
+ \item Authentication of user by infrastructure (TA11, TA12)
+ \item Authentication of infrastructure by user (TA21, TA22)
+ \item Mutual authentication (four-pass, TA11, TA12, TA21, TA22)
+ \end{itemize}
+
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA Authentication}
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=60mm]{tetra_mutual_auth.png}
+\end{figure}
+\end{frame}
+
+
+\begin{frame}{TETRA Air Interface Encryption}
+\begin{itemize}
+ \item Like GSM: Encrypts only the air interface, not the core network
+ \item Unlike GSM: Not between L1 and L0 but inside the upper MAC layer
+ \begin{itemize}
+ \item Thus, no idle frames with known plaintext
+ \item Thus, no redundant information due to FEC before crypto
+ \end{itemize}
+ \item Encryption happens with different keys (SCK, DCK, CCK, GCK, MGCK)
+ \item IV is concatenation of hyperframe, multiframe, frame and slot number
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}{TETRA Air Interface Encryption}
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=100mm]{tetra_encryption.png}
+\end{figure}
+\end{frame}
+
+\begin{frame}{TETRA Encryption Keys}
+\begin{itemize}
+ \item SCK (Static Cipher Key)
+ \begin{itemize}
+ \item pre-shared key, used in networks without authentication
+ \item up to 32 possible keys, selected by SYSINFO.
+ \end{itemize}
+ \item DCK (Derived Cipher Key)
+ \begin{itemize}
+ \item Generated by authentication procedure (like GSM A3/A8)
+ \item different for each user
+ \end{itemize}
+ \item CCK (Common Cipher Key)
+ \begin{itemize}
+ \item Generated by infrastructure and distributed to MS through DCK-encrypted connection using OTAR
+ \item Used for group calls within one location area
+ \end{itemize}
+ \item GCK (Group Cipher Key)
+ \begin{itemize}
+ \item Generated by infrastructure and distributed to MS through DCK-encrypted connection using OTAR
+ \item Used for specific protected groups
+ \end{itemize}
+ \item MGCK (Modified GCK)
+ \begin{itemize}
+ \item GCK modified by CCK
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{TETRA Encryption Algorithms}
+There are 4 specified TETRA Encryption Algorithms (TEA):
+\begin{description}[TEA4]
+ \item[TEA1] generally available, original algorithm, relaxed export
+ \item[TEA2] for public safety users in Schengen + EU countries
+ \item[TEA3] for public safety users elsewhere
+ \item[TEA4] generally available, reflects relaxed 1998 Wassenaar arrangement
+\end{description}
+It is assumed that at least original ciphers are 80-bit stream ciphers.
+None of them have ever leaked publicly!
+\end{frame}
+
+\begin{frame}{TETRA Air Interface Encryption}{Keys and Algorithms}
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=75mm]{tetra_keys_algos.png}
+\end{figure}
+\end{frame}
+
+\subsection{TETRA Security Conclusions}
+
+\begin{frame}{Is it really secure?}
+Given all those security features, is TETRA really secure?
+\begin{itemize}
+ \item much better than GSM
+ \item however, all security again optional
+ \item security of a given network depends on its configuration
+ \item reality is sad: Government networks secure, private networks insecure
+ \item vendors to blame
+ \begin{itemize}
+ \item 200 EUR cost increase in handset for crypto
+ \item authentication center in core network very expensive
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Case Study: tetra-hamburg.de}
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=50mm]{tetra_hh_secure.png}
+\end{figure}
+\end{frame}
+
+\begin{frame}{Case Study: tetra-hamburg.de}
+\begin{itemize}
+ \item public tetra network available for paying users (like cellular carrier)
+ \item by DFP TETRA Hamburg Ges. fuer Digitalfunk mbH
+ \item website claims it is secure against eavesdropping {\em because it is digital}
+ \item the network does not use any form ef TEA encryption
+ \item all signalling, voice, SDS and packet data transferred in plaintext
+ \item digital radio receiver + protocol decoder sufficient for eavesdropping
+\end{itemize}
+\end{frame}
+
+\section{TETRA Data Services}
+
+\subsection{Short Data Service}
+\begin{frame}{SDS - Short Data Service}
+\begin{itemize}
+ \item SDS can be compared with GSM/UMTS SMS
+ \item short messages of up to 140 bytes length
+ \item everything like GSM, but not 100\% identical
+\end{itemize}
+\end{frame}
+
+\subsection{Packet Data Service}
+\begin{frame}{TETRA SNDCP - Packte Data}
+\begin{itemize}
+ \item SNDCP (Sub-Network Dependent Convergence Protocol)
+ \item facilitates packet switched services like IPv4 over TETRA
+ \item leverages the GPRS network architecture and protocols
+ \item PDP Context to APN (like GPRS)
+ \item very slow unless both base station and handset support QAM modulation
+\end{itemize}
+\end{frame}
+
+
+\section{Osmocom TETRA}
+
+\begin{frame}{Osmocom TETRA Demodulator}
+\begin{figure}[h]
+ \centering
+ \includegraphics[width=90mm]{osmocom_tetra.png}
+\end{figure}
+\end{frame}
+
+\subsection{Demodulator}
+
+\begin{frame}{Osmocom TETRA Demodulator}
+\begin{itemize}
+ \item 1:1 code re-use from APCO-25 Software receiver project
+ \item Hierarchical block fully based on gnuradio blocks
+ \begin{itemize}
+ \item Root-raised cosine filter
+ \item M-PSK receiver block
+ \item Costas Loop for carrier tracking
+ \item Muller\&Muller synchronizer
+ \item output: Float value between -3 and 3 in units of pi/4
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+\subsection{Lower MAC and PHY}
+
+\begin{frame}{Osmocom TETRA PHY}
+The burst synchronizer ({\tt tetra\_burst\_sync.c})
+\begin{itemize}
+ \item First acquires the Sync Burst training sequence by correlation
+ \item Later locks on Normal Burst (NB) training sequences
+ \item Splits actual payload sections out of training sequences,
+\end{itemize}
+The burst generator ({\tt tetra\_burst.c})
+\begin{itemize}
+ \item puts together various bursts such as NB, SB and others
+ \item calculates phase alignment bits
+ \item used to test receiver code
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Osmocom TETRA lower MAC}{Receive Side}
+\begin{itemize}
+ \item Receives bursts from PHY layer
+ \item Applies the following operations depending on burst type
+ \begin{itemize}
+ \item De-scrambling
+ \item De-Interleaving
+ \item De-Puncturing (RCPC code)
+ \item Viterbi decoder (RCPC code)
+ \item Compute + Verify CRC-16
+ \end{itemize}
+ \item Recover TETRA Time (frame number) from SYNC burst
+ \item Hands decoded payload data to upper MAC
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Osmocom TETRA lower MAC}{Transmit Side}
+\begin{itemize}
+ \item Receives payload from upper MAC
+ \item Applies the following operations depending on burst type
+ \begin{itemize}
+ \item Append tail bits
+ \item Compute CRC-16
+ \item Convolutional encoder (RCPC code)
+ \item Puncturing (RCPC code)
+ \item Interleaving
+ \item Scrambling
+ \end{itemize}
+ \item Hands decoded payload data to PHY
+\end{itemize}
+Tx is currently only used in testing the Rx code
+\end{frame}
+
+\begin{frame}{Osmocom TETRA upper MAC}
+\begin{itemize}
+ \item Rx-only
+ \item Not a complete implementation, just to decode SYSINFO, ACCESS-ASSIGN and (more and more) other bits.
+ \item Mainly a proof-of-concept to ensure PHY and lower MAC work
+\end{itemize}
+\end{frame}
+
+\subsection{wireshark integration}
+
+\begin{frame}{Osmocom TETRA via GSMTAP}
+\begin{itemize}
+ \item The GSMTAP pseudo-header has been extended for TETRA
+ \item Change is backward-compatible with existing GSMTAP
+ \item current version of libosmocore supports extended GSMTAP
+ \item OsmocomTETRA {\tt tetra-rx} contains GSMTAP output support
+\end{itemize}
+\end{frame}
+
+\begin{frame}{wireshark TETRA integration}
+\begin{itemize}
+ \item TETRA messages are unaligned bit-fields, full of variable-length and optional parts
+ \item Writing manual decoding/encoding routines is tiresome and error-prone
+ \item Beijing Institute of Technology has developed wireshark dissectors based on describing TETRA messages as ASN.1 PER (described in IEEE paper)
+ \item We contacted them and they were willing to release their code under GNU GPL
+ \item Zecke has extended it with GSMTAP support it has been included in wireshark mainline
+\end{itemize}
+\end{frame}
+
+\subsection{TETRA transmit code}
+
+\begin{frame}{Transmitting TETRA}
+\begin{itemize}
+ \item The lower MAC and PHY code exists and is proven
+ \item OP25 project contains modulator for pi/4 DQPSK
+ \item Combining the two should render simplistic TETRA transmitter
+ \item Sending continuous sequence of BSCH in SB and BNCH in NB comprises valid beacon and should allow handsets to lock on the signal
+ \item So far no time to experiment with it
+ \item Could be first step in SDR TETRA Base Station
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Thanks}
+Thanks to
+\begin{itemize}
+ \item Dieter Spaar for discovering the APCO25 demodulator and his work on speech decoding
+ \item Sylvain Munaut for implementing our own Viterbi decoder
+ \item Holger Freyther for his work on CRC, Shortened Reed-Muller and wireshark
+ \item horiz0n for providing sample captures of TETRA radio traffic
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}{Further Reading}
+\begin{itemize}
+ \item \url{http://tetra.osmocm.org/}
+ \item \url{http://www.tetramou.com/}
+ \item \url{http://www.etsi.org/website/Technologies/TETRA.aspx}
+ \item \url{http://www.tetramou.com/uploadedFiles/About\_TETRA/TETRA\%20Security\%20pdf.pdf}
+ \item \url{http://www.tetrawatch.net/}
+ \item {\em Digital Mobile Communications and the TETRA System} by John Dunlop, Demessie Girma, James Irvine - Wiley
+\end{itemize}
+\end{frame}
+
+
+\end{document}
personal git repositories of Harald Welte. Your mileage may vary