From fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 25 Oct 2015 21:00:20 +0100 Subject: import of old now defunct presentation slides svn repo --- .../500px-Pi-by-4-QPSK_Gray_Coded.png | Bin 0 -> 25520 bytes 2011/tetra-camp2011/osmocom-tetra.tex | 637 +++++++++++++++++++++ 2011/tetra-camp2011/osmocom_tetra.png | Bin 0 -> 34610 bytes 3 files changed, 637 insertions(+) create mode 100644 2011/tetra-camp2011/500px-Pi-by-4-QPSK_Gray_Coded.png create mode 100644 2011/tetra-camp2011/osmocom-tetra.tex create mode 100644 2011/tetra-camp2011/osmocom_tetra.png (limited to '2011/tetra-camp2011') diff --git a/2011/tetra-camp2011/500px-Pi-by-4-QPSK_Gray_Coded.png b/2011/tetra-camp2011/500px-Pi-by-4-QPSK_Gray_Coded.png new file mode 100644 index 0000000..7fb80c8 Binary files /dev/null and b/2011/tetra-camp2011/500px-Pi-by-4-QPSK_Gray_Coded.png differ diff --git a/2011/tetra-camp2011/osmocom-tetra.tex b/2011/tetra-camp2011/osmocom-tetra.tex new file mode 100644 index 0000000..0bef072 --- /dev/null +++ b/2011/tetra-camp2011/osmocom-tetra.tex @@ -0,0 +1,637 @@ +% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $ + +\documentclass{beamer} + +\usepackage{url} +\makeatletter +\def\url@leostyle{% + \@ifundefined{selectfont}{\def\UrlFont{\sf}}{\def\UrlFont{\tiny\ttfamily}}} +\makeatother +%% Now actually use the newly defined style. +\urlstyle{leo} + + +% This file is a solution template for: + +% - Talk at a conference/colloquium. +% - Talk length is about 20min. +% - Style is ornate. + + + +% Copyright 2004 by Till Tantau . +% +% In principle, this file can be redistributed and/or modified under +% the terms of the GNU Public License, version 2. +% +% However, this file is supposed to be a template to be modified +% for your own needs. For this reason, if you use this file as a +% template and not specifically distribute it as part of a another +% package/program, I grant the extra permission to freely copy and +% modify this file as you see fit and even to delete this copyright +% notice. + + +\mode +{ + \usetheme{Warsaw} + % or ... + + \setbeamercovered{transparent} + % or whatever (possibly just delete it) +} + + +\usepackage[english]{babel} +% or whatever + +\usepackage[latin1]{inputenc} +% or whatever + +\usepackage{times} +\usepackage[T1]{fontenc} +% Or whatever. Note that the encoding and the font should match. If T1 +% does not look nice, try deleting the line with the fontenc. + + +\title{OsmocomTETRA} + +\subtitle +{Applied research on TETRA security} + +\author{Harald Welte} + +\institute +{gnumonks.org\\gpl-violations.org\\OpenBSC\\OsmocomBB\\hmw-consulting.de} +% - Use the \inst command only if there are several affiliations. +% - Keep it simple, no one is interested in your street address. + +\date[CCC Camp 2011] % (optional, should be abbreviation of conference name) +{CCCamp2011, August 2011, Berlin/Germany} +% - Either use conference name or its abbreviation. +% - Not really informative to the audience, more for people (including +% yourself) who are reading the slides online + +\subject{Communications Security} +% This is only inserted into the PDF information catalog. Can be left +% out. + + + +% If you have a file called "university-logo-filename.xxx", where xxx +% is a graphic format that can be processed by latex or pdflatex, +% resp., then you can add a logo as follows: + +% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename} +% \logo{\pgfuseimage{university-logo}} + + + +% Delete this, if you do not want the table of contents to pop up at +% the beginning of each subsection: +%\AtBeginSubsection[] +%{ +% \begin{frame}{Outline} +% \tableofcontents[currentsection,currentsubsection] +% \end{frame} +%} + + +% If you wish to uncover everything in a step-wise fashion, uncomment +% the following command: + +%\beamerdefaultoverlayspecification{<+->} + + +\begin{document} + +\begin{frame} + \titlepage +\end{frame} + +\begin{frame}{Outline} + \tableofcontents[hideallsubsections] + % You might wish to add the option [pausesections] +\end{frame} + + +% Structuring a talk is a difficult task and the following structure +% may not be suitable. Here are some rules that apply for this +% solution: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + +% - A conference audience is likely to know very little of what you +% are going to talk about. So *simplify*! +% - In a 20min talk, getting the main ideas across is hard +% enough. Leave out details, even if it means being less precise than +% you think necessary. +% - If you omit details that are vital to the proof/implementation, +% just say so once. Everybody will be happy with that. + +\begin{frame}{About the speaker} +\begin{itemize} + \item Using + playing with Linux since 1994 + \item Kernel / bootloader / driver / firmware development since 1999 + \item IT security expert, focus on network protocol security + \item Core developer of Linux packet filter netfilter/iptables + \item Board-level Electrical Engineering + \item Always looking for interesting protocols (RFID, DECT, GSM) +\end{itemize} +\end{frame} + +\section{TETRA Introduction} + +\subsection{What is TETRA?} + +\begin{frame}{Introducing TETRA} +TErrestrial Trunked RAdio +\begin{itemize} + \item Digital PMR (Professional Mobile Radio) standard + \item Standardization Body ETSI started work in 1990 + \item First specified in 1995, endorsed by EU Radiocomms Committee + \item Commercial Vendors: Motorola, EADS/Nokia, Arteva/Simoco/Pye/Philips, Rohde \& Schwarz + \item Chinese vendors are expected to appear on the market soon +\end{itemize} +\end{frame} + +\begin{frame}{TETRA vs GSM} +\begin{itemize} + \item Longer range due to lower frequency (but not vs. GSM 410/450!) + \item Higher spectral efficiency (4 speech channels in 25kHz vs. 16 speech channels in 270kHz) + \item Specified to work at speeds above 400 km/h + \item one-to-one, one-to-many and many-to-many (but: GSM-R ASCI) + \item offers direct mode between handsets in case base station is out of range + \item separate infrastructure from public networks (but: GSM-R) + \item de-central fall-back, i.e. base stations switching local calls +\end{itemize} +\end{frame} + +\begin{frame}{TETRA vs GSM} +Summary +\begin{itemize} + \item Most of the TETRA advantages could be achieved using GSM-R in a lower frequency band + \item Local call switching can be implemented in GSM (think of OpenBSC) + \item GSM requires modifications on the air interface for direct mode, but even in TETRA, direct mode is {\em very} different from trunked mode +\end{itemize} +It seems, the industry rather re-invented an entirely different system to ensure +the resulting equipment can be sold at multiples of the commercial-grade GSM +equipment. +\end{frame} + + +\subsection{Where is TETRA deployed?} + +\begin{frame}{TETRA deployments} +\begin{itemize} + \item In 2009, TETRA was deployed in 114 countries (every continent except North America) + \item Typical users: Police, Transportation, Army, Fire Service, Ambulance, Customs, Coast Guard + \item But also: Private company networks (industrial plants) + \item In Germany there are 63 registered networks (only 5 are BOS) +\end{itemize} +\end{frame} + +\begin{frame}{TETRA deployments} +\begin{itemize} + \item Follow TETRA Newsletter released by TETRA MoU organization + \item Majority of recent deployments seems to be in Asia, specifically China. + \item Examples typically include police, public transportation, airports, harbours, industrial plants +\end{itemize} +\end{frame} + +\section{TETRA Technical Intro} + +\subsection{TETRA Air Interface} + +\begin{frame}{TETRA Frequencies} +\begin{itemize} + \item European Emergency Services + \begin{itemize} + \item 380-383 MHz and 390-393 MHz + \item 383-385 MHz and 393-395 MHz (optional) + \end{itemize} + \item European Private/Commercial Systems + \begin{itemize} + \item 410-430 MHz + \item 450-470 MHz + \end{itemize} + \item Other Countries + \begin{itemize} + \item Depending on local regulatory requirements + \end{itemize} +\end{itemize} +\end{frame} + +\begin{frame}{TETRA Frequency plan} +\begin{itemize} + \item Single TETRA carrier normally 25kHz wide, no guard bands + \item Channel grid can align on 6.25, 12.5 and 25kHz offset + \item This allows seamless migration / co-existence with analog FM PMR in same band + \item Uplink/Downlink spacing can depend on band, typically 10MHz + \item Advanced TETRA-2 modes can operate at 50, 75 or 100kHz bandwidth +\end{itemize} +\end{frame} + +\begin{frame}{TETRA Modulation} +\begin{itemize} + \item pi/4 DQPSK (Differential Quaternary Phase Shift Keying) + \item 2 bits per symbol + \item Phase {\em difference} encodes information + \item 8 phase constellations, 4 possible transitions + \item Requires very linear amplifier as it is not constant envelope + \item Used within TETRA at 36 kbits/sec (18 kSymbols/sec) +\end{itemize} +\end{frame} + +\begin{frame}{TETRA Modulation}{pi/4 DQPSK (8 constellations, 4 transitions)} +\begin{figure}[h] + \centering + \includegraphics[width=55mm]{500px-Pi-by-4-QPSK_Gray_Coded.png} +\end{figure} +Source: Wikipedia / User:Splash +\end{frame} + +\begin{frame}{TETRA TDMA Frame structure} +\begin{itemize} + \item Each time-slot contains 510 bits (GSM: 156) + \item TDMA frame with 4 time-slots (GSM: 8) + \item Duration of TDMA frame: 56.67 ms (GSM: 4.6 ms) + \item Multiframe: 18 TDMA frames (GSM: 26/51) + \item Hyperframe: 60 Multiframes (GSM: 2715648) +\end{itemize} +\end{frame} + +\subsection{TETRA Protocol Stack} + +\begin{frame}{TETRA Protocol Stack} +\begin{itemize} + \item The TETRA protocol stack is more complex than GSM + \item Shared Stacking: PHY/lowerMAC/upperMAC/LLC + \item Above LLC there is MLE (resembles GSM RR), on top: + \begin{itemize} + \item MM (Mobility Management) + \item CMCE (Circuit Mode Control Entity) + \item CONS (Connection Oriented Service) + \item CNLS (Connectionless Service) + \end{itemize} + \item Call Control, Supplementary services on top of CMCE + \item Packet data on top of CNLS and CONS +\end{itemize} +\end{frame} + +\begin{frame}{TETRA Protocol Stack} +\begin{figure}[h] + \centering + \includegraphics[width=80mm]{tetra_mac_llc.png} +\end{figure} +\end{frame} + + +\begin{frame}{TETRA Protocol Stack} +\begin{figure}[h] + \centering + \includegraphics[width=80mm]{tetra_protocol_stack.png} +\end{figure} +\end{frame} + +\subsection{TETRA Security} + +\begin{frame}{TETRA Security} +\begin{itemize} + \item Once again all security features optional, like in GSM + \item Security features include + \begin{itemize} + \item Authentication + \item Air interface encryption + \item End-to-End encryption + \item Over-the-air re-keying (OTAR) + \item Remote locking of stolen devices + \end{itemize} + \item Not all handsets support all features + \item Key material can be stored in handset flash or in SIM +\end{itemize} +\end{frame} + +\begin{frame}{TETRA Authentication} +\begin{itemize} + \item Authentication messages part of Mobility Management (MM) + \item Based on secret User Authentication Key (UAK) in SIM, generating Authentication key K by use of Algorithms TB1, TB2 or TB3 + \item Supports three modes + \begin{itemize} + \item Authentication of user by infrastructure (TA11, TA12) + \item Authentication of infrastructure by user (TA21, TA22) + \item Mutual authentication (four-pass, TA11, TA12, TA21, TA22) + \end{itemize} + +\end{itemize} +\end{frame} + +\begin{frame}{TETRA Authentication} +\begin{figure}[h] + \centering + \includegraphics[width=60mm]{tetra_mutual_auth.png} +\end{figure} +\end{frame} + + +\begin{frame}{TETRA Air Interface Encryption} +\begin{itemize} + \item Like GSM: Encrypts only the air interface, not the core network + \item Unlike GSM: Not between L1 and L0 but inside the upper MAC layer + \begin{itemize} + \item Thus, no idle frames with known plaintext + \item Thus, no redundant information due to FEC before crypto + \end{itemize} + \item Encryption happens with different keys (SCK, DCK, CCK, GCK, MGCK) + \item IV is concatenation of hyperframe, multiframe, frame and slot number +\end{itemize} +\end{frame} + + +\begin{frame}{TETRA Air Interface Encryption} +\begin{figure}[h] + \centering + \includegraphics[width=100mm]{tetra_encryption.png} +\end{figure} +\end{frame} + +\begin{frame}{TETRA Encryption Keys} +\begin{itemize} + \item SCK (Static Cipher Key) + \begin{itemize} + \item pre-shared key, used in networks without authentication + \item up to 32 possible keys, selected by SYSINFO. + \end{itemize} + \item DCK (Derived Cipher Key) + \begin{itemize} + \item Generated by authentication procedure (like GSM A3/A8) + \item different for each user + \end{itemize} + \item CCK (Common Cipher Key) + \begin{itemize} + \item Generated by infrastructure and distributed to MS through DCK-encrypted connection using OTAR + \item Used for group calls within one location area + \end{itemize} + \item GCK (Group Cipher Key) + \begin{itemize} + \item Generated by infrastructure and distributed to MS through DCK-encrypted connection using OTAR + \item Used for specific protected groups + \end{itemize} + \item MGCK (Modified GCK) + \begin{itemize} + \item GCK modified by CCK + \end{itemize} +\end{itemize} +\end{frame} + +\begin{frame}{TETRA Encryption Algorithms} +There are 4 specified TETRA Encryption Algorithms (TEA): +\begin{description}[TEA4] + \item[TEA1] generally available, original algorithm, relaxed export + \item[TEA2] for public safety users in Schengen + EU countries + \item[TEA3] for public safety users elsewhere + \item[TEA4] generally available, reflects relaxed 1998 Wassenaar arrangement +\end{description} +It is assumed that at least original ciphers are 80-bit stream ciphers. +None of them have ever leaked publicly! +\end{frame} + +\begin{frame}{TETRA Air Interface Encryption}{Keys and Algorithms} +\begin{figure}[h] + \centering + \includegraphics[width=75mm]{tetra_keys_algos.png} +\end{figure} +\end{frame} + +\subsection{TETRA Security Conclusions} + +\begin{frame}{Is it really secure?} +Given all those security features, is TETRA really secure? +\begin{itemize} + \item much better than GSM + \item however, all security again optional + \item security of a given network depends on its configuration + \item reality is sad: Government networks secure, private networks insecure + \item vendors to blame + \begin{itemize} + \item 200 EUR cost increase in handset for crypto + \item authentication center in core network very expensive + \end{itemize} +\end{itemize} +\end{frame} + +\begin{frame}{Case Study: tetra-hamburg.de} +\begin{figure}[h] + \centering + \includegraphics[width=50mm]{tetra_hh_secure.png} +\end{figure} +\end{frame} + +\begin{frame}{Case Study: tetra-hamburg.de} +\begin{itemize} + \item public tetra network available for paying users (like cellular carrier) + \item by DFP TETRA Hamburg Ges. fuer Digitalfunk mbH + \item website claims it is secure against eavesdropping {\em because it is digital} + \item the network does not use any form of TEA encryption + \item all signalling, voice, SDS and packet data transferred in plaintext + \item digital radio receiver + protocol decoder sufficient for eavesdropping +\end{itemize} +\end{frame} + +\begin{frame}{Case Study: BVG - Berlin subway} +\begin{itemize} + \item private TETRA network for Berlin subway system (BVG) + \item incompatible with bus and tram radio (TETRAPOL) of BVG + \item almost no publicly available information, except some 2 press releases when they made big equipment purchasing deals + \item the network does not use any form of TEA encryption + \item all signalling and voice data transferred in plaintext + \item digital radio receiver + protocol decoder sufficient for eavesdropping +\end{itemize} +\end{frame} + +\section{TETRA Data Services} + +\subsection{Short Data Service} +\begin{frame}{SDS - Short Data Service} +\begin{itemize} + \item SDS can be compared with GSM/UMTS SMS + \item short messages of up to 140 bytes length + \item everything like GSM, but not 100\% identical +\end{itemize} +\end{frame} + +\subsection{Packet Data Service} +\begin{frame}{TETRA SNDCP - Packet Data} +\begin{itemize} + \item SNDCP (Sub-Network Dependent Convergence Protocol) + \item facilitates packet switched services like IPv4 over TETRA + \item leverages the GPRS network architecture and protocols + \item PDP Context to APN (like GPRS) + \item very slow unless both base station and handset support QAM modulation +\end{itemize} +\end{frame} + + +\section{Osmocom TETRA} + +\begin{frame}{Osmocom TETRA Demodulator} +\begin{figure}[h] + \centering + \includegraphics[width=90mm]{osmocom_tetra.png} +\end{figure} +\end{frame} + +\subsection{Demodulator} + +\begin{frame}{Osmocom TETRA Demodulator} +\begin{itemize} + \item 1:1 code re-use from APCO-25 Software receiver project + \item Hierarchical block fully based on gnuradio blocks + \begin{itemize} + \item Root-raised cosine filter + \item M-PSK receiver block + \item Costas Loop for carrier tracking + \item Muller\&Muller synchronizer + \item output: Float value between -3 and 3 in units of pi/4 + \end{itemize} +\end{itemize} +\end{frame} + +\subsection{Lower MAC and PHY} + +\begin{frame}{Osmocom TETRA PHY} +The burst synchronizer ({\tt tetra\_burst\_sync.c}) +\begin{itemize} + \item First acquires the Sync Burst training sequence by correlation + \item Later locks on Normal Burst (NB) training sequences + \item Splits actual payload sections out of training sequences, +\end{itemize} +The burst generator ({\tt tetra\_burst.c}) +\begin{itemize} + \item puts together various bursts such as NB, SB and others + \item calculates phase alignment bits + \item used to test receiver code +\end{itemize} +\end{frame} + +\begin{frame}{Osmocom TETRA lower MAC}{Receive Side} +\begin{itemize} + \item Receives bursts from PHY layer + \item Applies the following operations depending on burst type + \begin{itemize} + \item De-scrambling + \item De-Interleaving + \item De-Puncturing (RCPC code) + \item Viterbi decoder (RCPC code) + \item Compute + Verify CRC-16 + \end{itemize} + \item Recover TETRA Time (frame number) from SYNC burst + \item Hands decoded payload data to upper MAC +\end{itemize} +\end{frame} + +\begin{frame}{Osmocom TETRA lower MAC}{Transmit Side} +\begin{itemize} + \item Receives payload from upper MAC + \item Applies the following operations depending on burst type + \begin{itemize} + \item Append tail bits + \item Compute CRC-16 + \item Convolutional encoder (RCPC code) + \item Puncturing (RCPC code) + \item Interleaving + \item Scrambling + \end{itemize} + \item Hands decoded payload data to PHY +\end{itemize} +Tx is currently only used in testing the Rx code +\end{frame} + +\begin{frame}{Osmocom TETRA upper MAC} +\begin{itemize} + \item Rx-only + \item Not a complete implementation, just to decode SYSINFO, ACCESS-ASSIGN and (more and more) other bits. + \item Mainly a proof-of-concept to ensure PHY and lower MAC work +\end{itemize} +\end{frame} + +\begin{frame}{Osmocom TETRA LLC} +\begin{itemize} + \item Rx-only + \item gathers and de-fragments LLC fragments of MAC PDUs + \item offers them to higher layer protocols like MM, CMCE, SNDCP + \item Mainly a proof-of-concept implementation, nothing fancy +\end{itemize} +\end{frame} + +\begin{frame}{Osmocom TETRA speech frame export} +\begin{itemize} + \item Not in the public git repository yet + \item simply identifies and dumps speech frames to a file + \item data still needs to be de-compressed + \item luckily, ETSI specs come with C reference code for the +speech codec, so we can generate raw PCM files that we can play back +\end{itemize} +\end{frame} + +\subsection{wireshark integration} + +\begin{frame}{Osmocom TETRA via GSMTAP} +\begin{itemize} + \item The GSMTAP pseudo-header has been extended for TETRA + \item Change is backward-compatible with existing GSMTAP + \item current version of libosmocore supports extended GSMTAP + \item OsmocomTETRA {\tt tetra-rx} contains GSMTAP output support +\end{itemize} +\end{frame} + +\begin{frame}{wireshark TETRA integration} +\begin{itemize} + \item TETRA messages are unaligned bit-fields, full of variable-length and optional parts + \item Writing manual decoding/encoding routines is tiresome and error-prone + \item Beijing Institute of Technology has developed wireshark dissectors based on describing TETRA messages as ASN.1 PER (described in IEEE paper) + \item We contacted them and they were willing to release their code under GNU GPL + \item Zecke has extended it with GSMTAP support it has been included in wireshark mainline +\end{itemize} +\end{frame} + +\subsection{TETRA transmit code} + +\begin{frame}{Transmitting TETRA} +\begin{itemize} + \item The lower MAC and PHY code exists and is proven + \item OP25 project contains modulator for pi/4 DQPSK + \item Combining the two should render simplistic TETRA transmitter + \item Sending continuous sequence of BSCH in SB and BNCH in NB comprises valid beacon and should allow handsets to lock on the signal + \item So far no time to experiment with it + \item Could be first step in SDR TETRA Base Station +\end{itemize} +\end{frame} + +\begin{frame}{Thanks} +Thanks to +\begin{itemize} + \item Dieter Spaar for discovering the APCO25 demodulator and his work on speech decoding + \item Sylvain Munaut for implementing our own Viterbi decoder + \item Holger Freyther for his work on CRC, Shortened Reed-Muller and wireshark + \item horiz0n for providing sample captures of TETRA radio traffic +\end{itemize} +\end{frame} + + +\begin{frame}{Further Reading} +\begin{itemize} + \item \url{http://tetra.osmocm.org/} + \item \url{http://www.tetramou.com/} + \item \url{http://www.etsi.org/website/Technologies/TETRA.aspx} + \item \url{http://www.tetramou.com/uploadedFiles/About\_TETRA/TETRA\%20Security\%20pdf.pdf} + \item \url{http://www.tetrawatch.net/} + \item {\em Digital Mobile Communications and the TETRA System} by John Dunlop, Demessie Girma, James Irvine - Wiley +\end{itemize} +\end{frame} + + +\end{document} diff --git a/2011/tetra-camp2011/osmocom_tetra.png b/2011/tetra-camp2011/osmocom_tetra.png new file mode 100644 index 0000000..918dee5 Binary files /dev/null and b/2011/tetra-camp2011/osmocom_tetra.png differ -- cgit v1.2.3