1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
|
% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $
\documentclass{beamer}
\usepackage{url}
\makeatletter
\def\url@leostyle{%
\@ifundefined{selectfont}{\def\UrlFont{\sf}}{\def\UrlFont{\tiny\ttfamily}}}
\makeatother
%% Now actually use the newly defined style.
\urlstyle{leo}
% This file is a solution template for:
% - Talk at a conference/colloquium.
% - Talk length is about 20min.
% - Style is ornate.
% Copyright 2004 by Till Tantau <tantau@users.sourceforge.net>.
%
% In principle, this file can be redistributed and/or modified under
% the terms of the GNU Public License, version 2.
%
% However, this file is supposed to be a template to be modified
% for your own needs. For this reason, if you use this file as a
% template and not specifically distribute it as part of a another
% package/program, I grant the extra permission to freely copy and
% modify this file as you see fit and even to delete this copyright
% notice.
\mode<presentation>
{
\usetheme{Warsaw}
% or ...
\setbeamercovered{transparent}
% or whatever (possibly just delete it)
}
\usepackage[english]{babel}
% or whatever
\usepackage[latin1]{inputenc}
% or whatever
\usepackage{times}
\usepackage[T1]{fontenc}
% Or whatever. Note that the encoding and the font should match. If T1
% does not look nice, try deleting the line with the fontenc.
\title{OsmocomTETRA}
\subtitle
{Researching TETRA and its security}
\author{Harald Welte}
\institute
{gnumonks.org\\gpl-violations.org\\OpenBSC\\OsmocomBB\\hmw-consulting.de}
% - Use the \inst command only if there are several affiliations.
% - Keep it simple, no one is interested in your street address.
\date[SRLabs 2011] % (optional, should be abbreviation of conference name)
{SRLabs, January 2011, Berlin/Germany}
% - Either use conference name or its abbreviation.
% - Not really informative to the audience, more for people (including
% yourself) who are reading the slides online
\subject{Communications Security}
% This is only inserted into the PDF information catalog. Can be left
% out.
% If you have a file called "university-logo-filename.xxx", where xxx
% is a graphic format that can be processed by latex or pdflatex,
% resp., then you can add a logo as follows:
% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename}
% \logo{\pgfuseimage{university-logo}}
% Delete this, if you do not want the table of contents to pop up at
% the beginning of each subsection:
%\AtBeginSubsection[]
%{
% \begin{frame}<beamer>{Outline}
% \tableofcontents[currentsection,currentsubsection]
% \end{frame}
%}
% If you wish to uncover everything in a step-wise fashion, uncomment
% the following command:
%\beamerdefaultoverlayspecification{<+->}
\begin{document}
\begin{frame}
\titlepage
\end{frame}
\begin{frame}{Outline}
\tableofcontents[hideallsubsections]
% You might wish to add the option [pausesections]
\end{frame}
% Structuring a talk is a difficult task and the following structure
% may not be suitable. Here are some rules that apply for this
% solution:
% - Exactly two or three sections (other than the summary).
% - At *most* three subsections per section.
% - Talk about 30s to 2min per frame. So there should be between about
% 15 and 30 frames, all told.
% - A conference audience is likely to know very little of what you
% are going to talk about. So *simplify*!
% - In a 20min talk, getting the main ideas across is hard
% enough. Leave out details, even if it means being less precise than
% you think necessary.
% - If you omit details that are vital to the proof/implementation,
% just say so once. Everybody will be happy with that.
\begin{frame}{About the speaker}
\begin{itemize}
\item Using + playing with Linux since 1994
\item Kernel / bootloader / driver / firmware development since 1999
\item IT security expert, focus on network protocol security
\item Core developer of Linux packet filter netfilter/iptables
\item Board-level Electrical Engineering
\item Always looking for interesting protocols (RFID, DECT, GSM)
\end{itemize}
\end{frame}
\section{TETRA Introduction}
\subsection{What is TETRA?}
\begin{frame}{Introducing TETRA}
TErrestrial Trunked RAdio
\begin{itemize}
\item Digital PMR (Professional Mobile Radio) standard
\item Standardization Body ETSI started work in 1990
\item First specified in 1995, endorsed by EU Radiocomms Committee
\item Commercial Vendors: Motorola, EADS/Nokia, Arteva/Simoco/Pye/Philips, Rohde \& Schwarz
\item Chinese vendors are expected to appear on the market soon
\end{itemize}
\end{frame}
\begin{frame}{TETRA vs GSM}
\begin{itemize}
\item Longer range due to lower frequency (but not vs. GSM 410/450!)
\item Higher spectral efficiency (4 speech channels in 25kHz vs. 16 speech channels in 270kHz)
\item Specified to work at speeds above 400 km/h
\item one-to-one, one-to-many and many-to-many (but: GSM-R ASCI)
\item offers direct mode between handsets in case base station is out of range
\item separate infrastructure from public networks (but: GSM-R)
\item de-central fall-back, i.e. base stations switching local calls
\end{itemize}
\end{frame}
\begin{frame}{TETRA vs GSM}
Summary
\begin{itemize}
\item Most of the TETRA advantages could be achieved using GSM-R in a lower frequency band
\item Local call switching can be implemented in GSM (think of OpenBSC)
\item GSM requires modifications on the air interface for direct mode, but even in TETRA, direct mode is {\em very} different from trunked mode
\end{itemize}
It seems, the industry rather re-invented an entirely different system to ensure
the resulting equipment can be sold at multiples of the commercial-grade GSM
equipment.
\end{frame}
\subsection{Where is TETRA deployed?}
\begin{frame}{TETRA deployments}
\begin{itemize}
\item In 2009, TETRA was deployed in 114 countries (every continent except North America)
\item Typical users: Police, Transportation, Army, Fire Service, Ambulance, Customs, Coast Guard
\item But also: Private company networks (industrial plants)
\item In Germany there are 63 registered networks (only 5 are BOS)
\end{itemize}
\end{frame}
\begin{frame}{TETRA deployments}
\begin{itemize}
\item Follow TETRA Newsletter released by TETRA MoU organization
\item Majority of recent deployments seems to be in Asia, specifically China.
\end{itemize}
\end{frame}
\section{TETRA Technical Intro}
\subsection{TETRA Air Interface}
\begin{frame}{TETRA Frequencies}
\begin{itemize}
\item European Emergency Services
\begin{itemize}
\item 380-383 MHz and 390-393 MHz
\item 383-385 MHz and 393-395 MHz (optional)
\end{itemize}
\item European Private/Commercial Systems
\begin{itemize}
\item 410-430 MHz
\item 450-470 MHz
\end{itemize}
\item Other Countries
\begin{itemize}
\item Depending on local regulatory requirements
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{TETRA Frequency plan}
\begin{itemize}
\item Single TETRA carrier normally 25kHz wide, no guard bands
\item Channel grid can align on 6.25, 12.5 and 25kHz offset
\item This allows seamless migration / co-existence with analog FM PMR in same band
\item Uplink/Downlink spacing can depend on band, typically 10MHz
\item Advanced TETRA-2 modes can operate at 50, 75 or 100kHz bandwidth
\end{itemize}
\end{frame}
\begin{frame}{TETRA Modulation}
\begin{itemize}
\item pi/4 DQPSK (Differential Quaternary Phase Shift Keying)
\item 2 bits per symbol
\item Phase {\em difference} encodes information
\item 8 phase constellations, 4 possible transitions
\item Requires very linear amplifier as it is not constant envelope
\item Used within TETRA at 36 kbits/sec (18 kSymbols/sec)
\end{itemize}
\end{frame}
\begin{frame}{TETRA TDMA Frame structure}
\begin{itemize}
\item Each time-slot contains 510 bits (GSM: 156)
\item TDMA frame with 4 time-slots (GSM: 8)
\item Duration of TDMA frame: 56.67 ms (GSM: FIXME)
\item Multiframe: 18 TDMA frames (GSM: 26/51)
\item Hyperframe: 60 Multiframes (GSM: FIXME)
\end{itemize}
\end{frame}
\subsection{TETRA Protocol Stack}
\begin{frame}{TETRA Protocol Stack}
\begin{itemize}
\item The TETRA protocol stack is more complex than GSM
\item Shared Stacking: PHY/lowerMAC/upperMAC/LLC
\item Above LLC there is MLE (resembles GSM RR), on top:
\begin{itemize}
\item MM (Mobility Management)
\item CMCE (Circuit Mode Control Entity)
\item CONS (Connection Oriented Service)
\item CNLS (Connectionless Service)
\end{itemize}
\item Call Control, Supplementary services on top of CMCE
\item Packet data on top of CNLS and CONS
\end{itemize}
\end{frame}
\begin{frame}{TETRA Protocol Stack}
\begin{figure}[h]
\centering
\includegraphics[width=80mm]{tetra_mac_llc.png}
\end{figure}
\end{frame}
\begin{frame}{TETRA Protocol Stack}
\begin{figure}[h]
\centering
\includegraphics[width=80mm]{tetra_protocol_stack.png}
\end{figure}
\end{frame}
\subsection{TETRA Security}
\begin{frame}{TETRA Security}
\begin{itemize}
\item Once again all security features optional, like in GSM
\item Security features include
\begin{itemize}
\item Authentication
\item Air interface encryption
\item End-to-End encryption
\item Over-the-air re-keying (OTAR)
\item Remote locking of stolen devices
\end{itemize}
\item Not all handsets support all features
\item Key material can be stored in handset flash or in SIM
\end{itemize}
\end{frame}
\begin{frame}{TETRA Authentication}
\begin{itemize}
\item Authentication messages part of Mobility Management (MM)
\item Based on secret User Authentication Key (UAK) in SIM, generating Authentication key K by use of Algorithms TB1, TB2 or TB3
\item Supports three modes
\begin{itemize}
\item Authentication of user by infrastructure (TA11, TA12)
\item Authentication of infrastructure by user (TA21, TA22)
\item Mutual authentication (four-pass, TA11, TA12, TA21, TA22)
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{TETRA Authentication}
\begin{figure}[h]
\centering
\includegraphics[width=60mm]{tetra_mutual_auth.png}
\end{figure}
\end{frame}
\begin{frame}{TETRA Air Interface Encryption}
\begin{itemize}
\item Like GSM: Encrypts only the air interface, not the core network
\item Unlike GSM: Not between L1 and L0 but inside the upper MAC layer
\begin{itemize}
\item Thus, no idle frames with known plaintext
\item Thus, no redundant information due to FEC before crypto
\end{itemize}
\item Encryption happens with different keys (SCK, DCK, CCK, GCK, MGCK)
\item IV is concatenation of hyperframe, multiframe, frame and slot number
\end{itemize}
\end{frame}
\begin{frame}{TETRA Air Interface Encryption}
\begin{figure}[h]
\centering
\includegraphics[width=100mm]{tetra_encryption.png}
\end{figure}
\end{frame}
\begin{frame}{TETRA Encryption Keys}
\begin{itemize}
\item SCK (Static Cipher Key)
\begin{itemize}
\item pre-shared key, used in networks without authentication
\item up to 32 possible keys, selected by SYSINFO.
\end{itemize}
\item DCK (Derived Cipher Key)
\begin{itemize}
\item Generated by authentication procedure (like GSM A3/A8)
\item different for each user
\end{itemize}
\item CCK (Common Cipher Key)
\begin{itemize}
\item Generated by infrastructure and distributed to MS through DCK-encrypted connection using OTAR
\item Used for group calls within one location area
\end{itemize}
\item GCK (Group Cipher Key)
\begin{itemize}
\item Generated by infrastructure and distributed to MS through DCK-encrypted connection using OTAR
\item Used for specific protected groups
\end{itemize}
\item MGCK (Modified GCK)
\begin{itemize}
\item GCK modified by CCK
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{TETRA Encryption Algorithms}
There are 4 specified TETRA Encryption Algorithms (TEA):
\begin{description}[TEA4]
\item[TEA1] generally available, original algorithm, relaxed export
\item[TEA2] for public safety users in Schengen + EU countries
\item[TEA3] for public safety users elsewhere
\item[TEA4] generally available, reflects relaxed 1998 Wassenaar arrangement
\end{description}
It is assumed that at least original ciphers are 80-bit stream ciphers.
None of them have ever leaked publicly!
\end{frame}
\begin{frame}{TETRA Air Interface Encryption}{Keys and Algorithms}
\begin{figure}[h]
\centering
\includegraphics[width=75mm]{tetra_keys_algos.png}
\end{figure}
\end{frame}
\section{Osmocom TETRA}
\subsection{Demodulator}
\begin{frame}{Osmocom TETRA Demodulator}
\begin{itemize}
\item 1:1 code re-use from APCO-25 Software receiver project
\item Hierarchical block fully based on gnuradio blocks
\begin{itemize}
\item Root-raised cosine filter
\item M-PSK receiver block
\item Costas Loop for carrier tracking
\item Muller\&Muller synchronizer
\item output: Float value between -3 and 3 in units of pi/4
\end{itemize}
\end{itemize}
\end{frame}
\subsection{Lower MAC and PHY}
\begin{frame}{Osmocom TETRA PHY}
The burst synchronizer ({\tt tetra\_burst\_sync.c})
\begin{itemize}
\item First acquires the Sync Burst training sequence by correlation
\item Later locks on Normal Burst (NB) training sequences
\item Splits actual payload sections out of training sequences,
\end{itemize}
The burst generator ({\tt tetra\_burst.c})
\begin{itemize}
\item puts together various bursts such as NB, SB and others
\item calculates phase alignment bits
\item used to test receiver code
\end{itemize}
\end{frame}
\begin{frame}{Osmocom TETRA lower MAC}{Receive Side}
\begin{itemize}
\item Receives bursts from PHY layer
\item Applies the following operations depending on burst type
\begin{itemize}
\item De-scrambling
\item De-Interleaving
\item De-Puncturing (RCPC code)
\item Viterbi decoder (RCPC code)
\item Compute + Verify CRC-16
\end{itemize}
\item Recover TETRA Time (frame number) from SYNC burst
\item Hands decoded payload data to upper MAC
\end{itemize}
\end{frame}
\begin{frame}{Osmocom TETRA lower MAC}{Transmit Side}
\begin{itemize}
\item Receives payload from upper MAC
\item Applies the following operations depending on burst type
\begin{itemize}
\item Append tail bits
\item Compute CRC-16
\item Convolutional encoder (RCPC code)
\item Puncturing (RCPC code)
\item Interleaving
\item Scrambling
\end{itemize}
\item Hands decoded payload data to PHY
\end{itemize}
Tx is currently only used in testing the Rx code
\end{frame}
\begin{frame}{Osmocom TETRA upper MAC}
\begin{itemize}
\item Rx-only
\item Not a complete implementation, just to decode SYSINFO, ACCESS-ASSIGN and some other bits.
\item Mainly a proof-of-concept to ensure PHY and lower MAC work
\end{itemize}
\end{frame}
\subsection{wireshark integration}
\begin{frame}{Osmocom TETRA via GSMTAP}
\begin{itemize}
\item The GSMTAP pseudo-header has been extended for TETRA
\item Change is backward-compatible with existing GSMTAP
\item current version of libosmocore supports extended GSMTAP
\item OsmocomTETRA {\tt tetra-rx} contains GSMTAP output support
\end{itemize}
\end{frame}
\begin{frame}{wireshark TETRA integration}
\begin{itemize}
\item TETRA messages are unaligned bit-fields, full of variable-length and optional parts
\item Writing manual decoding/encoding routines is tiresome and error-prone
\item Beijing Institute of Technology has developed wireshark dissectors based on describing TETRA messages as ASN.1 PER (described in IEEE paper)
\item We contacted them and they were willing to release their code under GNU GPL
\item Zecke has extended it with GSMTAP support and is in the process of submitting it to wireshark mainline
\end{itemize}
\end{frame}
\subsection{TETRA transmit code}
\begin{frame}{Transmitting TETRA}
\begin{itemize}
\item The lower MAC and PHY code exists and is proven
\item OP25 project contains modulator for pi/4 DQPSK
\item Combining the two should render simplistic TETRA transmitter
\item Sending continuous sequence of BSCH in SB and BNCH in NB comprises valid beacon and should allow handsets to lock on the signal
\item So far no time to experiment with it
\item Could be first step in SDR TETRA Base Station
\end{itemize}
\end{frame}
\begin{frame}{Thanks}
Thanks to
\begin{itemize}
\item Dieter Spaar for discovering the APCO25 demodulator and his work on speech decoding
\item Sylvain Munaut for implementing our own Viterbi decoder
\item Holger Freyther for his work on CRC, Shortened Reed-Muller and wireshark
\item horiz0n for providing sample captures of TETRA radio traffic
\end{itemize}
\end{frame}
\begin{frame}{Further Reading}
\begin{itemize}
\item \url{http://tetra.osmocm.org/}
\item \url{http://www.tetramou.com/}
\item \url{http://www.etsi.org/website/Technologies/TETRA.aspx}
\item \url{http://www.tetramou.com/uploadedFiles/About\_TETRA/TETRA\%20Security\%20pdf.pdf}
\item \url{http://www.tetrawatch.net/}
\item {\em Digital Mobile Communications and the TETRA System} by John Dunlop, Demessie Girma, James Irvine - Wiley
\end{itemize}
\end{frame}
\end{document}
|