Upload File

tetra networks security

26
TETRA Networks Security Tomáš Suchan, Marek Sebera ITDS Consulting

Upload: marek-sebera

Post on 16-Apr-2017

879 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: TETRA Networks Security

TETRA Networks SecurityTomáš Suchan, Marek Sebera

ITDS Consulting

Page 2: TETRA Networks Security

Schedule

● Introduction● What is TETRA● Who does use TETRA● Security options● Dangerous decisions● Demo● Q & A

Page 3: TETRA Networks Security

Introduction - ITDS Consulting

● Tomáš Suchan, Marek Sebera● Based in Prague● https://www.itds-consulting.cz● TETRA, GSM, TETRAPOL, DMR● TETRA Toolkit - Monitoring and forensic tool● GSM Toolkit - Mobile networks security tool

Page 4: TETRA Networks Security

What is TETRA

● TErrestrial Trunked RAdio● Designed by ETSI since 1990● Mission-Critical Digital Radio System● Private / Professional Mobile Radio (PMR) ● DAMM, Sepura, Rohde & Schwarz, EADS, Motorola, …● Transport, Airports, Police/Fire/Ambulance, Army, …● SCADA systems (nuclear plants, power stations, …)

Page 5: TETRA Networks Security
Page 6: TETRA Networks Security
Page 7: TETRA Networks Security

WORLDTETRAUSAGE

Page 8: TETRA Networks Security

TETRA - Czech Republic

Praha, Brno, Liberec, České Budějovice, Chemopetrol Litvínov, Hyundai Nošovice, Pardubice, Přerov, ...

Radio Band:410MHz - 430MHz

Page 9: TETRA Networks Security

Slovak Republic

● TETRAPOL● Project: SITNO - Ministerstvo Vnútra SK● Built in years 1999 - 2008● Working since 2008● Firefighters, Police, Customs, 112 Emergerency

Page 10: TETRA Networks Security

Disclaimer

● Properly secured TETRA network is hard to crack

● We’re talking about unsecured or badly secured networks

Page 11: TETRA Networks Security

TETRA Network Security

● Transport Air-Interface encryption

● SwMI (Infrastructure) Restrict MS by TEI + ISSI combo

● Application End-to-End transport encryption

Page 12: TETRA Networks Security

Attacks on TETRA

Page 13: TETRA Networks Security

Missing Air-Interface Encryption

We can:

● Read text / binary data (SDS)● Decode voice transports (even Group Calls)● Map network structure● Identify users, clients, applications● Intercept (MITM) communication● Fake both directions of data transport

Page 14: TETRA Networks Security

No Air-Interface Encr. , TEI + ISSI registration restricted

We can still do everything, it’s just bit harder :-)

Page 15: TETRA Networks Security

Missing Air-Interface Encryption, added E2E encryption

● Correlate communication groups● Map infrastructure● Scan / Penetrate application endpoints● Communication fuzzing and DoS attacks

Page 16: TETRA Networks Security

Only Air-Interface encrypted

● Obtain auth key for network● ???● PROFIT

Page 17: TETRA Networks Security

Only Air-Interface encrypted (ver 2)

● Build 80-bit TEA (symmetric stream cipher) cracker● Obtain auth key for network● ???● PROFIT

Page 18: TETRA Networks Security

Recommendation

● Encrypt Air-Interface● Use End-to-End encryption● Don’t skimp on security

Page 19: TETRA Networks Security

Tetra Toolkit ® ITDS Consulting

● Requirements○ 4-core 2.5GHz computer, 8GB DDR3○ RTL-SDR USB dongle○ Linux OS

● Attack time < few minutes● Decode voice, text and data communication● Map infrastructure,

Page 20: TETRA Networks Security

Attack Demo

Page 21: TETRA Networks Security

Thanks to our Partners

Page 22: TETRA Networks Security
Page 23: TETRA Networks Security
Page 24: TETRA Networks Security
Page 25: TETRA Networks Security

Questions & Answers

Page 26: TETRA Networks Security

TETRA Networks SecurityThank you !


Wireless networks security

Hybrid networks, TETRA where is the user value?s3.amazonaws.com/JuJaMa.UserContent/36680176-e9cb... · Hybrid networks, TETRA and LTE –where is the user value? Mika Laitinen Head

TETRA Verboten & Industriële security · 2018. 10. 10. · TETRA Verboten & Industriële security Agenda 13h00 Ontvangst deelnemers 13h15 Korte situering TETRA project 'Veilige industriële

Network Security Security in Traditional Wireless Networks 1 Network Security Chapter 6. Security in Traditional Wireless Networks

Efficient Group Key Agreement for Dynamic TETRA Networks

Hytera TETRA Series Product Introductionfuturesystems.com.au/.../2016/01/Hytera-TETRA...EN.pdf · Most TETRA networks for public safety and security (PSS) users such as police, firefighting

TWC 2003 Copenhagen1 INTRODUCTION TO TETRA SECURITY Brian Murgatroyd

Use of Tetra networks in crisis situations + large scale ...tetraforum.pl/doc/USE OF TETRA NETWORKS IN CRISIS... · 2/23/2010 · USE OF TETRA NETWORKS IN CRISIS SITUATIONS + LARGE

Linking Narrowband to Broadband Networks (TETRA -Mission ...Nov 28, 2017  · Linking Narrowband to Broadband Networks (TETRA -Mission Critical LTE Interworking) PMRexpoWorkshop, 28

TETRA Security Class - entropia.eu · •TETRA MoU SFPG Recommendation 03 – TETRA threat analysis –Gives an idea of possible threats and countermeasures against a radio system

Juniper Networks Security Appliances Security …...Juniper Networks Security Appliances Security Target Revision L December 19, 2005 EAL4 5 • Juniper Networks NetScreen-204 (Part

TETRA Security

Optimized Channel Assignment Scheme for TETRA Networks · Optimized Channel Assignment Scheme for TETRA Networks E. DIMITRIADOU1, K. IOANNOU1, I. PANOUTSOPOULOS1, A. GARMPIS2, S

Terrestrial Trunked Radio (TETRA); Security; Lawful ...mirror.netcologne.de/CCC/documentation/sigint/enfopol-2002/ETSI_p… · Terrestrial Trunked Radio (TETRA); Security; Lawful

Networks and Security

Individual security pager 2 networks available in the … · Individual security pager 2 networks available in the same pager B I R D Y T E T R A rk rk ... BIRDY TETRA enables to

The Role of TETRA in a Holistic Homeland Security Solution

Mobile Broadband and future of Public Safety Networks From a Tetra Operator Perspective

TR 102 512 - V1.1.1 - Terrestrial Trunked Radio (TETRA ... · ETSI 2 ETSI TR 102 512 V1.1.1 (2006-08) Reference DTR/TETRA-06139 Keywords analysis, security, TETRA ETSI 650 Route des

Network Security Security in Wireless Ad Hoc Networks 1 Network Security Chapter 8. Security in Wireless Ad Hoc Networks

Antennas for TETRA Networks

Social networks security

Security Analysis of TETRA

TETRA Security meeting needs of Military Security mechanisms in TETRA and how to ensure that the solution is secure… ”Jeppe” Jepsen Motorola

Home Security Networks

TETRA Security Istanbul February 2011rageuniversity.com/PRISONESCAPE/JAMMING RADIO GSM... · TETRA security Istanbul. Network Security. ¾IT security is vital in TETRA networks particularly

Security Encryption and Management Brian Murgatroyd Chairman: TETRA Association Security and Fraud Prevention Group

MOTOROLA TETRA SOLUTIONS - C3 - offering Critical ...€¦ · Faced with new data security threats, ... Although TETRA networks support secure and reliable narrowband services (with

Physical Layer Security 1. Outline 2 Overview Physical Security in Wired Networks Physical Security in Wireless Networks

TETRA Experience 2006 Sao Paulo July 18 th 2006. TETRA Security Encryption and Management Ramón Montañez

Storage Area Networks Security Protocols and …franjo/papers/SAN_Security_WP_v1.pdfStorage Area Networks Security Protocols and ... Storage Area Networks Security Protocols and Mechanisms

DEFENDING WORLD SECURITY - Start - DEDEFENDING WORLD SECURITY TB3p World's smallest TETRA base station The TB3p mini TETRA base station from CASSIDIAN® is the world's smallest TETRA

Security Analysis of TETRA - COREarchitecture of TETRA networks. Part III Security features of TETRA This part will describe security feature of TETRA system in-cluding authentication,

Key performance indicators for qos assessment in tetra networks

Reliable and scalable TETRA networks, v1 - · PDF filetowardsdeployingopenIPCbasedsolutions&for&bothsmall&andlarge&TETRA&networks.&Inthis& context,&an&allCIParchitecturemeansthatboththecoreofthenetworkandthe&transport&