Florian exPress periodical - November
The Professional Mobile Radio Zrt. (Pro-M Zrt.) would
like to contribute to the detailed knowledge of
advantages offered by the Unified Digital Radio
Communications (EDR) system built on TETRA technology
by giving quotations from the publication called
„TETRA Radio and You”.
The publication gives detailed information on the
features, functions and application possibilities of
the technology in easy-to-read and user-friendly style.
In addition, services not available yet in the
Hungarian system but foreshadowing the scope of future
useful application areas are also presented. The book
helps public safety organizations using the system as
well as experts, developers and operators interested in
the subject to acquire comprehensive knowledge about
the TETRA system and about the advantaged offered by
the network.
In our technical publication extracts from the book are
given in two parts. In the previous issue of Fire
exPress the most often used features of TETRA radio
sets, the various call types and the possibilities for
creating voice (talk) groups were presented, while the
publication of this month reports on encryption and
authentication possibilities as well as on the scanning
of the developed voice groups. The setting of voice
groups and the scanning making possible the process of
information flow will be analyzed by discussing a
concrete, practical example.
The publication can be purchased personally, or by
post, with collect on delivery:
Infodok Kft.
1013 Budapest,
Krisztina körút 55.
Erika Nyuzó née Mrs. Drávucz
Telephone: 061-457-4018
E-mail: dravuczne.nyuzo.erika@telekom.hu
Authentication in the TETRA
In terms of security the authentication is the
mechanism which provides for the integrity of the
network and/or the TETRA radio, ensuring that each unit
is unique and it is not possible to simulate any of
them. From technical aspect the authentication is the
procedure during which the validity of the TETRA radio
terminal, the ITSI (Individual TETRA Subscriber
Identity) and the user information stored in the
network database is controlled.
For making possible the use of authentication a radio
specific authentication key (K) shall be programmed
into the TETRA radio. In the next phase the
authentication key (K) and its counterpart – the
reference - shall be transferred and stored in the
TETRA network. Then the reference will be assigned to
(matched with) an Individual TETRA Subscriber Identity
(ITSI) and the ITSI will be programmed into the TETRA
radio.
When the radio logs in (that is upon switching on or
when it selects a network cell) the network sends out a
so-called request for authentication which is the
original/initial number (core number) used in the
authentication algorithm specified by ETSI. In reply to
the authentication request the terminal sends back a
number identified on the basis of the core number, the
authentication key (K) and the ITSI. If the number
included in the answer corresponds to the number
calculated internally by the network on the basis of
the core number, the reference and ITSI then the
terminal is individually identified therefore it is
authentic and it may use the network services specified
in the subscription. This procedure is called
authentication initiated by the system.
If the terminal is configured so as to provide for the
integrity of the network then the procedure is
continued with reverse roles. The TETRA radio sends out
the request for authentication together with the core
number and it is the system that has to give the
correct answer. The whole process is called mutual
authentication since this way both the radio and the
network would mutually be authenticated. In TETRA the
length of the authentication key (K) is 128 bits.
Encryption in the TETRA system
In TETRA the encryption means that information sent by
and to the TETRA radio is enciphered. The encryption in
TETRA is divided into two classes: the Air Interface
Encryption (AIE) and the encryption between the two
termination points (end-to-end encryption). Both
classes will be discussed later. The quality of
encryption depends on three factors: the strength of
the ciphering algorithm, the length of the encryption
key and the frequency of key exchange. The performance
of TETRA is excellent from all the three aspects.
Air Interface Encryption (AIE)
The air interface encryption hides the traffic carried
over the communication channel between the radio and
the base station. In TETRA this means that all voice,
data and signaling communications will be encrypted.
Its extent – therefore the quality of encryption
– can be divided into three classes:
• Air (radio) interface encryption of class
1
Powerful digital TETRA encoding, offering standard
digital protection without the application of special
static or dynamic keys.
• Air interface encryption of class 2 –
Static Cipher Key (SCK)
The air interface is encrypted with a strong algorithm
specified by the ETSI and with a static cipher key
(SCK). In this context the attribute static means that
the key is programmed into the TETRA radio and this key
is used to encrypt the traffic until it is changed. The
authentication is recommended but not mandatory.
• Air interface encryption of class 3 –
DCK/CCK
The air interface is encrypted with a strong algorithm
specified by the ETSI and with a derived cipher key
(DCK) which is obtained from the request for
authentication. Consequently the ciphering is always
changed when the TETRA radio is authenticated. In the
practice the encryption key is also modified every time
when the radio changes to another base station.
Therefore this encryption method is so strong that
there is no sense in trying to crack it.
The Common Cipher Key (CCK) is used to encrypt the
traffic directed from the base station to a group of
the TETRA radio units. This key is unique for every
base station and it is frequently changed.
Monitoring of several voice groups –
scanning
The scanning makes possible for us to listen to voice
groups we want to communicate with. When the scanning
is active our radio automatically selects the first
active voice group. We will hear the communication
carried on in the voice group and we can call the group
in a normal way by pressing the push-to-talk
button.
In the practice this means that we can hear on the
radio the communication of some voice group until it is
terminated.
In the course of field operations the management and
control of tasks requires the efficient and effective
management of information. The inadequate management of
information may lead to information overload which can
be the source of further problems. The handling of
tasks and information in manageable slices generally
results in the assignment of many voice groups to
specific groups. These specific groups are for example
the health service, the fire brigades, the police and
members of the headquarters. In this arrangement the
challenge is that one has to ensure for given persons
that they receive only the information which is
essential for them. In a radio communications system
applying analog trunk network the groups had to be used
in a very disciplined way: each person was instructed
to listen to a certain voice group until other command
is received. This arrangement ensured that the
essential information reached the appropriate persons.
Further parts of the information carried in other
groups were lost irrespective of whether they were
essential or not. Since everybody listened to a single
voice group, no attention could be paid to
communication carried on in other voice groups even if
the currently selected voice group was silent. This was
considered as an acceptable drawback since it resulted
from the physical limits of the analog
technology.
Some situations made necessary other solutions even in
the traditional systems. For example members of the
coast guard on duty had to scan a higher number of
channels (voice groups), looking for traffic. The first
active communication was selected. This kind of
searching for traffic resembled very much to the case
where only a single selected channel or group was
listened to. On the other hand as soon as a given
channel was seized, there was no way to know what
essential information was perhaps broadcast in other
voice groups.
In a traditional system either of the above-mentioned
two scenarios could be implemented only if two radios
but at least two receivers were used simultaneously.
These two scenarios, however, can be realized with a
single TETRA radio as well. Therefore TETRA gave a
solution to the fundamental problem of ensuring the
reception of essential information while being able to
receive the major part of other communications as well.
The answer to the raised problem is the scanning.
Priority scanning
The priority scanning makes possible for the user to
monitor in an intelligent way and prioritize voice
groups outside the selected group. To each voice group
to be scanned a priority can be assigned depending on
how much the given group is important for the user.
When the priorities have been set according to the
communication plan and traffic is carried
simultaneously in two or even more scanned voice
groups, the user hears the communication of the group
with the highest priority and can establish connection
to it. As soon as the communication in the above group
is terminated, the radio is linked to the group of next
priority level where the communication is active. This
arrangement ensures that the communication realized in
the most important groups – such as the emergency
groups – is not lost for the users. If your TETRA
radio supports priority scanning then the voice group
of lower priority level is automatically left if
connection is to be set up to a higher priority group.
The priority scanning makes possible for the customers
to plan the communication models based on the
importance of the broadcast information. In the
following example the command sending voice group of
the fire-chief to be monitored by all team leaders has
higher priority than the voice group of the unit
itself. This way the fire-chief can be sure that the
team leaders always receive the commands he/she has
given.
The model can also be reversed: the voice group of the
unit is given higher priority than the
commander’s group. In this case the members of
the unit can be sure that their leaders will always
hear what is said to them. This also means that the
fire-chief needs adequately given acknowledgements sent
by the team (unit) leaders. In case of any approach the
information considered by the operation model as having
the highest priority for the individual persons will be
heard.
Example for the setting of voice groups and
priorities
The fire-chief often communicates with the team
leaders. For this reason the “headquarters”
voice group is used as the selected group. At the same
time the “cooperation” voice group is
scanned with high priority so that the fire-chief
immediately receives the reports sent by the heads of
other authorities being on the spot. This is important
because he is the main responsible person as regards
all the activities carried on at the given site. This
arrangement makes possible for the fire-chief to
receive only the essential information instead of the
whole information flow, enabling him to have a firm
control over the whole situation and to maintain his
managerial abilities.
Both team leaders selected the voice group of their own
team as default, that is the leader of the first team
has chosen the voice group of team 1, setting the voice
group of the headquarters to high priority level. This
arrangement makes possible for the team leaders to
receive immediately the commands sent by the fire-chief
and during the remaining period they can hear the
members of their respective team. The own teams will
use only one voice group in the course of operations
and they do not have to switch on the scanning.
According to this approach only the essential
information sent by the team leader and by members of
the team is received by them. It may happen that a
dispatcher must distribute the critical information to
all users. For this purpose the background groups can
be the ideal solution.
In the example described above the following voice
groups were used:
• cooperation (the fire-chief and other commanding
officers, and perhaps the dispatcher as well),
• headquarters (fire-chief and team
leaders),
• team 1 (the leader and the members of team
1),
• team 2 (the leader and the members of team
2),
Figure 3.5: Example for communication hierarchy and the
arrangement of teams (groups) in the course of fire
fighting
