Issue2 MOD 05 166 Crypto Management Tools

sepura
Overview of the
Sepura Crypto Management Tools

MOD-05-166

PRODUCT BULLETIN

SEPURA LIMITED 2006

MOD-05-166
sepura
14th J uly 2006 Page 2 of 19 Overview of the Sepura Crypto
Management Tools.

Company confidential
Sepura Limited 2005

Contents

INTRODUCTION ............................................................................................. 4
CRYPTO MANAGEMENT CENTRE FUNCTIONALITY ................................. 5
FEATURES...................................................................................................... 8
Standards ................................................................................................................................. 8
Encryption Algorithms Supported......................................................................................... 8
Use on various TETRA SwMIs................................................................................................ 8
Security of Crypto Management Centre................................................................................ 8
CMC USER INTERFACE ................................................................................ 9
CMC IN OPERATION. ................................................................................... 10
LANGUAGE SUPPORT................................................................................ 12
CONFIGURATION FILE................................................................................ 13
CMC Sizing ............................................................................................................................. 13
Group or individual Addressing........................................................................................... 13
Message retry mechanism.................................................................................................... 13
END TO END ENCRYPTION KEYS.............................................................. 14
Traffic Encryption Keys (TEK).............................................................................................. 14
Key Encryption Key (KEK).................................................................................................... 14
Signalling Encryption Key (SEK) ......................................................................................... 14
Group Encryption Key (GEK) ............................................................................................... 14
SEPURA CRYPTO - DELIVERY TOOL (CDT) ............................................. 15
OPERATIONAL PROCEDURE..................................................................... 16
MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

Generation of the E2EE Data................................................................................................ 16
Provisioning the Crypto Delivery Tool (CDT). .................................................................... 16
Programming the Terminals................................................................................................. 17
RELATED INFORMATION............................................................................ 18
Analysis Tool ......................................................................................................................... 18
Data Leads.............................................................................................................................. 18
NOTICE ......................................................................................................... 19
Contact Details....................................................................................................................... 19

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

INTRODUCTION

This document describes the Sepura Crypto Management Tools used for the generation,
management and distribution of the End to End Encryption (E2EE) material.
The Sepura tools are known as the Crypto Management Centre (CMC) and the Crypto
Delivery Tool (CDT). Both tools follow the Recommendations of the TETRA MoU Security and
Fraud Protection Group.
The CMC allows the User to manage the End-to-End security functionality of their fleet of
Sepura radio terminals from a central point with a minimum of skilled management time.
The CMC brings the added benefit of electronic audit and the ability to quickly manage any
security compromise by deleting the keys of lost or stolen terminals and by changing the keys
of the remaining radio population.
The document also describes a typical operational scenario by which the E2EE keys and
associated parameters are generated and distributed into the Sepura handheld, covert and
mobile terminals.
Sepura Crypto
Management
Centre (CMC)
Sepura Crypto
Delivery Tool
(CDT)
Sepura radio
terminals
Data Cable
File transfer
The relationship between the Sepura Crypto Management Tools and radio terminals.
OTAK
Messaging

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

CRYPTO MANAGEMENT CENTRE
FUNCTIONALITY

The Crypto Management Centre (CMC) supports the following functional areas :-

(i) Database of E2EE material.

The CMC database allows the User to manage the following relationships:-

Assignment of the unique Key Encryption Key (KEK) to each individual radio
subscriber (ISSI).

Assignment of radio subscribers to the User Groups.

Assignment of Traffic keys (TEKs) to the Crypto Groups.

Association of Crypto Groups to User Groups.

This information is securely held within a database encrypted with the AES-128 algorithm.
The encrypted database can be exported to an external storage media and for resilience
Sepura recommend that this information should be regularly backed up.

Certain fleet information, such as the individual (ISSI) and group (GSSI) TETRA identities of
the radio subscribers, can be imported from the Sepura Radio Manager.

(ii) Generation of the Keys.
The E2EE management Keys, the Key encryption Key (KEK) and Signalling Encryption Key
(SEK) and the traffic keys (TEKs), can be generated using the integrated FIPS 140-2
compliant random number generator.
The length of the Traffic Key (stated in Bits) is subject to export control regulations and hence
the CMC will be factory configured to support 128, 64 or 56 bit key lengths.
The management keys (KEK and SEK) have a fixed length of 128 bits.

(iii) Import of externally generated Keys material
Externally generated sealed and unsealed Crypto keys and associated fields can be imported
from the appropriate security authorities in an SFPG Rec01 format with appropriate Info code.
E2EE Keys may also be manually entered via the CMC keyboard however this mechanism is
only recommended for training purposes.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

(iv) Management of the E2E Key Lifecycle
Both Automatic and Manual update of Keys and Crypto Group Associations are supported by
the CMC.
The time period for Key update is user selectable in units of days, months or a specific Day
within a month. The CMC operator may also initiate an immediate key download to a radio
terminal or User Group perhaps for a special operation.
The OTAK download process is acknowledged and the CMC is aware of the percentage of
the radio terminals which have successfully downloaded the new keys. This figure is also at
the key changeover point e.g. greater than 80% have received the download, before the new
key is activated

(v) Over The Air Key Management (OTAK) using SDS messaging.

The CMC send SDS based OTAK messages either via direct connection to the TETRA
Network or wirelessly via the data port of a Sepura terminal.

The OTAK message structure is defined in section 8.7 of SFPG Rec 02 (edition 4).and the
message types are described in the points below.

Response to a Power Up or Registration message from a radio terminal, the
CMC will search the database and download any keys and associations as
required.

Download of the Signalling Key (SEK) and Traffic Key (TEK) to the radio terminal.

Association_Set message and response to Association_Ack message

Activation of the Traffic Keys.

Deletion of both individual and groups of Traffic Keys.

Stun and Kill including response to MS generated Stun_Kill_Ack which indicates
that the User has local disabled the radio terminal.

Sepura radio terminals exchange individual E2EE Key management messages with a defined
CMC (the individual identity (ISSI) of the CMC must be pre-configured in the terminal(s)).
Receipt of a message from an unknown CMC will be considered invalid by the radio terminal.

All OTAK messages are protected by encryption with the Signalling Encryption Key (SEK)
(apart from the message delivering the SEK) and all keys within OTAK messages are
protected by encryption with the Key Encryption Key (KEK).

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

(vi) Export Key material to the Sepura Crypto Delivery Tool.

The CMC is able to compile and export files containing the encryption Keys and Crypto-
group associations to the Sepura Crypto Delivery Tool (CDT).

(vii) Event Logging

For audit purposes every Event is logged and archived on a daily basis with a new folder
produced every month. Event logs are time stamped and read only.

Reports will be provided to (1) indicate when each radio terminal contacted the CMC and its
key currency, and (2) of all actions undertaken by CMC Users and Super Users.
The reports are available to an Administrator level User only and may be exported in .csv and
.txt file formats.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

FEATURES
STANDARDS

The CMC conforms fully to SFPG Recommendation 02 (Edition 4).
ENCRYPTION ALGORITHMS SUPPORTED

Initially the CMC will support the AES-128 algorithm however it is expected that other
algorithms will become available in future software releases.
Export control regulations will determine which algorithms may be supplied and also the
permitted length of the Traffic Keys (stated in Bits). For UK and Western European
operations, 128 bit keys will typically be used however 56 and 64 bit keys are also supported.
USE ON VARIOUS TETRA SWMIS.

The CMC will typically interface to the Short Data Service router of the TETRA SwMI.
It is intended that the CMC will operate on the TETRA systems of different manufacturers
assuming that appropriate interface details are made available to Sepura. This solution is
aimed at the E2EE management of larger fleets of Users.

As an alternative the CMC will also support the transmission and reception of SDS based
OTAK messages via the PEI interface of a dedicated Sepura mobile radio terminal.
This solution is aimed at the E2EE Key management of smaller fleets of Users.
SECURITY OF CRYPTO MANAGEMENT CENTRE

Sepura recommend that the CMC operates on a machine dedicated to Crypto Management
and physically located in a secure environment.

The CMC protects the E2EE Key material by storing the Keys in a database which is
encrypted using a Master Key.

The CMC is responsible for the generation, application and change of the Master Key used by
the encrypted database.
The encrypted database may be saved and backed up onto an external storage media. To
import this to another CMC machine the Master Key must also be loaded.
MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

CMC USER INTERFACE

The tasks and permissions of the CMC are distributed across 3 levels. Each level has access
control and a CMC User must enter a valid alphanumeric Password (at least 9 characters in
length) to gain access to specific tasks and when moving between the levels.

The 3 categories of User are (1) the Administrator, (2) the Super User and (3) the Key
Delivery User.

Administrator
The Administrator has access to all User functions, can create Super User accounts.
E2EE Key Management is a continuous process and hence the CMC can be set to
execute its core Key Management tasks even if no one is logged on. An Administrator
level permission is needed to exit the program.

The three methods of Key generation may be enabled or disabled according to local
security rules in Administrator level set up.

Super User
The Super User is permitted to set up and delete Key Delivery User accounts, perform a
KILL terminal function, change the subscriber membership of the different User Groups,
define the periodicity of key change and manually load a new database Master key.

Key Delivery User
The Key Delivery User is able to operate the CMC, perform a STUN terminal function,
Initiate an E2E key download to the selected terminals and run the audit analysis reports.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

CMC IN OPERATION.

The figure above is the main CMC screen and is an example of the look and feel of the
Sepura Crypto Management Tools.
The User interface largely consists of Definition Windows and Event Windows.

A Definition Window allows the CMC User to manage the membership of the various
groupings such as User Groups and Crypto Groups. The User is typically able to select from
lists and then drag and drop to populate the new grouping.

An Event Window shows the progress of an E2EE event such as a Key Change.

The Key Change window displays the number of days to the next key change, the number of
radio terminals in each User group that have received the new key and the remaining
numbers of radio terminals that still require the new keys.

The CMC is designed to operate with the minimum of user management.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

The CMC can automatically change the keys to a User Group at intervals pre-determined by
the CMC operator or at the intervention of the CMC operator e.g. after a compromise of a
terminal.

When an E2EE enabled terminal registers on the network, it sends an MS_Signal-Powerup
SDS message to the KMC informing it that is present.
The CMC will then search its database to see if there are any outstanding actions relating to
New key downloads, New key associations, Deletion of key associations or Stun_Kill.
If no action is required, the CMC logs the event and updates the database to show when the
last contact was with this terminal. An acknowledgement is not sent to the terminal to save
system capacity.
If action is required the CMC will send the appropriate Key Management Messages to the
terminal and update its database entry to show this.

The CMC will retry to send the message a configurable number of times over a configurable
time period.
MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

LANGUAGE SUPPORT

The User interface is initially available in English and Dutch with support for other languages
added as the market demands.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

CONFIGURATION FILE

The CMC contains a System Configuration file (controlled by Sepura) which defines the size
of subscriber database and other parameters including a key used to protect the database
storage of the master key, group or individually addressed messaging, the TETRA address of
the CMC and the retry period of the OTAK messages.

CMC SIZING

The CMC may be sized according to customers needs, with the maximum number of
subscribers set to 64000.

The CMC can support up to 8192 User Groups and 4094 Crypto Groups (this number is
defined in SFPG Rec. 02).

GROUP OR INDIVIDUAL ADDRESSING

Some TETRA SwMIs do not support Group addressed SDS messages and so the CMC can
be factory configured to support individual OTAK messaging only or individual and group
messaging as appropriate.

MESSAGE RETRY MECHANISM

The CMC will retry to send the OTAK message a configurable number of times over a
configurable time period.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

END TO END ENCRYPTION KEYS

To maintain security different key types are used to encrypt the user traffic, protect the keys
for OTAK and protect the SDS based key management messages.
TRAFFIC ENCRYPTION KEYS (TEK)

Traffic Keys (TEKs) are used to encrypt the user speech traffic. Three TEKs are held per
Crypto group (Past, Present and Future) to allow asynchronous key changing to groups who
perhaps appear infrequently on the Trunked network.
A terminal selects the Present Traffic key for transmission but is able to receive on any of the
three Traffic key versions associated with the talk-group.
KEY ENCRYPTION KEY (KEK)

Each radio terminal has a unique Key Encryption Key (KEK), which is used to protect the
individually addressed key management messages. The KEK is a long life key and typically
has a life of years although this will depend upon the user security policy.
The CMC maintains a database of all individual terminal identities (ISSIs) and their associated
KEKs.
The KEK must be manually loaded into each radio terminal. This is achieved by exporting a
file of the KEK/ISSI pairs of a number of radio terminals into the Sepura Crypto Delivery Tool
(CDT).
The download to each radio terminal is logged by the CDT and following completion of
loading the response file should be exported to the CMC to confirm that each association has
been successfully made.
SIGNALLING ENCRYPTION KEY (SEK)

The SEK is used to encrypt the SDS based OTAK messages. There is one SEK in the CMC
per User Group
GROUP ENCRYPTION KEY (GEK)

The GEK is not supported by this release of Crypto Management Tools.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

SEPURA CRYPTO - DELIVERY TOOL (CDT)

The Crypto Delivery Tool (CDT) is a software application tool which operates with a standard
desktop or laptop PC. The CDT is able to use the same PC as other Sepura programming
tools such as the Radio Manager or SKMS.

All E2EE material received from the CMC is stored on an encrypted database within the CDT.

Once provisioned with E2EE information from the Sepura CMC, the Crypto Delivery Tool
allows the User to securely and easily carry E2EE material between the various customer
locations and program the material into the radio terminals.

The tasks and permissions of the Crypto Delivery Tool are distributed across 3 levels. Each
level has access control and a User must enter a valid Username and Password to gain
access to specific tasks and move between the levels.

The CDT supports three categories of User, as follows :- (1) the Configuration User,
(2) the Key Management User and (3) the Key Delivery User.

The Configuration User is able to :-

Set the Usernames and Passwords.
Configure the default parameters.

The Key Management User is able to :-

Import of E2EE loading task files from the Crypto Manager Centre (CMC).
Export of E2EE loading response files to the CMC.

The Key Delivery User is able to :-

Select communication port.
Select the key delivery mode which may be either Continuous or Confirmed.

Under Continuous Mode the E2EE material is automatically loaded once the radio terminal
is connected to the CDT tool.

Confirmed Mode requires the User to manually initiate the loading of E2EE data following
display of the connected terminals identity.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

OPERATIONAL PROCEDURE

A typical operational procedure for E2EE material would be as follows :-

GENERATION OF THE E2EE DATA

The User logs onto the Crypto Manager Centre as the Key Manager User and generates the
required E2EE Key information using the onboard random number generator. This includes
the generation of the Management keys (KEKs and SEKs), and the Traffic keys (TEKs).

Once generated the TEKs are each given a unique Identifier (the KEYID) and both the Key
and the KeyId are protected by sealing with the KEK of the terminal which will eventually
receive this key.

The Key Manager User also defines the membership of the Crypto Groups by associating
each Crypto Group with an individual radio User, a range of individual radio Users or a group
of radio Users.

PROVISIONING THE CRYPTO DELIVERY TOOL (CDT).

The E2EE information and Crypto-group data is formed into a number of files. The Key
Delivery User of the CMC is responsible for the selection and download of the appropriate
file to a CDT.

Typically the CDT receives the files when plugged into the CMC however once registered with
the CMC the CDT does not have to be directly connected to the CMC for the E2EE file to be
transferred.
The transfer of the E2EE file could take place via an external storage device such as a
memory stick.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

PROGRAMMING THE TERMINALS

E2EE terminals are programmed in the field by cable connection to the Crypto Delivery Tool.
Please note that the tool programs one terminal at a time.

When logged on as the Key Delivery User and following connection of a terminal, the Crypto
Delivery Tool undertakes the following actions :-

Reads the terminals TETRA identity (ISSI) and E2EE capability parameters from the
radio terminal.

Using the identity (ISSI), checks if there are any E2EE loading tasks pending.

If the E2EE tasks include loading a KEK then this is done first as loading KEK clears
all traffic keys currently held on the radio terminal. The sealed KEK is unsealed just
prior to its transfer to the radio terminal.

All related E2EE Traffic key data is sent to the radio terminal.

Any E2EE Crypto Group data is sent to the radio terminal.

All terminal acknowledgements to the E2EE loading messages are stored by the
Crypto Delivery Tool. This file is exported back to the Crypto Manager Centre and is
used to track the E2EE material loaded in each terminal.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

RELATED INFORMATION

ANALYSIS TOOL

A separate audit program is available (at an additional cost) which performs off line analysis
of the terminal usage patterns based upon the Event and Report logs compiled by the Crypto
Management Centre.

DATA LEADS

The existing Data lead(s) are used to connect the Crypto Delivery Tool to the Sepura mobile,
covert and handheld radios. These are Sepura part numbers 300-00065 and 400-00001
respectively.

MOD-05-166
sepura
Management Tools.

Sepura Limited 2005

NOTICE

All rights reserved. This document may not be reproduced in any form either in part or in
whole without the prior written consent of Sepura Limited, nor may it be edited, duplicated or
distributed using electronic systems.

Company and product names mentioned in this document may be protected under copyright
or patent laws.

The information in this document is subject to change without notice and describes only the
product defined in this document. This document is intended for the use of Sepura Limiteds
customers and/or other parties only for the purposes of the agreement or arrangement under
which this document is submitted, and no part of it may be reproduced or transmitted in any
form or means without the prior written permission of Sepura Limited.

CONTACT DETAILS

Sepura Limited
Radio House
St Andrews Road
Cambridge CB4 1GR
United Kingdom

Web : www.sepura.com
Tel: +44 (0)1223 876000
Fax: +44 (0)1223 879000

Issue2 MOD 05 166 Crypto Management Tools

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Issue2 MOD 05 166 Crypto Management Tools

Transféré par

Droits d'auteur :

Formats disponibles

sepura

Vous aimerez peut-être aussi