ETSI to publish TETRA cryptography algorithms – Security – Networking – Telco/ISP


The secret cryptographic algorithms that underpin TETRA are to be published, in response to a collection of vulnerabilities discovered earlier this year.



The European Telecommunications Standards Institute (ETSI) made the decision this week, saying “we are open to academic research for independent reviews.”

The primitives of all TETRA Air Interface cryptographic algorithms will be made available in the public domain, ETSI said.

In late July, Dutch researchers discovered protocol vulnerabilities that would open TETRA-based radiocommunications systems (often in applications like public safety) to a variety of attacks.

The researchers, from company Midnight Blue, said TETRA messages would be subject to “real-time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymisation, or session key pinning”.

ETSI noted that secrecy of cryptographic algorithms “was common practice in the early 1990s when the original TETRA algorithms were designed.”

“Effective scrutiny of public-domain algorithms allows for any flaws to be uncovered and mitigated before widespread deployment occurs,” ETSI’s announcement states.

The publications will include TETRA’s original air interface cryptographic algorithms (TEA 1, 2, 3 and 4), along with TEA 5 to 7 which were introduced in 2022 to quantum-proof messages.

The TAA1 and TAA2 authentication and key management specifications will also be put into the public domain, ETSI said.



Source link