RETETRA3
Security research into TETRA standard
Terrestrial Trunked Radio (TETRA) is a European standard for trunked radio used globally by government agencies, emergency services and critical infrastructure. Apart from most European police agencies (such as BOSNET in Germany or RAKEL in Sweden), military operators and emergency services, TETRA is also widely used for SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities.
Through prior research we have extracted the secret cryptographic functions underpinning TETRA security and made them available for public scrutiny. We were able to present the first public in-depth security analysis of TETRA, uncovering five vulnerabilities including a backdoor (https://midnightblue.nl/tetraburst). We contributed various improvements and bugfixes to the open-source osmocom-tetra stack, as well as adding support for cryptography to the suite.
In this new project there are two main components. One is a continued contribution to the open-source community - developing support for uplink demodulation/decoding and message parsing and implementing a stack able to monitor both downlink and uplink traffic simultaneously, as well as working towards FOSS TETRA base station functionality.
The second part of the project involves further security research on TETRA. We plan to investigate the obscure TETRA End-to-End Encryption (E2EE), an optional proprietary solution on top of the TETRA standard that is used in the most sensitive of use cases for TETRA networks, and provide a security analysis as well as a FOSS implementation. This research should shed light on its suitability for mitigating the previously uncovered security issues.
Also, we will dig deeper into the security of TETRA as a whole, with a special focus on message injection vulnerabilities. We aim to provide definitive insight in to which extent adversaries are able to compromise confidentiality and integrity (particularly important when TETRA is used in critical infrastructure) of TETRA traffic, and which mitigations can be considered in order to be able to use TETRA securely and safely.
- The project's own website: https://midnightblue.nl/retetra
This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.
