RETETRA3

Terrestrial Trunked Radio (TETRA) is a European standard for trunked radio used globally by government agencies, emergency services and critical infrastructure. Apart from most European police agencies (such as BOSNET in Germany or RAKEL in Sweden), military operators and emergency services, TETRA is also widely used for SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities. Prior research extracted the secret cryptographic functions underpinning TETRA security and made them available for public scrutiny, resulting in the first public in-depth security analysis of TETRA - uncovering five vulnerabilities including a backdoor. We contributed various improvements and bugfixes to the open-source osmocom-tetra stack, as well as adding support for cryptography.

This new project has two main components: developing support for uplink demodulation/decoding and message parsing and implementing a stack able to monitor both downlink and uplink traffic simultaneously, as well as working towards FOSS TETRA base station functionality. And investigate the obscure TETRA E2EE, an optional proprietary solution on top of the standard used in the most sensitive of use cases for TETRA networks, and provide a security analysis as well as a FOSS implementation. This research should shed light on its suitability for mitigating the previously uncovered security issues. Also, we will dig deeper into the security of TETRA as a whole, with a special focus on message injection vulnerabilities. We aim to provide definitive insight in to which extent adversaries are able to compromise confidentiality and integrity (particularly important when used in critical infrastructure) of traffic, and which mitigations can be considered in order to be able to use TETRA securely and safely.