MN004527A01-AG
Chapter 2: Services and Features
2.15.3
Authentication
Authentication establishes a level of a trust between a radio and SwMI. It is a challenge-response
result protocol between two parties based on their common knowledge of a secret key (K) to verify the
identity of each party.
The SwMI Authentication Centre (AuC) provides a single K for authentication, which is shared only with
the radio. The SwMI always initiates Authentication. If set by the service provider, the radio can also
authenticate the SwMI.
2.15.4
Air Interface Encryption
NOTICE: This is a Software Selling Feature.
Enhanced Security consists of Trunked Mode Operation (TMO) Air Interface Encryption class 3G and
DMO class 2.
The radio supports TETRA Air Interface Encryption (AIE) using the standard TETRA public encryption
algorithms, as defined in TETRA Security ETS 300 392-7, TEA1, TEA2, and TEA3. The focus of
cryptography in TETRA is the encryption key. TETRA AIE provides 12 000
TETRA TMO has three classes of encryption:
•
Class 1 – clear (none)
•
Class 2 – static key encryption (SCK)
•
Class 3 – derived key encryption (DCK), sometimes called the dynamic key, the Common Cipher
Key (CCK), and the Group Cipher Key (GCK)
TETRA Direct Mode Operation (DMO) has two classes of encryption: Class 1 and Class 2.
The security features supported in the radio depend on the security mode.
Table 9: Security Features Required Per Security Class
Security Feature
Radio Initiated Authentication
SwMI Initiated Authentication
Mutual Authentication
Over-the-Air Rekeying (OTAR)
SCK AIE
DCK AIE
44
Security
Security
Class 1
Class 2
Not Allowed
Not Allowed
Optional
Optional
Optional
Optional
N/A
Optional
N/A
Mandatory
N/A
N/A
8
key combinations.
Mode
Security
Security
Class 3
Class 3G
Not Allowed
Not Allowed
Mandatory
Mandatory
Optional
Optional
Mandatory
Mandatory
N/A
N/A
Mandatory
Mandatory