SlideShare a Scribd company logo

TETRA Networks Security

Marek Sebera
Marek Sebera

CypherConf 2015 presentation about TETRA Networks

Technology
1 of 26
Download to read offline
TETRA Networks Security Tomáš Suchan, Marek Sebera ITDS Consulting
Schedule ● Introduction ● What is TETRA ● Who does use TETRA ● Security options ● Dangerous decisions ● Demo ● Q & A
Introduction - ITDS Consulting ● Tomáš Suchan, Marek Sebera ● Based in Prague ● https://www.itds-consulting.cz ● TETRA, GSM, TETRAPOL, DMR ● TETRA Toolkit - Monitoring and forensic tool ● GSM Toolkit - Mobile networks security tool
What is TETRA ● TErrestrial Trunked RAdio ● Designed by ETSI since 1990 ● Mission-Critical Digital Radio System ● Private / Professional Mobile Radio (PMR) ● DAMM, Sepura, Rohde & Schwarz, EADS, Motorola, … ● Transport, Airports, Police/Fire/Ambulance, Army, … ● SCADA systems (nuclear plants, power stations, …)
WORLD TETRA USAGE
TETRA - Czech Republic Praha, Brno, Liberec, České Budějovice, Chemopetrol Litvínov, Hyundai Nošovice, Pardubice, Přerov, ... Radio Band: 410MHz - 430MHz
Slovak Republic ● TETRAPOL ● Project: SITNO - Ministerstvo Vnútra SK ● Built in years 1999 - 2008 ● Working since 2008 ● Firefighters, Police, Customs, 112 Emergerency
Disclaimer ● Properly secured TETRA network is hard to crack ● We’re talking about unsecured or badly secured networks
TETRA Network Security ● Transport Air-Interface encryption ● SwMI (Infrastructure) Restrict MS by TEI + ISSI combo ● Application End-to-End transport encryption
Attacks on TETRA
Missing Air-Interface Encryption We can: ● Read text / binary data (SDS) ● Decode voice transports (even Group Calls) ● Map network structure ● Identify users, clients, applications ● Intercept (MITM) communication ● Fake both directions of data transport
No Air-Interface Encr. , TEI + ISSI registration restricted We can still do everything, it’s just bit harder :-)
Missing Air-Interface Encryption, added E2E encryption ● Correlate communication groups ● Map infrastructure ● Scan / Penetrate application endpoints ● Communication fuzzing and DoS attacks
Only Air-Interface encrypted ● Obtain auth key for network ● ??? ● PROFIT
Only Air-Interface encrypted (ver 2) ● Build 80-bit TEA (symmetric stream cipher) cracker ● Obtain auth key for network ● ??? ● PROFIT
Recommendation ● Encrypt Air-Interface ● Use End-to-End encryption ● Don’t skimp on security
Tetra Toolkit ® ITDS Consulting ● Requirements ○ 4-core 2.5GHz computer, 8GB DDR3 ○ RTL-SDR USB dongle ○ Linux OS ● Attack time < few minutes ● Decode voice, text and data communication ● Map infrastructure,
Attack Demo
Thanks to our Partners
Questions & Answers
TETRA Networks Security Thank you !

Recommended

Tetra\Tetra
Tetra\TetraTetra\Tetra
Tetra\TetraDeepak Sharma
 
India2009 Dowling
India2009 DowlingIndia2009 Dowling
India2009 DowlingDeepak Sharma
 
Direct Mode - Introduction to TETRA
Direct Mode - Introduction to TETRADirect Mode - Introduction to TETRA
Direct Mode - Introduction to TETRALeonardo
 
Lecture 10
Lecture 10Lecture 10
Lecture 10Joe Christensen
 
A glance over cellular Communication systems and BSS network equipment
A glance over cellular Communication systems and BSS network equipmentA glance over cellular Communication systems and BSS network equipment
A glance over cellular Communication systems and BSS network equipmentAhmed Nabeeh
 
Gigabit ethernet by jitendra kumar
Gigabit ethernet by jitendra kumarGigabit ethernet by jitendra kumar
Gigabit ethernet by jitendra kumarRoop Singh Meena
 
LTE Fundamentals Training and Certification by TELCOMA Global
LTE Fundamentals Training and Certification by TELCOMA GlobalLTE Fundamentals Training and Certification by TELCOMA Global
LTE Fundamentals Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Codan 8800 Presentation Overview
Codan 8800 Presentation OverviewCodan 8800 Presentation Overview
Codan 8800 Presentation Overviewgueste402ad
 

Recommended

Tetra\Tetra
Tetra\TetraTetra\Tetra
Tetra\TetraDeepak Sharma
 
India2009 Dowling
India2009 DowlingIndia2009 Dowling
India2009 DowlingDeepak Sharma
 
Direct Mode - Introduction to TETRA
Direct Mode - Introduction to TETRADirect Mode - Introduction to TETRA
Direct Mode - Introduction to TETRALeonardo
 
Lecture 10
Lecture 10Lecture 10
Lecture 10Joe Christensen
 
A glance over cellular Communication systems and BSS network equipment
A glance over cellular Communication systems and BSS network equipmentA glance over cellular Communication systems and BSS network equipment
A glance over cellular Communication systems and BSS network equipmentAhmed Nabeeh
 
Gigabit ethernet by jitendra kumar
Gigabit ethernet by jitendra kumarGigabit ethernet by jitendra kumar
Gigabit ethernet by jitendra kumarRoop Singh Meena
 
LTE Fundamentals Training and Certification by TELCOMA Global
LTE Fundamentals Training and Certification by TELCOMA GlobalLTE Fundamentals Training and Certification by TELCOMA Global
LTE Fundamentals Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Codan 8800 Presentation Overview
Codan 8800 Presentation OverviewCodan 8800 Presentation Overview
Codan 8800 Presentation Overviewgueste402ad
 
Basics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONBasics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONSyed Shujat Ali
 
Huawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyHuawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyAdrian Hall
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-aWaheed Ali
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraWahli Nurdin
 
Huawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceHuawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceSayed Qaisar Shah
 
Nokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetNokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetRaafat younis
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Gratien Niyitegeka
 
Fttx arcitectures
Fttx arcitecturesFttx arcitectures
Fttx arcitecturesKomkrit Narksap
 
Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051moussaCoulibaly22
 
Gpon the technology --rev 1
Gpon the technology --rev 1Gpon the technology --rev 1
Gpon the technology --rev 1guerrid
 
3GPP RAN progress on “5G”
3GPP RAN progress on “5G”3GPP RAN progress on “5G”
3GPP RAN progress on “5G”Nitin Gupta
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1mohameddawood35
 
Evoluation from 1 g to 4g
Evoluation from 1 g to 4gEvoluation from 1 g to 4g
Evoluation from 1 g to 4gAbubakar Abdillahi
 
Basics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksBasics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksAtif Mahmood
 
GPON-FTTx Training
GPON-FTTx TrainingGPON-FTTx Training
GPON-FTTx TrainingAzhar Khuwaja
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS SecuritySohaib Altaf
 
Introduction to lte
Introduction to lteIntroduction to lte
Introduction to lteSaddam Husain
 
5 g nr (new radio)overview
5 g nr (new radio)overview5 g nr (new radio)overview
5 g nr (new radio)overviewBraj Kishor
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structureibrahimnabil17
 
Tetra Ppt 6604 Edited
Tetra Ppt 6604 EditedTetra Ppt 6604 Edited
Tetra Ppt 6604 Editedmamach4
 
Tetra World Congress 2012
Tetra World Congress 2012Tetra World Congress 2012
Tetra World Congress 2012ADGP, Public Grivences, Bangalore
 

More Related Content

What's hot

Basics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONBasics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONSyed Shujat Ali
 
Huawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyHuawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyAdrian Hall
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-aWaheed Ali
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraWahli Nurdin
 
Huawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceHuawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceSayed Qaisar Shah
 
Nokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetNokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetRaafat younis
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Gratien Niyitegeka
 
Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051moussaCoulibaly22
 
Gpon the technology --rev 1
Gpon the technology --rev 1Gpon the technology --rev 1
Gpon the technology --rev 1guerrid
 
3GPP RAN progress on “5G”
3GPP RAN progress on “5G”3GPP RAN progress on “5G”
3GPP RAN progress on “5G”Nitin Gupta
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1mohameddawood35
 
Basics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksBasics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksAtif Mahmood
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS SecuritySohaib Altaf
 
5 g nr (new radio)overview
5 g nr (new radio)overview5 g nr (new radio)overview
5 g nr (new radio)overviewBraj Kishor
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structureibrahimnabil17
 

What's hot (20)

Basics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONBasics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPON
 
Huawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyHuawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band Technology
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetra
 
Huawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceHuawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glance
 
Nokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetNokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheet
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
 
Fttx arcitectures
Fttx arcitecturesFttx arcitectures
Fttx arcitectures
 
Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051
 
Gpon the technology --rev 1
Gpon the technology --rev 1Gpon the technology --rev 1
Gpon the technology --rev 1
 
3GPP RAN progress on “5G”
3GPP RAN progress on “5G”3GPP RAN progress on “5G”
3GPP RAN progress on “5G”
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA Global
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1
 
Evoluation from 1 g to 4g
Evoluation from 1 g to 4gEvoluation from 1 g to 4g
Evoluation from 1 g to 4g
 
Basics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksBasics Of Minilink Microwave Networks
Basics Of Minilink Microwave Networks
 
GPON-FTTx Training
GPON-FTTx TrainingGPON-FTTx Training
GPON-FTTx Training
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS Security
 
Introduction to lte
Introduction to lteIntroduction to lte
Introduction to lte
 
5 g nr (new radio)overview
5 g nr (new radio)overview5 g nr (new radio)overview
5 g nr (new radio)overview
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structure
 

Viewers also liked

Tetra Ppt 6604 Edited
Tetra Ppt 6604 EditedTetra Ppt 6604 Edited
Tetra Ppt 6604 Editedmamach4
 
The value of communication networks in a public safety environment
The value of communication networks in a public safety environmentThe value of communication networks in a public safety environment
The value of communication networks in a public safety environmentComms Connect
 
India2009 Subodh Vardhan
India2009 Subodh VardhanIndia2009 Subodh Vardhan
India2009 Subodh VardhanDeepak Sharma
 
Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol reviewFabio Pietrosanti
 

Viewers also liked (8)

Tetra Ppt 6604 Edited
Tetra Ppt 6604 EditedTetra Ppt 6604 Edited
Tetra Ppt 6604 Edited
 
Tetra World Congress 2012
Tetra World Congress 2012Tetra World Congress 2012
Tetra World Congress 2012
 
Tetraquickguide
TetraquickguideTetraquickguide
Tetraquickguide
 
The value of communication networks in a public safety environment
The value of communication networks in a public safety environmentThe value of communication networks in a public safety environment
The value of communication networks in a public safety environment
 
India2009 Subodh Vardhan
India2009 Subodh VardhanIndia2009 Subodh Vardhan
India2009 Subodh Vardhan
 
Tetra Series Product
Tetra Series ProductTetra Series Product
Tetra Series Product
 
Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol review
 
Tetra pak
Tetra pakTetra pak
Tetra pak
 

Similar to TETRA Networks Security

festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2016
 
Far South Networks - an introduction
Far South Networks - an introductionFar South Networks - an introduction
Far South Networks - an introductionClarotech_Events
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017Jian-Hong Pan
 
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...netbiter
 
SMEC ICT Business Division
SMEC ICT Business DivisionSMEC ICT Business Division
SMEC ICT Business DivisionHarry Sohn
 
4G to 5G: New Attacks
4G to 5G: New Attacks4G to 5G: New Attacks
4G to 5G: New Attacks3G4G
 
Edge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacksEdge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacks1GV20CS058Shivaraj
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraVasco Macaringue
 
Internet of Things (IoT) Intro
Internet of Things (IoT) IntroInternet of Things (IoT) Intro
Internet of Things (IoT) IntroAnna Gerber
 
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdfVivi Gusti Anggraini
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterEnergySec
 
CONPROSYS Product Training(Taiwan)
CONPROSYS Product Training(Taiwan)CONPROSYS Product Training(Taiwan)
CONPROSYS Product Training(Taiwan)Jimmy Hsu
 
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdfSCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdfGobinathAECEJRF1101
 
MTXM2M wireless modems for M2M and IoT applications
MTXM2M wireless modems for M2M and IoT applicationsMTXM2M wireless modems for M2M and IoT applications
MTXM2M wireless modems for M2M and IoT applicationsJesus Santos
 
India06 1 P Godfrey Market
India06 1 P Godfrey MarketIndia06 1 P Godfrey Market
India06 1 P Godfrey Marketguest0032c3
 
TAINET Product Overview 2016
TAINET Product Overview 2016TAINET Product Overview 2016
TAINET Product Overview 2016TAINET
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different thingsVOIP2DAY
 

Similar to TETRA Networks Security (20)

festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
 
Far South Networks - an introduction
Far South Networks - an introductionFar South Networks - an introduction
Far South Networks - an introduction
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
 
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
 
SMEC ICT Business Division
SMEC ICT Business DivisionSMEC ICT Business Division
SMEC ICT Business Division
 
4G to 5G: New Attacks
4G to 5G: New Attacks4G to 5G: New Attacks
4G to 5G: New Attacks
 
Edge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacksEdge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacks
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetra
 
Internet of Things (IoT) Intro
Internet of Things (IoT) IntroInternet of Things (IoT) Intro
Internet of Things (IoT) Intro
 
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
 
Lecture 04(TS).pdf
Lecture 04(TS).pdfLecture 04(TS).pdf
Lecture 04(TS).pdf
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart Meter
 
Week11
Week11Week11
Week11
 
CONPROSYS Product Training(Taiwan)
CONPROSYS Product Training(Taiwan)CONPROSYS Product Training(Taiwan)
CONPROSYS Product Training(Taiwan)
 
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdfSCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
 
MTXM2M wireless modems for M2M and IoT applications
MTXM2M wireless modems for M2M and IoT applicationsMTXM2M wireless modems for M2M and IoT applications
MTXM2M wireless modems for M2M and IoT applications
 
India06 1 P Godfrey Market
India06 1 P Godfrey MarketIndia06 1 P Godfrey Market
India06 1 P Godfrey Market
 
TAINET Product Overview 2016
TAINET Product Overview 2016TAINET Product Overview 2016
TAINET Product Overview 2016
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things
 

Recently uploaded

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Recently uploaded (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

TETRA Networks Security

  • 1. TETRA Networks Security Tomáš Suchan, Marek Sebera ITDS Consulting
  • 2. Schedule ● Introduction ● What is TETRA ● Who does use TETRA ● Security options ● Dangerous decisions ● Demo ● Q & A
  • 3. Introduction - ITDS Consulting ● Tomáš Suchan, Marek Sebera ● Based in Prague ● https://www.itds-consulting.cz ● TETRA, GSM, TETRAPOL, DMR ● TETRA Toolkit - Monitoring and forensic tool ● GSM Toolkit - Mobile networks security tool
  • 4. What is TETRA ● TErrestrial Trunked RAdio ● Designed by ETSI since 1990 ● Mission-Critical Digital Radio System ● Private / Professional Mobile Radio (PMR) ● DAMM, Sepura, Rohde & Schwarz, EADS, Motorola, … ● Transport, Airports, Police/Fire/Ambulance, Army, … ● SCADA systems (nuclear plants, power stations, …)
  • 5.
  • 6.
  • 8. TETRA - Czech Republic Praha, Brno, Liberec, České Budějovice, Chemopetrol Litvínov, Hyundai Nošovice, Pardubice, Přerov, ... Radio Band: 410MHz - 430MHz
  • 9. Slovak Republic ● TETRAPOL ● Project: SITNO - Ministerstvo Vnútra SK ● Built in years 1999 - 2008 ● Working since 2008 ● Firefighters, Police, Customs, 112 Emergerency
  • 10. Disclaimer ● Properly secured TETRA network is hard to crack ● We’re talking about unsecured or badly secured networks
  • 11. TETRA Network Security ● Transport Air-Interface encryption ● SwMI (Infrastructure) Restrict MS by TEI + ISSI combo ● Application End-to-End transport encryption
  • 13. Missing Air-Interface Encryption We can: ● Read text / binary data (SDS) ● Decode voice transports (even Group Calls) ● Map network structure ● Identify users, clients, applications ● Intercept (MITM) communication ● Fake both directions of data transport
  • 14. No Air-Interface Encr. , TEI + ISSI registration restricted We can still do everything, it’s just bit harder :-)
  • 15. Missing Air-Interface Encryption, added E2E encryption ● Correlate communication groups ● Map infrastructure ● Scan / Penetrate application endpoints ● Communication fuzzing and DoS attacks
  • 16. Only Air-Interface encrypted ● Obtain auth key for network ● ??? ● PROFIT
  • 17. Only Air-Interface encrypted (ver 2) ● Build 80-bit TEA (symmetric stream cipher) cracker ● Obtain auth key for network ● ??? ● PROFIT
  • 18. Recommendation ● Encrypt Air-Interface ● Use End-to-End encryption ● Don’t skimp on security
  • 19. Tetra Toolkit ® ITDS Consulting ● Requirements ○ 4-core 2.5GHz computer, 8GB DDR3 ○ RTL-SDR USB dongle ○ Linux OS ● Attack time < few minutes ● Decode voice, text and data communication ● Map infrastructure,
  • 21. Thanks to our Partners
  • 22.
  • 23.
  • 24.