SlideShare a Scribd company logo

TETRA Networks Security

Marek Sebera
Marek Sebera

CypherConf 2015 presentation about TETRA Networks

Technology
1 of 26
Download to read offline
TETRA Networks Security Tomáš Suchan, Marek Sebera ITDS Consulting
Schedule ● Introduction ● What is TETRA ● Who does use TETRA ● Security options ● Dangerous decisions ● Demo ● Q & A
Introduction - ITDS Consulting ● Tomáš Suchan, Marek Sebera ● Based in Prague ● https://www.itds-consulting.cz ● TETRA, GSM, TETRAPOL, DMR ● TETRA Toolkit - Monitoring and forensic tool ● GSM Toolkit - Mobile networks security tool
What is TETRA ● TErrestrial Trunked RAdio ● Designed by ETSI since 1990 ● Mission-Critical Digital Radio System ● Private / Professional Mobile Radio (PMR) ● DAMM, Sepura, Rohde & Schwarz, EADS, Motorola, … ● Transport, Airports, Police/Fire/Ambulance, Army, … ● SCADA systems (nuclear plants, power stations, …)
WORLD TETRA USAGE
TETRA - Czech Republic Praha, Brno, Liberec, České Budějovice, Chemopetrol Litvínov, Hyundai Nošovice, Pardubice, Přerov, ... Radio Band: 410MHz - 430MHz
Slovak Republic ● TETRAPOL ● Project: SITNO - Ministerstvo Vnútra SK ● Built in years 1999 - 2008 ● Working since 2008 ● Firefighters, Police, Customs, 112 Emergerency
Disclaimer ● Properly secured TETRA network is hard to crack ● We’re talking about unsecured or badly secured networks
TETRA Network Security ● Transport Air-Interface encryption ● SwMI (Infrastructure) Restrict MS by TEI + ISSI combo ● Application End-to-End transport encryption
Attacks on TETRA
Missing Air-Interface Encryption We can: ● Read text / binary data (SDS) ● Decode voice transports (even Group Calls) ● Map network structure ● Identify users, clients, applications ● Intercept (MITM) communication ● Fake both directions of data transport
No Air-Interface Encr. , TEI + ISSI registration restricted We can still do everything, it’s just bit harder :-)
Missing Air-Interface Encryption, added E2E encryption ● Correlate communication groups ● Map infrastructure ● Scan / Penetrate application endpoints ● Communication fuzzing and DoS attacks
Only Air-Interface encrypted ● Obtain auth key for network ● ??? ● PROFIT
Only Air-Interface encrypted (ver 2) ● Build 80-bit TEA (symmetric stream cipher) cracker ● Obtain auth key for network ● ??? ● PROFIT
Recommendation ● Encrypt Air-Interface ● Use End-to-End encryption ● Don’t skimp on security
Tetra Toolkit ® ITDS Consulting ● Requirements ○ 4-core 2.5GHz computer, 8GB DDR3 ○ RTL-SDR USB dongle ○ Linux OS ● Attack time < few minutes ● Decode voice, text and data communication ● Map infrastructure,
Attack Demo
Thanks to our Partners
Questions & Answers
TETRA Networks Security Thank you !

Recommended

Tetra\Tetra
Tetra\TetraTetra\Tetra
Tetra\TetraDeepak Sharma
 
India2009 Dowling
India2009 DowlingIndia2009 Dowling
India2009 DowlingDeepak Sharma
 
Direct Mode - Introduction to TETRA
Direct Mode - Introduction to TETRADirect Mode - Introduction to TETRA
Direct Mode - Introduction to TETRALeonardo
 
Lecture 10
Lecture 10Lecture 10
Lecture 10Joe Christensen
 
A glance over cellular Communication systems and BSS network equipment
A glance over cellular Communication systems and BSS network equipmentA glance over cellular Communication systems and BSS network equipment
A glance over cellular Communication systems and BSS network equipmentAhmed Nabeeh
 
Gigabit ethernet by jitendra kumar
Gigabit ethernet by jitendra kumarGigabit ethernet by jitendra kumar
Gigabit ethernet by jitendra kumarRoop Singh Meena
 
LTE Fundamentals Training and Certification by TELCOMA Global
LTE Fundamentals Training and Certification by TELCOMA GlobalLTE Fundamentals Training and Certification by TELCOMA Global
LTE Fundamentals Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Codan 8800 Presentation Overview
Codan 8800 Presentation OverviewCodan 8800 Presentation Overview
Codan 8800 Presentation Overviewgueste402ad
 

Recommended

Tetra\Tetra
Tetra\TetraTetra\Tetra
Tetra\TetraDeepak Sharma
 
India2009 Dowling
India2009 DowlingIndia2009 Dowling
India2009 DowlingDeepak Sharma
 
Direct Mode - Introduction to TETRA
Direct Mode - Introduction to TETRADirect Mode - Introduction to TETRA
Direct Mode - Introduction to TETRALeonardo
 
Lecture 10
Lecture 10Lecture 10
Lecture 10Joe Christensen
 
A glance over cellular Communication systems and BSS network equipment
A glance over cellular Communication systems and BSS network equipmentA glance over cellular Communication systems and BSS network equipment
A glance over cellular Communication systems and BSS network equipmentAhmed Nabeeh
 
Gigabit ethernet by jitendra kumar
Gigabit ethernet by jitendra kumarGigabit ethernet by jitendra kumar
Gigabit ethernet by jitendra kumarRoop Singh Meena
 
LTE Fundamentals Training and Certification by TELCOMA Global
LTE Fundamentals Training and Certification by TELCOMA GlobalLTE Fundamentals Training and Certification by TELCOMA Global
LTE Fundamentals Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Codan 8800 Presentation Overview
Codan 8800 Presentation OverviewCodan 8800 Presentation Overview
Codan 8800 Presentation Overviewgueste402ad
 
Basics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONBasics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONSyed Shujat Ali
 
Huawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyHuawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyAdrian Hall
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-aWaheed Ali
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraWahli Nurdin
 
Huawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceHuawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceSayed Qaisar Shah
 
Nokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetNokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetRaafat younis
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Gratien Niyitegeka
 
Fttx arcitectures
Fttx arcitecturesFttx arcitectures
Fttx arcitecturesKomkrit Narksap
 
Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051moussaCoulibaly22
 
Gpon the technology --rev 1
Gpon the technology --rev 1Gpon the technology --rev 1
Gpon the technology --rev 1guerrid
 
3GPP RAN progress on “5G”
3GPP RAN progress on “5G”3GPP RAN progress on “5G”
3GPP RAN progress on “5G”Nitin Gupta
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1mohameddawood35
 
Evoluation from 1 g to 4g
Evoluation from 1 g to 4gEvoluation from 1 g to 4g
Evoluation from 1 g to 4gAbubakar Abdillahi
 
Basics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksBasics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksAtif Mahmood
 
GPON-FTTx Training
GPON-FTTx TrainingGPON-FTTx Training
GPON-FTTx TrainingAzhar Khuwaja
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS SecuritySohaib Altaf
 
Introduction to lte
Introduction to lteIntroduction to lte
Introduction to lteSaddam Husain
 
5 g nr (new radio)overview
5 g nr (new radio)overview5 g nr (new radio)overview
5 g nr (new radio)overviewBraj Kishor
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structureibrahimnabil17
 
Tetra Ppt 6604 Edited
Tetra Ppt 6604 EditedTetra Ppt 6604 Edited
Tetra Ppt 6604 Editedmamach4
 
Tetra World Congress 2012
Tetra World Congress 2012Tetra World Congress 2012
Tetra World Congress 2012ADGP, Public Grivences, Bangalore
 

More Related Content

What's hot

Basics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONBasics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONSyed Shujat Ali
 
Huawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyHuawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyAdrian Hall
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-aWaheed Ali
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraWahli Nurdin
 
Huawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceHuawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceSayed Qaisar Shah
 
Nokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetNokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetRaafat younis
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Gratien Niyitegeka
 
Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051moussaCoulibaly22
 
Gpon the technology --rev 1
Gpon the technology --rev 1Gpon the technology --rev 1
Gpon the technology --rev 1guerrid
 
3GPP RAN progress on “5G”
3GPP RAN progress on “5G”3GPP RAN progress on “5G”
3GPP RAN progress on “5G”Nitin Gupta
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1mohameddawood35
 
Basics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksBasics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksAtif Mahmood
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS SecuritySohaib Altaf
 
5 g nr (new radio)overview
5 g nr (new radio)overview5 g nr (new radio)overview
5 g nr (new radio)overviewBraj Kishor
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structureibrahimnabil17
 

What's hot (20)

Basics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPONBasics of Optical Network Architecture, PON & GPON
Basics of Optical Network Architecture, PON & GPON
 
Huawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band TechnologyHuawei White Spaces E & V Band Technology
Huawei White Spaces E & V Band Technology
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetra
 
Huawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glanceHuawei OLT Ma5600 & 5608t GPON feature glance
Huawei OLT Ma5600 & 5608t GPON feature glance
 
Nokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheetNokia siemens-networks-flexi-multiradio-base-station-data-sheet
Nokia siemens-networks-flexi-multiradio-base-station-data-sheet
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
 
Fttx arcitectures
Fttx arcitecturesFttx arcitectures
Fttx arcitectures
 
Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051Huaweiumtsnodebconfigurationprinciple 161222082051
Huaweiumtsnodebconfigurationprinciple 161222082051
 
Gpon the technology --rev 1
Gpon the technology --rev 1Gpon the technology --rev 1
Gpon the technology --rev 1
 
3GPP RAN progress on “5G”
3GPP RAN progress on “5G”3GPP RAN progress on “5G”
3GPP RAN progress on “5G”
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA Global
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1
 
Evoluation from 1 g to 4g
Evoluation from 1 g to 4gEvoluation from 1 g to 4g
Evoluation from 1 g to 4g
 
Basics Of Minilink Microwave Networks
Basics Of Minilink Microwave NetworksBasics Of Minilink Microwave Networks
Basics Of Minilink Microwave Networks
 
GPON-FTTx Training
GPON-FTTx TrainingGPON-FTTx Training
GPON-FTTx Training
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS Security
 
Introduction to lte
Introduction to lteIntroduction to lte
Introduction to lte
 
5 g nr (new radio)overview
5 g nr (new radio)overview5 g nr (new radio)overview
5 g nr (new radio)overview
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structure
 

Viewers also liked

Tetra Ppt 6604 Edited
Tetra Ppt 6604 EditedTetra Ppt 6604 Edited
Tetra Ppt 6604 Editedmamach4
 
The value of communication networks in a public safety environment
The value of communication networks in a public safety environmentThe value of communication networks in a public safety environment
The value of communication networks in a public safety environmentComms Connect
 
India2009 Subodh Vardhan
India2009 Subodh VardhanIndia2009 Subodh Vardhan
India2009 Subodh VardhanDeepak Sharma
 
Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol reviewFabio Pietrosanti
 

Viewers also liked (8)

Tetra Ppt 6604 Edited
Tetra Ppt 6604 EditedTetra Ppt 6604 Edited
Tetra Ppt 6604 Edited
 
Tetra World Congress 2012
Tetra World Congress 2012Tetra World Congress 2012
Tetra World Congress 2012
 
Tetraquickguide
TetraquickguideTetraquickguide
Tetraquickguide
 
The value of communication networks in a public safety environment
The value of communication networks in a public safety environmentThe value of communication networks in a public safety environment
The value of communication networks in a public safety environment
 
India2009 Subodh Vardhan
India2009 Subodh VardhanIndia2009 Subodh Vardhan
India2009 Subodh Vardhan
 
Tetra Series Product
Tetra Series ProductTetra Series Product
Tetra Series Product
 
Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol review
 
Tetra pak
Tetra pakTetra pak
Tetra pak
 

Similar to TETRA Networks Security

festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2016
 
Far South Networks - an introduction
Far South Networks - an introductionFar South Networks - an introduction
Far South Networks - an introductionClarotech_Events
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017Jian-Hong Pan
 
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...netbiter
 
SMEC ICT Business Division
SMEC ICT Business DivisionSMEC ICT Business Division
SMEC ICT Business DivisionHarry Sohn
 
4G to 5G: New Attacks
4G to 5G: New Attacks4G to 5G: New Attacks
4G to 5G: New Attacks3G4G
 
Edge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacksEdge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacks1GV20CS058Shivaraj
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraVasco Macaringue
 
Internet of Things (IoT) Intro
Internet of Things (IoT) IntroInternet of Things (IoT) Intro
Internet of Things (IoT) IntroAnna Gerber
 
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdfVivi Gusti Anggraini
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterEnergySec
 
CONPROSYS Product Training(Taiwan)
CONPROSYS Product Training(Taiwan)CONPROSYS Product Training(Taiwan)
CONPROSYS Product Training(Taiwan)Jimmy Hsu
 
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdfSCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdfGobinathAECEJRF1101
 
MTXM2M wireless modems for M2M and IoT applications
MTXM2M wireless modems for M2M and IoT applicationsMTXM2M wireless modems for M2M and IoT applications
MTXM2M wireless modems for M2M and IoT applicationsJesus Santos
 
India06 1 P Godfrey Market
India06 1 P Godfrey MarketIndia06 1 P Godfrey Market
India06 1 P Godfrey Marketguest0032c3
 
TAINET Product Overview 2016
TAINET Product Overview 2016TAINET Product Overview 2016
TAINET Product Overview 2016TAINET
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different thingsVOIP2DAY
 

Similar to TETRA Networks Security (20)

festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
 
Far South Networks - an introduction
Far South Networks - an introductionFar South Networks - an introduction
Far South Networks - an introduction
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
 
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
Netbiter Introduction - Turnkey M2M and Remote Device Management Solutions (I...
 
SMEC ICT Business Division
SMEC ICT Business DivisionSMEC ICT Business Division
SMEC ICT Business Division
 
4G to 5G: New Attacks
4G to 5G: New Attacks4G to 5G: New Attacks
4G to 5G: New Attacks
 
Edge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacksEdge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacks
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
 
Pros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetraPros and cons_of_p25_vs_tetra
Pros and cons_of_p25_vs_tetra
 
Internet of Things (IoT) Intro
Internet of Things (IoT) IntroInternet of Things (IoT) Intro
Internet of Things (IoT) Intro
 
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
4G-IoT-Technical-Perspective-Universitas-Budi-Luhur-New.pdf
 
Lecture 04(TS).pdf
Lecture 04(TS).pdfLecture 04(TS).pdf
Lecture 04(TS).pdf
 
How I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart MeterHow I learned to Stop Worrying and Start Loving the Smart Meter
How I learned to Stop Worrying and Start Loving the Smart Meter
 
Week11
Week11Week11
Week11
 
CONPROSYS Product Training(Taiwan)
CONPROSYS Product Training(Taiwan)CONPROSYS Product Training(Taiwan)
CONPROSYS Product Training(Taiwan)
 
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdfSCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
SCADA-IoT_Ben-Yee-V2-2018-ENTELEC-PowerPoint.pdf
 
MTXM2M wireless modems for M2M and IoT applications
MTXM2M wireless modems for M2M and IoT applicationsMTXM2M wireless modems for M2M and IoT applications
MTXM2M wireless modems for M2M and IoT applications
 
India06 1 P Godfrey Market
India06 1 P Godfrey MarketIndia06 1 P Godfrey Market
India06 1 P Godfrey Market
 
TAINET Product Overview 2016
TAINET Product Overview 2016TAINET Product Overview 2016
TAINET Product Overview 2016
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things
 

Recently uploaded

ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform EngineeringJemma Hussein Allen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsVlad Stirbu
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 

Recently uploaded (20)

ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 

TETRA Networks Security

  • 1. TETRA Networks Security Tomáš Suchan, Marek Sebera ITDS Consulting
  • 2. Schedule ● Introduction ● What is TETRA ● Who does use TETRA ● Security options ● Dangerous decisions ● Demo ● Q & A
  • 3. Introduction - ITDS Consulting ● Tomáš Suchan, Marek Sebera ● Based in Prague ● https://www.itds-consulting.cz ● TETRA, GSM, TETRAPOL, DMR ● TETRA Toolkit - Monitoring and forensic tool ● GSM Toolkit - Mobile networks security tool
  • 4. What is TETRA ● TErrestrial Trunked RAdio ● Designed by ETSI since 1990 ● Mission-Critical Digital Radio System ● Private / Professional Mobile Radio (PMR) ● DAMM, Sepura, Rohde & Schwarz, EADS, Motorola, … ● Transport, Airports, Police/Fire/Ambulance, Army, … ● SCADA systems (nuclear plants, power stations, …)
  • 5.
  • 6.
  • 8. TETRA - Czech Republic Praha, Brno, Liberec, České Budějovice, Chemopetrol Litvínov, Hyundai Nošovice, Pardubice, Přerov, ... Radio Band: 410MHz - 430MHz
  • 9. Slovak Republic ● TETRAPOL ● Project: SITNO - Ministerstvo Vnútra SK ● Built in years 1999 - 2008 ● Working since 2008 ● Firefighters, Police, Customs, 112 Emergerency
  • 10. Disclaimer ● Properly secured TETRA network is hard to crack ● We’re talking about unsecured or badly secured networks
  • 11. TETRA Network Security ● Transport Air-Interface encryption ● SwMI (Infrastructure) Restrict MS by TEI + ISSI combo ● Application End-to-End transport encryption
  • 13. Missing Air-Interface Encryption We can: ● Read text / binary data (SDS) ● Decode voice transports (even Group Calls) ● Map network structure ● Identify users, clients, applications ● Intercept (MITM) communication ● Fake both directions of data transport
  • 14. No Air-Interface Encr. , TEI + ISSI registration restricted We can still do everything, it’s just bit harder :-)
  • 15. Missing Air-Interface Encryption, added E2E encryption ● Correlate communication groups ● Map infrastructure ● Scan / Penetrate application endpoints ● Communication fuzzing and DoS attacks
  • 16. Only Air-Interface encrypted ● Obtain auth key for network ● ??? ● PROFIT
  • 17. Only Air-Interface encrypted (ver 2) ● Build 80-bit TEA (symmetric stream cipher) cracker ● Obtain auth key for network ● ??? ● PROFIT
  • 18. Recommendation ● Encrypt Air-Interface ● Use End-to-End encryption ● Don’t skimp on security
  • 19. Tetra Toolkit ® ITDS Consulting ● Requirements ○ 4-core 2.5GHz computer, 8GB DDR3 ○ RTL-SDR USB dongle ○ Linux OS ● Attack time < few minutes ● Decode voice, text and data communication ● Map infrastructure,
  • 21. Thanks to our Partners
  • 22.
  • 23.
  • 24.