Browse Prior Art Database

METHOD TO PROTECT ENCRYPTION KEYS THAT ARE DISTRIBUTED WITHIN A X-ZONE INFRASTRUCTURE

IP.com Disclosure Number: IPCOM000009575D
Original Publication Date: 1999-Sep-01
Included in the Prior Art Database: 2002-Sep-04
Document File: 3 page(s) / 171K

Publishing Venue

Motorola

Related People

Scott James Pappas: AUTHOR [+2]

Abstract

The system is X-Zone based with a Terrestrial Trunked Radio (TETRA) air interface. Encryption keys for voice activity are sent over-the-air encrypt- ed so that they are not disclosed on the air interface.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 50% of the total text.

Page 1 of 3

Developments Technical 0 M MOTOROLA

METHOD TO PROTECT ENCRYPTION KEYS THAT ARE

DISTRIBUTED WITHIN A X-ZONE INFRASTRUCTURE

by Scott James Pappas and Hans Christopher Sowa

THE SYSTEM

  The system is X-Zone based with a Terrestrial Trunked Radio (TETRA) air interface. Encryption keys for voice activity are sent over-the-air encrypt- ed so that they are not disclosed on the air interface.

THE PROBLEM

  The TETRA Security standard does not provide a way to protect the confidentiality of encryption keys when they are distributed between infrastruc- ture components. Only the air-interface confiden- tiality is specified. Thus the Common Cipher Key (CCK), Group Cipher Key (GCK), Static Cipher Key (SCK) and Derived Cipher Key (DCK) are not protected while being distributed between infra- structure components.

  This means that someone snooping in on wire- line interfaces can intercept these keys. These keys are used by the air interface.

THE SOLUTION

  The existing TETRA mutual authentication algorithms TAll, TA12, TA21 and TA22 will be reused in a key exchange procedure. This will cre- ate a key in common between the source and the infrastructure target component.

  The key will be called the derived cipher key for the infrastructure (DCK-i) and will be used to secure the CCK, GCK, SCK and DCK. To create DCK-i, the source and target infrastructure compo- nents have a secret key in common called K-i. The target infrastructure component sends a random number (RAND2) to the source and the source pass- es a random number (RANDI) and a random seed (RS...