Browse Prior Art Database

Voice Data Derived Session Keys for End to End Encryption on Land Mobile Radio Systems

IP.com Disclosure Number: IPCOM000246677D
Original Publication Date: 2016-Jun-27
Included in the Prior Art Database: 2016-Jun-27
Document File: 4 page(s) / 44K

Publishing Venue

Motorola

Related People

Gary Hunsberger: AUTHOR

Abstract

This article describes a method of deriving short time use traffic encryption keys for group communications in low bandwidth systems such as Land Mobile Radio (LMR) systems. There are two problems to be solved, protection of long term use group encryption keys without a hardware security module performing the traffic encryption, and dealing with replay attacks in systems with protocols that do not define a detection or protection mechanism. The solution to both problems is to use the long term keys already defined for use in these systems, a hardware security module containing those keys and a key derivation function which uses metadata known to all parties to derive new short term keys from the long term keys. The short term keys then can be exported from the hardware security module for use in traffic encryption.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 32% of the total text.

Voice/Data “Derived Session Keys” for End to End Encryption on Land Mobile Radio Systems

By Gary Hunsberger

Motorola Solutions

 

ABSTRACT

This article describes a method of deriving short time use traffic encryption keys for group communications in low bandwidth systems such as Land Mobile Radio (LMR) systems.

There are two problems to be solved, protection of long term use group encryption keys without a hardware security module performing the traffic encryption, and dealing with replay attacks in systems with protocols that do not define a detection or protection mechanism.

The solution to both problems is to use the long term keys already defined for use in these systems, a hardware security module containing those keys and a key derivation function which uses metadata known to all parties to derive new short term keys from the long term keys.  The short term keys then can be exported from the hardware security module for use in traffic encryption.

PROBLEM

In most modern communication systems, public key cryptography is first used to establish a single use session key among two parties within the communication. In APCO Project 25 and TETRA standards based Land Mobile Radio (LMR) systems, as well as other LMR systems, users may communicate in groups over low bandwidth channels.  In this situation, an encryption key negotiation that is communicated to all group members will significantly delay the initiation of a transmission. This is a reason why one time use session key establishment methods are not used by those systems. The APCO and TETRA standards define key management for communication groups in terms of pre-delivered symmetric keys.

Use of long term symmetric keys has the drawback of having the protection of those keys be highly important because disclosure to the wrong parties allows decryption of large amounts of traffic.  In some systems without additional protections there is also the possibility of replay attack, whereby previously recorded, but not decrypted, messages can be resent to the recipients with ill effect.

Regarding the existence of long term keys, without the appropriate protections, the keys can be obtained by knowledgeable malicious insiders or by malicious software that has found its way onto the products performing the encryption.  From there the keys can be used directly or distributed to others to decrypt captured communications.  If a key has been obtained by an adversary and it is being used to decode traffic, it is not easy to detect this, especially if there is not a missing device. In the case of a stolen device, it can be detected that the device is stolen, and the fleet can be rekeyed, and the device can be remotely disabled. In the case of a key extracted out of a working device left in operation, the leak of a key must be detected in another way.

One way that is common to protect keys in high assurance environments is with the use of dedicated hardware security modules (HSM) or security co-proces...