The European Telecommunications Standards Institute (ETSI) has decided that the set of encryption algorithms used in the TETRA (Terrestrial Trunked Radio) standard, which is used by law enforcement agencies, military and critical infrastructure operators around the world, will become public and open to academic research.
In the summer of 2023, the Dutch company Midnight Blue revealed five serious vulnerabilities affecting TETRA. These problems were collectively called TETRA:BURST and allowed real-time interception and decryption of data.
After the problems were made public, the vulnerabilities and secrecy of the TETRA algorithms themselves caused considerable indignation in the information security community. Experts noted that proprietary encryption algorithms do not allow third-party specialists to test the code, which ultimately makes it difficult to detect errors and protect networks.
TETRA is based on a set of secret proprietary cryptographic algorithms: the TETRA Authentication Algorithm (TAA1) set for authentication and key distribution, as well as the TETRA Encryption Algorithm (TEA) set for Air Interface Encryption (AIE).
In general, the standard includes four encryption algorithms-TEA1, TEA2, TEA3 and TEA4, which can be used by manufacturers in various products (depending on their purpose and customer). So, TEA1 is intended for commercial use and is used in critical infrastructure of the EU and other countries of the world, but, according to ETSI, it is also intended for use by public security services and the military. Midnight Blue researchers found that some police departments also rely on TEA1.
TEA2 is reassigned to the European police, emergency services, military and security services. TEA3 is available for police and emergency services outside the EU — in countries considered "friendly" to European ones, including Mexico and India. "Unfriendly" countries, such as Iran, can only use TEA1. As for TEA4, according to the researchers, it is almost not used.
Also in 2022, ETSI added three new, presumably quantum-stable algorithms to the TETRA family, designated TEA 5, 6, and 7.
All algorithms are protected as a trade secret and protected by strict non-disclosure agreements.
In October of this year, the technical committee responsible for the TETRA standard met to discuss the possibility of disclosing the codes of these secret algorithms. Oddly enough, in the end, the committee members unanimously voted to open the source code for all TETRA cryptographic algorithms.
"The meeting was attended by a very large number of representatives of the TETRA community, including operators, users, manufacturers and government representatives," ETSI said. "Once the algorithms are published, we will be open to independent academic research."
In the summer of 2023, the Dutch company Midnight Blue revealed five serious vulnerabilities affecting TETRA. These problems were collectively called TETRA:BURST and allowed real-time interception and decryption of data.
After the problems were made public, the vulnerabilities and secrecy of the TETRA algorithms themselves caused considerable indignation in the information security community. Experts noted that proprietary encryption algorithms do not allow third-party specialists to test the code, which ultimately makes it difficult to detect errors and protect networks.
TETRA is based on a set of secret proprietary cryptographic algorithms: the TETRA Authentication Algorithm (TAA1) set for authentication and key distribution, as well as the TETRA Encryption Algorithm (TEA) set for Air Interface Encryption (AIE).
In general, the standard includes four encryption algorithms-TEA1, TEA2, TEA3 and TEA4, which can be used by manufacturers in various products (depending on their purpose and customer). So, TEA1 is intended for commercial use and is used in critical infrastructure of the EU and other countries of the world, but, according to ETSI, it is also intended for use by public security services and the military. Midnight Blue researchers found that some police departments also rely on TEA1.
TEA2 is reassigned to the European police, emergency services, military and security services. TEA3 is available for police and emergency services outside the EU — in countries considered "friendly" to European ones, including Mexico and India. "Unfriendly" countries, such as Iran, can only use TEA1. As for TEA4, according to the researchers, it is almost not used.
Also in 2022, ETSI added three new, presumably quantum-stable algorithms to the TETRA family, designated TEA 5, 6, and 7.
All algorithms are protected as a trade secret and protected by strict non-disclosure agreements.
In October of this year, the technical committee responsible for the TETRA standard met to discuss the possibility of disclosing the codes of these secret algorithms. Oddly enough, in the end, the committee members unanimously voted to open the source code for all TETRA cryptographic algorithms.
"The meeting was attended by a very large number of representatives of the TETRA community, including operators, users, manufacturers and government representatives," ETSI said. "Once the algorithms are published, we will be open to independent academic research."
