European Telecom Body to Open-Source Radio Encryption System – BankInfoSecurity.com

Encryption & Key Management , Security Operations

The European telecom standards body behind a widely used radio encryption system will soon open-source its encryption protocols.

See Also: Risky Business: When Third-Party Troubles Become Your Own

The European Telecommunications Standards Institute on Tuesday announced it will soon publish its Terrestrial Trunked Radio, or TETRA, a European standard for radio communication adopted by device makers such as Motorola, Hytera and Simoco.

The announcement from the agency comes after researchers from Dutch security firm Midnight Blue uncovered a critical vulnerability algorithm by hacking a Motorola radio that used TETRA protocol (see: Critical Vulnerabilities Found in Radio Encryption System).

The proprietary algorithm has been kept a secret since 1990 and distributed under a nondisclosure agreement in defiance of a widely accepted cryptographic principle holding that obscurity is detrimental to security.

Following a review meeting on the request that was attended by algorithm users - predominantly manufacturers and governments - ETSI on Tuesday announced it would publicize its Air Interface algorithms along with its cryptographic protocols. The agency will also publicize its original and latest authentic key management protocols TAA1 and TAA2.

"Public domain algorithms are now widely used to protect government and critical infrastructure networks," ETSI said. "Effective scrutiny of public domain algorithms allows for any flaws to be uncovered and mitigated before widespread deployment occurs."

Midnight Blue uncovered five vulnerabilities, including a critical flaw in the cryptographic TEA1 algorithm that it dubbed TETRA: Burst. The critical flaw allowed the researchers to backdoor the algorithms and reduce an 80-bit encryption key to a smaller size that can be brute-forced.

Midnight Blue researchers said the flaw is concerning since private security services patrolling critical infrastructure such as airports and harbors may use radios encrypted with TEA1.

"Opening up the algorithms will definitely allow the research community to assess TETRA more effectively and to understand better the degree of security offered by TETRA," said Wouter Bokslag, co-founder of Midnight Blue.

Bokslag said that in addition to the algorithms, the agency should also release the design documents needed to decipher the cipher protocol.

Read the original:
European Telecom Body to Open-Source Radio Encryption System - BankInfoSecurity.com

Related Posts

Comments are closed.