ETSI Releases TETRA Algorithms to the Public Domain
Making algorithms public was discussed after a group of security researchers publicised in August 2023 some potential vulnerabilities that were found with the original TETRA Air interface security design (including algorithms).
'maintaining the highest security for its standard'
Today, ETSI announced that at a meeting in October of its technical committee in charge of the TETRA standard (TCCE), a full consensus was reached to make the primitives of all TETRA Air Interface cryptographic algorithms available to the public domain.
“The meeting was very well attended and had a wide spread of the TETRA community including operators, users, manufacturers and governments,” says Brian Murgatroyd, Chair of ETSI TCCE. “Following publication of the algorithms, we are open to academic research for independent reviews.”
Making algorithms public was discussed after a group of security researchers publicised in August 2023 some potential vulnerabilities that were found with the original TETRA Air interface security design (including algorithms). Keeping cryptographic algorithms secret was common practice in the early 1990s when the original TETRA algorithms were designed. Public domain algorithms are now widely used to protect government and critical infrastructure networks, for example AES (the Advanced Encryption Standard, standardized by the US government). Effective scrutiny of public-domain algorithms allows for any flaws to be uncovered and mitigated before widespread deployment occurs.
"Transparency is at the root of ETSI, in our governance and technical work. With their decision at the TCCE meeting, our members proved once again that we evolve with technology and market requirements,” says Luis Jorge Romero, ETSI Director-General.
TETRA has an original set of Air Interface cryptographic algorithms, TEA 1,2,3 and 4, some of which were disclosed by the researchers. In 2022 ETSI introduced additional algorithms, TEA 5, 6 and 7, in order to future-proof the technology against quantum attacks. The entire set of these original and additional algorithms will be made available in the public domain as well as TAA1 (the original authentication and key management specification) and TAA2 (the new authentication and key management specification). This work will be carried out with the support of TCCA, the global representative organization responsible for the enhancement of the TETRA standard.
TETRA is one of the world’s most secure and reliable radio communications standards. With more than 120 countries using dedicated TETRA networks for mission- and business-critical communications, ETSI continually evaluates the standards and procedures – with input from members of industry – to ensure the TETRA standard remains robust in the face of evolving threats. ETSI has an ongoing programme of maintenance to ensure standards remain fit for purpose in an evolving security landscape. Demand for TETRA technology will continue to increase at a CAGR of 4.7% in the 2021-2026 forecast period, according to Omdia.