Click for homepage
European Telecommunications Standards Institute

The European Telecommunications Standards Institute, abbreviated ETSI, is an independent, not-for-profit, standardization organization in the field of information and telecommunications, set up in 1988 by the European Conference of Postal and Telecommunications Administrations (CEPT), following a proposal of the European Commission (EC). ETSI supports the development and testing of global technical standards for ICT-enabled systems, applications and services [1].

ETSI logo - click to go to the ETSI website

ETSI's mission is to support EU regulations and policies through the production of Harmonised European Standards, such as GSM, TETRA, 3G, 4G, 5G and DECT, most of which are also accepted elsewhere in the world. ETSI has more than 900 members in 64 countries and five continents, including private companies, research entities, academia and government and public bodies.

The Security Algorithms Group of Experts (ETSI-SAGE), chiefly known as the Security Experts Group, is responsible for creating ETSI reports — containing confidential specifications — in the area of cryptographic algorithms and protocols specific to fraude prevention and unauthorized access to public and private telecommunications networks and user data privacy [3].

ETSI on this website
Global Sysdtem for Mobile communication
Terrestrial Trunked Radio
Lawful analogue telephone intercept system developed by the Dutch PTT
The map below shows the ETSI members throughout the world. The countries within the CEPT area are listed as full members (blue), whilst the members outside the CEPT area are known as associate members (green). In addition, Russia is listed as an observer (red).

ETSI worldwide membership [1]

It is ETSI's policy not to disclose their cryptographic algorithms and not to submit them to public in-depth security research, other than validation by the other ETSI-SAGE members, claiming that obscurity is also a form of security [6]. Researchers often see this as a violation of Kerckhoffs's principle however [7], which in the long run can potentially lead to weak exploitable systems.

On 24 July 2023, researchers from the Dutch security firm Midnight Blue claimed that they had found five vulnerabilities in the TETRA protocols and the TEA1 encryption algorithm in particular, two of which were deemed critical [4]. That same day, ETSI issued a press statement in which the findings of the researchers were largely downplayed, claiming that improvements were already underway and that no actual exploitations of operational networks were known at the time [5].

The Midnight Blue researchers have since demonstrated real-life exploitations of some of the vulnerabilities, for example at the 2023 Blackhat Conference in Las Vegas (USA). They have shown that TETRA communications secured with the TEA1 encryption algorithm can be broken in one minute on a regular commercial laptop and in 12 hours on a classic laptop from 1998.

 More about the TETRA:BURST vulnerability disclosures

  1. Wikipedia, ETSI
    Visited 12 August 2023.

  2. ETSI - The Standards People
    ETSI Website. Visited 12 August 2023.

    ETSI Website. Visited 12 August 2023.

    Security vulnarabilities in TETRA protocols and algorithms.
    Midnight Blue, 24 July 2023.

  5. ETSI and TCCA Statement to
    TETRA Security Algorithms Research Findings Publication on 24 July 2023

    ETSI/TCCA. Sophia Antipolis, 24 July 2023.

  6. Kim Zetter, Interview with the ETSI Standards Organisation That Created TETRA "Backdoor"
    Interview between Kim Zetter and Brian Murgatroyd, Chairman ETSI TC TETRA.
    Zero Day website, 25 July 2023.

  7. Wikipedia, Kerckhoffs's principle
    Retrieved 5 August 2023.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Last changed: Saturday, 12 August 2023 - 15:22 CET.
Click for homepage