ETSI

Homepage

Crypto

Spy radio

Burst encoders

Intercept

Covert

Radio

Telex

Telephones

People

Agencies

Manufacturers

DONATE

Publications

Standards

For sale

Kits

Shop

News

Events

Wanted

Contact

About us

Links

GSM

TETRA


ETSI

European Telecommunications Standards Institute

The European Telecommunications Standards Institute, abbreviated ETSI, is an independent, not-for-profit, standardization organization in the field of information and telecommunications, set up in 1988 by the European Conference of Postal and Telecommunications Administrations (), following a proposal of the European Commission (). supports the development and testing of global technical standards for -enabled systems, applications and services [1].

ETSI's mission is to support EU regulations and policies through the production of Harmonised European Standards, such as GSM, TETRA, 3G, 4G, 5G and , most of which are also accepted elsewhere in the world. has more than 900 members in 64 countries and five continents, including private companies, research entities, academia and government and public bodies.


ETSI-SAGE

The Security Algorithms Group of Experts (ETSI-SAGE), chiefly known as the Security Experts Group, is responsible for creating reports — containing confidential specifications — in the area of cryptographic algorithms and protocols specific to fraude prevention and unauthorized access to public and private telecommunications networks and user data privacy [3].


ETSI on this website


GSM	TETRA	ATR


Members

The map below shows the members throughout the world. The countries within the area are listed as full members (blue), whilst the members outside the area are known as associate members (green). In addition, Russia is listed as an observer (red).


Compromise

It is ETSI's policy not to disclose their cryptographic algorithms and not to submit them to public in-depth security research, other than validation by the other ETSI-SAGE members, claiming that obscurity is also a form of security [6]. Researchers often see this as a violation of Kerckhoffs's principle however [7], which in the long run can potentially lead to weak exploitable systems.

On 24 July 2023, researchers from the Dutch security firm Midnight Blue claimed that they had found five vulnerabilities in the TETRA protocols and the TEA1 encryption algorithm in particular, two of which were deemed critical [4]. That same day, issued a press statement in which the findings of the researchers were largely downplayed, claiming that improvements were already underway and that no actual exploitations of operational networks were known at the time [5].

The Midnight Blue researchers have since demonstrated real-life exploitations of some of the vulnerabilities, for example at the 2023 Blackhat Conference in Las Vegas (USA). They have shown that TETRA communications secured with the TEA1 encryption algorithm can be broken in one minute on a regular commercial laptop and in 12 hours on a classic laptop from 1998.

➤ More about the TETRA:BURST vulnerability disclosures


References

Wikipedia, ETSI
Visited 12 August 2023.
ETSI - The Standards People
ETSI Website. Visited 12 August 2023.
ETSI-SAGE
ETSI Website. Visited 12 August 2023.
TETRA:BURST
Security vulnarabilities in TETRA protocols and algorithms.
Midnight Blue, 24 July 2023.
➤ More
ETSI and TCCA Statement to
TETRA Security Algorithms Research Findings Publication on 24 July 2023
ETSI/TCCA. Sophia Antipolis, 24 July 2023.
Kim Zetter, Interview with the ETSI Standards Organisation That Created TETRA "Backdoor"
Interview between Kim Zetter and Brian Murgatroyd, Chairman ETSI TC TETRA.
Zero Day website, 25 July 2023.
Wikipedia, Kerckhoffs's principle
Retrieved 5 August 2023.


Further information

Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
� Crypto Museum. Last changed: Tuesday, 05 December 2023 - 06:40 CET.