Click for homepage
ETSI
  
C2000 →
BURST →
  
Update 9 August 2023 — The full source code of the reverse-engineered TETRA encryption algorithms
plus a paper written by the Midnight Blue researchers are now available  More
TETRA
Digital two-way trunking radio network

TETRA, the abbreviation of Terrestrial Trunked Radio 1 is a standard for digital two-way trunked radio networks, set in 1995 by the European Telecommunications Standards Institute (ETSI). It is used in more than 100 countries by public safety services (police, ambulance, fire), transport services, railways, intelligence services and the military. It is often known under different national names like C2000 (Netherlands), ASTRID (Belgium) [2], BOSNET (Germany) and AIRWAVE (UK).


TETRA is the most widely used police radio communications system outside the United States (US). Like similar standards, such as P25, DMR and TETRAPOL, it can be used for voice and data transmission. TETRA uses time-division multiple access (TDMA) with four 'slots' on a single carrier, with 25 kHz carrier spacing. For speech, the ACELP codec is used, which is an improved variant of LPC. In addition, voice and data can be secured by adding optional encryption.

On 24 July 2023, researchers from the Dutch security firm Midnight Blue revealed several weaknesses in the encryption and authentication algorithms, and proved that these flaws were exploitable. Among the discovered vulnerabilities was a deliberately created backdoor. 2 The disclosure of these vulnerabilities is known under the project name TETRA:BURST.  More

  1. Formerly known as Trans-European Trunked Radio
  2. Whether or not it should be called a backdoor is a semantic discussion.  More

TETRA on this website
TETRA network used by Dutch public safety services
TETRA:BURST project to identify vulnerabilities in the security of the TETRA network
Motorola MTM-5400 and MTM-5500 TETRA radios
R-187-P1 (Azart-P1) military handheld software defined radio (SDR)
Azart-2 military handheld software defined radio (SDR)
TETRA supports point-to-point as well as point-to-multipoint transmissions. Data transmission is supported, albeit at low data rates. The following modes of operation are supported:

  • TMO
    Trunked Mode Operation
  • DMO
    Direct Mode Operation
Worldwide usage
The map below shows in which countries TETRA is used, based on open sources. These are police forces, military and intelligence services, and other critical infractructure such as airports, harbours, power plants, etc. Scroll down for a more detailed overview of each user category.

Countries in which TETRA is used by emergency services and companies
Worldwide penetration of the TETRA standard for two-way radio networks


Police
The map below shows the countries in which the police forces and affiliated services use TETRA. This is the vast majority of public safety services in the world. In many cases the networks are known under different (local) names. Below the map are some examples of networks used by the police and other emergency services throughout Europe, with their network names [10].

Countries in which TETRA is used by police forces
TETRA used by police and affiliated services

  • Sweden
    Rakel
  • Denmark
    SINE
  • Finland
    VIRVE
  • Portugal
    SIRESP
Military & Intelligence services
The map below shows in which countries TETRA is used by one or more military or intelligence organisations for primary, fallback or interfacing communications, based on open sources [10].

Countries in which TETRA is used by military and intelligence services
TETRA used by military and/or intelligence services

Critical infrastructure
The map below shows the countries in which TETRA is used in critical infrastructure, such as airports, harbours, train stations, power plants, chemical factories, large scale industry, etc. In most cases, TETRA is used for voice communication. In addition, TETRA is used for data traffic in SCADA WAN systems, such as substation & pipeline control and railway signalling [10].

Countries in which TETRA is used in critical infrastructure
TETRA used in critical infrastructure

Encryption
TETRA can be secured cryptographically by means of a set of proprietary encryption algorithms, which are available to a limited number of parties under strict NDA. As the algorithms are secret, they have not been subjected to public security research. This is generally regarded a violation of Kerckhoffs' Principle [7]. The secret algorithms were developed and evaluated by international experts, commissioned by ETSI-SAGE — the Security Algorithms Group of Experts at ETSI.

The following algorithm suites are known:

  • TETRA Authentication Algorithm
  • TETRA Encryption Algorithm
TAA1 is a suite of cryptographic primitives used for authentication, key derivation and Over The Air Re-keying (OTAR). It is based on the HURDLE II block cipher, developed in 1996 at the Royal Holloway University of London (UK) and evaluated by the other ETSI-SAGE members [5].

TEA is an encryption suite 1 for Air Interface Encryption (AIE) that consists of four stream ciphers, each with an 80-bit key length, with a varying level of security. The following TEAs are known:

  • Commercial use, restricted export
  • European emergency services
  • Extra-European emergency services
  • Commercial use, restricted export
The TEA1 and TEA2 algorithms were developed between January 1996 and February 1997 at Philips Crypto BV in the Netherlands, and were evaluated by the other ETSI-SAGE members [4]. Once approved, the TAA and TEA algorithms were imlemented as ETSI standards [4][5]. One of the people who worked on TEA1 and TEA2 on behalf of Philips Crypto, was Cees Jansen [11].

The TEA2 algorithm was intended for use by emergency services within Europe and is arguably the most secure one in the TEA suite. The TEA1 algorithm is very similar, but as it was intended for commercial use and export, its key had to be weakened as part of the specifications. TEA3 was developed for use by emergency services outside Europe and is very similar to TEA2. In addition, optional vendor-specific end-to-end encryption (E2EE) can be deployed on top of AIE, for example AES256, which can be added to some TETRA devices in the form of a SIM card.

  1. Not to be confused with Tiny Encryption Algorithm.

Frequency spectrum
The diagram below shows which parts of the frequency spectrum are reserved for use of TETRA equipment. Three segments are assigned in the 400 MHz band: 380-400 MHz, 410-430 MHz and 440-470 MHz. In the first segment, two ranges are reserved for the European emergency services: 380-385 MHz for the mobile stations (uplink), and 390-395 MHz for the base stations (downlink). The frequencies are harmonised throughout Europe to allow cross-border operation.


The remaining two segments 410-430 MHz and 440-470 MHz, plus two smaller segments (870-876 MHz and 915-921 MHz) are also used for TETRA, but not exlusively. They are shared with other services, such as PMR, PAMR and LTE.


Compromise
WikiLeaks
A hint that the TEA1 algorithm might have a weakness, can be found in a diplomatic cable from 2006 – published by WikiLeaks – about the export of TETRA equipment from Italy to Iran [8]. In the event, the Italian company Finmeccanica (now: Leonardo) wanted to export TETRA equipment with TEA1 encryption to Iran, and contacted the American Embassy in Rome (Italy) to seek for approval. In the cable, Finmeccanica's Head of Public Affairs Camillo Pirozzi, is quoted saying:

4. (SBU) Comparing the TETRA technology to that found in a GSM cell phone, Pirozzi asserted repeatedly that "TETRA is absolutely not included in Wassenaar"...
In this context, Wassenaar refers to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, established on 12 July 1996 in Wassenaar (Netherlands) [9]. A little further in the cable, Pirozzi claims:

Pirozzi concluded by noting that the encryption of the TETRA radio system, less than 40-bits, is below the level of encryption that is considered for military use.
This suggests that any encryption with less than 40 bits is not considered a weapon, and confirms that TEA1 is indeed less than 40 bits.

  • SBU = Sensitive But Unclassified.

TETRA:BURST
In July 2023, researchers of the Dutch security firm Midnight Blue revealed that they had found five vulnerabilities in the TETRA protocol set, two of which are deemed critical. One of these critical vulnerabilities appears to be a backdoor, that was probably inserted intentionally.

As the TAA and TEA algorithms are secret, they have never been publicly disclosed and, hence, have never been subjected to in-depth scrutiny by the public. In order to find any vulnerabilities in the code, the researchers therefore first had to reverse-engineer the TAA and TEA algorithms.

The reverse-engineering project — RE:TETRA — began on 1 January 2020, after Midnight Blue had received funding from the non-profit NLnet foundation, as part of its European Commission supported NGI0 PET fund. Once the software had been extracted and reverse-engineered, the researchers were able to analyse the code with the intention to find flaws and ultimately mount an attack. Over the course of more than one year, the following vulnerabilities were discovered:

  1. ★★★★★ — Dependence on network time
  2. ★★★★★ — Backdoor in TEA1
  3. ★★★★☆ — Lack of ciphertext authentication
  4. ★★★☆☆ — Weak anonymisation
  5. ★☆☆☆☆ — DCK can be set to 0
The first two are deemed critical. The vulnerabilities were shared with the Dutch NCSC (NCSC-NL) in December 2020 and were made public on 24 July 2023. In the meantime, equipment suppliers were given the ability to develop updates or other mitigations for the reported issues.

 More about the TETRA:BURST vulnerabilities


Amateur use
TETRA equipment is also used by radio amateurs (HAMs) on frequencies that have been assigned to the Amateur Radio Service. Note that the use of encrypted communication is not allowed on amateur frequencies. Instead, all TETRA radios must be programmed with CLEAR firmware. In some countries, amateur TETRA repeaters are operational in DMO and/or TMO modes.

Some useful links:

Specifications
  • Network
    TETRA
  • Standard
    ETSI, 1995
  • Access
    TDMA, 4 slots
  • Modulation
    Π/4 DQPSK
  • Spacing
    25 kHz
  • Duplex
    10 MHz
  • Ouput
    1, 3, 10 or 30 Watt
  • Codec
    ACELP, 7.2 kb/s
  • Data
    see below
  • Frequency
    see below
Frequencies
  • Public safety
    308-385 MHz (uplink)
  • Civil use
    385-390 MHz
  • Public safety
    390-395 MHz (downlink)
  • Civil use
    395-400 MHz
  • Civil use
    410-430 MHz
  • Amateur
    430-440 MHz
  • Civil use
    440-470 MHz
  • Civil use
    870-876 MHz
  • Civil use
    915-921 MHz
Data rates
  • Clear
    7.2, 14.4, 21.6, 28.8 kb/s
  • Secure
    4.8, 9.6, 14.4, 19.2 kb/s
  • Secure+
    2.4, 4.8, 7.2, 9.6 kb/s
Manufacturers/suppliers
  • Airbus
  • Ангстрем (Angstrem)
  • Cobham
  • Damm
  • Dimetra
  • Hytera
  • Finmeccanica
  • Frequentis
  • Leonardo
  • Motorola
  • Piciorgros
  • Rohde & Schwarz Bick
  • Rohill
  • Sepura
  • Simoco
  • T-Systems
  • Thales
Documentation
  1. TETRA poster with technical details
    Aeroflex, November 2010.
References
  1. Wikipedia, Terrestrial Trunked Radio
    Visited 27 July 2023.

  2. Wikipedia, ASTRID
    Visited 27 July 2023.

  3. TETRA:BURST
    Midnight Blue, 24 July 2023.
     More

  4. Cees Jansen, TEA co-developer at Philips Crypto BV
    Personal correspondence. Crypto Museum, July 2023.

  5. Royal Holloway, University of London, Impact case study (REF3b)
    Design of a block cipher used in TETRA secure radio.
    REF2014. Undated but probably 2014.

  6. Wikipedia, Algebraic code-excited linear prediction
    Retrieved 5 AUgust 2023.

  7. Wikipedia, Kerckhoffs's principle
    Retrieved 5 August 2023.

  8. Finmeccanica still pursuing radio contract with Iranian Police
    Cable from Italy Rome to Joint Chiefs of Staff, Secretary of State.
    B. ROME 01824, 18 July 2006. Obtained via WikiLeaks.

  9. Wikipedia, Wassenaar Arrangement
    12 July 1996. Retrieved 7 August 2023.

  10. All Cops Are Broadcasting, Breaking TETRA after decades in the shadows
    Presentation by Jos Wetzels, Carlo Meijer and Wouter Bokslag at Black Hat 2023.
    Midnight Blue, 9 August 2023

  11. Cees Jansen, De Crypto van C2000
    2 August 2023.
Further information
Other websites
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Sunday 30 July 2023. Last changed: Tuesday, 11 June 2024 - 08:24 CET.
Click for homepage