According to ETSI, the decision was made in the light of potential vulnerabilities being discovered in the TETRA air interface security design earlier this year. A spokesperson for the standards organisation said: “Keeping cryptographic algorithms secret was common practice in the early 1990s when the original TETRA algorithms were designed.
“[However], public domain algorithms are now widely used to protect government and critical infrastructure networks, for example AES [Advanced Encryption Standard], standardised by the US government. Effective scrutiny of public-domain algorithms allows for any flaws to be uncovered and mitigated before widespread deployment occurs.”
The spokesperson continued: “TETRA has an original set of air interface cryptographic algorithms - TEA 1,2,3 and 4 - some of which were disclosed by the researchers [earlier this year]. In 2022 ETSI introduced additional algorithms, TEA 5, 6 and 7, in order to future-proof the technology against quantum attacks.
“The entire set of these original and additional algorithms will be made available in the public domain, as well as TAA1, which is the original authentication and key management specification. TAA2, which is the new authentication and key management specification will also be made available.”
Chair of ETSI TCCE, Brian Murgatroyd, said: “The meeting was very well attended and had a wide spread of the TETRA community including operators, users, manufacturers and governments. Following publication of the algorithms, we are open to academic research for independent reviews.
ETSI director general, Luis Jorge Romero, said: “Transparency is at the root of ETSI, in our governance and technical work. With their decision at the TCCE meeting, our members proved once again that we evolve with technology and market requirements.”
The work outlined above will be carried out in collaboration with TCCA.
