Project 25 Security Services Overview

Similar documents
10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Potential Targets - Field Devices

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

COSC 472 Network Security

Common Cyber Threats. Common cyber threats include:

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

CS5008: Internet Computing

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

TETRA Security for Poland

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

What is Really Needed to Secure the Internet of Things?

Chap. 1: Introduction

Basics of Internet Security

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

INFORMATION SECURITY PROGRAM

Defending Against Cyber Attacks with SessionLevel Network Security

Security Issues with Integrated Smart Buildings

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Firewalls for small business

Application Security in the Software Development Lifecycle

IY2760/CS3760: Part 6. IY2760: Part 6

Introduction. -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Network Security: Introduction

Firewalls, Tunnels, and Network Intrusion Detection

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Bootstrapping Secure Channels of Communication Over Public Networks

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Information Security Basic Concepts

US-CERT Overview & Cyber Threats

Evolution Of Cyber Threats & Defense Approaches

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

IP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...

TELE 301 Network Management. Lecture 18: Network Security

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

BlackRidge Technology Transport Access Control: Overview

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Content Teaching Academy at James Madison University

Wireless Sensor Networks Chapter 14: Security in WSNs

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Guideline on Auditing and Log Management

Unit 3 Cyber security

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

Reducing Application Vulnerabilities by Security Engineering

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

COB 302 Management Information System (Lesson 8)

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Industrial Communication. Securing Industrial Wireless

Wireless Security with Cyberoam

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

DeltaV System Cyber-Security

Table of Contents. Page 2/13

IQware's Approach to Software and IT security Issues

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

FERPA: Data & Transport Security Best Practices

Safeguards Against Denial of Service Attacks for IP Phones

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Security Policy for External Customers

ICTN Enterprise Database Security Issues and Solutions

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Notes on Network Security - Introduction

Wireless Networks. Welcome to Wireless

Voice over Internet Protocol. Kristie Prinz. The Prinz Law Office

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Mitigating the Security Risks of Unified Communications

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Did you know your security solution can help with PCI compliance too?

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Top tips for improved network security

ITAR Compliance Best Practices Guide

The Protection Mission a constant endeavor

Thick Client Application Security

Transcription:

Project 25 Security Services Overview Bill Janky Director, System Design Harris Corporation 1

Agenda Overview of P25 Security Services What s new; What s coming Other topics 2

If you re in Public Safety... Bad Guys Want to Hear You Reporters Want to Hear You Bored Gas Station Attendants Really Want to Hear You You Want to Control What They Hear 3

If you re in Public Safety... Bad Guys Want to See Your Data Reporters Want to See Your Data Bored, Technologically Sophisticated Teen-agers Really Want to See Your Data You Don t Want Them To 4

If you re in Public Safety... Bad Guys Want to Steal Your Airtime Other Bad Guys Want to Steal Your Phone Access Terrorists Want to Steal Your Radio and Use It Against You You Want to Stop Them 5

Why do we need security? Information security is a vital component of LMR systems Security threats exist; getting more every day Threats are basically actions that a hypothetical adversary might take to affect some aspect of an LMR system. Examples: Message interception Message replay Spoofing Misdirection Jamming / Denial of Service Traffic analysis Subscriber duplication Theft of service 6

What P25 has for you The TIA 102 standard provides several standardized security services that have been adopted for implementation in P25 systems. These security services may be used to provide security of information transferred across FDMA or TDMA P25 radio systems. Note: most of the security services are optional and users must consider that when making gprocurements 7

P25 provides Confidentiality The usual suspects Payload (i.e. voice and data) encryption Link layer encryption Integrity User authentication Message authentication Key Management Manual key loading and over the air rekeying Message interception, traffic analysis Message replay, spoofing, misdirection, denial of service, theft of service, subscriber duplication Facilitates Confidentiality and Integrity 8

Confidentiality The confidentiality services are provided to ensure that the signaling information, i the voice traffic and the data traffic are understandable only to the intended recipient(s). Encryption/decryption is the way to achieve confidentiality Confidentiality service for end to end encryption is typically done at the subscriber unit, console and data hosts. If you don t want somebody to hear you, or see your data,,you need to use encryption. 9

Integrity Messages A more sophisticated adversary may have the capability to not only record and replay messages, but to alter them as well. Message authentication guarantees that the received message was the one originally sent. The addition of air interface encryption makes message modification inherently more difficult (e.g. sharing of secret keys), but doesn t eliminate the possibility. Users Message Authentication Codes (MAC) are required to guarantee message and sender integrity. An adversary may pose as a real user or as a real system. Link Layer (i.e. User) Authentication, LLA, guarantees that everybody is who they say they are. Integrity services are built into the P25 protocols. If you don t want somebody to fake your data or your identity, y,you need authentication services. 10

Key Management The Confidentiality, Integrity and Authentication services rely on cryptographic keys. Cryptographic key management encompasses every stage in the life cycle of a cryptographic key, including: generation, distribution, entry, use, storage, destruction and archiving P25 provides two ways to help manage keys manual and OTAR. Managing keys requires you to have some internal procedures to combine with P25 standard procedures. 11

P25 Key Management Techniques Manual Keying Radio touched to program Keys and key bindings. Compromised Radio Compromises Keys; requires rekeying of fleet Keys Bindings (e.g. TG -> Key) Key Fill Device Radio Programmer OTAR Radio touched for UKEK Rekeying can be performed over the air because each radio has its own UKEK. Key Management Facility (KMF) needs to be secure Message Authentication and Encryption Employed Key Encryption Keys (KEK) Bindings (e.g. TG -> Key), KEK Selection, New Traffic Keys Key Fill Device KMF 12

P25 Security Today and Tomorrow 13

Raising thebar... June 2005 End-to-End Voice Encryption Data CAI Encryption DES Encryption 3DES Encryption AES Encryption OTAR Multiple Keys Sept 1998 Subscriber Validation End-to-End Voice Encryption Data CAI Encryption DES Encryption OTAR Multiple Keys Subscriber Validation 2011+ End-to-End Voice Encryption Data CAI Encryption AES Encryption OTAR Multiple Keys Subscriber Validation Subscriber and FNE Authentication - Anti-Alias - Anti-Spoofing Inter-KMF Interface End-to-End E d Data Encryption KFD to SU/KMF/AF interface Link-Layer Encryption (Anti-Analysis) Control Message Authentication 14

What s new, what s coming Recent additions and updates to TIA 102 LLA, LLA provisioning, OTAR protocol updates New stuff being worked for TIA 102 Inter KMF Interface Packet Data Security KFDto SU/KMF/AF interface Link Layer Encryption In addition, TIA is undergoing an analysis of old and new security threats for possible enhancements to the 102 standard, while continuing to update existing standards Keep raising the bar and plugging new holes 15

Other topics 16

P25 Cyber Security P25 has defined security services for its own TIA 102 standardized interfaces. Unfortunately, there s a lot more to consider, especially when you are operating a large system with an IP network and COTS equipment. Security related vulnerabilities present in the design, implementation, ti and operation of the network, and new ones which are not understood and addressed, are threats to LMR network security. The DOD is setting the standard for P25 network security. The following examples describe potential cyber threats and potential solutions. 17

Cyber Threat examples Cyber Threat Possible Solution Password guessing attacks (Dictionary, Rainbow, Rib Hybrid) Enforce need to know across entire system Pivot Attacks from infected Devices to other machines Access Control Rogue Computers (Man in the Middle Attack) Attacks on new vulnerabilities in Applications and Operating Systems Malware, Script Kiddie, and Professional Hacker discovery scanning Network Intrusion Prevention Hardware Malfunction Destructive Malware Altered Information or Databases (Integrity) Disaster Recovery 18

Cyber Threat examples Cyber Threat Possible Solution Ml Malware entering system Denial of Service Malformed Packets or TCP sessions Firewalls Last line of defense to prevent malicious behavior (external attacker) Unauthorized or malicious behavior of insider (disgruntled employee) Host Security Malware utilizing flaws in the Application Code Reduce the effectiveness of Script Kiddies, & Uneducated Attackers Capability of identifying and preventing new malware attacks (AV) Patch Mgmt 19

Thank you! email: william.janky@harris.com 20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information