End-to-end encryption
Encyclopedia
End-to-end encryption encrypts clear (red) data at source with knowledge of the intended recipient, allowing the encrypted (black) data to travel safely through vulnerable channels (e.g. public networks) to its recipient where it can be decrypted (assuming the destination shares the necessary key-variables and algorithms).
standard, as defined by the Security Fraud Prevention Group (SFPG) of the Tetra MoU
.
In this context E2EE allows security-aware users (e.g. police) to retain control over access to their communications. Unlike TETRA
air-interface encryption (an example of Link encryption
) users do not have to share key-variables with network operators (e.g. 'Airwave', 'A.S.T.R.I.D', 'C2000'). In this way the user traffic (in this case voice or data) travels through the public network encrypted from the transmitting user terminal until it reaches the receiving user terminal where it is decrypted.
If only air-interface encryption were used, interception of the user traffic would be possible at any point after the air-interface encryption had been removed (i.e. at any point other than the TETRA
air-interface) and the traffic entered the trunked network. This exposes the user traffic to any weaknesses of the trunked network and implicitly requires trust between the user and the network operator. In this way E2EE is particularly suited to situations where users do not trust network operators or government infrastructures.
In the TETRA
deployment of E2EE the management, distribution and updating of encryption key-variables and crypto-associations (links between network address and key-variables) is facilitated by use of a Key Management Centre (KMC). The KMC is under user-control, although it is connected to the trunked-network to allow the user to manage E2EE terminals by the use of encrypted key-management messages (KMMs). These KMMs allow the user to achieve Over-The-Air re-Keying (OTAK).
The key-variables and crypto-associations allows the user (by use of the KMC) to partition the trunked-network address space into 'encrypted' and 'non-encrypted' channels. It is possible to define sets of key-variables called crypto-groups, and it is further possible to define which crypto-group any particular encrypted channel uses. Furthermore, it is possible for the operator of the KMC to partition their user-fleet into user-groups (groups of users who receive the same crypto material).
This lets the KMC user determine which parts of their user-fleet can communicate with one another and allows the user organisation to achieve crypto-separation between different groups of users. This is particularly important in organisations that are self-policing: internal investigations must be conducted without the knowledge of those being investigated and so investigators would want crypo-separation between their own communications and that of other users. Correct operation of KMC will allow the internal-investigator to intercept other user communications while not being able to be intercepted himself.
and IDEA
algorithms utilising a number of different key-lengths. Both of these have been implemented by some or all of the manufacturers listed below. There are a number of country-specific private algorithms which have been successfully used, they cannot be mentioned here, other than to say private algorithms are possible if you are willing to pay a manufacturer to implement your algorithm in their product.
Usage
A classic deployment of E2EE is demonstrated by its use within the Terrestrial Trunked Radio TETRATetra
thumb|right|250px|Pristella tetra — [[Pristella maxillaris]].thumb|right|250px|Golden Pristella tetra, a [[morph |morph]] of [[Pristella maxillaris]].thumb|right|250px|[[Silvertip tetra]] — Hasemania nana....
standard, as defined by the Security Fraud Prevention Group (SFPG) of the Tetra MoU
Tetra MoU
The TETRA Memorandum of Understanding association represents users, manufacturers, application providers, integrators, operators, test houses and telecom agencies involved with the TETRA digital PMR standard....
.
In this context E2EE allows security-aware users (e.g. police) to retain control over access to their communications. Unlike TETRA
Tetra
thumb|right|250px|Pristella tetra — [[Pristella maxillaris]].thumb|right|250px|Golden Pristella tetra, a [[morph |morph]] of [[Pristella maxillaris]].thumb|right|250px|[[Silvertip tetra]] — Hasemania nana....
air-interface encryption (an example of Link encryption
Link encryption
Link encryption is an approach to communications security that encrypts and decrypts all traffic at each end of a communications line . It contrasts with end-to-end encryption where messages are encrypted by the sender at the point of origin and only decrypted by the intended receiver...
) users do not have to share key-variables with network operators (e.g. 'Airwave', 'A.S.T.R.I.D', 'C2000'). In this way the user traffic (in this case voice or data) travels through the public network encrypted from the transmitting user terminal until it reaches the receiving user terminal where it is decrypted.
If only air-interface encryption were used, interception of the user traffic would be possible at any point after the air-interface encryption had been removed (i.e. at any point other than the TETRA
Tetra
thumb|right|250px|Pristella tetra — [[Pristella maxillaris]].thumb|right|250px|Golden Pristella tetra, a [[morph |morph]] of [[Pristella maxillaris]].thumb|right|250px|[[Silvertip tetra]] — Hasemania nana....
air-interface) and the traffic entered the trunked network. This exposes the user traffic to any weaknesses of the trunked network and implicitly requires trust between the user and the network operator. In this way E2EE is particularly suited to situations where users do not trust network operators or government infrastructures.
In the TETRA
Tetra
thumb|right|250px|Pristella tetra — [[Pristella maxillaris]].thumb|right|250px|Golden Pristella tetra, a [[morph |morph]] of [[Pristella maxillaris]].thumb|right|250px|[[Silvertip tetra]] — Hasemania nana....
deployment of E2EE the management, distribution and updating of encryption key-variables and crypto-associations (links between network address and key-variables) is facilitated by use of a Key Management Centre (KMC). The KMC is under user-control, although it is connected to the trunked-network to allow the user to manage E2EE terminals by the use of encrypted key-management messages (KMMs). These KMMs allow the user to achieve Over-The-Air re-Keying (OTAK).
The key-variables and crypto-associations allows the user (by use of the KMC) to partition the trunked-network address space into 'encrypted' and 'non-encrypted' channels. It is possible to define sets of key-variables called crypto-groups, and it is further possible to define which crypto-group any particular encrypted channel uses. Furthermore, it is possible for the operator of the KMC to partition their user-fleet into user-groups (groups of users who receive the same crypto material).
This lets the KMC user determine which parts of their user-fleet can communicate with one another and allows the user organisation to achieve crypto-separation between different groups of users. This is particularly important in organisations that are self-policing: internal investigations must be conducted without the knowledge of those being investigated and so investigators would want crypo-separation between their own communications and that of other users. Correct operation of KMC will allow the internal-investigator to intercept other user communications while not being able to be intercepted himself.
Algorithms
SFPG have suggested methods of implementing TETRA E2EE using (at least) AESAdvanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
and IDEA
Idea
In the most narrow sense, an idea is just whatever is before the mind when one thinks. Very often, ideas are construed as representational images; i.e. images of some object. In other contexts, ideas are taken to be concepts, although abstract concepts do not necessarily appear as images...
algorithms utilising a number of different key-lengths. Both of these have been implemented by some or all of the manufacturers listed below. There are a number of country-specific private algorithms which have been successfully used, they cannot be mentioned here, other than to say private algorithms are possible if you are willing to pay a manufacturer to implement your algorithm in their product.