Click for homepage
ETSI
TETRA
TAA
TEA
  
TEA3 →
← TEA1
  
TEA2
TETRA Encryption Algorithm 2

TEA2, short for TETRA Encryption Algorithm 2, 1 is a stream cipher associated with Terrestrial Trunked Radio (TETRA), a European standard for public and emergency services, standardized by the European Telecommunications Standards Institute (ETSI). Part of the TEA suite of encryption algorithms, it is intended for national emergency services within Europe. It is arguably the most secure one in the TEA suite and is used on public safety networks like C2000 (Netherlands).

The algorithm was developed in 1996/97 at Philips Crypto BV in Eindhoven (Netherlands) as a consultancy job for ETSI-SAGE, and was evaluated by other ETSI-SAGE members before being submitted as a formal ETSI standard. TEA2 uses the full 80-bit key length. As the algorithm is secret, it has never been submitted for peer-review or in-depth security analysis.

In July 2023, Dutch cyber security firm Midnight Blue revealed that it had managed to extract, isolate and analyse the algorithm from a working TETRA radio as part of its TETRA:BURST research project. In the event, no weaknesses were found in the TEA2 algorithm. As we know TEA1 can be broken in approx. one minute, we can calculate the time needed to break TEA2:

60 × 248 [sec] ≈ 535 milion years

With current means, this is beyond feasibility. If there is no known way to break the cipher other than by means of a brute-force attack, this algorithm can be assumed secure. Note however, that other vulnerabilities in the TETRA protocol suite were identified, that could lead to loss of authenticity or confidentiality [2].

  1. Not to be confused with Tiny Encryption Algorithm.  Wikipedia

Usage
The diagram belows in which European countries the TEA2 algorithms is used by police forces and affiliated services, based on public sources [5]. Note that the TEA2 algorithm is only used by public safety services. All other custers have to use TEA1 (when encryption is needed).

European countries in which the TEA2 algorithms is used on TETRA networks of police forces and public safety organisations
EU countries with TETRA/TEA2


Structure
The diagram below shows the structure of the TEA2 key stream generator which consists of two parts: a 64-bit state register (R) and an 80-bit key register (K). The state register (R) is initialised with the Initialisation Vector (IV), whilst the key register (K) is initialised with the original key. The key register is basically a Linear Feedback Shift Register (LFSR) with an S-box lookup table (S). It is only fed with data from itself and produces a key-dependent output, independent from the IV.

General structure of the TEA2 stream cipher. Note that all elements are bytes rather than bits.
Structure of the TEA2 stream cipher

The state register (R) is also a Linear Feedback Shift Register (LFSR) that produces the output key stream byte at the top left (R0). It consists of two parts (R0-R4 and R5-R7) with an XOR inbetween. F1 is a non-linear function that takes two input bytes (R6, R7) and produces one output byte that is mixed with the feedback loop. F2 is also a non-linear function that takes two input bytes (R3, R4) and produces one output byte that is mixed in the middle of the state register (R4-R5). (B) is a simple bit permutation of which the output is mixed with the feedback loop. In addition state byte (R5) is also mixed with the feedback loop. This feature is not present in the other TEAs.

For a more detailed description of the cipher, please refer to the paper 'All cops are broadcasting: TETRA under scrutiny' by Carlo Meijer, Wouter Bokslag and Jos Wetzels, published in August 2023 in relation to the TETRA:BURST vulnerability disclosures [4].

 Read the paper
 More about TETRA:BURST


Source code
As part of the TETRA:BURST project, Midnight Blue researchers managed to extract and reverse-engineer the firmware from an operational TETRA radio, and construct an equivalent of the code in the C programming language. This source code is now available to researchers [II].

 Download the full source code


Publications
  1. Carlo Meijer, Wouter Bokslag and Jos Wetzels,
    All cops are broadcasting: TETRA under scrutiny

    Paper submitted to Crypto Museum. 9 August 2023.

  2. Full source code of TAA1, TEA1, TEA2 and TEA3 algorithms in C
    Reverse-engineered and used for analysis and real life tests.
    Midnight Blue, 9 August 2023.

  3. All Cops Are Broadcasting, Breaking TETRA after decades in the shadows
    Presentation by Jos Wetzels, Carlo Meijer and Wouter Bokslag at Black Hat 2023.
    Midnight Blue, 9 August 2023
References
  1. Wikipedia, Terrestrial Trunked Radio
    Visited 27 July 2023.

  2. TETRA:BURST
    Midnight Blue, 24 July 2023.
     More

  3. Cees Jansen, TEA co-developer at Philips Crypto BV
    Personal correspondence. Crypto Museum, July 2023.

  4. Carlo Meijer, Wouter Bokslag and Jos Wetzels,
    All cops are broadcasting: TETRA under scrutiny

    Paper submitted to Crypto Museum. 9 August 2023.

  5. All Cops Are Broadcasting, Breaking TETRA after decades in the shadows
    Presentation by Jos Wetzels, Carlo Meijer and Wouter Bokslag at Black Hat 2023.
    Midnight Blue, 9 August 2023
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Wednesday 09 August 2023. Last changed: Saturday, 12 August 2023 - 14:02 CET.
Click for homepage