|
|
|
|
GSM TETRA
European Telecommunications Standards Institute
The European Telecommunications Standards Institute, abbreviated ETSI,
is an independent, not-for-profit, standardization organization in the field
of information and telecommunications, set up in 1988 by the European Conference
of Postal and Telecommunications Administrations (CEPT),
following a proposal of the European Commission (EC).
ETSI supports the development and
testing of global technical standards for ICT-enabled systems, applications
and services [1].
ETSI's mission is to support EU regulations and policies through the
production of Harmonised European Standards, such as GSM, TETRA,
3G, 4G, 5G and DECT, most of which are also
accepted elsewhere in the world.
ETSI has more than 900 members in 64 countries and five continents,
including private companies, research entities, academia and government
and public bodies.
|
The Security Algorithms Group of Experts (ETSI-SAGE), chiefly known
as the Security Experts Group, is responsible for creating
ETSI reports — containing confidential specifications — in the area of
cryptographic algorithms and protocols specific to fraude prevention
and unauthorized access to public and private telecommunications
networks and user data privacy [3].
|
The map below shows the ETSI members throughout the world.
The countries within the CEPT area are listed as full members (blue), whilst
the members outside the CEPT area are known as associate members (green).
In addition, Russia is listed as an observer (red).
|
It is ETSI's policy not to disclose their cryptographic algorithms
and not to submit them to public in-depth security research,
other than validation by the other ETSI-SAGE members, claiming that
obscurity is also a form of security [6]. Researchers
often see this as a violation of Kerckhoffs's principle however [7],
which in the long run can potentially lead to weak exploitable systems.
On 24 July 2023, researchers from the Dutch security firm
Midnight Blue claimed that they had found
five vulnerabilities in the TETRA protocols and the
TEA1 encryption algorithm in particular,
two of which were deemed critical [4]. That same day, ETSI issued
a press statement in which the findings of the researchers were
largely downplayed, claiming that improvements were already
underway and that no actual exploitations of operational
networks were known at the time [5].
The Midnight Blue researchers have since demonstrated real-life
exploitations of some of the vulnerabilities, for example at the
2023 Blackhat Conference in Las Vegas (USA). They have shown that
TETRA communications secured with the TEA1 encryption algorithm
can be broken in one minute on a regular commercial laptop and in 12 hours
on a classic laptop from 1998.
➤ More about the TETRA:BURST vulnerability disclosures
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Last changed: Tuesday, 05 December 2023 - 06:40 CET.
|
|
|
|
|