November 14, 2023 at 03:12AM
The European Telecommunications Standards Institute (ETSI) has decided to release the encryption algorithms used to secure emergency radio communications, known as TETRA, into the public domain. This decision comes after security firm Midnight Blue disclosed vulnerabilities in the TETRA networks. Proprietary encryption algorithms made it difficult for researchers to test and detect bugs. The disclosure of the algorithms will allow for independent reviews. The release date for the algorithms has not been set yet.
Key Takeaways from the Meeting Notes:
1. The European Telecommunications Standards Institute (ETSI) has decided to make the encryption algorithms used for TETRA radio communications public.
2. The decision was prompted by the disclosure of five vulnerabilities in TETRA radio networks by security firm Midnight Blue.
3. The proprietary nature of the algorithms had prevented third-party researchers from testing the code and identifying bugs.
4. The TETRA standard’s technical committee unanimously voted to open source all TETRA Air Interface cryptographic algorithms.
5. Publication of the algorithms will allow independent academic research and reviews.
6. ETSI has not yet announced a specific date for making the algorithms accessible.
7. The set of algorithms includes TEA 1, 2, 3, 4, 5, 6, and 7, with the addition of TAA1 and TAA2 specifications for authentication and key management.
8. The disclosure of the vulnerabilities by Midnight Blue was delayed due to the sensitive nature of the networks and the complexity of fixing the flaws.
9. Some of the vulnerabilities were named TETRA:BURST.
10. ETSI introduced the new TEA 5, 6, and 7 algorithms to address the threat of quantum computers breaking existing encryption schemes in the future.
11. All the algorithms mentioned, along with the authentication and key management specifications, will be made public.