ETSI TS 100 392-7 V4.1.1 (2022-10)

TECHNICAL SPECIFICATION
Terrestrial Trunked Radio (TETRA);
Voice plus Data (V+D);
Part 7: Security
2 ETSI TS 100 392-7 V4.1.1 (2022-10)

Reference
RTS/TCCE-06208
Keywords
security, TETRA, V+D
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
and/or governmental rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2022.
All rights reserved.
ETSI
3 ETSI TS 100 392-7 V4.1.1 (2022-10)
Contents
Intellectual Property Rights . 12
Foreword . 12
Modal verbs terminology . 13
1 Scope . 14
2 References . 14
2.1 Normative references . 14
2.2 Informative references . 15
3 Definition of terms, symbols and abbreviations . 16
3.1 Terms . 16
3.2 Symbols . 20
3.3 Abbreviations . 20
4 Air Interface authentication and key management mechanisms . 23
4.a General . 23
4.0 Security classes . 23
4.1 Air interface authentication mechanisms . 24
4.1.1 Overview . 24
4.1.1a Authentication and key management algorithms . 25
4.1.2 Authentication of an MS . 25
4.1.3 Authentication of the infrastructure . 28
4.1.4 Mutual authentication of MS and infrastructure . 30
4.1.5 The authentication key . 35
4.1.6 Equipment authentication . 35
4.1.6a Request for information related to an MS . 36
4.1.7 Authentication of an MS when migrated . 36
4.1.8 Authentication of the home SwMI when migrated . 39
4.1.9 Mutual Authentication of MS and infrastructure when migrated . 41
4.2 Air Interface key management mechanisms . 41
4.2.0 General . 41
4.2.1 The Derived Cipher Key . 42
4.2.1.1 DCK and DCKX overview . 42
4.2.1.2 DCK derivation . 42
4.2.1.3 DCKX derivation . 42
4.2.1.4 Usage of DCK and DCKX . 43
4.2.1.5 Validity of DCK and DCKX . 43
4.2.2 The Group Cipher Key . 43
4.2.2.0 General . 43
4.2.2.0a Validity of GCK and GCKX . 44
4.2.2.0b Distribution of GCK . 44
4.2.2.0c Distribution of GCKX . 44
4.2.2.0d Decryption of sealed GCK and GCKX . 45
4.2.2.0e Summary of GCK distribution process . 45
4.2.2.1 Session key modifiers GCK0 and GCKX0 . 47
4.2.3 The Common Cipher Key . 47
4.2.3.1 CCK and CCKX usage . 47
4.2.3.2 CCK and CCKX identification . 48
4.2.3.3 CCK and CCKX distribution . 48
4.2.3.4 CCK and CCKX validity . 49
4.2.4 The Static Cipher Key. 49
4.2.4.0 General . 49
4.2.4.0a SCK sets . 50
4.2.4.0b SCK and SCKX identification . 50
4.2.4.0c Distribution of SCK . 50
4.2.4.0d Distribution of SCKX . 51
4.2.4.0e Decryption of sealed SCK and SCKX . 51
ETSI
4 ETSI TS 100 392-7 V4.1.1 (2022-10)
4.2.4.0f Summary of SCK distribution process . 51
4.2.4.1 SCK association for DMO use . 54
4.2.4.1.0 General . 54
4.2.4.1.1 DMO SCK subset grouping . 54
4.2.5 The Group Session Key for OTAR . 57
4.2.5.0 General . 57
4.2.5.0a Validity of GSKO and GSKOX . 57
4.2.5.0b Distribution of GSKO and GSKOX . 58
4.2.5.1 SCK and SCKX distribution to groups with OTAR . 59
4.2.5.2 GCK and GCKX distribution to groups with OTAR . 60
4.2.5.3 Rules for MS response to group key distribution . 60
4.2.5a OTAR of migrated MS . 60
4.2.5a.1 Visited Session Keys for OTAR . 60
4.2.5a.2 Derivation of KSOv . 60
4.2.5a.3 Derivation of KSOXv . 61
4.2.5a.4 OTAR of CKX to migrated MS where home SwMI supports an air interface encryption
algorithm from TEA set A . 62
4.2.5a.5 OTAR of CK to migrated MS where home SwMI supports an air interface encryption algorithm
from TEA set B . 63
4.2.6 Encrypted Short Identity (ESI) mechanism . 63
4.2.7 Encryption Cipher Key . 65
4.2.8 Summary of AI key management mechanisms . 66
4.3 Service description and primitives . 68
4.3.1 Authentication primitives . 68
4.3.2 Static Cipher Key transfer primitives. 69
4.3.3 Group Cipher Key transfer primitives . 70
4.3.4 Group Session Key for OTAR transfer primitives . 71
4.4 Authentication protocol . 71
4.4.1 Authentication state transitions . 71
4.4.2 Authentication protocol sequences and operations . 74
4.4.2.0 General . 74
4.4.2.1 MSCs for authentication . 76
4.4.2.2 MSCs for authentication and security type-3 elements . 82
4.4.2.3 Control of authentication timer T354 at MS . 86
4.4a Information request protocol . 87
4.5 OTAR protocols . 90
4.5.1 Common Cipher Key delivery - protocol functions . 90
4.5.1.0 General . 90
4.5.1.1 SwMI-initiated CCK and CCKX provision . 91
4.5.1.2 MS-initiated CCK provision with U-OTAR CCK DEMAND . 93
4.5.1.3 MS-initiated CCK or CCKX provision with announced cell reselection . 93
4.5.2 OTAR protocol functions - Static Cipher Key . 94
4.5.2.0 General . 94
4.5.2.1 MS requests provision of SCK(s) or SCKX(s). 95
4.5.2.2 SwMI provides SCK(s) or SCKX(s) to individual MS . 97
4.5.2.3 SwMI provides SCK(s) or SCKX(s) to group of MSs . 98
4.5.2.4 SwMI rejects provision of SCK or SCKX . 99
4.5.3 OTAR protocol functions - Group Cipher Key. 100
4.5.3.0 General . 100
4.5.3.1 MS requests provision of GCK or GCKX . 100
4.5.3.2 SwMI provides GCK or GCKX to an individual MS . 103
4.5.3.3 SwMI provides GCK or GCKX to a group of MSs . 104
4.5.3.4 SwMI rejects provision of GCK or GCKX . 105
4.5.4 Cipher key association to group address . 106
4.5.4.0 General . 106
4.5.4.1 Static Cipher Key association for DMO . 106
4.5.4.2 Group Cipher Key association . 109
4.5.5 Notification of key change over the air . 111
4.5.5.0 General . 111
4.5.5.1 Change of Derived Cipher Key . 112
4.5.5.2 Change of Common Cipher Key . 113
4.5.5.3 Change of Group Cipher Key. 113
ETSI
5 ETSI TS 100 392-7 V4.1.1 (2022-10)
4.5.5.4 Change of Static Cipher Key for TMO . 113
4.5.5.5 Change of Static Cipher Key for DMO . 113
4.5.5.6 Synchronization of Cipher Key Change . 114
4.5.6 Security class change . 114
4.5.6.0 General . 114
4.5.6.1 Change of security class to security class 1 . 115
4.5.6.2 Change of security class to security class 2 . 115
4.5.6.3 Change of security class to security class 3 . 115
4.5.6.4 Change of security class to security class 3 with GCK or GCKX. 116
4.5.7 Notification of key in use . 116
4.5.8 Notification of GCK or GCKX Activation/Deactivatio n . 116
4.5.9 Deletion of SCK/SCKX, GCK/GCKX and GSKO/GSKOX . 116
4.5.10 Air Interface Key Status Enquiry . 119
4.5.11 Crypto management group . 121
4.5.12 OTAR retry mechanism . 122
4.5.13 OTAR protocol functions - Group Session Key for OTAR . 122
4.5.13.0 General . 122
4.5.13.1 MS requests provision of GSKO or GSKOX . 123
4.5.13.2 SwMI provides GSKO or GSKOX to an MS . 123
4.5.13.3 SwMI rejects provision of GSKO or GSKOX . 124
4.5.14 OTAR protocol functions - interaction and queuing . 124
4.5.15 Session Key for OTAR operations in visited SwMI . 124
4.5.15.1 General . 124
4.5.15.2 Home and visited SwMI use air interface encryption algorithms from the same algorithm set . 125
4.5.15.3 Home and visited SwMI use air interface encryption algorithms from different algorithm sets . 128
4.5.16 Transfer of AI cipher keys across the ISI . 130
5 Enable and disable mechanism . 130
5.0 General . 130
5.1 General relationships . 130
5.2 Enable/disable state transitions . 131
5.3 Mechanisms . 132
5.3.0 General . 132
5.3.1 Disable of MS equipment . 133
5.3.2 Disable of an subscription . 133
5.3.3 Disable of subscription and equipment . 133
5.3.4 Enable an MS equipment . 133
5.3.5 Enable an MS subscription . 133
5.3.6 Enable an MS equipment and subscription . 133
5.4 Enable/disable protocol . 134
5.4.1 General case . 134
5.4.2 Status of cipher key material. 135
5.4.2.1 Permanently disabled state . 135
5.4.2.2 Temporarily disabled state . 135
5.4.3 Specific protocol exchanges . 136
5.4.3.0 General . 136
5.4.3.1 Disabling an MS with mutual authentication . 136
5.4.3.2 Enabling an MS with mutual authentication . 137
5.4.3.3 Enabling an MS with non-mutual authentication . 138
5.4.3.4 Disabling an MS with non-mutual authentication . 140
5.4.4 Enabling an MS without authentication . 141
5.4.5 Disabling an MS without authentication . 141
5.4.6 Rejection of enable or disable command . 141
5.4.6a Expiry of Enable/Disable protocol timer . 142
5.4.7 MM service primitives . 142
5.4.7.0 General . 142
5.4.7.1 TNMM-DISABLING primitive . 143
5.4.7.2 TNMM-ENABLING primitive . 143
6 Air Interface (AI) encryption . 143
6.1 General principles. 143
6.2 Security class . 144
ETSI
6 ETSI TS 100 392-7 V4.1.1 (2022-10)
6.2.a General . 144
6.2.0 Notification of security class . 145
6.2.0.0 General . 145
6.2.0.1 Security class of neighbouring Cells . 146
6.2.0.2 Identification of MS security capabilities . 146
6.2.1 Constraints on LA arising from cell class . 146
6.3 Key Stream Generator (KSG) . 147
6.3.0 General . 147
6.3.1 KSG numbering and selection . 147
6.3.2 Interface parameters . 148
6.3.2.0 General . 148
6.3.2.0a IV validity . 148
6.3.2.1 Initial Value (IV) for algorithms in TEA set A . 149
6.3.2.2 Cipher Key for algorithms in TEA set A . 149
6.3.2.3 Initial Value (IV) for algorithms in TEA set B . 150
6.3.2.4 Cipher Key for algorithms in TEA set B . 151
6.4 Encryption mechanism . 151
6.4.0 General . 151
6.4.1 Allocation of KSS to logical channels . 152
6.4.2 Allocation of KSS to logical channels . 153
6.4.2.1 General . 153
6.4.2.2 KSS allocation on phase modulation channels . 154
6.4.2.3 KSS allocation on QAM channels for algorithms in TEA set A . 158
6.4.2.3.0 General . 158
6.4.2.3.1 Fixed mapping . 159
6.4.2.3.2 Offset mapping . 160
6.4.2.4 KSS allocation on QAM channels for algorithms in TEA set B . 161
6.4.3 Synchronization of data calls where data is multi-slot interleaved . 163
6.4.4 Recovery of stolen frames from interleaved data . 163
6.5 Use of cipher keys . 164
6.5.0 General . 164
6.5.1 Identification of encryption state of downlink MAC PDUs . 165
6.5.1.0 General . 165
6.5.1.1 Class 1 cells . 165
6.5.1.2 Class 2 cells . 166
6.5.1.3 Class 3 cells . 166
6.5.2 Identification of encryption state of uplink MAC PDUs . 166
6.6 Mobility procedures . 167
6.6.1 General requirements . 167
6.6.1.0 Common requirements . 167
6.6.1.1 Additional requirements for class 3 systems . 167
6.6.2 Protocol description . 167
6.6.2.0 General . 167
6.6.2.1 Negotiation of ciphering parameters . 167
6.6.2.1.0 General . 167
6.6.2.1.1 Class 1 cells . 168
6.6.2.1.2 Class 2 cells . 168
6.6.2.1.3 Class 3 cells . 168
6.6.2.2 Initial and undeclared cell re-selection . 168
6.6.2.3 Unannounced cell re-selection . 170
6.6.2.4 Announced cell re-selection type-3 . 171
6.6.2.5 Announced cell re-selection type-2 . 171
6.6.2.6 Announced cell re-selection type-1 . 171
6.6.2.7 Key forwarding . 171
6.6.3 Shared channels . 172
6.7 Encryption control . 173
6.7.0 General . 173
6.7.1 Data to be encrypted . 173
6.7.1.1 Downlink control channel requirements . 173
6.7.1.2 Encryption of MAC header elements . 173
6.7.1.2a MAC Address Encryption mechanism for KSGs in TEA set B . 174
6.7.1.2a.1 Usage of MAC Address Encryption mechanism . 174
ETSI
7 ETSI TS 100 392-7 V4.1.1 (2022-10)
6.7.1.2a.2 MAE operation . 174
6.7.1.2a.3 Addresses to be encrypted . 175
6.7.1.3 Traffic channel encryption control . 176
6.7.1.4 Handling of PDUs that do not conform to negotiated ciphering mode . 176
6.7.2 Service description and primitives . 176
6.7.2.0 General . 176
6.7.2.1 Mobility Management (MM) . 177
6.7.2.2 Mobile Link Entity (MLE) . 178
6.7.2.3 Layer 2 . 180
6.7.3 Protocol functions . 180
6.7.3.0 General . 180
6.7.3.1 MM . 180
6.7.3.2 MLE . 180
6.7.3.3 LLC . 180
6.7.3.4 MAC . 181
6.7.4 PDUs for cipher negotiation . 181
Annex A (normative): PDU and element definitions . 182
A.0 General . 182
A.1 Authentication PDUs . 182
A.1.1 D-AUTHENTICATION DEMAND . 182
A.1.2 D-AUTHENTICATION REJECT . 182
A.1.3 D-AUTHENTICATION RESPONSE . 183
A.1.4 D-AUTHENTICATION RESULT . 183
A.1.5 U-AUTHENTICATION DEMAND . 183
A.1.6 U-AUTHENTICATION REJECT . 184
A.1.7 U-AUTHENTICATION RESPONSE . 184
A.1.8 U-AUTHENTICATION RESULT . 185
A.2 OTAR PDUs . 185
A.2.1 D-OTAR CCK PROVIDE . 185
A.2.1a D-OTAR CCKX PROVIDE.
...