Full text of DOI:10.1016/S1363-4127(00)03006-5

Information Security Technical Report, Vol 5, No. 3 (2000) 44-54
TETRA Security
Gert Roelofsen, KPN Research
The DECT security was based upon the GSM
security and added things to this like an
enhanced key management support and also
the possibility of the mobile terminal to
authenticate the network. In its turn TETRA
has built on the DECT security and added
features that are relevant for Professional
Mobile Radio users, such as end-to-end
encryption, encryption for closed used groups
and secure enabling and disabling of mobile
terminals.
Introduction and Background
During the last decade several standards for
mobile telecommunications have been
developed. The best known of these is without
any doubt the Global Standard for Mobile
Communications (GSM) which is operational
in many countries, both within and outside
Europe. It is now the most successful standard
for mobile communications. Also the Digital
Enhanced Cordless Telecommunications
(DECT) was successfully implemented in
different environments for cordless telephony
(Home, PABX). A standard that has just left
the standardization phase and is now entering
the implementation phase is the Terrestrial
Trunked Radio (TETRA) standard. It is
typically designed for the Professional Mobile
Radio market and includes Private Mobile
Radio (PMR) systems, typically for Military
and Public Safety organizations, as well as
Public Access Mobile Radio System for public
services.
The security of UMTS is now getting its form.
It is clear that it builds upon the security of the
existing standards, but that it will also add
further security functions.
Though there is a difference in the specific
security in all these standards, they have
common properties that make them superior
compared to most non-standardized
proprietary products. The security of the
standards was specified by an open expert
group using an open and structured approach
and basing its work on well-established
methods. The security specifications of all the
systems, with the exception of the
cryptographic algorithms used¹, are published
and thus open to public scrutiny.
Finally, in 1999, the so called 3^rd Generation
Partnership Projects (3GPP) started the
drafting of the Universal Mobile
Telecommunication System (UMTS).
In this paper we will focus on TETRA security
and describe in detail the TETRA security
functions. This paper is partly based on three
already published documents [2, 3 and 4].
In all of these systems security has proved to
be an essential aspect. Also in this respect
GSM was a success. It included authentication
of the mobile terminal by the network that
stopped the massive fraud that was occurring
in the traditional analogue mobile systems,
which were around at the time. GSM also
provided a very reasonable confidentiality
over the radio path using an encryption that
even today can not easily be broken in
practice.
The TETRA security functions
When describing the TETRA security
functions it is important to make a distinction
1
A detailed description on standardized Crypto-
graphic algorithms in Telecommunications Systems
and issues relating to this can be found in [1]
44
0167-4048/00/$20.00 © 2000, Elsevier Science Ltd

TETRA Security
between the different classes of functions and
their specific application. In TETRA the
following classes can be identified.
Lawful Interception
Interface
Security Management
Lawful Interception
mechanisms
Security management
features
Control, Key
Management
• Security mechanisms.
These are
independent self-contained functions that
aim to achieve a specific security objective
such as confidentiality of information or
authentication of mobile terminals.
Security mechanisms are the main building
blocks for a security system.
Security mechanism
Security mechanism
Security mechanism
Standard
Algorithm(s)
Standard
Algorithm(s)
Standard
Algorithm(s)
• Security management features. These are
functions that are used to control, manage
and operate the individual security
mechanisms. They form the heart of the
security and should guarantee that the
security features are integrated into a
consistent security system. Furthermore
they are used to realize inter-operability of
the security mechanisms over different
networks. Key management is the most
essential security management function.
Figure 1: Relations between security functions.
Figure 1 depicts the basic relations between
the different security functions.
It is very important to be aware of the different
roles and objectives of these classes. In certain
proprietary systems especially the first two
classes are being confused. This results in a
‘knot’ of security features, which is difficult to
analyze and even harder to correctly
implement and control in an operational
environment. But also mechanisms and
algorithms get confused. Sometimes one tends
to assess security provided by a certain
mechanism by the strength of the algorithm
used only, ignoring the environment in which
it is used. (Recently this actually occurred for
GSM encryption and its A5/1 encryption
algorithm.)
• Standard cryptographic algorithms. These are
standardized system specific mathematical
functions that are used, normally in
combination with so-called ‘keys’, to
provide an adequate security level for the
security mechanisms and the security
management features. Standardized
cryptographic algorithms are offered in
TETRA as an option to support
interoperability between different TETRA
systems.
Security mechanisms
• Lawful interception mechanisms. These are
functions that are used within
communication systems to provide the
lawfully required access to information and
communication, with the aim to fulfil
national regulatory requirements. It is
essential that such functions do not affect
the regular security of the system. Therefore
these functions should be controlled
through the security management features.
The security mechanisms integrated in the
TETRA standard are described in this section.
A full description can be found in the formal
ETSI standards [5] and [6] that can be obtained
via http://www.etsi.org .
Mutual authentication over the air interface
The TETRA standard supports mutual
authentication between a Mobile Station (MS)
Information Security Technical Report, Vol. 5, No. 3
45

TETRA Security
Authentication Key K
Authentication Key K
Check: is this a genuine user
Check: is this a real network
Mobile Station
Authentication Centre
Figure 2: Mutual authentication.
on the one hand and the network [which in
TETRA is normally referred to as the
Switching and Management Infrastructure
(SwMI)]. This makes it possible for a TETRA
system to control access to it and for an MS to
check if a network can be trusted.
• Control the disabling and enabling of an
MS/SIM³ in a secure way.
• Ensure that TETRA MS’s are connected to
the real TETRA system.
The mutual authentication security
mechanism is available for Voice and Data
and Packet Data Optimised mode. In Direct
Mode Operation (DMO)⁴an explicit
authentication mechanism is not available; in
this case the use of Static Cipher Keys (SCK)⁵
can however provide implicit mutual
authentication.
In TETRA, as in most other secure systems, the
authentication is a firm basis for the overall
security. It can be used for the following
purposes.
• Ensure correct billing in public assess
systems.
• Control the access of the MS to the network
The use of several authentication algorithms,
both standard and proprietary, is supported
(see Air interface authentication and key
management algorithms).
and its services.
• Derive a unique session encryption key, the
Derived Cipher Key (DCK)² which is
linked to the authentication, and establish
other security parameters.
3
The Subscriber Identity Module (SIM) is a piece of
hardware (often a smart card) that contains the
essential subscriber information including the
authentication key and that can be placed in an MS to
‘personalize’ it.
• Create a secure distribution channel for
sensitive information such as other
encryption keys.
4
Direct Mode Operation (DMO) is the direct
communication between Mobile Stations without the
use of a network.
2
5
The Derived Cipher Key (DCK) is a unique
The Static Cipher Key (SCK) is a fixed pre-stored
encryption key used to encrypt information which is
exchanged on the link between the network and the
MS, see also Keys for air interface encryption.
encryption key used to encrypt information which is
exchanged on the link between the network and the
MS/SIM, see also Keys for air interface encryption.
46
Information Security Technical Report, Vol. 5, No. 3

TETRA Security
Mutual authentication is done on the basis of
an authentication key K, which is unique for
every MS or SIM if the latter is used. The K is
both stored in the MS/SIM and in the
network. Normally a specific network element
is used to store the Authentication keys. This
is called the Authentication Centre (AUC).
within the network. In this case end-to-end
security can provide an efficient solution.
The difference between the scope of air
interface security and end-to-end security is
illustrated in Figure 3.
Air interface encryption
Mutual authentication using an Authentication
Centre is illustrated in Figure 2.
Using a variety of keys (see Keys for air
interface encryption), user and signalling
information can be encrypted over the air
interface between the MS and the SwMI, both
for individual and group communications.
The Air interface encryption mechanism is
available for Voice and Data and Direct Mode
Operation. The use of several encryption
algorithms, both standard and proprietary, is
supported (see Section Air interface
authentication and key management
algorithms).
Encryption
Modern mobile and wireless communications
systems all have some form of air interface
security. This air interface security is intended
to secure the connection between MSs and the
network. Air interface security is an effective
means of providing security in a mobile
network and some essential security functions
can only be realized by air interface security.
End-to-end encryption
In most cases it is sufficient to rely on air
interface security and take no further security
measures. However, in TETRA systems
needing a very high level of security,
additional security may be required to protect
information transmitted from one MS to
another not only over the air interface but also
TETRA is not a simple product supporting one
single system for end-to-end encryption, but is
a standard offering a broad range of
implementations for end-to-end encryption
systems. This makes it possible for a user to
tailor an end-to-end encryption system to his
own requirements.
Network
MS
MS
This flexibility is essential for a standard like
TETRA that will be implemented in many
forms for different user groups. Public
Safety organizations will have specific
(high) national security requirements for
their implementation of end-to-end
encryption, which will be different from the
requirements military users groups have
(their security requirements will be even
higher). All such organizations need the
ability to specify an end-to-end encryption
system according to their own requirements.
On the other hand, it can be expected that
commercial user groups will have a need for
Air interface security between MS and network
End-to-end security between MS’s
Figure 3: Air interface security versus end-to-end
security.
Information Security Technical Report, Vol. 5, No. 3
47

TETRA Security
a relatively simple (but secure) end-to-end
encryption system.
• the MS equipment, based on the Terminal
Equipment Identity (TEI)
So a whole range of requirements for end-to-
end encryption systems should be and is
supported by the TETRA standard. However,
there will be TETRA users who do not have
the desire or ability to define an end-to-end
encryption system but still want to have one.
For such users it is beneficial to have a
(example) specification of an end-to-end
encryption system which could be
implemented without further specification
effort.
• the MS subscription, based on the
Individual TETRA Subscriber Identity (ITSI)
• both the MS equipment and the MS
subscription
If the TEI is disabled the MS cannot be used
anymore, even if another ITSI (which can be
stored in a detachable module such as a SIM)
7, 8, 9
Enabled
ITSI
The TETRA MoU⁶ has recognized this and
therefore the TETRA MoU Security and Fraud
Prevention group (SFPG) specified a default
end-to-end encryption framework. Users can
use this framework to define their own end-
to-end encryption system. The only thing they
have to do is make a few basic choices (e.g. set
the number of closed talk groups to be
supported) to dimension the system according
to their needs.
and
Eq.
1
9
3
2
4
7, 9
1, 2, 3
8, 9
5
6
1
2
2, 3
1, 3
Temporarily
disabled Eq.
and enabled
ITSI
Temporarily
disabled ITSI
and enabled
Eq.
Temporarily
disabled Eq.
and ITSI
8
7
4
4
5
5
5
4
6
Permanently
disabled ITSI
and temporarily
disabled Eq.
Permanently
disabled Eq.
Permanently
disabled Eq.
and enabled
ITSI
Permanently
disabled ITSI
and enabled
Eq.
and temporarily
disabled ITSI
6
6
Permanently
disabled Eq.
Anonymity
and permanently
disabled ITSI
Anonymity can be achieved by the SwIM
assigning temporary individual or group
identities and then encrypting these identities
over the air interface. This is a dynamic
operation in the sense that each identity is
encrypted in a different way. Again, this
mechanism is available for Voice and Data and
Direct Mode Operation.
Figure 4: State diagram showing functions and
states.
Key:
1)temporary disabling of equipment
2)temporary disabling of ITSI
3)temporary disabling of equipment and ITSI
4)permanent disabling of equipment
5)permanent disabling of ITSI
6)permanent disabling of equipment and ITSI
7)enabling of equipment
Secure enabling and disabling of terminals
TETRA supports different options for a direct
secure disabling or enabling of either:
6
The TETRA Memorandum of Understanding (MoU)
is an organization of users, manufacturers, operators,
test houses and telecom agencies with an interest in
realizing TETRA systems.
8)enabling of ITSI
9)enabling of equipment and ITSI
48
Information Security Technical Report, Vol. 5, No. 3

TETRA Security
is inserted in the MS. If the ITSI is disabled an
MS can still be used in combination with
another (enabled) ITSI. The ITSI cannot be
used in any MS anymore.
This control is one of the tasks of security
management. Another task of security
management is to guarantee that the security
mechanisms are used in the proper way and
that the different mechanisms are integrated
in an appropriate way to achieve an overall
secure system. Security management is also
responsible for realizing inter-operability
between different (TETRA) systems.
In addition the disabling can be either
temporary (which leaves the possibility to
enable again) or permanent (which is irrev-
ersible). This results in the following nine states:
TEI
ITSI
The form in which the security is condensed is
normally that of so-called ‘keys’. A key is a piece
of secret information that is used, often in
combination with cryptographic algorithms, to
provide the actual security to a security
mechanism. Often the keys form the interface
between the security management and the
security features. The security management is
responsible for dealing with the keys in a secure
way. Though the security management is partly
an issue for the implementation, in
communication systems like TETRA certain
security management features can be specified
which support the security management.
Enabled
Enabled
Enabled
Temp disabled
Perm disabled
Enabled
Enabled
Temp disabled
Temp disabled
Temp disabled
Perm disabled
Perm disabled
Perm disabled
Temp disabled
Perm disabled
Enabled
Temp disabled
Perm disabled
Figure 4 describes functions and states and is
copied from the TETRA security standard [5].
In systems demanding high security, disabling
and enabling should only take place after
mutual authentication has been performed. If
this is not the case the feature (especially the
disabling) can obviously be used to attack the
system. The TETRA standard leaves open the
possibility to disable and enable without
mutual authentication first taking place, but in
practice this will only be done in systems with
a low security level.
An adequate security management is just as
important as the actual security mechanisms.
In TETRA key management, functionality and
flexibility are key words. A large number of
features have been integrated to support the
key management. A summary of those is
provided below.
Authentication Key
The authentication key K is used for mutual
authentication between an MS and the SwMI.
There are three possible methods for
generating K which are outlined below.
Security management features
The mere fact that security functions are
integrated in
a
system does not
automatically imply that a system is fully
secure. However, what is normally achieved
is that the security risks are so to say
‘condensed’, that is they are concentrated to
specific elements in the system which can be
adequately controlled.
Method 1 — Generation of K from an
Authentication Code (AC). In this case the user
types in an Authentication code via the
keyboard of the handset. The digits of the AC
are represented as a string of bits. An algorithm
then derives the key K from this bit string.
Information Security Technical Report, Vol. 5, No. 3
49

TETRA Security
The AC is normally not stored in the handset.
In the Network (Authentication Centre) either
the K or the AC is stored. In the latter case the
K is derived form the AC every time this is
needed. This method is used if it is needed to
identify the user of a handset, but not the
handset. It should be noted that the AC would
normally have much less then 128 information
bits. Therefore, this method for generation of
K should only be used in exceptional cases,
e.g. if there is a need for user authentication
only or if a key needs to be generated
immediately and there is no possibility to use
an UAK (see below).
to MSs using so-called Over The Air Re-
keying (OTAR, see also Air interface
authentication and key management
algorithms) or they may be preloaded in the
MSs. There are both keys with long-term and
short-term key lifetimes. Special mechanisms
are included to protect the keys with a long
lifetime. For the interested reader a
description of the keys for encryption within
the TETRA system is provided below.
The Derived Cipher Key (DCK) is derived
during the authentication procedure. It can be
used to encrypt the link between the network
and the MS on an individual basis. Thus it can
also provide an extended implicit authentication
during the call, and can e.g. be used for
encryption of uplink communications (i.e. the
communication from the network to the MS).
Method 2 — Generation of K from an User
Authentication Key (UAK). The User
Authentication Key is an unpredictable
(random) value of any desirable length
(usually 128 bits). The K is derived from the
UAK using an algorithm. The UAK or
(normally) the K is stored in the handset (or
SIM) and the network (Authentication
Centre). If the UAK is stored then every time
the K has to be derived from it. This method is
used if it is needed to identify the handset. It
will be the most common method of key
generation in TETRA systems.
The Common Cipher Key (CCK) is generated
by the SwMI and distributed, encrypted with
the DCK, to MSs. It is efficient to use this key
for encryption of messages that are directed to
a certain Location Area (LA)⁷. In practice the
CCK can be used to set up a group call with all
MSs that at the moment are in a certain area,
independent of the specific closed user groups
these MSs are part of.
Method 3 — Generation of K from an
Authentication Code (AC) and an User
Authentication Key (UAK). In this case the K
is derived from an AC entered by the user via
the keyboard of the handset and a UAK stored
in the handset. The derivation of K from AC
and UAK is done via an algorithm. In the
network either only the resulting K is stored,
or both the AC and UAK are stored. This
method is used if it is needed to identify both
the user and the handset.
When the CCK is distributed to an MS over
the air interface using OTAR it is encrypted
with the DCK of this MS.
The Group Cipher Key (GCK) is linked to a
specific closed user group. It is generated by the
SwMI and distributed to the MSs of a group
(e.g. similarly to the CCK, on a smart card, or
using OTAR (see below)). It is used either in its
‘raw’ state or modified by the CCK, for
encryption of calls for this user group.
Keys for air interface encryption
7
A Location Area is a geographical area where a
network and a number of MSs are operational which
have certain logical connections (e.g. Public Safety
organizations of a city, a department, etc.).
There are several sorts of encryption keys. The
key may be derived or transferred as part of
the authentication procedure, then can be sent
50
Information Security Technical Report, Vol. 5, No. 3

TETRA Security
When the GCK is distributed to an MS over
the air interface using OTAR it is encrypted
with a session encryption key derived from
the Authentication Key for this MS.
session encryption key derived from the
Authentication Key for this MS.
OTAR
Within a Location Area the GCK is used in a
modified form. It is encrypted by the CCK to
obtain the Modified GCK (MGCK). If the MS
is in this Location Area the MGCK is used to
encrypt the closed user group messages for
this MS.
As indicated above there is a possibility to
distribute or update CCKs, GCKs and SCKs
using a so-called Over The Air Re-keying
(OTAR) mechanism. The mechanism makes it
possible to send in a secure way air interface
encryption keys from the SwMI over the air
directly to an MS and can be applied as long as
an authentication key K is available for the MS.
The OTAR messages to an MS are encrypted
using session encryption keys that are derived
from the authentication key for this MS.
The Static Cipher Key (SCK), finally, is a
predetermined key which can be used
without prior authentication. It is ‘static’ in
the sense that it is a fixed key that is not
changed (e.g. by an authentication exchange)
until it is replaced. TETRA supports the use
of up to 32 SCKs. They can be distributed
similarly to the GCKs. Their use is largely
implementation dependent, but they can be
used for e.g. encryption in Direct Mode
Operation (where they may also provide
explicit authentication), encryption within
closed user groups and encryption in
situations where authentication has not (yet)
taken place.
A mechanisms similar to OTAR is also
available for end-to-end encryption.
Transfer of authentication information
between networks
If a TETRA MS roams from its own ‘home’
network to another TETRA network, then this
‘visited’ TETRA network will need to obtain
authentication information from the ‘home’
network of this MS in order to be able to
perform mutual authentication and generate
and/or distribute encryption keys. The transfer
When an SCK is distributed to an MS over the
air interface using OTAR it is encrypted with a
MS
network element
authentication center (AUC)
Over the air
Over the air
authentication
authentication
Home Network
Visited network
Figure 5: Authentication in a visited network without disclosing the authentication key.
Information Security Technical Report, Vol. 5, No. 3
51

TETRA Security
Air interface encryption algorithms
of authentication information in networks is in
principle supported in three ways. The most
straightforward method is to simply transfer
the authentication key K to the visited network.
For security reasons this is, however, not
advisable. A second option is to transfer certain
information that can be used for one single
authentication procedure. This is basically the
same method as is applied in GSM and can be
implemented in a very secure way. However, in
TETRA systems it might cause too much
overhead to transfer this information on a
regular basis. A third alternative is therefore
supported. This allows a home network to
transfer only once a session authentication key
for an MS, which can be used for repeated
authentications, to a visited network without
revealing the original authentication key of the
MS. This option combines security and
efficiency (see Figure 5).
TETRA users can specify their own air interface
encryption algorithm. However, for reasons of
easy interoperability in multi-vendor systems,
standard air interface encryption algorithms
have also been specified as part of the TETRA
standard. Several requirements have been
taken into account when specifying these
standard algorithms. The most important of
these are the need for diversity and export
control regulations.
Need for diversity
In this paper it has already been explained that
there will be a wide range of TETRA networks
and applications. Not all users want to ‘share’
their standard encryption algorithms with all
other TETRA users. Especially the European
Public Safety Organisations (from or linked to
the European Schengen organization) require
having their own standard air interface
encryption algorithm.
The standard TETRA cryptographic
algorithms
The TETRA standard offers a number of
standard cryptographic algorithms which all
have their own specific purpose. This section
explains this purpose and the use of these
standard algorithms.
Export control regulation
The use of encryption algorithms is subject to
export controls. During the specification of
Name
TEA1
Intended use
This is a baseline algorithm for general use in TETRA systems. This algorithm should have
minimal export control problems, whether or not the country of export is part of the
Wassenaar Arrangement.
TEA2
TEA3
This is a full 80-bit encryption algorithm. Its use is restricted to Public Safety organisations
in Schengen and related countries. The algorithm will be subject to export controls.
This is a full 80-bit encryption algorithm. It is intended for use by Public Safety
organizations in non-Schengen countries, but depending on the system also other TETRA
users might use this algorithm. The algorithm will be subject to export controls.
TEA4
This algorithm is for general use in TETRA systems. It has been designed in such a way that
it is just exportable under the new export regime set by the Wassenaar Arrangement.
Table 1: TETRA encryption algorithms developed by SAGE.
52
Information Security Technical Report, Vol. 5, No. 3

TETRA Security
the first standard TETRA air interface
encryption algorithms, these controls were
quite strong. By the end of 1998 the
Wassenaar Arrangement, an organization in
which the governments from the 33 major
industrial countries are united (see
http://www.wassenaar.org) decided to relax
export controls on encryption. The range of
standard TETRA encryption algorithms takes
into account this recent development.
specification is distributed by its custodian,
which also is ETSI.
End-to-end encryption algorithms
In Section 3 it is described that the TETRA
standard supports a wide range of end-to-end
encryption implementations. Most users of
end-to-end encryption will want to specify
their own end-to-end encryption algorithm.
Therefore, no standard end-to-end encryption
algorithm has been specified as part of the
TETRA standard.
At the moment four standard TETRA
encryption algorithms are available to
TETRA users. These algorithms have been
developed by ETSI’s Security Algorithms
Group of Experts (SAGE). In Table 1 these
algorithms are listed and their intended use
is explained.
Nevertheless there will be a recommended
end-to-end encryption algorithm which can be
used in the context of the TETRA MoU end-to-
end security framework. This algorithm is
envisaged to be the well-known IDEA
algorithm, provided that licences for the use of
IDEA in TETRA will be granted on non-
discriminatory and reasonable conditions.
The standard TETRA Encryption Algorithms
are available to TETRA users and
manufacturers. They are distributed by a so-
called custodian. In case of the TEA1, TEA3
and TEA4 the custodian is ETSI (see
http://www.etsi.org , section algorithms and
codes). The TEA2 is distributed by the Dutch
Police IT organization.
Lawful interception mechanisms
In most European countries there is an
obligation on operators of public (and
sometimes private) telecommunication
networks to provide lawful interception
facilities to the responsible national
authorities. Since a standardized solution is
much more cost efficient than proprietary
implementations on a case by case basis, it
was decided to provide support for lawful
interception within the TETRA standard. A
subgroup of the TETRA security group has
standardized a Lawful Interception Interface
[7] to support the mechanisms for lawful
interception. The detailed implementation of
this interface might differ on a country to
country basis.
Air interface authentication and key
management algorithms
TETRA users can specify their own air
interface authentication and key management
algorithm. Again for easy interoperability in
multivendor systems, also a set of standard air
interface authentication and key management
algorithms has been specified as part of the
TETRA standard.
The requirements on diversity and export
control regulations do not exist in the case of
authentication and key management
algorithms. Therefore, only a single set of
standard air interface authentication and key
management algorithms has been specified.
This algorithm set is called the TAA1. Its
Acknowledgements
The author would like to thank Mrs Marjan
Bolle for comments and suggestions.
Information Security Technical Report, Vol. 5, No. 3
53

TETRA Security
References
and http://www.tetramou.com/documents/
index.htm.
[1]G. Roelofsen, 1999. Cryptographic
algorithms in Telecommunications Systems,
Information Security Technical Report, Vol. 4, No.
1, 1999, pp. 29–37.
[4]G. Roelofsen, 2000. “Practical security in
TETRA”, paper presented at the IBC TETRA
Conference 2000.
[2]G. Roelofsen, 1997. “TETRA Security —
the fundament of a high performance
system”, paper presented at the IBC TETRA
Conference 1997, also available on:
http://www.tetramou.com/Tech/index.htm
and http://www.tetramou.com/documents/
index.htm.
[5]ETS 300 392-7, Terrestrial Trunked Radio
(TETRA), Voice plus Data (V+D), Part 7:
Security (2nd edition to be published in
2000).
[6]ETS 300 396-6, Terrestrial Trunked Radio
(TETRA), Direct Mode Operation (DMO), Part
6: Security (1998).
[3]G. Roelofsen, 1998. “Security issues for
networks”, paper presented at the IBC TETRA
Conference 1998 also available on
http://www.tetramou.com/Tech/index.htm
[7]EN 301 040 , Terrestrial Trunked Radio
(TETRA), Security, Lawful Interception (LI)
Interface, V2.0.0 (1998).
54
Information Security Technical Report, Vol. 5, No. 3