Authorities and organzisations with security tasks require wireless communication systems that guarantee a particularly high degree of reliability against unauthorized interception or even manipulation of transmitted data by third parties. For this purpose the digital trunked radio system TETRA (Terrestrial Trunked Radio) is being introduced. Unfortunately it has a low data rate (about 15.6 kbit/s). Therefore it is not capable of transmitting large amounts of data such as maps, videos and other data which are relevant for emergency services. Therefore the combination of TETRA with commercially available systems such as WLAN or UMTS / LTE is envisaged.
Future communication facilities of emergency services face two challenges: large data amounts to be transmitted and security requirements.
Additional challenges are the security requirements. Publicly operated networks present potential security vulnerability, since the authentication / encryption mechanisms used by the networks and the associated keys are accessible to the operators of these networks, potentially allowing operators to potentially gain access to the confidential data. Against this background, it is imperative to perform additional encryption. The challenge is to distribute the keys for this additional encryption as well as to manage the access permissions.
A German university developed a novel procedure: highly secure groupe key management, short HISEC- GKM. It enables the secure use of public networks as well as the transmission of group hierarchies through a specific combination of the different procedures.
The university offers a lisence agreement to producers of TETRA devices. They should implement the technology.
Below the functionalities of the invention are described. Please have a look at the graph that will help to understand the technique.
If conventional communication devices are to be integrated into secure communication with TETRA, a key is requested from a TETRA device (1). The key is created by the group key management service centre (GKMSC) (2) and sent as a QR code to one or more TETRA terminals (3). The access device in the insecure network (NU) scans the code (4) and thus gets access to the secure network (NS) (5).
If an ad hoc network based on a commercial available technology (eg WLAN) is set up by an organization (eg the fire brigade) and the access key is stored in the GKMSC in order to provide this high data rate, members of the organization can use the ad hoc network (1:1 figure of the groups) if they have access to the GKMSC.
By means of the same access, then, if necessary, the secure network NS can also be accessed by means of a special gateway. If now an organization- spreading group is to be developed (police and fire- brigade) a common group key is requested over the GKMSC (1:n illustration of the groups). If the requesting agent is authorized for group aggregation, a new group key is generated for both subgroups and distributed via a push service.
The use of push services within NS thus enables efficient management of the required keys and credentials. These can be replaced quickly if necessary. In addition, a single member of a secure network acting group GNS may request a key or credential for a new network acting group GUS, which is then distributed to all members of the authorized groups GNS.
Using a virtual interface between NS and NU makes it easier to protect the keys as it cannot simply be copied / noted. Errors due to a manual adjustment of the keys are avoided. A time- consuming operation of a keyboard is eliminated, e.g. by using a helmet camera, the code displayed on the Tetra device can be transferred directly to the multimedia- enabled device by fire fighter in use.