Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER III: INFORMATION AND COMMUNICATION TECHNOLOGY<br />
Table III—10 TETRA network security measures addressed <strong>in</strong> Modules 1-3 of the ITU-T X.805<br />
security architecture.<br />
Module<br />
Module 1: Infrastructure<br />
layer, management plane<br />
Module 2: Infrastructure<br />
layer, control plane<br />
Module 3: Infrastructure<br />
layer, end-user plane<br />
Security Measures<br />
• Only authorized personnel with adm<strong>in</strong>istration rights<br />
granted access to element or network management systems<br />
to perform network management activities remotely or via<br />
a craft port<br />
• Ma<strong>in</strong>tenance of a log (e.g., system log, audit trails etc.)<br />
of all management actions or events<br />
• Protection of con<strong>fi</strong>guration <strong>in</strong>formation and<br />
adm<strong>in</strong>istrative IDs/passwords from unauthorized view<strong>in</strong>g,<br />
diversion, deletion or modi<strong>fi</strong>cation<br />
• OTAR and/or OTAK secure encryption key management<br />
• Backup content and protect connectivity to user<br />
management databases<br />
• Error-correction cod<strong>in</strong>g 77 to ensure the correct delivery<br />
of <strong>in</strong>formation carried over the control channel 78<br />
• Encryption of signall<strong>in</strong>g <strong>in</strong>formation over the air<br />
<strong>in</strong>terface (AIE)<br />
• Archive record<strong>in</strong>g of all control room traf<strong>fi</strong>c for later<br />
playback<br />
• Protection of <strong>fi</strong>xed signall<strong>in</strong>g network l<strong>in</strong>ks<br />
• Error-correction cod<strong>in</strong>g to ensure the correct delivery of<br />
<strong>in</strong>formation carried over the traf<strong>fi</strong>c channel 79<br />
• Compression and protection of user speech traf<strong>fi</strong>c by<br />
us<strong>in</strong>g speech encod<strong>in</strong>g 80<br />
• One way and/or mutual authentication between the MS<br />
and SwMI, to verify the term<strong>in</strong>al and legitimacy of the<br />
network<br />
• Remotely disabl<strong>in</strong>g of compromised MS equipment or<br />
subscription<br />
• User logon by key<strong>in</strong>g <strong>in</strong> a Personal Identi<strong>fi</strong>cation<br />
Number (PIN) or send<strong>in</strong>g a Radio User Identity (RUI)<br />
77 Error correction codes employed <strong>in</strong> TETRA systems <strong>in</strong>clude block codes, rate-compatible<br />
punctured convolutional codes (for phase modulation) and turbo codes (for QAM). See also ETSI<br />
EN (2007b) and ETSI TR (2007).<br />
78 TETRA’s control channel (CCH) is used to carry signall<strong>in</strong>g messages and packet data (ETSI EN<br />
2007b).<br />
79 TETRA’s traf<strong>fi</strong>c channel (TCH) is used to carry speech and circuit-switched data (ETSI EN<br />
2007b).<br />
80 TETRA networks use Algebraic Code Excited L<strong>in</strong>ear Prediction (ACELP) encod<strong>in</strong>g. TETRA Air<br />
Interface (ETSI EN 2007b). See also ETSI TR (2007).<br />
NORDREGIO REPORT 2007:5 119