If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
In August 2023, we published the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure. Authentication and encryption within TETRA are handled by proprietary cryptographic cipher-suites, which had remained secret for over two decades through restrictive NDAs until our reverse-engineering and publication.
TETRA:BURST consists of five vulnerabilities, two of which are critical, including the backdoored TEA1 cipher (crackable in minutes on commodity hardware by a passive adversary), a keystream recovery attack (which works regardless of the cipher employed), and a deanonymization attack with counter-intelligence implications.
In this talk, we will discuss and demonstrate the TETRA:BURST vulnerabilities themselves and will - for the first time - disclose the details of the TA61 identity anonymization primitive and our Meet-in-the-Middle deanonymization attack against it. In addition, we will provide more background on how the TEA1 backdoor proliferated throughout Europe and provide attendees with an update on new developments since our initial disclosure, the future of TETRA, and the vast amount of TETRA hardening work that still needs to be done in critical infrastructure.