DECT Security, Encryption & Authentication
- summary of the main issues of DECT security and the use of DECT encryption and authentication to ensure privacy is maintained.
DECT security is of paramount importance. Along with the concept of DECT security, are encryption and authentication as two main methods for ensuring that security is maintained.
With security, and DECT security, a major issue these days after the first generation demonstrated how easy it could be to listen to transmissions that were not protected in any way, it was essential that DECT provided sufficient security from the outset.
DECT security basics
The DECT standard provides a number of security measures that can be implemented to counteract the vulnerabilities introduced by the use of a wire-less system.
DECT security uses a number of measures including subscription and authentication protocols to ensure that only those stations allowed will be able to communicate.
In addition to this the DECT security measures also include some advanced ciphering techniques to provide protection against eavesdropping.
The subscription process is that part of DECT security that allows a certain handset to connect to a network / base.
For a DECT subscription, the network operator or service provider provides the user of the portable equipment with a secret PIN code to act as a subscription key. This PIN code is entered into both the base station and the handset before the subscription procedure starts.
The time to perform the subscription is limited as this adds to the security of the system. Additionally the PIN code can only be used once to prevent hackers repeatedly trying codes until they gain access.
The DECT subscription process is undertaken over the air - the wireless link is set up and both ends ascertaining that they have the same subscription key. In the DECT subscription process, handset and base-station identities are exchanged and then both ends calculate an authentication key. This authentication key is used at the set-up of every call, but it is not transferred over the air as it is secret.
A DECT handset may have several subscriptions. With each subscription, the DECT handset will calculate a new secret authentication key. This is associated with the network to which it is subscribing.
The new keys and network identities are all kept in a list contained within the DECT handset. These keys are used when locking to a base station. The handsets will only lock to a base station for which they have an authentication key. In this way handset will only lock onto base stations with which they have been associated.
Authentication is an integral part of DECT security and may be accomplished each time a call is set up. The DECT authentication process requires the secret authentication key to be assessed by the base station without it being sent over the air. If it was sent over the air, then it would be possible for the DECT security to be compromised.
The way in which the DECT security measures enable the key to be checked include the following steps:
- The DECT base station sends a random number to the handset - this is called a challenge.
- The DECT handset calculates a response to this by mathematically interacting the secret authentication key with the challenge key. The algorithm used is such that it does not allow the secret authentication key to be determined.
- The base station also uses the same algorithm to calculate the response.
- The response is transmitted back to the base station.
- The base station compares both responses.
- If both responses compare then the base station will allow the call to proceed.
Using this process, DECT security is maintained to a sufficient level for most purposes. If the air interface is being monitored to access the authentication key, the algorithm has to be known to recalculate the key from the 'challenge' and the 'response'. The determination of the exact algorithm used demands for a huge amount of computing power. While DECT security is not totally impregnable, it is sufficiently high to prevent most unauthorised visitors from breaking into the system.
DECT ciphering or DECT encryption The authentication process uses an algorithm to calculate the 'response' from a 'challenge' and the authentication key in handset and base station. This is in fact a way to send the identity of the user in an encrypted form over the air in order to preventing theft of the identity. Looking at user data (e.g. speech) the same principle can be applied. During authentication, both sides also calculate a cipher key. This key is used to cipher the data sent over the air. At the receiving side the same key is used to decipher the information. In DECT, the ciphering process is part of the standard (however not mandatory).
By Ian Poole
Want more like this? Register for our newsletter