Authentication ensures only valid TETRA radios can access the TETRA network and are able to initiate, monitor and participate in voice and data calls. The TETRA Air Interface Encryption methods and algorithms protects all signalling, identities and traffic across the radio link from eavesdropping.

The Authentication and Key management Server (AKS) supports secure storage, processing and distribution of TETRA authentication and encryption keys in TetraNode networks using TETRA Class 2 and 3 encryption. The AKS provides secure delivery of keys to TetraNode core components and TETRA radios over non-trusted radio and fixed IP links. The AKS fully complies with recommendations of the TETRA and Critical Communications Association’s Security and Fraud Prevention Group.

The algorithms for TETRA encryption and authentication are executed in the TetraNode Core soft switch. This means that all communication between the TetraNode Core and Base Stations is protected to the same level as on the TETRA Air Interface, eliminating the need for additional IP backhaul encryption systems, as well as precautions in the TETRA sites to prevent disclosure of sensitive key material.

Security class 3 covers the TETRA encryption methods enabled by Derived Cipher Keys (DCK), Common Cipher Key (CCK) and Group Cipher Key (GCK).

Unique features and benefits

• Key loading from transportable media like CD-ROM and USB flash drive
• Centralised management, generation and distribution of sensitive key material
• Challenge / response type of authentication over non-trusted networks
• Transport of keys through certified encryption algorithms
• Network is resilient against temporary outage of AKS components and IP links
• Secure remote access with intrusion detection and reporting