Scribd
Upload
10 views

06-Security_on_DECT-02

Uploaded by

Ariel Becerra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

06-Security_on_DECT-02

Uploaded by

Ariel Becerra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

A L C T E L

Alcatel OmniPCX 4400

SECTION 06

Security on DECT

Ed.02
A L C T E L

Alcatel OmniPCX 4400


Section 06 - Security on DECT

Section 06 - Security on DECT

SUMMARY

Security on DECT
General information ..................................................................................... 06. 3
1. General ................................................................................................ 06. 3
2. “Identity” mode ................................................................................... 06. 3
3. "Authentication” mode......................................................................... 06. 3
4. “Encryption” mode............................................................................... 06. 4
5. Reference to related modules.............................................................. 06. 4
Functional description ................................................................................... 06. 5
1. Mode programming............................................................................. 06. 5
2. Network interworking ......................................................................... 06. 5
3. Hardware requirements ...................................................................... 06. 6
4. Usage limits ......................................................................................... 06. 6
Management ................................................................................................. 06. 7
1. General ................................................................................................ 06. 7
2. Declaring the system’s DECT parameters ........................................... 06. 7
3. Entering the AC key on a mobile ......................................................... 06. 8
4. Changing a mobile’s security level ..................................................... 06. 8
5. Displaying the security level of each mobile ...................................... 06. 9
Maintenance.................................................................................................. 06.11
1. Generality ............................................................................................ 06.11

Ed.02 Ref.3BA19919ENAA 06.1


A L C T E L

Alcatel OmniPCX 4400


Section 06 - Security on DECT

06.2 Ref.3BA19919ENAA Ed.02


A L C T E L

Alcatel OmniPCX 4400


Section 06 - Security on DECT Security on DECT
General information

44A01701050A000AAEN

Security on DECT
General information
Edition: 02

1. General

As of R3.1, the Alcatel OmniPCX 4400 provides three levels of security for establishing and main-
taining DECT calls. These levels correspond to the following three modes:

1. “Identity” mode,

2. “Authentication” mode,

3. “Encryption” mode.
The most secure level is “Encryption” mode, followed by “Authentication” mode and “Identity” mode.
The properties of the “Authentication” mode are included in the “Encryption” mode, while those of the
“Identity” mode are included in the “Authentication” mode.
The operating modes may be seen by the user.
Note: the security level is defined for the whole PABX.

2. “Identity” mode

This operating mode is based on the verification of the IPUI-N number which authorises a mobile to
make or receive calls.

3. "Authentication” mode

The authentication procedure is carried out in the following cases:

- installation of a mobile,

- establishment of calls,

- location of the mobile (area loading),

- uninstallation of the mobile.


The authentication procedure may be initiated by a mobile or by the system. The element which initiates
the procedure generates a random key to its counterpart.
The mobile and the system each calculate a code according to a predefined algorithm. The calculation
of the code takes account of the random key generated by the element which initiated the procedure
as well as a UAK key (User Authentication Key).
The initiator then receives the code calculated by its counterpart. If this code is identical to the one it
generated itself the authentication procedure is successful. Otherwise, the call is interrupted.

Ed.02 Ref.3BA19919ENAA 06.3


A L C T E L

Alcatel OmniPCX 4400


Security on DECT Section 06 - Security on DECT
General information

Note: the UAK key (128 bits) used for the calculation of the code is registered in each mobile and in
the database of the system where the mobiles are installed. It is calculated from the AC (authentication
code) validated for the mobile. It is never transmitted by radio channel or on a logical link.

4. “Encryption” mode

The encryption procedure is initiated when calls are established.

In the first instance, this operating mode launches an authentication procedure (see above).

Once the authentication procedure has been carried out, the “Encryption” mode enables the data
exchanged between the mobile and the system to be exchanged. The encryption uses the DCK key
(Derived Cipher Key) calculated during the authentication procedure.

If the encryption is not implemented while the call is being established, the call is automatically in-
terrupted. In addition, there will be nothing to indicate to the mobile’s user that an on-going call is
actually encrypted.

The encryption is not interrupted during handover operations.


Note: an “unscrambled” call may not be made in a system which operates in “Encryption” mode. It
is therefore impossible to make an unencrypted call by mistake.

5. Reference to related modules

The security services are documented in the following modules:

- Functional description (see module Security on DECT - Functional description),

- Management (see module Security on DECT - Management),

- Maintenance (see module Security on DECT - Maintenance).

REMINDER: this functionality cannot be implemented if the DECT is not installed on the
PABX.

06.4 Ref.3BA19919ENAA Ed.02


A L C T E L

Alcatel OmniPCX 4400


Section 06 - Security on DECT Security on DECT
Functional description

44A01701050A042AAEN

Security on DECT
Functional description
Edition: 02

1. Mode programming

A security level is allocated to the whole of the system in management on the PABX.
However, the security level of a DECT or GAP set may be modified during their installation procedure.
In this case, the operating mode chosen for the set must be lower than the one chosen for the system.
If the administrator wants to modify the security level of a mobile which is already installed, he must
uninstall the mobile then relaunch an installation procedure on the PABX.

2. Network interworking

The ’Identity’, ’Authentication’ and ’Encryption’ modes may be used in the context of the networked
DECT feature.
As the UAK key may not be transmitted to the visitor node, the node uses the codes derived from the
key which are transmitted to it by the declaration node.
These codes are substituted for the UAK key in the authentication procedure. They are used to generate
the DCK key used for the encryption.
Depending on the operating mode established on the visited node and the operating mode on the
visitor DECT node, the final security level used in the establishment of DECT calls on the visited node
is presented in the table below:
In bold: the respective operating modes of the visited node (line) and the visitor DECT set (column).
Normal text: the final operating mode used for the establishment of DECT calls.

Figure 1 : Summary table:

Visited node

Modes Identity Authentication Encryption

Identity Identity Identity Identity


Visitor DECT
set
Authentication Identity Authentication Authentication

Encryption Identity Authentication Encryption

Ed.02 Ref.3BA19919ENAA 06.5


A L C T E L

Alcatel OmniPCX 4400


Security on DECT Section 06 - Security on DECT
Functional description

3. Hardware requirements

“Encryption” mode will only function if the system has DECT4HB boards. At least one of them must be
fitted with a DTM daughter board. It will not function with DECT2 and DECT4H boards.

The administrator must make sure that this type of board is present in the system as the system will not
automatically check the system coupler type.

4. Usage limits

The maximum levels of security which can be used by the mobiles are:

- for a 4074B/H, “Identity” mode”,

- for a 4074GB/GH, “Encryption” mode,

- for an Altiset S DECT mobile, “Authentication” mode,

- for an Alcatel 4072 GAP DECT mobile, “Encryption” mode,

- for a digital set associated with a TSC-DECT adaptor, “Authentication” mode.

The system’s security level is limited to “Authentication” mode for a DECT system in IBS configuration.

06.6 Ref.3BA19919ENAA Ed.02


A L C T E L

Alcatel OmniPCX 4400


Section 06 - Security on DECT Security on DECT
Management

44A01701050A160AAEN

Security on DECT
Management
Edition: 02

1. General

This paragraph describes the parameters to be set to implement the security. The administrator must:

- define the system default security level,

- if necessary define the AC (Authentication Mode) key number for the system,

- enter the AC key on each mobile in the system if it has an “Authentication” or “Encryption” security
level.

The administrator may, however, modify or allocate a security level lower than that of the system for a
mobile which is already installed.

2. Declaring the system’s DECT parameters

Object name: Dect system

Attributes:

AC System : Enter the AC key (4 digits). This value is used


when the Security level attribute is set to
“Authentication” or “Encryption”.
Note: this field is empty when the PABX is
initialised. In this case, the value of the key is
"FFFF”.
Security level : Select the security level for the system:
- Identity,
- Authentication,
- Encryption.

Warning:

- the system must be reinitialised (shutdown) to take the new security level into account.

- if the administrator wants to modify the system’s AC key, he must reinstall all the sets in the
system which were installed with the old AC key.
Note: after translation to R3.1, the security level attribute takes the value “Identity” by default.

Ed.02 Ref.3BA19919ENAA 06.7


A L C T E L

Alcatel OmniPCX 4400


Security on DECT Section 06 - Security on DECT
Management

3. Entering the AC key on a mobile

3.1. General
A set may only be installed in “Authentication” or “Encryption” mode if its AC key has the same value
as the one used by the system.
The AC key must be entered before the set installation procedure is launched.
Remark: For the set installation procedure, refer to the module DECT - Management - UA, GAP
and AGAP.
Note: a different AC key to the system AC key may be entered on some sets using the following
command:
dectinston <Directory No.> -ac <AC key>

3.2. 4074 set


The value of the AC key on initialisation is “0000”. This value may be modified in the following way:

- Enter programming mode (long key press on 7),

- Select the “Config System” sub-menu (selection 3),

- Select option (1) to set the type of terminal as “undef”,

- Next modify the value of the AC key by selecting option (7),

- Exit programming mode by the usual procedure,

- Switch the set off then back on again,

- “SUBSCRIPTION OK?” displayed. The set installation procedure may now be launched with
the new AC key.

3.3. 4072 set


The AC code must be entered in the “code” field (on the set) which is proposed during the set installation
procedure. If you press “OK” without entering the code the value of the AC key will be “FFFF”.

3.4. Other GAP sets


Some GAP sets request an AC key, even in “Identity” mode. In this case, you are recommended to
enter the system’s AC key. This is required for the uninstallation.

4. Changing a mobile’s security level

Each mobile installed uses a security level which is defined by the system. The administrator may,
however, define a security level which is lower than that of the system when a mobile is installed.
As the set is already installed, all the data which relates to the set must be deleted using the dectrm
command:
dectrm <Directory No.>

06.8 Ref.3BA19919ENAA Ed.02


A L C T E L

Alcatel OmniPCX 4400


Section 06 - Security on DECT Security on DECT
Management

Remark:

- For the GAP sets:


some GAP sets may not be uninstalled without an AC key even in Identity mode. In this case, the
command is:
dectrm <Directory No.> -a -ac <AC key No.>
If the -ac option is omitted, the system’s AC key must be entered.

- For the 4072 set:


The value of the AC key may be “FFFF”, see § 3.3 : 4072 set In this case, the command to be
entered is:
dectrm <Directory No.> -a -ac F

Next install the set using the dectinston command:

dectinston <Directory No.> <option>

The option may be:

-s0 : used to force the mode to “Identity”.


-s1 : used to force the mode to “Authentication”.

To continue the installation of the mobile once the dectinston command is launched, refer to the module
DECT - Management - UA, GAP and AGAP.
Remark:
The following error message is displayed when the administrator launches the dectinston -s1 command
on a system which operates with “Identity” mode:
Option -s1 is currently not allowed :
In this case, the registration phase follows the “Identity” mode.

5. Displaying the security level of each mobile

First of all, the administrator selects the directory number of the mobile in question. This implies that
the mobile is already installed.

Object name: Users > DECT set

Attribute:

Security level : Displays the operating mode allocated to the


mobile when it is registered by the system.

Ed.02 Ref.3BA19919ENAA 06.9


A L C T E L

Alcatel OmniPCX 4400


Security on DECT Section 06 - Security on DECT
Management

06.10 Ref.3BA19919ENAA Ed.02


A L C T E L

Alcatel OmniPCX 4400


Section 06 - Security on DECT Security on DECT
Maintenance

44A01701050A400AAEN

Security on DECT
Maintenance
Edition: 02

1. Generality

Security parameter display

The Dectinfo 0 command provides a range of information, including the PABX security parameters:
the AC key and the system security level.

Dectinfo 0

...............
AC system =FFFF Security system = Use Authentication
...............

Ed.02 Ref.3BA19919ENAA 06.11

You might also like