The vulnerability analysis and improvement of the TETRA authentication protocol

The TETRA system provides an authentication service which permits only the authorized terminal to access its network by verifying that the terminal equipment and the authentication center have the identical authentication key using challenge-response protocol. However, while TETRA standard authentication protocol is able to block cloned terminals that have cloned a terminal identifier called Individual Short Subscriber Identity (ISSI), it is currently unable to prevent the illegal use of cloned terminals that have cloned both ISSI and the authentication key. In this paper, we briefly describe TETRA standard authentication protocol defined by European Telecommunications Standards Institute (ETSI), followed by a brief description of authentication key generation/distribution/injection models during its authentication process. Then we analyze the threat of cloned terminals in the case of authentication key being exposed during the process of distributing to the authentication center. Finally we propose a new authentication protocol that can prevent cloned terminals that have cloned both ISSI and the authentication key from illegally accessing the network.