HISEC-GKM - Secure communication for emergency responders and helpers
Keywords: Tetra, Polizei, Feuerwehr, Sicherheit, Kommunikation, Funk, digital, Passwort, Datenrate, Tetra, police, fire department, security, communication, radio, digital, password, data rate
For this purpose, the digital trunked radio system TETRA is introduced in Germany, which has only a low data rate (about 15.6 kbit/s) . TETRA is therefore not capable of transmitting large amounts of data such as maps, videos and other data which is relevant to the emergency services. Therefore, it makes sense, TETRA with commercially available systems such. B: WLAN or UMTS / LTE to combine. In the event of a loss situation, rescue teams will in future use multimedia services that require ever- higher data rates. However, the use of publicly operated networks presents a potential security vulnerability, since the authentication / encryption mechanisms used by the networks and the associated keys are accessible to the operators of these networks, potentially allowing operators to potentially gain access to the confidental data. Against this background, it is imperative to perform additional encryption. The challenge is to distribute the keys for this additional encryption as well as to manage the access permissions. The novel HISEC- GKM procedure described below enables the secure use of public networks as well as the transmission of group hierarchies through a specific combination of the different procedures. If conventional communication devices are to be integrated into secure communication with TETRA, a key is requested from a TETRA device (1). The key is created by the Group Key Management Service Center (GKMSC) (2) and sent as a QR code to one or more TETRA terminals (3). The access device in the insecure network (NU) scans the code (4) and thus gets access to the secure network (NS) (5). If an ad hoc network based on a commercial available technology (eg WLAN) is set up by an organization (eg the fire brigade) and the access key is stored in the GKMSC in order to provide this high data rate, members of the organization can use the ad hoc network (1:1 figure of the groups) if they have access to the GKMSC. By means of the same access, then, if necessary, the secure network NS can also be accessed by means of a special gateway. If now an organization- spreading group is to be developed (police and fire- brigade) a common group key is requested over the GKMSC (1:n illustration of the groups). If the requesting agent is authorized for group aggregation, a new group key is generated for both subgroups and distributed via a push service. The use of push services within NS thus enables efficient management of the required keys and credentials. These can be replaced quickly if necessary. In addition, a single member of a secure network acting group GNS may request a key or credential for a new network acting group GUS, which is then distributed to all members of the authorized groups GNS. Using a virtual interface between NS and NU makes it easier to protect the keys as it cannot simply be copied / noted. Errors due to a manual adjustment of the keys are avoided. A time- consuming operation of a keyboard is eliminated, e.g. by using a helmet camera, the code displayed on the Tetra device can be transferred directly to the multimedia- enabled device by fire fighter in use.
- Secure communication over insecure networks
- Formation of hierarchies and group structures in communication possible
- Temporary inclusion of many helpers in communication during catastrophes or major Events
- Low technical effort
- Exclusion of unauthorized persons
- Easy and quick handling
In addition to the safe use of insecure networks with high data rates by the emergency services themselves, there are multitude of other scenarios in which HISEC- GKM can be great of benefit. In this way, volunteers can be given temporary access to relevant data in disaster situations and integrated into TETRA communication. The use of hierarchies and the division into groups can be used for organizational purposes. This can also be very helpful in organizing folder services at major events (e.g. in football stadiums) or searches. In particular, persons classified as unreliable may be excluded from communication by revoking the old and distributing a new key.
The invention has been applied for patend in Germany, Europe and USA. Do not hesitate to ask for further status details. A proof of principles has been provided. There is a prototype, with which the function proof of the invention was provided. On behalf of the TU Dortmund, we offer interested companies the opportunity to license or purchase, as well as to further develop the technology.
An invention of TU Dortmund.