Institutional organizations, such as public safety organizations, typically use specialized voice communication systems to facilitate group discussions. Voice communication systems are typically embodied as narrowband radio systems which support low-bit-rate digital transmission of voice streams. An example of such a voice communication system is a Project 25-compatible voice communication system which includes wireless and wired voice communication devices. The voice communication devices may be, for example, portable narrowband two-way radios, mobile radios, dispatch consoles, or other similar voice communication entities which communicate with one another via wired and/or wireless networks. For simplicity sake, the mobile voice communication devices are referred to as radios.
Radios in a voice communication system may operate in conventional mode or in trunked mode. In the conventional mode, there is no method of authenticating voice, data and control messages sent from a radio. Thus, there is no protection against cloning, spoofing, replay and traffic analysis.
In the trunked mode, each radio registers with a control entity, for example a base station or a repeater, and uses a symmetric secret key authentication method. In this method, one secret key is shared between the control entity and the radio. When the radio registers with a site (a system with one or more channels), a fixed network equipment (FNE) such as a router or a cell tower sends an authentication challenge to the radio. The radio cryptographically authenticates itself and responds with a derived cipher key (DCK). If the FNE accepts the response from the radio, the FNE may return a common cipher key (CCK) that is encrypted with the DCK. Thereafter, all communication between the radio and the control entity may be encrypted with the CCK.
However, if the successfully authenticated radio is later lost or stolen, in a system with a mix of trunked and conventional sites, an attacker, on a conventional site, could reuse the radio identifier, obtained from a trunked site, to impersonate the authenticated radio. For example, if a radio associated with a high ranking officer such as a police chief is lost after authentication, an attacker could reuse the radio identifier associated with the authenticated radio on another radio. When this occurs, messages sent from the other radio will appear to others in the system as though it originated from the authenticated radio.
Accordingly, a method and apparatus are needed to authenticate radios operating in conventional and trunked modes and to authenticate messages transmitted in both modes.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.