Professional Documents
Culture Documents
r M
ot
or
ol
a
So
lu
tio
ns
Tr
Features and Functions
ai
ni
ng
U
se
O
nl
y
1
Module Objectives
y
nl
O
• Distinguish between the different types of:
se
– Voice Services.
U
ng
– Data Services.
ni
ai
– Basic Supplementary Services.
Tr
– Dispatch Console features.
n s
io
• Describe the following features and their purpose:
t
lu
– TETRA Air Interface Encryption and Authentication.
So
– End-to-End Encryption.
a
ol
or
– Network Security.
ot
r M
Fo
• Voice services
y
nl
O
• Data services
se
• Supplementary services
U
ng
• Dispatch Console
ni
ai
Tr
n s
t io
lu
So
a
ol
or
ot
r M
Fo
y
Services
nl
O
se
“ONE-TO-MANY” “ONE-TO-ONE”
U
Individual-Based
ng
Group-Based Calls
• Group Calls Calls
ni
• Announcement Calls
ai
• Emergency Calls
Tr
Telephone
s
Private
n
Calls Interconnect
io
Calls
t
lu
So
a
TG 1
ol
or
ot
r M
Fo
y
nl
O
Talkgroup 1 Talkgroup 2 Talkgroup 3
se
U
ng
ni
ai
Tr
• Allows radio or dispatch console to establish one to many call within a talkgroup.
n s
io
• A subscriber user must be affiliated to a particular talkgroup.
t
• Talkgroup call are semi-duplex. lu
So
a
ol
or
ot
rM
Fo
y
Talkgroup 1
nl
O
se
U
ng
Multigroup 1
ni
ai
Talkgroup 2
Tr
n s
Talkgroup 3
t io
lu
So
• Several talkgroups can be combined to form a multigroup.
a
ol
• Each talkgroup can be associated with one (and only one) multigroup.
r
Fo
y
nl
Mode Operation (TMO) or Direct Mode
O
Operation (DMO).
se
U
• In TMO the TETRA Radio uses the
ng
infrastructure services within system
ni
coverage.
ai
Tr
• In DMO the TETRA Radio can be used
s
without the need for infrastructure services.
n
io
DMO Users
t
lu
So
a
X
ol
or
ot
r M
Fo
y
• DMO TETRA Radios must be within the appropriate
nl
radio range for calls to be successful.
O
se
• Specific talkgroups are configured to talk to the
U
DMO Gateway. DMO Gateway
ng
• Available in DMO mode:
ni
– DMO Group calls
ai
– DMO Private call (H/D)
Tr
– DMO Emergency call (No Alarm)
n s
t io
lu
So
a
ol
or
ot
r M
Fo
y
nl
Highest Priority level Talkgroup or
O
Multigroup Call.
se
U
• The Emergency call can be started
ng
automatically by pressing the
ni
Emergency button.
ai
Tr
• If the “HOT MIC” feature is configured,
s
there is no need to press the PTT
n
io
button.
t
lu
• If a Traffic Channel is not available at
So
the site(s), a call in progress with the
a
y
nl
initiate and receive semi-duplex or full-duplex
O
individual calls.
se
U
• This is one to one communication with only
ng
two parties involved in a call which is also
ni
known as ‘Private Call’.
ai
Tr
• The full-duplex/half-duplex individual call
s
service support communications between:
n
io
– Radio to Radio
t
lu
So
– Console to Radio
a
– Console to Console
ol
or
ot
r M
Fo
y
nl
telephone interconnect call service
O
between radio or console to PABX
se
or PSTN users.
U
ng
• Similarly, PABX and PSTN users
ni
can also initiate a telephone
ai
interconnect call to radio or console
Tr
users.
n s
t io
lu
So
a
ol
or
ot
r M
Fo
y
nl
O
Emergency DIMETRA X Core
se
Alarms Data Services
U
ng
ATS
ni
Short Data
ai
Messages
Tr
Status
n s
Messages
io
- Store and Forward
t
TG 1
lu - Prevent Store and Forward
So
- Broadcast SDS via
broadcast region ATS
a
ol
Packet Data
TG 1
or
Services
ot
M
ATS
r
Fo
ALL
y
nl
O
se
U
ng
ni
ai
Press the
Tr
Emergency Button
s
in Critical
n
INFRASTRUCTURE
io
Situations.
t
lu
So
a
ol
UNIT 5
or
ot
r M
Fo
DISPATCHER
y
nl
– Long text message (up to 1000
O
se
characters) SDTS Client 1 SDTS Client 2
– ATS Application – ATS Application
U
– Broadcast SDS via SDTS
ng
broadcast region DIMETRA Cluster
ni
Transport
– Store and Forward
ai
Network
Tr
– Prevent Store and Forward
s
– Point to Multipoint SDS
n
io
(Radio-to-Group)
t
ISSI=152001 GSSI=116003
– Short Data Billing lu
So
– End-to-End Encrypted SDS
a
ol
Site 3
– GNSS over SDTS Site 1
or
GSSI=116001
– Short Data in Local Site Trunking
ot
M
y
nl
SDR Utilization
the Short Data Router (SDR) message rate
O
above the basic capacity
se
U
• Ability to monitor the Short Data Service
ng
(SDS) message rate per Short Data Router Alarm
ni
(SDR) threshold
ai
level
Tr
Deviation
s
threshold
n
t io
lu
So
a
ol
or
ot
r M
Fo
y
Originator Target
nl
radio user is unable to receive
O
SDS message
se
• Ability to forward stored message once
U
a radio becomes reachable Reachable
ng
• Configurable storage time
ni
ai
• Stored or Delivered message status
Tr
Short Data
Router (SDR)
n s
Originator Target
t io
lu SDS message
SDS message
So
a
Stored
ol
Unreachable
or
Reachable
ot
Delivered
r M
Fo
y
nl
Not Stored
Forward Service (SFS) of specific SDS
O
message types. Blocked PID message
se
U
• Each Short Data Router (SDR) is Unreachable
ng
configured in Network Management (NM)
ni
with a list of blocked Protocol Identifiers
ai
(PIDs).
Tr
Short Data
Router (SDR)
• Blocked PID message will be sent to the
n s
Originator Target
io
recipient once.
t
lu SDS message
So
Blocked PID message
a
ol
Reachable
or
ot
Delivere
r M
Fo
y
nl
O
se
CEN
U
ng
DIMETRA X Core Packet Data
Core Terminal
ni
ai
Tr
Databases Enquires Reports Images
n s
io
• Packet Data benefits:
t
lu
– Intranet Access and Database Inquiries
So
– Bringing critical information to the point of decision
a
– Improved efficiency
M
y
nl
system requires a separate NM license.
O
se
• TEDS is an extension of the current packet data solution in the DIMETRA system
U
that offers higher data transmission speed.
ng
– Use of the 4-QAM, 16-QAM and 64-QAM modulations and ability to choose
ni
ai
the most appropriate modulation for the current signal propagation
Tr
environment.
n s
– Support both 25kHz and 50 kHz carrier frequency bandwidth.
t io
– TEDS is an extension of the current packet data solution and will therefore
lu
So
support all the features of the current packet data solution (for example Multi-
slot packet data, sending short-data messages on PDCH/TEDS channels).
a
ol
y
nl
when the BTS is in Local Site
O
Trunking Mode:
se
U
– Site Registration
ng
– Talk Group Affiliations
ni
ai
– Group Call
Tr
s
– Emergency Call
n
io
– Short Data Services (within
t
local site) lu
So
a
ol
or
ot
r M
Fo
y
The DIMETRA X Core system supports Full-Duplex but which types of calls does it
nl
apply to?
O
se
U
Private Calls
ng
ni
ai
Group Calls
Tr
n s
io
Telephone Interconnect Calls
t
lu
So
a
Announcement Calls
ol
or
ot
r M
Fo
y
• • Busy Override (All
nl
Dynamic Site Assignment
• Late Entry Start/Fast Start)
O
• Busy Queuing and Call Back • Pre-emption capabilities
se
• Queuing Priority • Site Wide Call
Supplementary Services supporting Group Calls
• • Priority Monitor
U
Recent User Priority
• Talking Party Identification • Requested Sites
ng
• Valid Site Operations • Message Trunking
ni
• Critical Sites Assignment
ai
• Object Call *
Tr
Supplementary Services supporting Group Calls
• Barring of incoming calls *
and Private calls
• Barring of outgoing calls *
n s
• Call Wait
io
Supplementary Services supporting Individual Calls
• Call Forward
t
(Private Call, Telephone Interconnect call)
lu
So
• Barring of outgoing telephone calls
Supplementary Service of the Telephone
• Barring of incoming telephone calls
Interconnect call service
a
• Call Out
ot
y
nl
O
• Allows radio users to communicate with a talkgroup
se
which is not permanently configured in the radio.
U
• An Object Group is a talkgroup which can be
ng
dynamically provisioned in the radio or it can be
ni
called from a radio even though it is not already
ai
Tr
provisioned.
s
• ”Object” = ”Prefix” + ”Subject” + ”Instance”
n
t io
lu
So
a
ol
or
ot
Mr
Fo
y
1. Dial prefix.
nl
O
Identifies permanent or temp. Object call.
se
2. Dial subject number.
U
ng
Identifies task code (flight number).
ni
ai
3. Dial instance number.
Tr
Identifies work team (baggage, catering,
n s
etc).
io
2 1115 02
t
4. Press Push-to-Talk to connect. lu
So
To join TG and/or provision task TG’s.
a
ol
or
ot
Mr
Fo
y
nl
TEAM Security Refuelling Service NUMBERING SCHEME
O
1 2 3
se
GATE
“Prefix-Gate-Team”
U
Prefix “1” for Joining a Team
ng
Gate Prefix “2” for Calling a Team
42
ni
Security Refuelling Service
ai
“0” or “00” for Gate/Team wildcard
Tr
“1-42-2”
s
Gate
n
43 JOIN REFUELLING TEAM ON
io
Security Refuelling Service
GATE 42
t
lu “2-00-1”
So
CALL SECURITY TEAMS ON ALL GATES
Gate
a
y
nl
O
BARRING OF INCOMING CALLS
se
FIRE TG
U
ng
UTILITY TG
ni
ai
FACTORY TG
Tr
n s
io
FIRE TG
t
lu
So
UTILITY TG
a
ol
FACTORY TG
or
ot
M
Service Description
y
nl
O
Air to Ground Extended Range Extention of the existing 58 km cell limit
se
to 83 km
U
Agency Priority Matrix Ability to reserve RF resource on a per
ng
agency basis
ni
Highly Preferred Subscriber Class Enabling specific cells to be reserved for
ai
Tr
Air-to-Ground-to-Air (AGA) use
s
Valid Sites List of valid sites for a radio or a
n
io
talkgroup
t
Common Secondary Control Channel lu Extending the signaling capacity of
So
MCCH by using one or more additional
a
Features
y
nl
Assignable Talkgroups Console Multiselect
O
Assignable Speakers and Audio Console Patch
se
Summing
U
ng
Repeat disable Conventional channel Patch
ni
Trunking System Status Console Acoustic Cross-Mute
ai
Tr
Console Priority Ambience Listening
s
Status Message Display Call Take
n
io
All Mute Call Hold
t
lu
So
Instant Transmit Call Transfer
a
y
nl
O
se
Voice Logging Subsystem Replay Subsystem
U
ng
ni
ai
Tr
Logging Recorder Replay Station DIMETRA
Administrator
s
Zone Core
n
io
Tags individuals
t
and talkgroups
for Voice Logging lu
So
Monitored calls
Configuration instructions
a
Primary
to security partitioning Core
or
AIS Server
ot
r M
Fo
y
nl
O
se
Discreet Listening
Subsystem
U
ng
ni
ai
Tr
Discreet Listening PC Recording DIMETRA
Device
s
Call Zone Core
n
Tags Logging
io
individuals
t
for Discreet
Listening lu
So
Monitored calls
Configuration instructions
a
Primary
to security partitioning Core
or
AIS Server
ot
r M
Fo
Features Description
y
nl
O
Local Site Trunking (LST) RF sites operating independently when
needed
se
U
MCCH Backup Duplicated Main Control Channel
ng
Common Secondary Control Channel Expansion of CCH by changing the use
ni
of a channel from voice or data to
ai
Tr
control information
s
Control Channel Capacity Threshold Adjustable utilization threshold, when
n
io
exceeded an UEM alarm is generated
t
Non-GPS Synchronised BTS lu Fully functioning network in case of non-
So
GPS service
a
y
Match the service to its associated description. Which of the items from the first
nl
column is a Data Service?
O
se
A) Dynamic Site Assignment ___ Is sent from a radio to a dispatch
U
console over the Main Control
ng
B) All Start Channel.
ni
ai
Tr
C) Fast Start ___ Traffic Channels are only
assigned at sites where one or more
n s
D) Status Message group members are registered.
t io
lu
So
___ A Talkgroup Call is set up with
any available sites. Other sites are
a
ol
y
Features Description
nl
O
Authentication Verification of a radio accessing the
se
system via Challenge-response-result
U
protocol
ng
Air Interface Encryption (AIE) Traffic encryption with common
ni
encryption key in both an infrastructure
ai
base station and a radio
Tr
s
End-to-End Encryption (E2EE) Transferring messages in an encrypted
n
form to prevent intrusion of third parties
tio
RSA AM lu Providing the Two-Factor Token based
So
Authentication
a
y
nl
O
1. Infrastructure challenges the
se
radio.
U
2. The radio calculates and sends
ng
a response.
ni
Challenge
ai
Response
3. If the response from the radio
Tr
Result
equals the expected response
n s
by the infrastructure, then the
io
infrastructure grants access to
t
the system. lu
So
y
nl
O
Sender Recipient
se
U
ng
Key Key
ni
ai
Tr
n s
io
Plain Text Algorithm Cryptogram Algorithm Plain Text
t
lu
So
a
ol
or
• Air Interface Encryption (AIE) of user and signalling data between the radio and
y
nl
the base stations, which is fully compliant with ETSI standards. This traffic is then
O
sent in clear across the fixed infrastructure.
se
U
– Supports TEA1, TEA2, and TEA3 algorithms.
ng
– Supports Dynamic Encryption or Security Class-3.
ni
ai
– Supports Security Class-3.
Tr
s
– Supports Static Encryption or Security Class-2.
n
t io
lu
So
a
ol
SwMI
or
ot
rM
Fo
• End-to-End (E2E) Encryption of user data between two radios, where the
y
nl
standard allows more customization by the user (E2EE can also occur between a
O
radio and a dispatcher).
se
U
• Provides “unbroken” encrypted path between Sender and Recipient.
ng
– Encrypted voice and/or data traffic is transparent for DIMETRA Infrastructure.
ni
ai
– The feature can co-exist with the TETRA AIE.
Tr
n s
io
t
lu
So
SwMI
a
ol
or
ot
y
nl
electronic attacks on hardware, software, and associated interfaces of the
O
system.
se
U
• Vulnerabilities include:
ng
– Unauthorized computer access
ni
ai
– Existing security vulnerabilities in public protocols and commercial systems
Tr
s
– Multiple external interfaces shared by multiple end-user organizations and
n
io
connected to multiple end-user networks
t
lu
– Large operations and maintenance staff with access to equipment and
So
software
a
ol
– Unhardened OS
r M
Fo
• Description:
y
nl
O
– A system or network is said to be secured if you can trust the data accuracy
se
and confidentiality, and the system behaves as you expect.
U
• Why NOT go all-out for total security?
ng
ni
– Generally, it is too expensive.
ai
Tr
– It may appear not to be the best answer.
n s
– It needs to become an unattractive target.
t io
lu
So
a
ol
or
ot
Mr
Fo
y
We are protecting: Against:
nl
O
se
Database Information Accuracy Insiders – passing the first barrier
U
ng
ni
Stored Database Information Contractors – similar to insiders
ai
Tr
System Privacy
s
‘Hackers’ – ‘Script Kiddiez’ attacking
n
io
software from the Internet, ‘Smart
t
Information Value lu Hackers’ understanding how protocols
So
layers and systems work
a
resources
ot
M
specific reason
Fo
y
nl
O
Features Description
se
OS Hardening Strengthening devices against attacks
U
ESET AntiVirus AntiVirus residing on CSMS
ng
ni
Firewalls Bariers between DCS and CEN
ai
Network Authentication Control over clients accessing system
Tr
s
CENIB A barier between CEN and RNI
n
io
Monitoring from Customer Enterprise Monitoring security related alarms from
t
Network (CEN) lu CEN
So
IPSEC ESL Link Encryption Encryption of Ethernet Site Links
a
ol
or
ot
M
r
Fo
y
Match the term to its associated description:
nl
O
se
A) Authentication ___ Creates Authentication and AIE
U
keys.
ng
B) Air Interface Encryption
ni
___ Message encrypted and
ai
Tr
C) AIE Provisioning decrypted by radio.
n s
D) E2E Encryption ___ Uses a common encryption key
t io
in the infrastructure and radio so
lu
So
messages can be encrypted and
decrypted.
a
ol
or
system is valid.
r M
Fo
a
So
lu
tio
ns
Tr
ai
ni
ng
U
se
O
nl
y
43
Review Question 1
y
The Status Message is a feature of which service?
nl
O
se
U
Voice
ng
ni
ai
Data
Tr
n s
io
Supplementary
t
lu
So
a
Network Security
ol
or
ot
M
Console Management
r
Fo
y
Dynamic Site Assignment is a feature of which service?
nl
O
se
U
Voice
ng
ni
ai
Data
Tr
n s
io
Supplementary
t
lu
So
a
Network Security
ol
or
ot
M
Console Management
r
Fo
y
Group, announcement, emergency, and packet data calls are all voice service
nl
features.
O
se
U
True
ng
ni
ai
False
Tr
n s
t io
lu
So
a
ol
or
ot
r M
Fo
y
Air Interface Encryption relies on the infrastructure and radio to encrypt and decrypt
nl
messages whereas End-to-End Encryption relies solely on radios equipped with
O
crypto modules.
se
U
True
ng
ni
ai
False
Tr
n s
t io
lu
So
a
ol
or
ot
r M
Fo
y
For Air Interface Encryption, both the radio and BTS need to use the same key
nl
materials.
O
se
U
True
ng
ni
ai
False
Tr
n s
t io
lu
So
a
ol
or
ot
rM
Fo
y
Which existing Encryption Algorithm cannot be used outside Europe?
nl
O
se
U
TEA1
ng
ni
ai
TEA2
Tr
n s
io
TEA3
t
lu
So
a
TEA4
ol
or
ot
r M
Fo
y
What does the term hardening mean in Network Security?
nl
O
se
U
Traffic is restricted in and out of the RNI.
ng
ni
ai
Unused ports are closed and unused functions are switched off.
Tr
n s
io
Additional software is loaded onto devices to protect them from tampering.
t
lu
So
a
y
nl
O
se
You should now be able to:
U
ng
• Distinguish between the different types of:
ni
ai
– Voice Services.
Tr
s
– Data Services.
n
io
– Basic Supplementary Services.
t
lu
So
– Dispatch Console features.
a
– End-to-End Encryption.
r
Fo
– Network Security.
51