608 lines
19 KiB
TeX
608 lines
19 KiB
TeX
% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $
|
|
|
|
\documentclass{beamer}
|
|
|
|
\usepackage{url}
|
|
\makeatletter
|
|
\def\url@leostyle{%
|
|
\@ifundefined{selectfont}{\def\UrlFont{\sf}}{\def\UrlFont{\tiny\ttfamily}}}
|
|
\makeatother
|
|
%% Now actually use the newly defined style.
|
|
\urlstyle{leo}
|
|
|
|
|
|
% This file is a solution template for:
|
|
|
|
% - Talk at a conference/colloquium.
|
|
% - Talk length is about 20min.
|
|
% - Style is ornate.
|
|
|
|
|
|
|
|
% Copyright 2004 by Till Tantau <tantau@users.sourceforge.net>.
|
|
%
|
|
% In principle, this file can be redistributed and/or modified under
|
|
% the terms of the GNU Public License, version 2.
|
|
%
|
|
% However, this file is supposed to be a template to be modified
|
|
% for your own needs. For this reason, if you use this file as a
|
|
% template and not specifically distribute it as part of a another
|
|
% package/program, I grant the extra permission to freely copy and
|
|
% modify this file as you see fit and even to delete this copyright
|
|
% notice.
|
|
|
|
|
|
\mode<presentation>
|
|
{
|
|
\usetheme{Warsaw}
|
|
% or ...
|
|
|
|
\setbeamercovered{transparent}
|
|
% or whatever (possibly just delete it)
|
|
}
|
|
|
|
|
|
\usepackage[english]{babel}
|
|
% or whatever
|
|
|
|
\usepackage[latin1]{inputenc}
|
|
% or whatever
|
|
|
|
\usepackage{times}
|
|
\usepackage[T1]{fontenc}
|
|
% Or whatever. Note that the encoding and the font should match. If T1
|
|
% does not look nice, try deleting the line with the fontenc.
|
|
|
|
|
|
\title{OsmocomTETRA}
|
|
|
|
\subtitle
|
|
{Researching TETRA and its security}
|
|
|
|
\author{Harald Welte}
|
|
|
|
\institute
|
|
{gnumonks.org\\gpl-violations.org\\OpenBSC\\OsmocomBB\\hmw-consulting.de}
|
|
% - Use the \inst command only if there are several affiliations.
|
|
% - Keep it simple, no one is interested in your street address.
|
|
|
|
\date[easterhegg 2011] % (optional, should be abbreviation of conference name)
|
|
{EH2011, April 2011, Hamburg/Germany}
|
|
% - Either use conference name or its abbreviation.
|
|
% - Not really informative to the audience, more for people (including
|
|
% yourself) who are reading the slides online
|
|
|
|
\subject{Communications Security}
|
|
% This is only inserted into the PDF information catalog. Can be left
|
|
% out.
|
|
|
|
|
|
|
|
% If you have a file called "university-logo-filename.xxx", where xxx
|
|
% is a graphic format that can be processed by latex or pdflatex,
|
|
% resp., then you can add a logo as follows:
|
|
|
|
% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename}
|
|
% \logo{\pgfuseimage{university-logo}}
|
|
|
|
|
|
|
|
% Delete this, if you do not want the table of contents to pop up at
|
|
% the beginning of each subsection:
|
|
%\AtBeginSubsection[]
|
|
%{
|
|
% \begin{frame}<beamer>{Outline}
|
|
% \tableofcontents[currentsection,currentsubsection]
|
|
% \end{frame}
|
|
%}
|
|
|
|
|
|
% If you wish to uncover everything in a step-wise fashion, uncomment
|
|
% the following command:
|
|
|
|
%\beamerdefaultoverlayspecification{<+->}
|
|
|
|
|
|
\begin{document}
|
|
|
|
\begin{frame}
|
|
\titlepage
|
|
\end{frame}
|
|
|
|
\begin{frame}{Outline}
|
|
\tableofcontents[hideallsubsections]
|
|
% You might wish to add the option [pausesections]
|
|
\end{frame}
|
|
|
|
|
|
% Structuring a talk is a difficult task and the following structure
|
|
% may not be suitable. Here are some rules that apply for this
|
|
% solution:
|
|
|
|
% - Exactly two or three sections (other than the summary).
|
|
% - At *most* three subsections per section.
|
|
% - Talk about 30s to 2min per frame. So there should be between about
|
|
% 15 and 30 frames, all told.
|
|
|
|
% - A conference audience is likely to know very little of what you
|
|
% are going to talk about. So *simplify*!
|
|
% - In a 20min talk, getting the main ideas across is hard
|
|
% enough. Leave out details, even if it means being less precise than
|
|
% you think necessary.
|
|
% - If you omit details that are vital to the proof/implementation,
|
|
% just say so once. Everybody will be happy with that.
|
|
|
|
\begin{frame}{About the speaker}
|
|
\begin{itemize}
|
|
\item Using + playing with Linux since 1994
|
|
\item Kernel / bootloader / driver / firmware development since 1999
|
|
\item IT security expert, focus on network protocol security
|
|
\item Core developer of Linux packet filter netfilter/iptables
|
|
\item Board-level Electrical Engineering
|
|
\item Always looking for interesting protocols (RFID, DECT, GSM)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\section{TETRA Introduction}
|
|
|
|
\subsection{What is TETRA?}
|
|
|
|
\begin{frame}{Introducing TETRA}
|
|
TErrestrial Trunked RAdio
|
|
\begin{itemize}
|
|
\item Digital PMR (Professional Mobile Radio) standard
|
|
\item Standardization Body ETSI started work in 1990
|
|
\item First specified in 1995, endorsed by EU Radiocomms Committee
|
|
\item Commercial Vendors: Motorola, EADS/Nokia, Arteva/Simoco/Pye/Philips, Rohde \& Schwarz
|
|
\item Chinese vendors are expected to appear on the market soon
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA vs GSM}
|
|
\begin{itemize}
|
|
\item Longer range due to lower frequency (but not vs. GSM 410/450!)
|
|
\item Higher spectral efficiency (4 speech channels in 25kHz vs. 16 speech channels in 270kHz)
|
|
\item Specified to work at speeds above 400 km/h
|
|
\item one-to-one, one-to-many and many-to-many (but: GSM-R ASCI)
|
|
\item offers direct mode between handsets in case base station is out of range
|
|
\item separate infrastructure from public networks (but: GSM-R)
|
|
\item de-central fall-back, i.e. base stations switching local calls
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA vs GSM}
|
|
Summary
|
|
\begin{itemize}
|
|
\item Most of the TETRA advantages could be achieved using GSM-R in a lower frequency band
|
|
\item Local call switching can be implemented in GSM (think of OpenBSC)
|
|
\item GSM requires modifications on the air interface for direct mode, but even in TETRA, direct mode is {\em very} different from trunked mode
|
|
\end{itemize}
|
|
It seems, the industry rather re-invented an entirely different system to ensure
|
|
the resulting equipment can be sold at multiples of the commercial-grade GSM
|
|
equipment.
|
|
\end{frame}
|
|
|
|
|
|
\subsection{Where is TETRA deployed?}
|
|
|
|
\begin{frame}{TETRA deployments}
|
|
\begin{itemize}
|
|
\item In 2009, TETRA was deployed in 114 countries (every continent except North America)
|
|
\item Typical users: Police, Transportation, Army, Fire Service, Ambulance, Customs, Coast Guard
|
|
\item But also: Private company networks (industrial plants)
|
|
\item In Germany there are 63 registered networks (only 5 are BOS)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA deployments}
|
|
\begin{itemize}
|
|
\item Follow TETRA Newsletter released by TETRA MoU organization
|
|
\item Majority of recent deployments seems to be in Asia, specifically China.
|
|
\item Examples typically include police, public transportation, airports, harbours, industrial plants
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\section{TETRA Technical Intro}
|
|
|
|
\subsection{TETRA Air Interface}
|
|
|
|
\begin{frame}{TETRA Frequencies}
|
|
\begin{itemize}
|
|
\item European Emergency Services
|
|
\begin{itemize}
|
|
\item 380-383 MHz and 390-393 MHz
|
|
\item 383-385 MHz and 393-395 MHz (optional)
|
|
\end{itemize}
|
|
\item European Private/Commercial Systems
|
|
\begin{itemize}
|
|
\item 410-430 MHz
|
|
\item 450-470 MHz
|
|
\end{itemize}
|
|
\item Other Countries
|
|
\begin{itemize}
|
|
\item Depending on local regulatory requirements
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Frequency plan}
|
|
\begin{itemize}
|
|
\item Single TETRA carrier normally 25kHz wide, no guard bands
|
|
\item Channel grid can align on 6.25, 12.5 and 25kHz offset
|
|
\item This allows seamless migration / co-existence with analog FM PMR in same band
|
|
\item Uplink/Downlink spacing can depend on band, typically 10MHz
|
|
\item Advanced TETRA-2 modes can operate at 50, 75 or 100kHz bandwidth
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Modulation}
|
|
\begin{itemize}
|
|
\item pi/4 DQPSK (Differential Quaternary Phase Shift Keying)
|
|
\item 2 bits per symbol
|
|
\item Phase {\em difference} encodes information
|
|
\item 8 phase constellations, 4 possible transitions
|
|
\item Requires very linear amplifier as it is not constant envelope
|
|
\item Used within TETRA at 36 kbits/sec (18 kSymbols/sec)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Modulation}{pi/4 DQPSK (8 constellations, 4 transitions)}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=55mm]{500px-Pi-by-4-QPSK_Gray_Coded.png}
|
|
\end{figure}
|
|
Source: Wikipedia / User:Splash
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA TDMA Frame structure}
|
|
\begin{itemize}
|
|
\item Each time-slot contains 510 bits (GSM: 156)
|
|
\item TDMA frame with 4 time-slots (GSM: 8)
|
|
\item Duration of TDMA frame: 56.67 ms (GSM: FIXME)
|
|
\item Multiframe: 18 TDMA frames (GSM: 26/51)
|
|
\item Hyperframe: 60 Multiframes (GSM: FIXME)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{TETRA Protocol Stack}
|
|
|
|
\begin{frame}{TETRA Protocol Stack}
|
|
\begin{itemize}
|
|
\item The TETRA protocol stack is more complex than GSM
|
|
\item Shared Stacking: PHY/lowerMAC/upperMAC/LLC
|
|
\item Above LLC there is MLE (resembles GSM RR), on top:
|
|
\begin{itemize}
|
|
\item MM (Mobility Management)
|
|
\item CMCE (Circuit Mode Control Entity)
|
|
\item CONS (Connection Oriented Service)
|
|
\item CNLS (Connectionless Service)
|
|
\end{itemize}
|
|
\item Call Control, Supplementary services on top of CMCE
|
|
\item Packet data on top of CNLS and CONS
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Protocol Stack}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=80mm]{tetra_mac_llc.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{TETRA Protocol Stack}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=80mm]{tetra_protocol_stack.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\subsection{TETRA Security}
|
|
|
|
\begin{frame}{TETRA Security}
|
|
\begin{itemize}
|
|
\item Once again all security features optional, like in GSM
|
|
\item Security features include
|
|
\begin{itemize}
|
|
\item Authentication
|
|
\item Air interface encryption
|
|
\item End-to-End encryption
|
|
\item Over-the-air re-keying (OTAR)
|
|
\item Remote locking of stolen devices
|
|
\end{itemize}
|
|
\item Not all handsets support all features
|
|
\item Key material can be stored in handset flash or in SIM
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Authentication}
|
|
\begin{itemize}
|
|
\item Authentication messages part of Mobility Management (MM)
|
|
\item Based on secret User Authentication Key (UAK) in SIM, generating Authentication key K by use of Algorithms TB1, TB2 or TB3
|
|
\item Supports three modes
|
|
\begin{itemize}
|
|
\item Authentication of user by infrastructure (TA11, TA12)
|
|
\item Authentication of infrastructure by user (TA21, TA22)
|
|
\item Mutual authentication (four-pass, TA11, TA12, TA21, TA22)
|
|
\end{itemize}
|
|
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Authentication}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=60mm]{tetra_mutual_auth.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{TETRA Air Interface Encryption}
|
|
\begin{itemize}
|
|
\item Like GSM: Encrypts only the air interface, not the core network
|
|
\item Unlike GSM: Not between L1 and L0 but inside the upper MAC layer
|
|
\begin{itemize}
|
|
\item Thus, no idle frames with known plaintext
|
|
\item Thus, no redundant information due to FEC before crypto
|
|
\end{itemize}
|
|
\item Encryption happens with different keys (SCK, DCK, CCK, GCK, MGCK)
|
|
\item IV is concatenation of hyperframe, multiframe, frame and slot number
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{TETRA Air Interface Encryption}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=100mm]{tetra_encryption.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Encryption Keys}
|
|
\begin{itemize}
|
|
\item SCK (Static Cipher Key)
|
|
\begin{itemize}
|
|
\item pre-shared key, used in networks without authentication
|
|
\item up to 32 possible keys, selected by SYSINFO.
|
|
\end{itemize}
|
|
\item DCK (Derived Cipher Key)
|
|
\begin{itemize}
|
|
\item Generated by authentication procedure (like GSM A3/A8)
|
|
\item different for each user
|
|
\end{itemize}
|
|
\item CCK (Common Cipher Key)
|
|
\begin{itemize}
|
|
\item Generated by infrastructure and distributed to MS through DCK-encrypted connection using OTAR
|
|
\item Used for group calls within one location area
|
|
\end{itemize}
|
|
\item GCK (Group Cipher Key)
|
|
\begin{itemize}
|
|
\item Generated by infrastructure and distributed to MS through DCK-encrypted connection using OTAR
|
|
\item Used for specific protected groups
|
|
\end{itemize}
|
|
\item MGCK (Modified GCK)
|
|
\begin{itemize}
|
|
\item GCK modified by CCK
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Encryption Algorithms}
|
|
There are 4 specified TETRA Encryption Algorithms (TEA):
|
|
\begin{description}[TEA4]
|
|
\item[TEA1] generally available, original algorithm, relaxed export
|
|
\item[TEA2] for public safety users in Schengen + EU countries
|
|
\item[TEA3] for public safety users elsewhere
|
|
\item[TEA4] generally available, reflects relaxed 1998 Wassenaar arrangement
|
|
\end{description}
|
|
It is assumed that at least original ciphers are 80-bit stream ciphers.
|
|
None of them have ever leaked publicly!
|
|
\end{frame}
|
|
|
|
\begin{frame}{TETRA Air Interface Encryption}{Keys and Algorithms}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=75mm]{tetra_keys_algos.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\subsection{TETRA Security Conclusions}
|
|
|
|
\begin{frame}{Is it really secure?}
|
|
Given all those security features, is TETRA really secure?
|
|
\begin{itemize}
|
|
\item much better than GSM
|
|
\item however, all security again optional
|
|
\item security of a given network depends on its configuration
|
|
\item reality is sad: Government networks secure, private networks insecure
|
|
\item vendors to blame
|
|
\begin{itemize}
|
|
\item 200 EUR cost increase in handset for crypto
|
|
\item authentication center in core network very expensive
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Case Study: tetra-hamburg.de}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=50mm]{tetra_hh_secure.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Case Study: tetra-hamburg.de}
|
|
\begin{itemize}
|
|
\item public tetra network available for paying users (like cellular carrier)
|
|
\item by DFP TETRA Hamburg Ges. fuer Digitalfunk mbH
|
|
\item website claims it is secure against eavesdropping {\em because it is digital}
|
|
\item the network does not use any form ef TEA encryption
|
|
\item all signalling, voice, SDS and packet data transferred in plaintext
|
|
\item digital radio receiver + protocol decoder sufficient for eavesdropping
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\section{TETRA Data Services}
|
|
|
|
\subsection{Short Data Service}
|
|
\begin{frame}{SDS - Short Data Service}
|
|
\begin{itemize}
|
|
\item SDS can be compared with GSM/UMTS SMS
|
|
\item short messages of up to 140 bytes length
|
|
\item everything like GSM, but not 100\% identical
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{Packet Data Service}
|
|
\begin{frame}{TETRA SNDCP - Packte Data}
|
|
\begin{itemize}
|
|
\item SNDCP (Sub-Network Dependent Convergence Protocol)
|
|
\item facilitates packet switched services like IPv4 over TETRA
|
|
\item leverages the GPRS network architecture and protocols
|
|
\item PDP Context to APN (like GPRS)
|
|
\item very slow unless both base station and handset support QAM modulation
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|
|
\section{Osmocom TETRA}
|
|
|
|
\begin{frame}{Osmocom TETRA Demodulator}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=90mm]{osmocom_tetra.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\subsection{Demodulator}
|
|
|
|
\begin{frame}{Osmocom TETRA Demodulator}
|
|
\begin{itemize}
|
|
\item 1:1 code re-use from APCO-25 Software receiver project
|
|
\item Hierarchical block fully based on gnuradio blocks
|
|
\begin{itemize}
|
|
\item Root-raised cosine filter
|
|
\item M-PSK receiver block
|
|
\item Costas Loop for carrier tracking
|
|
\item Muller\&Muller synchronizer
|
|
\item output: Float value between -3 and 3 in units of pi/4
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{Lower MAC and PHY}
|
|
|
|
\begin{frame}{Osmocom TETRA PHY}
|
|
The burst synchronizer ({\tt tetra\_burst\_sync.c})
|
|
\begin{itemize}
|
|
\item First acquires the Sync Burst training sequence by correlation
|
|
\item Later locks on Normal Burst (NB) training sequences
|
|
\item Splits actual payload sections out of training sequences,
|
|
\end{itemize}
|
|
The burst generator ({\tt tetra\_burst.c})
|
|
\begin{itemize}
|
|
\item puts together various bursts such as NB, SB and others
|
|
\item calculates phase alignment bits
|
|
\item used to test receiver code
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Osmocom TETRA lower MAC}{Receive Side}
|
|
\begin{itemize}
|
|
\item Receives bursts from PHY layer
|
|
\item Applies the following operations depending on burst type
|
|
\begin{itemize}
|
|
\item De-scrambling
|
|
\item De-Interleaving
|
|
\item De-Puncturing (RCPC code)
|
|
\item Viterbi decoder (RCPC code)
|
|
\item Compute + Verify CRC-16
|
|
\end{itemize}
|
|
\item Recover TETRA Time (frame number) from SYNC burst
|
|
\item Hands decoded payload data to upper MAC
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Osmocom TETRA lower MAC}{Transmit Side}
|
|
\begin{itemize}
|
|
\item Receives payload from upper MAC
|
|
\item Applies the following operations depending on burst type
|
|
\begin{itemize}
|
|
\item Append tail bits
|
|
\item Compute CRC-16
|
|
\item Convolutional encoder (RCPC code)
|
|
\item Puncturing (RCPC code)
|
|
\item Interleaving
|
|
\item Scrambling
|
|
\end{itemize}
|
|
\item Hands decoded payload data to PHY
|
|
\end{itemize}
|
|
Tx is currently only used in testing the Rx code
|
|
\end{frame}
|
|
|
|
\begin{frame}{Osmocom TETRA upper MAC}
|
|
\begin{itemize}
|
|
\item Rx-only
|
|
\item Not a complete implementation, just to decode SYSINFO, ACCESS-ASSIGN and (more and more) other bits.
|
|
\item Mainly a proof-of-concept to ensure PHY and lower MAC work
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{wireshark integration}
|
|
|
|
\begin{frame}{Osmocom TETRA via GSMTAP}
|
|
\begin{itemize}
|
|
\item The GSMTAP pseudo-header has been extended for TETRA
|
|
\item Change is backward-compatible with existing GSMTAP
|
|
\item current version of libosmocore supports extended GSMTAP
|
|
\item OsmocomTETRA {\tt tetra-rx} contains GSMTAP output support
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{wireshark TETRA integration}
|
|
\begin{itemize}
|
|
\item TETRA messages are unaligned bit-fields, full of variable-length and optional parts
|
|
\item Writing manual decoding/encoding routines is tiresome and error-prone
|
|
\item Beijing Institute of Technology has developed wireshark dissectors based on describing TETRA messages as ASN.1 PER (described in IEEE paper)
|
|
\item We contacted them and they were willing to release their code under GNU GPL
|
|
\item Zecke has extended it with GSMTAP support it has been included in wireshark mainline
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{TETRA transmit code}
|
|
|
|
\begin{frame}{Transmitting TETRA}
|
|
\begin{itemize}
|
|
\item The lower MAC and PHY code exists and is proven
|
|
\item OP25 project contains modulator for pi/4 DQPSK
|
|
\item Combining the two should render simplistic TETRA transmitter
|
|
\item Sending continuous sequence of BSCH in SB and BNCH in NB comprises valid beacon and should allow handsets to lock on the signal
|
|
\item So far no time to experiment with it
|
|
\item Could be first step in SDR TETRA Base Station
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Thanks}
|
|
Thanks to
|
|
\begin{itemize}
|
|
\item Dieter Spaar for discovering the APCO25 demodulator and his work on speech decoding
|
|
\item Sylvain Munaut for implementing our own Viterbi decoder
|
|
\item Holger Freyther for his work on CRC, Shortened Reed-Muller and wireshark
|
|
\item horiz0n for providing sample captures of TETRA radio traffic
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{Further Reading}
|
|
\begin{itemize}
|
|
\item \url{http://tetra.osmocm.org/}
|
|
\item \url{http://www.tetramou.com/}
|
|
\item \url{http://www.etsi.org/website/Technologies/TETRA.aspx}
|
|
\item \url{http://www.tetramou.com/uploadedFiles/About\_TETRA/TETRA\%20Security\%20pdf.pdf}
|
|
\item \url{http://www.tetrawatch.net/}
|
|
\item {\em Digital Mobile Communications and the TETRA System} by John Dunlop, Demessie Girma, James Irvine - Wiley
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|
|
\end{document}
|