Authentication

From MOTOTRBO
Jump to navigation Jump to search

Authentication is a fundamental security mechanism within MOTOTRBO and Digital Mobile Radio (DMR) systems. It serves as a means of identifying users or assets (such as radios, applications, or network devices) as recognized entities that have authorized access to network and system elements. Its primary purpose is to ensure that a device or user is what it claims to be, thereby restricting access to system services to only authorized parties and preventing unauthorized access or service theft.[1]

Operation

Authentication typically operates through a "Challenge and Response" process. During this process, a derived key, which is uniquely obtained from a Master Key (MK), is used by the radio to generate a response to a challenge. The system infrastructure calculates the same derived key and verifies the response received from the radio. A 128-bit authentication key (K) is programmed into each Mobile Station (MS) and the Trunked Station (TS).

In Capacity Max systems, the Physical Serial Number (PSN) of the radio is also used by both the MOTOTRBO radio and the infrastructure to calculate the response to a challenge, enhancing the security of the authentication process.

If the calculated and received responses match, the authentication is deemed successful. Specific messages like the C_AHOY PDU are used for sending authentication challenges, while C_ACKU/C_ACKD PDUs (acknowledgments) are used for authentication responses. The C_ACVIT PDU is an "Ackvitation" sent by an MS to challenge the TSCC during stun/revive or kill procedures.

Application

Authentication is a critical step in the registration process of a radio with the system. If authentication fails, the radio is not registered, and its service requests are denied. MOTOTRBO radios are designed to prefer registering and authenticating on the second slot of the control channel to optimize capacity.[2]

Stun/Revive allows a supervisory radio or application to remotely disable or re-enable a radio's access to services. When authentication is enabled for Stun/Revive, the infrastructure authenticates the initiating radio, and the target radio authenticates the infrastructure. The same key used for registration is used for Stun/Revive authentication. Similarly, when a radio is "killed" (permanently disabled), it always authenticates the network using its provisioned Authentication Key.

DGNA allows for optional authentication of the system by the radio before it processes DGNA commands.

Benefits and Considerations.

The use of a Master Key simplifies key management by allowing the system owner to manage a single key for the authentication of all radios.

While authentication adds security, it can increase Over-the-Air messaging, potentially reducing the service initiation capacity of the control channel. However, the design of Capacity Max systems (e.g., using the second slot for registration) aims to mitigate this impact.

See Also

OTAP

RAS

Wi-Fi

References

  1. ETSI TS 102 361-4 v1.12.1. Retrieved 04.07.2025.
  2. MOTOTRBO Capacity Max System Planner MN003523A01-BB. Retrieved 04.07.2025.
Retrieved from "https://cwh050.mywikis.wiki/w139/index.php?title=Authentication&oldid=5268"