DECT Security, Encryption & Authentication
On any telecommunications system, security is a key issue - it includes, authentication, encryption and subscription.
DECT cordless telephones includes:
DECT basics
DECT standard
DECT RF interface / physical layer
DECT channels & bands
DECT security
Cordless phone buying guide
As with any telecommunications system these days, security is an issue of considerable importance, especially for systems like DECT which transmit the information via radio.
Early cellular systems lacked any form of security and this created many issues for people - it was possible for conversations to be monitored by anyone with a suitable radio and much confidential information was leaked.
Using some straightforward security schemes DECT is able to provide secure communications.
Along with the concept of DECT security, are encryption and authentication as two main methods for ensuring that security is maintained. As such DECT has provided a high level of security since its first introduction.
DECT security basics
The DECT standard provides a number of security measures that can be implemented to counteract the vulnerabilities introduced by the use of a wire-less system.
DECT security uses a number of measures including subscription and authentication protocols to ensure that only those stations allowed will be able to communicate.
In addition to this the DECT security measures also include some advanced ciphering techniques to provide protection against eavesdropping.
DECT subscription
The subscription process is that part of DECT security that allows a certain handset to connect to a network / base.
For a DECT subscription, the network operator or service provider provides the user of the portable equipment with a secret PIN code to act as a subscription key. This PIN code is entered into both the base station and the handset before the subscription procedure starts.
The time to perform the subscription is limited as this adds to the security of the system. Additionally the PIN code can only be used once to prevent hackers repeatedly trying codes until they gain access.
The DECT subscription process is undertaken over the air - the wireless link is set up and both ends ascertaining that they have the same subscription key. In the DECT subscription process, handset and base-station identities are exchanged and then both ends calculate an authentication key. This authentication key is used at the set-up of every call, but it is not transferred over the air as it is secret.
A DECT handset may have several subscriptions. With each subscription, the DECT handset will calculate a new secret authentication key. This is associated with the network to which it is subscribing.
The new keys and network identities are all kept in a list contained within the DECT handset. These keys are used when locking to a base station. The handsets will only lock to a base station for which they have an authentication key. In this way handset will only lock onto base stations with which they have been associated.
DECT authentication
Authentication is an integral part of DECT security and may be accomplished each time a call is set up. The DECT authentication process requires the secret authentication key to be assessed by the base station without it being sent over the air. If it was sent over the air, then it would be possible for the DECT security to be compromised.
The way in which the DECT security measures enable the key to be checked include the following steps:
- The DECT base station sends a random number to the handset - this is called a challenge.
- The DECT handset calculates a response to this by mathematically interacting the secret authentication key with the challenge key. The algorithm used is such that it does not allow the secret authentication key to be determined.
- The base station also uses the same algorithm to calculate the response.
- The response is transmitted back to the base station.
- The base station compares both responses.
- If both responses compare then the base station will allow the call to proceed.
Using this process, DECT security is maintained to a sufficient level for most purposes. If the air interface is being monitored to access the authentication key, the algorithm has to be known to recalculate the key from the 'challenge' and the 'response'. The determination of the exact algorithm used demands for a huge amount of computing power. While DECT security is not totally impregnable, it is sufficiently high to prevent most unauthorised visitors from breaking into the system.
DECT encryption
DECT ciphering or DECT encryption uses an algorithm to calculate the 'response' from a 'challenge' and the authentication key in handset and base station.
This is a way of sending the identity of the user in an encrypted form over the air in order to preventing theft of the identity. Looking at user data (e.g. speech) the same principle can be applied.
During authentication, both sides also calculate a cipher key. This key is used to cipher the data sent over the air. At the receiving side the same key is used to decipher the information. In DECT, the ciphering process is part of the standard (however not mandatory).
Written by Ian Poole .
Experienced electronics engineer and author.
Wireless & Wired Connectivity Topics:
Mobile Communications basics
2G GSM
3G UMTS
4G LTE
5G
Wi-Fi
Bluetooth
IEEE 802.15.4
DECT cordless phones
Networking fundamentals
What is the Cloud
Ethernet
Serial data
USB
LoRa
VoIP
SDN
NFV
SD-WAN
Return to Wireless & Wired Connectivity