Security in Nødnett
Safety mechanisms in Nødnett make sure that rogue base stations will not be able to interfere with communication in Nødnett.
Nødnett is based on the international TETRA-standard, which is developed specifically for public safety networks. There are strong built-in security mechanisms in TETRA. Mutual authentication between radio terminals and base stations, encryption of the air interface and end-to-end encryption are examples. The measures to enhance confidentiality, authentication and integrity protect the Nødnett users so that:
- There is no eavesdropping on what users are communicating over Nødnett. Only authenticated users can be part of the conversation
- No outsiders (utenforstående) can break the connection between users or interfere with it in other ways
- One can prove that the content of the communication has not been interfered with while transferring between users.
The surveillance using rogue base stations that Aftenposten uncovered cannot happen in TETRA-networks like Nødnett. In GSM networks the phone’s identity (IMSI number) is sent unprotected. The number can then be picked up by IMSI-catchers and used for termination of the call (IMSI detach), connecting the phone to a fake base station and possibly to eavesdrop on the content of the call.
In Nødnett, as opposed to GSM networks, there is mutual authentication between base stations and radio terminals. All communication is encrypted. In this process the base station checks that the radio terminal is valid (authenticated) before contact is enabled. Information can then be transferred securely to the intended receiver. The information is encrypted so that intruders cannot intercept the traffic between the radio terminal and the base station.