TETRA

Terrestrial Trunked Radio (TETRA; formerly known as Trans-European Trunked Radio), a European standard for a trunked radio system, is a professional mobile radio and two-way transceiver specification. TETRA was specifically designed for use by government agencies, emergency services, (police forces, fire departments, ambulance) for public safety networks, rail transport staff for train radios, transport services and the military. TETRA is the European version of trunked radio, similar to Project 25.

TETRA is a European Telecommunications Standards Institute (ETSI) standard, first version published 1995; it is mentioned by the European Radiocommunications Committee (ERC).

Description
TETRA uses time-division multiple access (TDMA) with four user channels on one radio carrier and 25 kHz spacing between carriers. Both point-to-point and point-to-multipoint transfer can be used. Digital data transmission is also included in the standard though at a low data rate.

TETRA Mobile Stations (MS) can communicate direct-mode operation (DMO) or using trunked-mode operation (TMO) using switching and management infrastructure (SwMI) made of TETRA base stations (TBS). As well as allowing direct communications in situations where network coverage is not available, DMO also includes the possibility of using a sequence of one or more TETRA terminals as relays. This functionality is called DMO gateway (from DMO to TMO) or DMO repeater (from DMO to DMO). In emergency situations this feature allows direct communications underground or in areas of bad coverage.

In addition to voice and dispatch services, the TETRA system supports several types of data communication. Status messages and short data services (SDS) are provided over the system's main control channel, while packet-switched data or circuit-switched data communication uses specifically assigned channels.

TETRA provides for authentication of terminals towards infrastructure and vice versa. For protection against eavesdropping, air interface encryption and end-to-end encryption is available.

The common mode of operation is in a group calling mode in which a single button push will connect the user to the users in a selected call group and/or a dispatcher. It is also possible for the terminal to act as a one-to-one walkie talkie but without the normal range limitation since the call still uses the network. TETRA terminals can act as mobile phones (cell phones), with a full-duplex direct connection to other TETRA Users or the PSTN. Emergency buttons, provided on the terminals, enable the users to transmit emergency signals, to the dispatcher, overriding any other activity taking place at the same time.

Security vulnerabilities
An in-depth review published in July 2023 by the company Midnight Blue of the TETRA standard and encryption algorithms, the first made public in the last 20 years, has found multiple security flaws, collectively referred to as TETRA:BURST. A total of 5 flaws were filed to the CVE database:


 * The Air Interface Encryption (AIE) keystream generator is vulnerable to decryption oracle attacks due to the use of publicly-broadcast network time —keystream reuse can be triggered.
 * TEA1 contains a secret reduction step that effectively downgrades the cryptographic strength from 80 to 32 bits, allowing anyone to break the cipher and subsequently decrypt the signal in as little as one minute using a consumer laptop. "There's no other way in which this can function than that this is an intentional backdoor," "This constitutes a full break of the cipher, allowing for interception or manipulation of radio traffic", according to the news report posted on ComputerWeekly. The deliberately weakened TEA1 flaw seems to be known in intelligence circles and is referred to in the famous 2006 Wikileaks dump of US diplomatic communications.
 * AIE contains no authentication for the ciphertext, making malleability attacks possible.
 * The cryptographic anonymization scheme is weak and can be partially reversed to track users.
 * The authentication algorithm allows attackers to set the Derived Cypher Key (DCK) to 0, circumventing session authentication.

In addition, the Midnight Blue team spots a "peculiarity regarding the TEA3 S-box", but has yet to determine whether it constitutes a weakness.

These vulnerabilities remained publicly unknown for 28 years after TETRA's publication because TETRA does not make definitions of its cryptographic algorithms public, an example of security through obscurity. The Midnight Blue team gained access to TETRA's cryptographic code by attacking the trusted execution environment on a TETRA-enabled radio. The team points to a list of previously broken cryptographic systems relying on obscurity and argues that the Kerckhoffs's principle should have been followed: the system would have been safer when its structure is publicly known.

Advantages
The main advantages of TETRA over other technologies (such as GSM) are:


 * The much lower frequency used gives longer range, which in turn permits very high levels of geographic coverage with a smaller number of transmitters, thus cutting infrastructure costs.
 * During a voice call, the communications are not interrupted when moving to another network site. This is a unique feature, which dPMR networks typically provide, that allows a number of fall-back modes such as the ability for a base station to process local calls. So called 'mission critical' networks can be built with TETRA where all aspects are fail-safe/multiple-redundant.
 * In the absence of a network, mobiles/portables can use 'direct mode' whereby they share channels directly (walkie-talkie mode).
 * Gateway mode - where a single mobile with connection to the network can act as a relay for other nearby mobiles that are out of range of the infrastructure. A dedicated transponder system isn't required in order to achieve this functionality, unlike with analogue radio systems.
 * TETRA also provides a point-to-point function that traditional analogue emergency services radio systems did not provide. This enables users to have a one-to-one trunked 'radio' link between sets without the need for the direct involvement of a control room operator/dispatcher.
 * Unlike cellular technologies, which connect one subscriber to one other subscriber (one-to-one), TETRA is built to do one-to-one, one-to-many and many-to-many. These operational modes are directly relevant to the public safety and professional users.
 * Security TETRA supports terminal registration, authentication, air-interface encryption and end-to-end encryption.
 * Rapid deployment (transportable) network solutions are available for disaster relief and temporary capacity provision.
 * Network solutions are available in both reliable circuit-switched (telephone like) architectures and flat, IP architectures with soft (software) switches.

Further information is available from the TETRA Association (formerly TETRA MoU) and the standards can be downloaded for free from ETSI.

Disadvantages
Its main disadvantages are:

Up to 7.2 kbit/s per timeslot, in the case of point-to-point connections, and 3.5 kbit/s per timeslot in case of IP encapsulation. Both options permit the use of between one and four timeslots. Different implementations include one of the previous connectivity capabilities, both, or none, and one timeslot or more. These rates are ostensibly faster than the competing technologies DMR, dPMR, and P25 are capable of. Latest version of standard supports 115.2 kbit/s in 25 kHz or up to 691.2 kbit/s in an expanded 150 kHz channel. To overcome the limitations many software vendors have begun to consider hybrid solutions where TETRA is used for critical signalling while large data synchronization and transfer of images and video is done over 3G / LTE.
 * Serious security issues have been identified, including an intentional weakening of the TEA1 cipher, constituting a full break within a minute on consumer hardware. (See Description)
 * Requires a linear amplifier to meet the stringent RF specifications that allow it to exist alongside other radio services.
 * Data transfer is slow by modern standards.

Radio aspects
For its modulation TETRA, uses $π/4$ differential quadrature phase-shift keying. The symbol (baud) rate is 18,000 symbols per second, and each symbol maps to 2 bits, thus resulting in 36,000 bit/s gross.

As a form of phase shift keying is used to transmit data during each burst, it would seem reasonable to expect the transmit power to be constant. However it is not. This is because the sidebands, which are essentially a repetition of the data in the main carrier's modulation, are filtered off with a sharp filter so that unnecessary spectrum is not used up. This results in an amplitude modulation and is why TETRA requires linear amplifiers. The resulting ratio of peak to mean (RMS) power is 3.65 dB. If non-linear (or not-linear enough) amplifiers are used, the sidebands re-appear and cause interference on adjacent channels. Commonly used techniques for achieving the necessary linearity include Cartesian loops, and adaptive predistortion.

The base stations normally transmit continuously and (simultaneously) receive continuously from various mobiles on different carrier frequencies; hence the TETRA system is a frequency-division duplex (FDD) system. TETRA also uses FDMA/TDMA (see above) like GSM. The mobiles normally only transmit on 1 slot/4 and receive on 1 slot/4 (instead of 1 slot/8 for GSM).

Speech signals in TETRA are sampled at 8 kHz and then compressed with a vocoder using algebraic code-excited linear prediction (ACELP). This creates a data stream of 4.567 kbit/s. This data stream is error-protection encoded before transmission to allow correct decoding even in noisy (erroneous) channels. The data rate after coding is 7.2 kbit/s. The capacity of a single traffic slot when used 17/18 frames.

A single slot consists of 255 usable symbols, the remaining time is used up with synchronisation sequences and turning on/off, etc. A single frame consists of 4 slots, and a multiframe (whose duration is 1.02 seconds) consists of 18 frames. Hyperframes also exist, but are mostly used for providing synchronisation to encryption algorithms.

The downlink (i.e., the output of the base station) is normally a continuous transmission consisting of either specific communications with mobile(s), synchronisation or other general broadcasts. All slots are usually filled with a burst even if idle (continuous mode). Although the system uses 18 frames per second only 17 of these are used for traffic channels, with the 18th frame reserved for signalling, Short Data Service messages (like SMS in GSM) or synchronisation. The frame structure in TETRA (17.65 frames per second), consists of 18,000 symbols/s; 255 symbols/slot; 4 slots/frame, and is the cause of the perceived "amplitude modulation" at 17 Hz and is especially apparent in mobiles/portables which only transmit on one slot/4. They use the remaining three slots to switch frequency to receive a burst from the base station two slots later and then return to their transmit frequency (TDMA).

Air interface encryption
To provide confidentiality the TETRA air interface is encrypted using one of the TETRA Encryption Algorithm (TEA) ciphers. The encryption provides confidentiality (protect against eavesdropping) as well as protection of signalling.

Currently 4 different ciphers are defined, TEA1 up to TEA4. These TEA ciphers should not be confused with the block cipher Tiny Encryption Algorithm. The TEA ciphers have different availability due to export and use restrictions. Few details are published concerning these proprietary ciphers. Riess mentions in early TETRA design documents that encryption should be done with a stream cipher, due to the property of not propagating transmission errors. Parkinson later confirms this and explains that TEA is a stream cipher with 80-bit keys. The algorithms were later reversed and it appeared that TEA1 reduces its key strength to 32 bits. TEA1 and TEA4 provide basic level security, and are meant for commercial use. The TEA2 cipher is restricted to European public safety organisations. The TEA3 cipher is for situations where TEA2 is suitable but not available.

Cell re-selection (or hand-over) in images


This first representation demonstrates where the slow reselect threshold (SRT), the fast reselect threshold (FRT), and propagation delay exceed parameters are most likely to be. These are represented in association with the decaying radio carrier as the distance increases from the TETRA base station.

From this illustration, these SRT and FRT triggering points are associated to the decaying radio signal strength of the respective cell carriers. The thresholds are situated so that the cell reselection procedures occur on time and assure communication continuity for on-going communication calls.

Initial cell selection


The next diagram illustrates where a given TETRA radio cell initial selection. The initial cell selection is performed by procedures located in the MLE and in the MAC. When the cell selection is made, and possible registration is performed, the mobile station (MS) is said to be attached to the cell. The mobile is allowed to initially select any suitable cell that has a positive C1 value; i.e., the received signal level is greater than the minimum receive level for access parameter.

The initial cell selection procedure shall ensure that the MS selects a cell in which it can reliably decode downlink data (i.e., on a main control channel/MCCH), and which has a high probability of uplink communication. The minimum conditions that shall have to be met are that C1 > 0. Access to the network shall be conditional on the successful selection of a cell.

At mobile switch on, the mobile makes its initial cell selection of one of the base stations, which indicates the initial exchanges at activation.


 * Refer to EN 300 392 2 16.3.1 Activation and control of underlying MLE service
 * Note 18.5.12 Minimum RX access level

The minimum receive access level information element shall indicate the minimum received signal level required at the SwMI in a cell, either the serving cell or a neighbour cell as defined in table 18.24.

Cell improvable


The next diagram illustrates where a given TETRA radio cell becomes improvable. The serving cell becomes improvable when the following occurs: the C1 of the serving cell is below the value defined in the radio network parameter cell reselection parameters, slow reselect threshold for a period of 5 seconds, and the C1 or C2 of a neighbour cell exceeds the C1 of the serving cell by the value defined in the radio network parameter cell reselection parameters, slow reselect hysteresis for a period of 5 seconds.

Cell usable


The next diagram illustrates where a given TETRA radio cell becomes usable. A neighbour cell becomes radio usable when the cell has a downlink radio connection of sufficient quality.

The following conditions must be met in order to declare a neighbour cell radio usable: The neighbour cell has a path loss parameter C1 or C2 that is, for a period of 5 seconds, greater than the fast reselect threshold plus the fast reselect threshold, and the service level provided by the neighbour cell is higher than that of the serving cell. No successful cell reselection shall have taken place within the previous 15 seconds unless MM requests a cell reselection. The MS-MLE shall check the criterion for serving cell relinquishment as often as one neighbour cell is scanned or monitored.

The following conditions will cause the MS to rate the neighbour cell to have higher service level than the current serving cell:
 * The MS subscriber class is supported on the neighbour cell but not on the serving cell.
 * The neighbour cell is a priority cell and the serving cell is not.
 * The neighbour cell supports a service (that is, TETRA standard speech, packet data, or encryption) that is not supported by the serving cell and the MS requires that service to be available.
 * The cell service level indicates that the neighbour cell is less loaded than the serving cell.

Cell relinquishable (abandonable)


The next diagram illustrates where a given TETRA radio cell becomes relinquishable (abandonable). The serving cell becomes relinquishable when the following occurs: the C1 of the serving cell is below the value defined in the radio network parameter cell reselection parameters, fast reselect threshold, for a period of 5 seconds, and the C1 or C2 of a neighbour cell exceeds the C1 of the serving cell by the value defined in the radio network parameter cell reselection parameters, fast reselect hysteresis, for a period of 5 seconds.

No successful cell reselection shall have taken place within the previous 15 seconds unless Mobility Management (MM) requests a cell reselection. The MS-MLE shall check the criterion for serving cell relinquishment as often as one neighbour cell is scanned or monitored.

Radio down-link failure


When the FRT threshold is breached, the MS is in a situation where it is essential to relinquish (or abandon) the serving cell and obtain another of at least usable quality. That is to say, the mobile station is aware that the radio signal is decaying rapidly, and must cell reselect rapidly, before communications are terminated because of radio link failure. When the mobile station radio-signal breaches the minimum receive level, the radio is no longer in a position to maintain acceptable communications for the user, and the radio link is broken.

Radio link failure: (C1 < 0). Using the suggested values, this would be satisfied with the serving cell level below −105 dBm. Cell reselection procedures are then activated in order to find a suitable radio base station.

Virtual MMI for terminals
Any given TETRA radio terminal using Java (Java ME/CLDC) based technology, provides the end user with the communication rights necessary to fulfil his or her work role on any short duration assignment.

For dexterity, flexibility, and evolution ability, the public transportation radio engineering department, have chosen to use the open sources, Java language specification administered by Sun and the associated work groups in order to produce a transport application tool kit.

Service acquisition admits different authorised agents to establish communication channels between different services by calling the service identity, and without possessing the complete knowledge of the ISSI, GSSI, or any other TETRA related communication establishment numbering plan. Service acquisition is administered through a communication rights centralised service or roll allocation server, interfaced into the TETRA core network.

In summary, the TETRA MMI aims are to:
 * Allow any given agent while in exercise, to exploit any given radio terminal without materiel constraint.
 * Provide specific transportation application software to the end-user agents (service acquisition, fraud, and aggression control).

This transport application tool-kit has been produced successfully and with TETRA communication technology and assures for the public transport application requirements for the future mentioned hereafter.

The home (main) menu presents the end user with three possibilities:
 * 1) Service acquisition,
 * 2) Status SDS,
 * 3) End-user parameters.

Service acquisition provides a means of virtually personalising the end user to any given radio terminal and onto TETRA network for the duration the end user conserves the terminal under his possession.

Status SDS provides the end user with a mechanism for generating a 440 Hz repeating tone that signals a fraud occurrence to members within the same (dynamic or static) Group Short Subscriber Identity (GSSI) or to a specific Individual Short Subscriber Identity (ISSI) for the duration of the assignment (an hour, a morning patrol or a given short period allocated to the assignment). The advantage being that each of the end users may attach themselves to any given terminal, and group for short durations without requiring any major reconfiguration by means of radio software programming tools. Similarly, the aggression feature functions, but with a higher tone frequency (880 Hz), and with a quicker repetitious nature, so to highlight the urgency of the alert.

The parameters tab provides an essential means to the terminal end-user allowing them to pre-configure the target (preprogrammed ISSI or GSSI ) destination communication number. With this pre-programmed destination number, the end-user shall liaise with the destination radio terminal or roll allocation server, and may communicate, in the group, or into a dedicated server to which the service acquisition requests are received, preprocessed, and ultimately dispatched though the TETRA core network. This simplifies the reconfiguration or recycling configuration process allowing flexibility on short assignments.

The parameters tab also provides a means of choosing between preselected tones to match the work group requirements for the purposes of fraud and aggression alerts. A possibility of selecting any given key available from the keypad to serve as an aggression or fraud quick key is also made possible though the transport application software tool kit. It is recommend to use the asterisk and the hash keys for the fraud and aggression quick keys respectively. For the fraud and aggression tones, it is also recommend to use 440 Hz slow repeating tone (blank space 500 milli-seconds) and 880 Hz fast repeating tone (blank space 250 milliseconds) respectively. The tone options are as follows: 440 Hz, 620 Hz, 880 Hz, and 1060 Hz.

The parameters page provides an aid or help menu and the last tab within parameters describes briefly the tool kit the version and the history of the transport application tool kit to date.

TETRA Enhanced Data Service (TEDS)
The TETRA Association, working with ETSI, developed the TEDS standard, a wideband data solution, which enhances TETRA with a much higher capacity and throughput for data. In addition to those provided by TETRA, TEDS uses a range of adaptive modulation schemes and a number of different carrier sizes from 25 kHz to 150 kHz. Initial implementations of TEDS will be in the existing TETRA radio spectrum, and will likely employ 50 kHz channel bandwidths as this enables an equivalent coverage footprint for voice and TEDS services. TEDS performance is optimised for wideband data rates, wide area coverage and spectrum efficiency.

Advances in DSP technology have led to the introduction of multi-carrier transmission standards employing QAM modulation. WiMAX, Wi-Fi and TEDS standards are part of this family.

Refer also to:
 * JSR-118;
 * Mobile Information Device Profile, JSR-37;
 * Wireless Messaging API, JSR120;
 * Connected Limited Device Configuration, JSR-139; and
 * Technology for the Wireless Industry, JTWI-185.

Comparison to Project 25
Project 25 and TETRA are utilised for the public safety Radio network and Private Sector Radio network worldwide however, it has some differences in technical features and capacities. Currently, P25 deployed to more than 53 countries and TETRA deployed to more than 114 countries.
 * TETRA: It is optimized for high population density areas, with spectral efficiency (4 time slots in 25 kHz: four communications channels per 25 kHz channel, an efficient use of spectrum). It is suitable for high population density areas and supports full duplex voice, data and messaging. but, it is generally unavailable for simulcast, VHF band - however particular vendors have introduced Simulcast and VHF into their TETRA platform..
 * P25: it is optimized for wider area coverage with low population density, and support for simulcast. however, it is limited to data support. (Phase 1 P25 radio systems operate in a 12.5 kHz analogue, digital or mixed mode, and  P25 Phase II will use a 2-timeslot TDMA structure in 12.5 kHz channels.

Professional usage
there were 114 countries using TETRA systems in Europe, Middle East, Africa, Asia Pacific, Caribbean and Latin America.

The TETRA-system is in use by the public sector in the following countries. Only TETRA network infrastructure installations are listed. TETRA being an open standard, each of these networks can use any mix of TETRA mobile terminals from a wide range of suppliers.

Amateur Radio usage
In the past decade, TETRA has seen an uptick in usage in the amateur radio community. The perceived higher audio quality compared to other digital voice modes, capacity for packet data, SDS, single frequency DMO repeaters, close proximity of the UHF (430-440MHz) amateur radio band and full duplex audio in TMO are motivating arguments to experiment contacts with this technology.

Multiple constraints have to be noted when using TETRA for amateur radio service:


 * In most countries, encryption cannot be used.
 * Most older (pre-2010) terminals don't cover the Region 1 amateur radio frequency range (430-440) natively, and must be modified via software with a possible impact on RF performance.

Multiple amateur DMO and TMO networks are established throughout Europe.

Additionally, an open-source project aims to create a complete SDR-based TETRA stack, with a working DMO repeater proof of concept.