DECT-NR+ implements a layered security approach by offering security services at both the MAC and Convergence Layers. These services protect against passive eavesdropping and Man in The Middle (MITM) type attacks.

Why use a layered approach to security in DECT-NR+?

The layered approach is used to provide end-to-end protection, and also hop-to-hop protection. This is because when a frame passes by an intermediate router node, the frame will only arrive to the DLC layer.

DECT-NR+ Security, When frames are routed by intermediate nodes, they only pass up to the DLC layer

The security service at the bottom of the MAC layer is used for hop-to-hop security, whilst the Convergence layer service is for the End-to-End security.

Types of Security provided by DECT-NR+

DECT-NR+ provides 2 types of security. Ciphering provides encryption and protects a frame from passive eavesdropping. Integrity Protection provides a Message Integrity Code (MIC) and protects a frame from unauthorized modification or MITM attacks.

Ciphering

Ciphering is performed using AES-128 in Counter (CTR) Mode

DECT-NR+ Security, AES-128 CTR Ciphering

A counter is ciphered with a secret key and then XOR’d with the 128bit Message Block to create a ciphered message block. The counter in incremented per block, and has a NONCE prepended to it.

Integrity Protection

Integrity Protection is provided through the use of OMAC-1 and AES128. A 128bit Message Block is ciphered using AES128 and then XOR’d with each individual block. The last message differs slightly where additional keys are derived by the secret key and a tweak is created. This is then XOR’d with the other messages before being sent.

DECT-NR+ Security, OMAC-1 with AES128 Flow

For more information on DECT-NR+ visit the Signal Vortex DECT-NR+ Category and take a look at our resource hub. DECT-NR+ is an open standard managed via ETSI and supported by the DECT Forum

Categorized in: