5 Assumptions and architectural requirements

23.2833GPPMission Critical Communication Interworking with Land Mobile Radio SystemsRelease 18TS

5.1 Key management

Interworking requirements for key management for encrypted interworking include:

a) a mechanism to securely (i.e. authenticity, integrity, confidentiality) share an LMR E2EE traffic key for a private call sessions between a party in an MCPTT system and a party in the LMR system;

b) a mechanism to securely convey to group members, the LMR E2EE key or set of LMR E2EE keys associated with an MC service group or set of MC service groups, to be used for encryption of interworking group calls spanning the multiple systems;

c) a mechanism to securely share with temporary group members in MC systems, the LMR E2EE key(s) associated with a temporary MC service group to be used in interworking group calls spanning the multiple systems;

d) key management solutions shall not preclude the ability of an IWF to allow one or more individual Mission Critical Organizations from having sole control over and sole access to LMR E2EE traffic keys used for the entity’s media traffic and users’ key encryption keys (UKEKs or KEKs);

e) key management solutions shall support the ability of the IWF to decrypt/reencrypt the media traffic for zero or more groups; and,

f) for deployments where Mission Critical Organizations wish to use LMR E2EE mechanisms when interworking with LMR users:

i) a mechanism to securely provision an MC service client with the user’s UKEK or KEK; and,

ii) a mechanism to convey LMR OTAR or OTAK message contents.

5.2 Packet format

Each LMR technology defines its own packet format for voice media transmission. For interworking sessions, there might be cases where LMR formatted media is required to be transferred between the IWF and LMR aware MCPTT clients. An example of such a case is where E2EE is used and thus the IWF is not able to decrypt the media. In such cases, media that is sent over the IWF-1 interface needs to be routed within MCPTT systems to/from LMR aware MCPTT clients using methods described in 3GPP TS 23.379 [7].

Requirements for media transmission across the IWF-1 interface include:

a) media transmission to carry the LMR formatted media between the IWF and LMR aware MCPTT clients; and

b) the MCPTT system, along with the IWF, may choose to encrypt the LMR formatted media using 3GPP mechanisms.

NOTE: The contents of the LMR formatted media is out of scope of the present document.