13 Media plane security

24.3803GPPMission Critical Push To Talk (MCPTT) media plane controlProtocol specificationRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

13.1 General

Media plane security provides integrity and confidentiality protection of individual media streams and media plane control messages in MCPTT sessions.

The media plane security is based on 3GPP MCPTT security solution including key management and end-to-end media and floor control messages protection as defined in 3GPP TS 33.180 [18].

Various keys and associated key identifiers protect:

1. RTP transported media;

2. RTCP transported media control messages (i.e. RTCP SR packets, RTCP RR packets, RTCP SDES packets);

3. RTCP APP transported floor control messages;

4. RTCP APP transported pre-established session call control messages; and

5. RTCP APP transported MBMS subchannel control messages.

In an on-network group call of an MCPTT group which is not a constituent MCPTT group of a temporary MCPTT group:

1. if protection of media is negotiated, the GMK and the GMK-ID of the MCPTT group protect the media sent and received by an MCPTT clients;

2. if protection of floor control messages sent using unicast between the MCPTT client and the participating MCPTT function serving the MCPTT client is negotiated, the CSK and the CSK-ID protect the floor control messages sent and received using unicast by the MCPTT client and by a participating MCPTT function;

3. if protection of floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients is required:

A) if a MuSiK and a MuSiK-ID are associated with the on-network group call, the MuSiK and the MuSiK-ID associated with the on-network group call protect the floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients; and

B) if a MuSiK and a MuSiK-ID are not associated with the on-network group call, the MKFC and the MKFC-ID of the MCPTT group protect the floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients;

NOTE 1: If protection of floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients is required and the participating MCPTT function is compliant to Release 14 of the present document, a MuSiK and a MuSiK-ID are always associated with the on-network group call.

4. if protection of floor control messages between the participating MCPTT function and the controlling MCPTT function is negotiated, the SPK and the SPK-ID protect the floor control messages sent and received between the participating MCPTT function and the controlling MCPTT function;

5. if protection of media control messages sent using unicast between the MCPTT client and the participating MCPTT function serving the MCPTT client is negotiated, the CSK and the CSK-ID protect the media control messages sent and received using unicast by the MCPTT client and by a participating MCPTT function; and

6. if protection of media control messages between the participating MCPTT function and the controlling MCPTT function is negotiated, the SPK and the SPK-ID protect the media control messages sent and received between the participating MCPTT function and the controlling MCPTT function.

In an on-network group call of an MCPTT group which is a constituent MCPTT group of a temporary MCPTT group:

1. if protection of media is negotiated, the GMK and the GMK-ID of the temporary MCPTT group protect the media sent and received by an MCPTT client;

3. if protection of floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients is required:

B) if a MuSiK and a MuSiK-ID are not associated with the on-network group call, the MKFC and the MKFC-ID of the temporary MCPTT group protect the floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients;

NOTE 2: If protection of floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients is required and the participating MCPTT function is compliant to Release 14 of the present document, a MuSiK and a MuSiK-ID are always associated with the on-network group call.

4. if protection of floor control messages between the participating MCPTT function and the non-controlling MCPTT function is negotiated, the SPK and the SPK-ID protect the floor control messages sent and received between the participating MCPTT function and the non-controlling MCPTT function;

5. if protection of floor control messages between the non-controlling MCPTT function and the controlling MCPTT function is negotiated, the SPK and the SPK-ID protect the floor control messages sent and received between the non-controlling MCPTT function and the controlling MCPTT function;

6. if protection of media control messages sent using unicast between the MCPTT client and the participating MCPTT function serving the MCPTT client is negotiated, the CSK and the CSK-ID protect the media control messages sent and received using unicast by the MCPTT client and by a participating MCPTT function;

7. if protection of media control messages between the participating MCPTT function and the non-controlling MCPTT function is negotiated, the SPK and the SPK-ID protect the media control messages sent and received between the participating MCPTT function and the non-controlling MCPTT function; and

8. if protection of media control messages between the non-controlling MCPTT function and the controlling MCPTT function is negotiated, the SPK and the SPK-ID protect the media control messages sent and received between the non-controlling MCPTT function and the controlling MCPTT function.

In an on-network private call:

1. if protection of media is negotiated, the PCK and the PCK-ID protect media sent and received by the MCPTT clients;

2. if protection of floor control messages sent using unicast between the MCPTT client and the participating MCPTT function serving the MCPTT client is negotiated, the CSK and the CSK-ID protect the floor control messages sent and received by the MCPTT client and by the participating MCPTT function;

3. if protection of floor control messages between the participating MCPTT function and the controlling MCPTT function is negotiated, the SPK and the SPK-ID protect the floor control messages sent and received between the participating MCPTT function and the controlling MCPTT function;

4. if protection of media control messages sent using unicast between the MCPTT client and the participating MCPTT function serving the MCPTT client is negotiated, the CSK and the CSK-ID protect the media control messages sent and received using unicast by the MCPTT client and by a participating MCPTT function; and

5. if protection of media control messages between the participating MCPTT function and the controlling MCPTT function is negotiated, the SPK and the SPK-ID protect the media control messages sent and received between the participating MCPTT function and the controlling MCPTT function.

In an off-network group call of an MCPTT group:

1. if protection of media is announced, the GMK and the GMK-ID of the MCPTT group protect the media sent and received by an MCPTT client;

2. if protection of floor control messages is announced, the GMK and the GMK-ID of the MCPTT group protect the floor control messages sent and received by an MCPTT client; and

3. if protection of media control messages is announced, the GMK and the GMK-ID of the MCPTT group protect the media sent and received by an MCPTT client.

In an off-network private call:

1. if protection of media is negotiated, the PCK and the PCK-ID protect media sent and received by an MCPTT client;

2. if protection of floor control messages is negotiated, the PCK and the PCK-ID protect floor control messages sent and received by an MCPTT client; and

3. if protection of media control messages is negotiated, the PCK and the PCK-ID protect media control messages and received by an MCPTT client.

In an pre-established session, if the pre-established session call control messages between the MCPTT client and the participating MCPTT function serving the MCPTT client are negotiated to be protected, the CSK and the CSK-ID protect the pre-established session call control messages sent and received by the MCPTT client and by the participating MCPTT function serving the MCPTT client.

If protection of MBMS subchannel control messages sent over the general purpose MBMS subchannel of an MBMS bearer is required, the MSCCK and the MSCCK-ID associated with the MBMS bearer protect the MBMS subchannel control messages sent over the general purpose MBMS subchannel of the MBMS bearer by the participating MCPTT function to the MCPTT client.

The GMK and the GMK-ID are distributed to the MCPTT clients using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12].

The CSK and the CSK-ID are generated by the MCPTT client and provided to the participating MCPTT function serving the MCPTT client using SIP signalling according to 3GPP TS 24.379 [2].

The MKFC and the MKFC-ID are distributed to the MCPTT clients using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12]. The MKFC and the MKFC-ID are distributed to the controlling MCPTT function using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12] and the controlling MCPTT function provides the MKFC and the MKFC-ID to the participating MCPTT function using SIP signalling according to 3GPP TS 24.379 [2].

The SPK and the SPK-ID are configured in the participating MCPTT function, the controlling MCPTT function and the non-controlling MCPTT function.

The PCK and the PCK-ID are generated by the MCPTT client initiating the private call and provided to the MCPTT client receiving the private call using SIP signalling according to 3GPP TS 24.379 [2], using Connect message described in clause 8.3.4 or using MONP signalling according to 3GPP TS 24.379 [2].

The MSCCK and the MSCCK-ID associated with an MBMS bearer are generated by the participating MCPTT function which activated the MBMS bearer and are provided to one or more served MCPTTs clients using SIP signalling according to 3GPP TS 24.379 [2].

The MuSiK and the MuSiK-ID are associated with the on-network group call according to 3GPP TS 24.379 [4].

13.2 Derivation of SRTP/SRTCP master keys

Each key (i.e. CSK, GMK, MKFC, PCK, SPK, MSCCK, MuSiK) and its associated key identifier (i.e. CSK-ID, GMK-ID, MKFC-ID, PCK-ID, SPK-ID, MSCCK-ID, MuSiK-ID) described in clause 13.1 are used to derive SRTP-MK, SRTP-MS and SRTP-MKI.

SRTP-MK, SRTP-MS and SRTP-MKI are used in encryption of media or floor control messages in SRTP as specified in IETF RFC 3711 [16] and 3GPP TS 33.180 [18].

13.3 Media plane encryption and decryption

13.3.1 General

Void.

13.3.2 The participating MCPTT function

The participating MCPTT function:

1. if protection of media is negotiated, shall be transparent to RTP media streams and shall forward encrypted RTP media streams without decrypting the payload;

2. if protection of floor control messages sent using unicast between the participating MCPTT function and the MCPTT client is negotiated and the CSK and the CSK-ID were received from the MCPTT client using SIP signalling according to 3GPP TS 24.379 [2]:

A) shall encrypt floor control messages sent using unicast to the served MCPTT client according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

B) shall decrypt floor control messages received using unicast from the served MCPTT client according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2;

3. if protection of floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients is required and a MuSiK and a MuSiK-ID are associated with the on-network group call of the floor control messages:

A) shall encrypt floor control messages sent over the MBMS subchannel according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the MuSiK and MuSiK-ID as specified in clause 13.2;

NOTE: The participating MCPTT function compliant to Release 14 of the present document does not use MKFC and MKFC-ID.

4. if protection of floor control messages between the participating MCPTT function and the controlling MCPTT function is negotiated and the SPK and the SPK-ID are configured in the participating MCPTT function:

A) shall encrypt floor control messages sent to the controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

B) shall decrypt floor control messages received from the controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2;

5. if protection of floor control messages between the participating MCPTT function and the non-controlling MCPTT function is negotiated and the SPK and the SPK-ID are configured in the participating MCPTT function:

A) shall encrypt floor control messages sent to the non-controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

B) shall decrypt floor control messages received from the non-controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2;

6. if protection of pre-established session call control messages between the participating MCPTT function and the MCPTT client is negotiated and the CSK and the CSK-ID were received from the MCPTT client using SIP signalling according to 3GPP TS 24.379 [2]:

A) shall encrypt pre-established session call control messages sent to the served MCPTT client according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

B) shall decrypt pre-established session call control messages received from served MCPTT client according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2;

7. if protection of media control messages sent using unicast between the participating MCPTT function and the MCPTT client is negotiated between the participating MCPTT function and the MCPTT client and the CSK and the CSK-ID were received from the MCPTT client using SIP signalling according to 3GPP TS 24.379 [2];

A) shall encrypt media control messages sent using unicast to the served MCPTT client according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

B) shall decrypt media control messages received using unicast from the served MCPTT client according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2;

8. if protection of media control messages between the participating MCPTT function and the controlling MCPTT function is negotiated and the SPK and the SPK-ID are configured in the participating MCPTT function:

A) shall encrypt media control messages sent to the controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

B) shall decrypt media control messages received from the controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2;

9. if protection of media control messages between the participating MCPTT function and the non-controlling MCPTT function is negotiated and the SPK and the SPK-ID are configured in the participating MCPTT function:

A) shall encrypt media control messages sent to the non-controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

B) shall decrypt media control messages received from the non-controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

10. if protection of MBMS subchannel control messages sent over the general purpose MBMS subchannel of an MBMS bearer is required and the MSCCK and the MSCCK-ID associated with the MBMS bearer were sent to one or more served MCPTT clients using SIP signalling according to 3GPP TS 24.379 [2]:

A) shall encrypt MBMS subchannel control messages specified in clause 8.4 sent over the general purpose MBMS subchannel of the MBMS bearer according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the MSCCK and MSCCK-ID associated with the MBMS bearer as specified in clause 13.2.

13.3.3 The MCPTT client

The MCPTT client:

1. in an on-network group call of an MCPTT group which is not a constituent MCPTT group of a temporary MCPTT group:

A) if protection of media is negotiated and the GMK and the GMK-ID of the MCPTT group were received using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12] for the MCPTT group:

i) shall encrypt sent media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID as specified in clause 13.2; and

ii) shall decrypt received media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID as specified in clause 13.2;

B) if protection of floor control messages sent using unicast is negotiated and the CSK and the CSK-ID were sent to the participating MCPTT function using SIP signalling according to 3GPP TS 24.379 [2]:

i) shall encrypt floor control messages sent using unicast according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

ii) shall decrypt floor control messages received using unicast according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2;

C) if protection of floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients is required:

i) if a MuSiK and a MuSiK-ID are associated with the on-network group call, shall decrypt floor control messages received over the MBMS subchannel for floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [14] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the MuSiK and the MuSiK-ID associated with the on-network group call as specified in clause 13.2; and

ii) if a MuSiK and a MuSiK-ID are not associated with the on-network group call and the MKFC and the MKFC-ID of the MCPTT group were received using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12] for the MCPTT group, shall decrypt floor control messages received over the MBMS subchannel for floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the MKFC and MKFC-ID as specified in clause 13.2; and

NOTE 1: The MCPTT client can receive floor control messages encrypted using SRTP-MK, SRTP-MS and SRTP-MKI generated using the MKFC and MKFC-ID from a participating MCPTT function compliant only to Release 13 of the present document.

D) if protection of media control messages sent using unicast between the participating MCPTT function and the MCPTT client is negotiated and the CSK and the CSK-ID were sent to the participating MCPTT function using SIP signalling according to 3GPP TS 24.379 [2]:

i) shall encrypt media control messages sent using unicast according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

ii) shall decrypt media control messages received using unicast according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2;

2. in an on-network group call of an MCPTT group which is a constituent MCPTT group of a temporary MCPTT group:

A) if protection of media is negotiated and the GMK and the GMK-ID of the temporary MCPTT group were received using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12] for the constituent MCPTT group:

i) shall encrypt sent media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID of the temporary MCPTT group as specified in clause 13.2; and

ii) shall decrypt received media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID of the temporary MCPTT group as specified in clause 13.2;

C) if protection of floor control messages sent over the MBMS subchannel from the participating MCPTT function to the served MCPTT clients is required:

ii) if a MuSiK and a MuSiK-ID are not associated with the on-network group call and the MKFC and the MKFC-ID of the temporary MCPTT group were received using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12] for the constituent MCPTT group, shall decrypt floor control messages received over the MBMS subchannel for floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the MKFC and MKFC-ID of the temporary MCPTT group as specified in clause 13.2; and

NOTE 2: The MCPTT client can receive floor control messages encrypted using SRTP-MK, SRTP-MS and SRTP-MKI generated using the MKFC and MKFC-ID from a participating MCPTT function compliant only to Release 13 of the present document.

D) if protection of media media control messages sent using unicast between the participating MCPTT function and the MCPTT client is negotiated and the CSK and the CSK-ID were sent to the participating MCPTT function using SIP signalling according to 3GPP TS 24.379 [2]:

3. in an on-network private call:

A) if:

i) protection of media is negotiated in originating call and the PCK and the PCK-ID were sent to the remote MCPTT client using SIP signalling according to 3GPP TS 24.379 [2]; or

ii) protection of media is negotiated in terminating call and the PCK and the PCK-ID were received from the remote MCPTT client using SIP signalling according to 3GPP TS 24.379 [2];

then:

i) shall encrypt sent media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the PCK and PCK-ID as specified in clause 13.2; and

ii) shall decrypt received media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the PCK and PCK-ID as specified in clause 13.2;

B) if protection of floor control messages is negotiated and the CSK and the CSK-ID were sent to the participating MCPTT function using SIP signalling according to 3GPP TS 24.379 [2]:

i) shall encrypt sent floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

ii) shall decrypt received floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

4. in an off-network group call of an MCPTT group:

A) if protection of media is announced and the GMK and GMK-ID of the MCPTT group were received when on-network using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12] for the MCPTT group:

i) shall encrypt sent media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID as specified in clause 13.2; and

ii) shall decrypt received media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID as specified in clause 13.2;

B) if protection of floor control messages is announced and the GMK and the GMK-ID of the MCPTT group were received when on-network using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12] for the MCPTT group:

i) shall encrypt sent floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID as specified in clause 13.2; and

ii) shall decrypt received floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID as specified in clause 13.2; and

C) if protection of media control messages is announced and the GMK and GMK-ID of the MCPTT group were received when on-network using the group document subscription and notification procedure specified in 3GPP TS 24.481 [12] for the MCPTT group:

i) shall encrypt sent sent media control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID as specified in clause 13.2; and

ii) shall decrypt received received media control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the GMK and GMK-ID as specified in clause 13.2;

5. in an off-network private call:

A) if:

i) protection of media is negotiated in originating call and the PCK and the PCK-ID were sent to the remote MCPTT client using MONP signalling according to 3GPP TS 24.379 [2]; or

ii) protection of media is negotiated in terminating call and the PCK and the PCK-ID were received from the remote MCPTT client using MONP signalling according to 3GPP TS 24.379 [2];

then:

i) shall encrypt sent media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the PCK and PCK-ID as specified in clause 13.2; and

ii) shall decrypt received media according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the PCK and PCK-ID as specified in clause 13.2;

B) if:

i) protection of floor control messages is negotiated in originating call and the PCK and the PCK-ID were sent to the remote MCPTT client using MONP signalling according to 3GPP TS 24.379 [2]; or

ii) protection of floor control messages is negotiated in terminating call and the PCK and the PCK-ID were received from the remote MCPTT client using MONP signalling according to 3GPP TS 24.379 [2].

then:

i) shall encrypt sent floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the PCK and PCK-ID as specified in clause 13.2; and

ii) shall decrypt received floor control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the PCK and PCK -ID as specified in clause 13.2; and

C) if:

i) protection of media control messages is negotiated in originating call and the PCK and the PCK-ID were sent to the remote MCPTT client using MONP signalling according to 3GPP TS 24.379 [2]; or

ii) protection of media control messages is negotiated in terminating call and the PCK and the PCK-ID were received from the remote MCPTT client using MONP signalling according to 3GPP TS 24.379 [2];

then:

i) shall encrypt sent sent media control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the PCK and PCK-ID as specified in clause 13.2; and

ii) shall decrypt received received media control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the PCK and PCK-ID as specified in clause 13.2;

6. if protection of pre-established session control messages is negotiated and the CSK and the CSK-ID were sent to the participating MCPTT function using SIP signalling according to 3GPP TS 24.379 [2]:

A) shall encrypt sent pre-established session call control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

B) shall decrypt received pre-established session call control messages according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the CSK and CSK-ID as specified in clause 13.2; and

6. if the MSCCK and the MSCCK-ID associated with the MBMS bearer were received from the participating MCPTT function using SIP signalling according to 3GPP TS 24.379 [2]:

A) shall decrypt MBMS subchannel control messages specified in clause 8.4 received over the general purpose MBMS subchannel of the MBMS bearer according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the MSCCK and MSCCK-ID associated with the MBMS bearer as specified in clause 13.2.

13.3.4 The controlling MCPTT function

The controlling MCPTT function:

1. if protection of media is negotiated, shall be transparent to RTP media streams and shall forward encrypted RTP media streams without decrypting the payload;

2. in an on-network group call of an MCPTT group which is not a constituent MCPTT group of a temporary MCPTT group:

A) if protection of floor control messages between the controlling MCPTT function and the participating MCPTT function is negotiated and the SPK and the SPK-ID are configured in the controlling MCPTT function:

i) shall encrypt floor control messages sent to the participating MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

ii) shall decrypt floor control messages received from the participating MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

B) if protection of media control messages between the controlling MCPTT function and the participating MCPTT function is negotiated and the SPK and the SPK-ID are configured in the controlling MCPTT function:

i) shall encrypt media control messages sent to the participating MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

ii) shall decrypt media control messages received from the participating MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2;

3. in an on-network group call of an MCPTT group which is a constituent MCPTT group of a temporary MCPTT group:

A) if protection of floor control messages between the controlling MCPTT function and the non-controlling MCPTT function is negotiated and the SPK and the SPK-ID are configured in the controlling MCPTT function:

i) shall encrypt floor control messages sent to the non-controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

ii) shall decrypt floor control messages received from the non-controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

B) if protection of media control messages between the controlling MCPTT function and the non-controlling MCPTT function is negotiated and the SPK and the SPK-ID are configured in the controlling MCPTT function:

i) shall encrypt media control messages sent to the non-controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

ii) shall decrypt media control messages received from the non-controlling MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

4. in an on-network private call:

13.3.5 The non-controlling MCPTT function

The non-controlling MCPTT function:

1. if protection of media is negotiated, shall be transparent to RTP media streams and shall forward encrypted RTP media streams without decrypting the payload;

2. if protection of floor control messages between the non-controlling MCPTT function and the participating MCPTT function is negotiated and the SPK and the SPK-ID are configured in the non-controlling MCPTT function:

A) shall encrypt floor control messages sent to the participating MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

B) shall decrypt floor control messages received from the participating MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2;

3. if protection of floor control messages between the non-controlling MCPTT function and the controlling CPTT function is negotiated and the SPK and the SPK-ID are configured in the non-controlling MCPTT function:

4) if protection of media control messages between the non-controlling MCPTT function and the participating MCPTT function is negotiated and the SPK and the SPK-ID are configured in the non-controlling MCPTT function:

A) shall encrypt media control messages sent to the participating MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

B) shall decrypt media control messages received from the participating MCPTT function according to IETF RFC 3711 [16] and 3GPP TS 33.180 [18] using SRTP-MK, SRTP-MS and SRTP-MKI generated using the SPK and SPK-ID as specified in clause 13.2; and

5) if protection of media control messages between the non-controlling MCPTT function and the controlling MCPTT function is negotiated and the SPK and the SPK-ID are configured in the non-controlling MCPTT function: