7.2 Key provisioning and management
33.1793GPPRelease 13Security of Mission Critical Push To Talk (MCPTT) over LTETS
7.2.1 General
To be able to be involved in end-to-end communication security the MCPTT user requires key material to be provisioned from a MCPTT Key Management Server (KMS). In addition, management entities which setup or control the end-to-end communication, such as the MCPTT Server and group management server, will also require provisioning of key material.
NOTE: For clarity, an MCPTT KMS provides different functionality to a MIKEY-TICKET KMS defined in 3GPP TS 33.328 [8].
7.2.2 Functional model for key management
7.2.2.0 General
Within the MCPTT architecture, the MCPTT Key Management Server (KMS) provisions key material associated with a specific MCPTT identity. The MCPTT KMS has interfaces with the key management clients. A key management client is responsible for making requests for identity-specific key material. Key provisioning clients are located in the MCPTT UE, in the MCPTT Server and in the group management server.
The reference points for the MCPTT KMS are shown in figure 7.2.2.0-1.
Figure 7.2.2.0-1: Reference Points for MCPTT Key Management Server
Figure 7.2.2.0-1 shows the CSC-8, CSC-9 and CSC-10 reference points for the MCPTT Key Management Server within the MCPTT system.
The KMS may or may not be located within the Common Services Core (CSC) of the MCPTT domain and may or may not make use of the MCPTT proxy.
If the KMS does not make use of the MCPTT proxy, then a secure HTTP connection (HTTPS) shall be established directly between the KMS server and the KMS client. The use of the TrK as defined in clause 9.3 may be used to protect the key material content in this configuration.
If the KMS does connect to and employ the use of the MCPTT proxy, then for public safety users the TrK shall be used as defined in clause 9.3 to protect the key material content.
7.2.2.1 Reference point CSC-8 (between key management server and the key management client within the MCPTT UE)
The CSC-8 reference point, between the key management client in the MCPTT UE and the MCPTT KMS, provides identity-specific key material to the MCPTT UE.
If the KMS does not employ the MCPTT proxy, then CSC-8 is a direct HTTP interface between the KMS server and the KMS client in the UE. CSC-8 therefore does not pass through the MCPTT proxy.
If the MCPTT proxy is used between the KMS and the KMS client within the MCPTT UE, then CSC-8 shall use the HTTP-1 and HTTP-2 reference points.
7.2.2.2 Reference point CSC-9 (between the key management server and the key management client within the MCPTT Server)
The CSC-9 reference point, which exists between the MCPTT key management server and the MCPTT Server, is used, where necessary, to provide the MCPTT Server with identity-specific key material to allow the MCPTT Server to be involved in end-to-end secure communications.
If the KMS does not employ the MCPTT proxy, then CSC-9 is a direct HTTP interface between the KMS server and the KMS client in the MCPTT server. CSC-9 therefore does not pass through the MCPTT proxy.
If the MCPTT proxy is used between the KMS and the KMS client within the MCPTT Server, then CSC-9 shall use the HTTP-1 and HTTP-2 reference points for the transport of key material.
7.2.2.3 Reference point CSC-10 (between the key management server and the key management client within a group management server)
The CSC-10 reference point, which exists between the MCPTT key management server and a group management server, is used to provide the group management server with identity-specific key material to allow the group management server to distribute key material to support group communications.
If the KMS does not employ the MCPTT proxy, then CSC-10 is a direct HTTP interface between the KMS server and the KMS client in the group management server. CSC-10 therefore does not pass through the MCPTT proxy.
If the MCPTT proxy is used between the KMS and the KMS client within a group management server, then CSC-10 shall use the HTTP-1, and HTTP-2 signalling reference points for the transport of key material.
7.2.3 Security procedures for key management
The procedure for the provision of identity-specific key material when the MCPTT proxy is supported between the KMS and the KMS client is described in figure 7.2.3-1. The procedure is the same whether the key management client in the MCPTT UE, MCPTT Server or group management server is making the request.
Figure 7.2.3-1: Provisioning of key material via the HTTP proxy
The procedure in figure 7.2.3-1 is now described step-by-step.
0) The key management client establishes a connection to the MCPTT KMS. As with other elements in the Common Services Core, the connection routed via, and secured by, the HTTP Proxy. The message flow below is within this secure connection.
NOTE: Additionally, the connection between the MCPTT KMS and the HTTP Proxy is secured according to clause 8.
1) The key management client makes a request for user key material from the MCPTT KMS. The request contains details of the identity (e.g. the MCPTT ID) requested for key management, and the time for which the key material is required.
2) The KMS provides a response containing key material. The response includes the type of key material, the period of use for the material and any domain-specific parameters required for its use. For public safety use, the key material itself shall be wrapped using a 256-bit transport key (TrK). The TrK is distributed via an out-of-band mechanism along with a 32-bit identifier, TrK-ID.
The procedure for the provisioning of identity-specific key material when the MCPTT proxy is not used between the KMS and the KMS client is as described in Figure 7.2.3-2.
Figure 7.2.3-2: Provisioning of key material without a proxy
The procedure in Figure 7.2.3-2 is now described step-by-step:
0) The key management client establishes a direct HTTPS connection to the MCPTT KMS. The following message flow is within this secure connection.
1) The key management client makes a request for user key material from the MCPTT KMS. The request contains details of the identity requested for key management, and the time at which the key material is required.
2) The KMS provides a response containing key material. The response includes the type of key material, the period of use for the material and any domain-specific parameters required for its use. Optionally, the key material itself may also be wrapped using a 256-bit transport key (TrK), distributed via an out-of-band mechanism along with a 32-bit identifier (TrK-ID).
As a result of this procedure, the key management client has securely obtained key material for use within the MCPTT system.
7.2.4 Provisioned key material to support end-to-end communication security
End-to-end communication security for either group or private calls requires the provisioning of key material from the KMS. The key material required to be provisioned to each user is listed below:
– Domain specific key material, also known as a MCPTT KMS Certificate, which includes:
– The MCPTT KMS Public Authentication Key (KPAK in IETF RFC 6507 [9]).
– The MCPTT KMS Public Confidentiality Key (Z_T in IETF RFC 6508 [10]).
– The UID conversion (as described below).
– Choice of cryptographic domain parameters (such as those listed in IETF RFC 6509 [8]).
– The time period for which this information is valid.
– A user signing key for each UID for the upcoming time period (SSK and PVT in IETF RFC 6507 [9]).
– A user decryption key for each UID for the upcoming time period (RSK in IETF RFC 6508 [10]).
– The time period, for which the user key material is valid (e.g. month).
The UID conversion mechanism defines how UIDs are generated. Using this information a MCPTT client can take a user identifier (e.g. an MCPTT ID), and the current time, (e.g. the year and month) and convert these to a UID.
EXAMPLE: UID = Hash (MCPTT ID, KMS URI, validity period info).
As a consequence, there is a one-to-one correspondence between MCPTT IDs and UIDs during each time period.
After provisioning, the key material may be stored in the user’s profile.