7.7 Protection of MBMS subchannel control messages (SRTCP)

33.1793GPPRelease 13Security of Mission Critical Push To Talk (MCPTT) over LTETS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

7.7.1 General

When MBMS is used, the MCPTT Server generates MBMS subchannel control messages as described in clause 4.2.3 of TS 24.380 [x]. These messages together with the RTP media packets and floor control messages are distributed over MBMS bearers. The MBMS subchannel control messages are for example used to signal to MCPTT UEs participating in a group call when to switch from unicast to multicast bearer or viceversa. The format and type of MBMS subchannel control messages is described in clause 8.4 of TS 24.380 [39].

In order to protect MBMS subchannel control messages, each time a bearer is activated, the MCPTT Server generates an MBMS subchannel control key (MSCCK) The MSCCK is distributed encrypted specifically to a user and signed using an identity representing the MCPTT Server. Prior to group key distribution, each MCPTT UE within the group shall be provisioned by the MCPTT KMS with time-limited key material associated with the MCPTT User as described in clause 7.2. The MCPTT Server shall also be provisioned by the MCPTT KMS with key material for an identity which is authorized to manage MBMS bearers.

7.7.2 Key distribution

The MSCCK is distributed with a 32-bit Key Identifier (MSCCK-ID) within a MIKEY payload within the SDP content of the MBMS bearer announcement message described in TS 23.179 [2] clause 10.10. This payload is a MIKEY-SAKKE I_MESSAGE, as defined in IETF RFC 6509 [11], which ensures the confidentiality, integrity and authenticity of the payload.

The payload is constructed in a similar manner to how it is done for private call keys. The difference is that it is signed using (the KMS-provisioned key associated to) the identity of the MCPTT Server. The security processes are summarized in figure 7.7.2-1.

Figure 7.7.2-1: Security information within an MBMS bearer announcement message

At the MCPTT UE, the MCPTT Server’s URI is extracted from the initiator field (IDRi) of the message. Along with the time, this is used to check the signature on the message. If valid, the UE extracts and decrypts the encapsulated MSCCK using the (KMS-provisioned) user’s UID key. The MCPTT UE also extracts MSCCK-ID. This process is shown in figure 7.7.2-2.

Figure 7.7.2-2: Processing the security content of an MBMS bearer announcement

As a result of this mechanism, the MCPTT UEs that have received a bearer announcement management for a particular bearer (identified by the TMGI) will share an MSCCK and an MSCCK-ID with the MCPTT server.

7.7.3 Derivation of SRTCP master keys

The derivation of the SRTCP master key and the SRTCP master salt for the protection of the MBMS subchannel control messages shall proceed as described in clause 7.4.4 where the MSCCK is used as the MIKEY TGK and the MSCCK-ID as the MIKEY CSB-ID.