5.11 UE key storage and key persistence

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

5.11.1 Key storage

To prevent the exposure of mission critical keys and key material, the following guidelines shall be followed to ensure that mission critical keys and key material are protected within the UE. Persistence of keys and key material through transistional states of the UE are defined in clause 5.11.2.

All long term keys and private certificates used to establish secure communications with MC domain servers such as the IdMS, KMS, and MC domain proxies (e.g. CS proxies and MC domain proxies) shall be stored in a protected state within the UE while not actively in use. The method used to protect these keys and certificates is out of scope of this document. These long term keys and key material include, but are not limited to the TrK, InK, and TLS private certificates.

CSK(s), GMK(s) and MuSiK(s) shall be stored in a protected state within the UE while not actively in use. The method used to protect these keys is out of scope of this document.

Identity based key material, e.g. KMS Key Set(s), shall be stored in a protected state within the UE while not actively in use. The method used to protect these keys is out of scope of this document.

Identity based tokens, such as the ID token, access token(s), refresh token(s), and security token(s) shall be stored in a protected state within the UE while not actively in use. The method used to protect these tokens is out of scope of this document.

Dynamic keys used for MCPTT, MCData and MCVideo signalling and media protection such as the MKFC, MSCCK and PCK and any derived keys (e.g. DPCK, SRTP Master Keys, XML keys, AES keys) should be securely stored as dictated by the operational needs of these keys and shall be securely deleted when these keys are no longer operationally needed.

5.11.2 Key persistence

Static and semi-static keys and key material such as CSK(s), GMK(s), TrK, InK, TLS private certificates, IPsec private certificates, KMS Key Sets, ID token, access token(s), refresh token(s), and security token(s) shall be securely stored and maintained through UE power cycles. These static and semi-static keys and key material shall also be maintained through user log-off and log-on cycles. This ensures that the UE maintains the credentials, keys and key material for the user through various UE transitional states including on-network to off-network transitions. This is especially critical for identity based key material and GMK(s) that are used for off-network communications.

When the current user logs off and a different user logs onto the UE, all keys and key material associated to the previous user shall either be securely deleted from the UE or alternatively, a method to securely partition user’s keys and key material from other users shall be implemented. Keys and key material that remain in the UE through log-off and log-on cycles and during usage by mulitiple users shall be securely stored and accessible only to the user to which the keys and key material are associated. The method used to securely partition user’s keys and key material is out of scope of this document.

Dynamic keys for MCPTT, MCData and MCVideo media and signalling protection such as the MKFC, MSCCK, and PCK and any derived keys (e.g. DPCK, SRTP Master Keys, XML keys, AES keys) shall be securely deleted from the UE at UE power down, log off of the current user, expiry of any associated access tokens (for technical or authentication reasons), or as dictated by the operational needs of these keys. Dynamic keys and tokens may be renegotiated during establishment of follow-on communications.

When an access token expires because the IdMS cannot or will not refresh the existing access token for technical or authentication reasons, the following mission critical static, semi-static and dynamic keys shall be securely deleted from the UE; CSK(s), GMK(s), MuSiK, MKFC, MSCCK, KFC, DPPK, PCK, and identity based tokens (i.e. access tokens, refresh tokens, and security tokens). Expired access tokens, refresh tokens or security tokens may require re-authentication of the user with the IdM services and MC domain.