5.2.7 Key distribution across multiple security domains

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

5.2.7.1 General

5.2.7.2 Identification of External Security Domains

To support multiple security domains, the security domain used by each user is recorded alongside the user’s MC Service ID within configuration parameters in the MC system. Furthermore, the security domain of the GMS is recorded alongside the GMS FQDN and the security domain of the MCX Server is recorded alongside the MCX Server FQDN. Security domains are identified by a unique identifier, the ‘KMSUri’. Specifically, the following describes the situations where security domain information is needed:

1) The MCX Server(s) requires knowledge of the security domain (KMSUri) of users connected to the server.

2.1) On initiating a MCPTT private call, the initiating UE requires knowledge of the security domain (KMSUri) of the receiving user.

2.2) On receiving a MCPTT private call, the receiving UE requires knowledge of the security domain (KMSUri) of the initiating user.

3.1) On initiating a MCVideo private call, the initiating UE requires knowledge of the security domain (KMSUri) of the receiving user.

3.2) On receiving a MCVideo private call, the receiving UE requires knowledge of the security domain (KMSUri) of the initiating user.

4.1) On initiating a MCData one-to-one SDS or file transfer, the initiating UE requires knowledge of the security domain (KMSUri) of the receiving user.

4.2) On receiving a MCData one-to-one SDS or file transfer, the receiving UE requires knowledge of the security domain (KMSUri) of the initiating user.

5) The Group Management Server requires knowledge of the security domain (KMSUri) of each member of the group.

6) Group members require knowledge of the security domain (KMSUri) of the group management server.

7) MC users require knowledge of the security domain (KMSUri) of the MCX Server(s) to which they connect.

NOTE: In most cases, the required security domain will be the Home security domain, meaning that the required KMSUri will be the user’s Home KMSUri. It may be more space efficient to only keep a record where the KMSUri is not the Home KMSUri.

5.2.7.3 Using multiple security domains

On encrypting to an entity within the MC System using an I_MESSAGE, the client shall lookup the KMSUri from the appropriate configuration data, then lookup the appropriate KMS Certificate with that KMSUri from the certificate cache downloaded from it’s home KMS. The security parameters within the KMS Certificate are used to perform encryption. The KMSUri is added to the I_MESSAGE within the IDRkmsr field.

Equivalently, when verifying a received I_MESSAGE, the receiving client shall extract the KMSUri from the I_MESSAGE (if present) and check this matches the KMSUri from the appropriate configuration data. The client shall then lookup the appropriate KMS Certificate with that KMSUri from the certificate cache downloaded from it’s home KMS. The security parameters within the KMS Certificate are used to perform verification.

Should a matching certificate not be found, the client may request the certificate based on the KmsUri from it’s home KMS using an appropriate KMS Cert request, as defined in Clause D.2.6.