5.8 Key management from MC server to MC client (Key download)

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

5.8.1 General

The ‘key download’ procedure is used to send keys from the MCX server to the MC client. It is used to distribute Multicast Signalling Keys (MuSiKs) to the MC clients, and it is used to update both the CSKs and MuSiKs.

Within the ‘key download’ procedure, keys (CSK or MuSiKs) are encrypted specifically to the MC user and signed using an identity representing the MC Server. Prior to group key distribution, each MC client shall be provisioned by the KMS with time-limited key material associated with the MC User as described clause 5.3. The MC Server shall also be provisioned by the MC KMS with key material for an identity which is authorised to act as an MCX Server.

The key (CSK or MuSiK) is distributed from the MCX Server to a MC client using the security mechanism described in clause 5.2.2, transported over the SIP bearer. End-point diversity is not required as end-points do not encrypt data, hence the extension in clause 5.2.3 is not applied. Additional parameters may be included as defined in clause 5.2.4. The SAKKE-to-self extension may be included as defined in clause 5.2.5. Identity hiding may be supported as defined in clause 5.2.6.

The initiating entity shall be the initiating MCX Server and the receiving entity shall be the terminating MC user. The initiating entity URI shall be the FQDN of the MCX Server (e.g. MDSI of the MC Domain) and the receiving entity URI shall be the MC Service ID of the terminating user. The distributed key, K, shall be the CSK or MuSiK and the key identifier K-ID shall be the CSK-ID or MuSiK-ID (respectively).

As a result of this ‘key download’ mechanism, the MC clients receive a new signalling key, CSK or MuSiK, identified by the 4 most significant bits of the key ID.

The MCData Service server may use the Key Download procedure to indicate or modify the algorithm used to protect the MCData signalling fields (i.e. MCData signaling parameters, Data signaling payload and End to end security parameters) by including a ‘signalling algorithm’ parameter. The ‘signalling algorithm’ to be used shall be selected by the MCData Service server based on the local policy and/or regional regulatory requirement (for example, to enforce use of 128-bits or 256-bits key length). Based on the selected algorithm, the key used shall be derived as described in Annex F.1.5. The ‘signalling algorithm’ parameter is described in clause 8.5.4.1. The available algorithms shall be as defined in clause 8.5.4.2.

5.8.2 ‘Key download’ procedure

The procedure for key download is described in figure 5.8.2-1:

Figure 5.8.2-1: Procedures for key download

0. The MCX UE has been provisioned by a KMS with key material associated with the MC user. The MC UE has also registered with an MCX Server. As a consequence of this registration, the MC UE is subscribed to key download notifications from the MCX Server.

1. The MCX Server sends a key download message (SIP NOTIFY or SIP MESSAGE) to the MC UE. The MC UE extracts the signalling key from the key download message.

2. Upon successful extraction of the signalling key, the MC UE returns a key download success message (200 OK response) to the MCX Server. Upon receipt of a notification of success, the MCX Server is able to begin to use the key for protection of signalling traffic.

5.9 Key management during MBMS bearer announcement

The MBMS bearer announcement message is used to distribute a MSCCK as described in Annex H.

The security procedures for key distribution via an MBMS bearer announcement message are identical to those used for ‘key download’ messages, described in clause 5.8.