7.4 Key derivation for media

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

7.4.1 Derivation of SRTP master keys for private call

As a result of this mechanism, the private call members share a PCK and PCK-ID. The PCK shall be used as the MIKEY Traffic Generating Key (TGK), the PCK-ID shall be used as the MIKEY CSB ID. The MIKEY RAND shall be the MIKEY RAND value transmitted together with the PCK provision. The CS-ID value is defined in Table E.1.3-1. These shall be used to generate the SRTP Master Key and SRTP Master Salt as specified in IETF RFC 3830 [22]. The key derivation function defined in section 4.1.3 of RFC 3830 [22] using the PRF-HMAC-SHA-256 Pseudo-Random Function as described in IETF RFC 6043 [25], section 6.1 shall be supported for generating the SRTP Master Key and Salt.

Figure 7.4.1-1: Key Derivation for media stream protection

To identify the security context from the media stream, a SRTP Master Key Identifier (MKI) is required. The MKI shall be the 32-bit PCK-ID which has a purpose tag of ‘1’.

When the MC client is operating off-network, the PCK is used to derive keys for floor control, transmission control, and media control (SRTCP). Thus, the Master Key and Master Salt used for SRTCP is the same with the Master Key and Master Salt used for SRTP, so is the MKI.

See clause 9.4.6 for key derivation procedures for private communication floor, transmission, and media control (SRTCP) when the MC client is operating on-network.

7.4.2 Derivation of SRTP master keys for group media

As a result of this mechanism, the group members are able to generate the master keys for a secure group call.

As shown in Figure 7.4.2-1, the GMK for the group shall be used as the MIKEY Traffic Generating Key (TGK) and the (derived) GUK-ID shall be used as the MIKEY CSB ID. The MIKEY RAND shall be the MIKEY RAND value transmitted in the MIKEY message used to distribute the GMK. The CS-ID value is defined in Table E.1.3-1. These shall be used to generate the SRTP Master Key and SRTP Master Salt as specified in IETF RFC 3830 [22]. The key derivation function defined in section 4.1.3 of IETF RFC 3830 [22] using the PRF-HMAC-SHA-256 Pseudo-Random Function as described in IETF RFC 6043 [25], section 6.1 shall be supported for generating the SRTP Master Key and Salt.

Figure 7.4.2-1: Key Derivation for media stream protection

To identify the security context from the media stream, a SRTP Master Key Identifier (MKI) is required. The MKI should be a 64-bit value formed by concatenating the GMK-ID with the GUK-ID (GMK-ID || GUK-ID). The GMK-ID shall have a purpose-tag of ‘0’.

The GUK-ID is derived as specified in Annex F.1.3, using the MC service user ID of the transmitting user.

Where the transmitting user is known through other means, the MKI may be solely the 32-bit GMK-ID. In this case the terminating user extracts the GUK-ID by calculating the User Salt and xor’ing this value with the GMK-ID.

When the MC client is operating off-network, the GMK is used to derive keys for floor control, transmission control, and media control (SRTCP). Thus, the Master Key and Master Salt used for SRTCP is the same with the Master Key and Master Salt used for SRTP, so is the MKI.

See clause 9.4.6 for key derivation procedures for group communication floor, transmission, and media control (SRTCP) when the MC client is operating on-network.