Tech-invite 3GPPspace IETFspace

21 22 23 24 25 26 27 28 29 31 32 33 34 35 36 37 38 4‑5x

Content for TS 33.179 Word version: 13.12.0

1… 4… 7… A… B… E…

7.1 Overview 7.2 Key provisioning and management 7.3 Group call key distribution 7.4 Private call key distribution 7.5 Protection of media stream (SRTP) 7.6 Protection of offline floor and media control signalling (SRTCP) 7.7 Protection of MBMS subchannel control messages (SRTCP) 8.1 General 9.1 Key agreement for protection of floor control and sensitive application data (Client to Server) 9.2 Key agreement for protection of floor control and sensitive application data between servers 9.3 Protection of XML content 9.4 Key agreement for online floor control (SRTCP)
...

7 End-to-end communication security p. 25

7.1 Overview p. 25

7.2 Key provisioning and management p. 26

7.2.1 General p. 26

7.2.2 Functional model for key management p. 26

7.2.2.0 General p. 26

7.2.2.1 Reference point CSC-8 (between key management server and the key management client within the MCPTT UE) p. 27

7.2.2.2 Reference point CSC-9 (between the key management server and the key management client within the MCPTT Server) p. 27

7.2.2.3 Reference point CSC-10 (between the key management server and the key management client within a group management server) p. 27

7.2.3 Security procedures for key management p. 27

7.2.4 Provisioned key material to support end-to-end communication security p. 29

7.3 Group call key distribution p. 29

7.3.1 General p. 29

7.3.2 Security procedures for GMK provisioning p. 31

7.3.3 Key Identification and purpose tags p. 32

7.3.4 Group creation procedure p. 32

7.3.5 Dynamic group keying p. 33

7.3.5.1 General p. 33

7.3.5.2 Group regrouping procedures (within a single MCPTT system) p. 33

7.3.5.3 Group regrouping procedures (involving multiple MCPTT systems) p. 33

7.3.6 Derivation of SRTP/SRTCP master keys p. 34

7.3.7 Group member GMK management p. 35

7.4 Private call key distribution p. 35

7.4.1 General p. 35

7.4.2 Security procedures (on-network) p. 37

7.4.3 Security procedures (off-network) p. 38

7.4.4 Derivation of SRTP/SRTCP master keys p. 39

7.4.5 Void

7.5 Protection of media stream (SRTP) p. 40

7.5.1 General p. 40

7.5.2 Security procedures for media stream protection p. 41

7.6 Protection of offline floor and media control signalling (SRTCP) p. 42

7.6.1 General p. 42

7.6.2 Security procedures for offline floor and media control protection p. 43

7.7 Protection of MBMS subchannel control messages (SRTCP) p. 44

7.7.1 General p. 44

7.7.2 Key distribution p. 44

7.7.3 Derivation of SRTCP master keys p. 45

8 Inter/Intra domain interface security p. 46

8.1 General p. 46

9 Protection of floor control and sensitive application signalling p. 46

9.1 Key agreement for protection of floor control and sensitive application data (Client to Server) p. 46

9.1.1 Identity-based key management for Client Server Key (CSK) p. 46

9.1.2 Creation of the CSK p. 47

9.1.3 Secure distribution of the CSK p. 47

9.1.3.0 General p. 47

9.1.3.1 MIKEY-SAKKE I_MESSAGE p. 47

9.1.3.2 Distribution of CSK during MCPTT Service Authorization and group subscription p. 48

9.1.3.3 Obtaining CSK from the I_MESSAGE p. 48

9.1.3.4 Procedure p. 48

9.2 Key agreement for protection of floor control and sensitive application data between servers p. 49

9.3 Protection of XML content p. 50

9.3.1 General p. 50

9.3.2 Protected content p. 50

9.3.3 Key agreement p. 51

9.3.4 Confidentiality protection using XML encryption (xmlenc) p. 51

9.3.4.1 General p. 51

9.3.4.2 XML content encryption p. 51

9.3.4.3 XML URI attribute encryption p. 52

9.3.5 Integrity protection using XML signature (xmlsig) p. 53

9.4 Key agreement for online floor control (SRTCP) p. 54

9.4.1 General p. 54

9.4.2 Key agreement between MCPTT client and MCPTT Server p. 54

9.4.3 Key agreement between MCPTT Servers p. 54

9.4.4 Key agreement for multicast from MCPTT Server p. 54

9.4.5 Derivation of SRTCP key material p. 54