DUIK

Discovery User Integrity Key

Security →
Introduced in Rel-13 Also in: User Equipment, Security

DUIK is a cryptographic key used in ProSe to ensure the integrity and origin authentication of messages during device-to-device discovery, protecting them from tampering and forgery.

Category
Security
Introduced
Rel-13
Where
Services
Also touches
2 segments
Specifications
8 specs
DUIK Description Purpose Detected Changes Specifications

Description

The Discovery User Integrity Key (DUIK) is a security key defined within the 3GPP Proximity Services (ProSe) framework. It is derived alongside the Discovery User Confidentiality Key (DUCK) and forms the second half of the security pair for protecting direct discovery signaling between User Equipments (UEs). The DUIK's specific role is to provide integrity protection and data origin authentication for discovery messages. This means it allows a receiving UE to verify that a received discovery announcement or solicitation has not been altered in transit and that it indeed originated from the claimed sender.

Technically, the DUIK is derived using a Key Derivation Function (KDF) as specified in 3GPP TS 33.220. The derivation inputs include the root ProSe key (e.g., K_ProSe) and specific parameters tied to the discovery session. When a UE generates a discovery message, it uses the DUIK to compute a Message Authentication Code (MAC), often using an algorithm like HMAC-SHA-256. This MAC is appended to the discovery message (which may itself be encrypted using the DUCK). The receiving UE, possessing the same DUIK, recalculates the MAC on the received message and compares it to the transmitted MAC. A match confirms integrity and authenticates the source.

Architecturally, the DUIK is provisioned and managed in tandem with the DUCK. The network's ProSe Function is responsible for authorizing discovery and ensuring participating UEs can derive the correct keys. The DUIK operates at the ProSe protocol layer, interfacing with the discovery protocol specified in TS 24.334. Its use is critical in preventing discovery-based attacks such as message injection, where a malicious device could send false discovery information to disrupt services or create confusion. In public safety scenarios, the integrity of a "first responder nearby" discovery message is as important as its confidentiality. The DUIK ensures that the discovery framework is resilient against such attacks, forming a trustworthy basis for subsequent device-to-device communication setup.

Purpose & Motivation

The DUIK was introduced in 3GPP Release 13 alongside the DUCK to meet the comprehensive security requirements of Proximity Services (ProSe). While confidentiality (provided by DUCK) protects the content of discovery messages, integrity protection was identified as an equally critical requirement. Without it, an attacker could modify discovery messages or forge them entirely, leading to spoofed identities, service disruption, or malicious redirection of communication—particularly dangerous in public safety and critical communication scenarios.

The purpose of the DUIK is to provide this essential guarantee of message authenticity and integrity for the discovery process. The motivation stems from the adversarial environment of open radio communication; any device within radio range can potentially transmit or interfere with signals. Previous cellular security models assumed a trusted base station as the counterparty. In direct D2D discovery, devices communicate without that intermediary, necessitating a peer-to-peer security mechanism. The DUIK solves the problem of how a UE can trust that a discovery broadcast is genuine and unaltered. By enabling source authentication, it prevents impersonation and ensures that the discovery process, which is the first step in establishing a direct link, is secure and reliable. This was a fundamental innovation that made ProSe viable for security-sensitive applications beyond simple commercial find-and-connect services.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (209 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-13, normative work from Rel-15.

Rel-15 14 changes

In Release 15, the DUIK (Discovery User Integrity Key) function was newly introduced to enhance security for restricted ProSe direct discovery, specifically for WLAN-based discovery procedures. This included updates to the authorization and request procedures for both Model A and Model B restricted discovery, ensuring integrity protection for discovery transactions. The updates also covered the associated match report procedures and the underlying XML schema and semantics for WLAN-based Direct Discovery.

  • Updates to ProSe Service Authorisation for WLAN Direct Discovery TS 24.334CR0298
  • Updates to Announce request procedure for open WLAN based ProSe direct discovery TS 24.334CR0299
  • Updates to Announce request procedure for restricted WLAN based ProSe direct discovery model A TS 24.334CR0300
  • Updates to Discoveree request procedure for restricted ProSe direct discovery model B TS 24.334CR0301
  • Updates to Discoverer request procedure for restricted ProSe direct discovery model B TS 24.334CR0302
  • Updates to Monitor request procedure for open ProSe direct discovery TS 24.334CR0303

+ 8 more changes

Rel-17 47 changes

In Release 17, the DUIK (Discovery User Integrity Key) function was enhanced to support integrity protection for UE-to-network relay discovery, specifically for the DCR message and for Layer-2 relay discovery messages over the PC5 interface. New procedures were introduced to provide discovery security material from the 5G DDNMF and to manage the validity timer for these security parameters. Additionally, security protection was extended to restricted ProSe direct discovery messages, and clarifications were made for handling security policies during these procedures.

  • 5G ProSe UE-to-network relay discovery security parameters request procedure for PC8 interface TS 24.554CR0012
  • Add target user ID in relay discovery solicitation message TS 24.554CR0028
  • Signalling integrity protection policy for layer-2 UE-to-network relay TS 24.554CR0057
  • Charging information collection for 5G ProSe Direct Discovery TS 24.554CR0078
  • Introducing the validity timer of the security related parameters for discovery TS 24.554CR0095
  • Providing the discovery security material for UE-to-network relay from 5G DDNMF TS 24.554CR0154

+ 41 more changes

Rel-18 67 changes

In Release 18, the DUIK function was enhanced to support new security procedures for 5G ProSe UE-to-UE (U2U) relay discovery, specifically introducing distinct security procedures when using the DDNMF or the PKMF. These updates included security-related modifications to the messages and the encoding of security materials for both Model A and Model B relay discovery over the PC5 interface. Furthermore, the release defined procedures for securely retrieving and sending the Direct Discovery Set between UEs, including scenarios where a PC5 unicast link is already established.

  • 5G ProSe U2U relay discovery over PC5 interface with model A TS 24.554CR0229
  • 5G ProSe U2U relay discovery over PC5 interface with model B TS 24.554CR0230
  • U2U link establishment without integrated discovery TS 24.554CR0249
  • Discovery message encoding for UE-to-UE relay discovery TS 24.554CR0245
  • Update to U2U relay discovery procedures TS 24.554CR0310
  • Destination layer-2 ID for U2U relay communication with integrated discovery TS 24.554CR0347

+ 61 more changes

Rel-19 81 changes

In Release 19, the DUIK function was enhanced to support 5G ProSe direct discovery procedures within Standalone Non-Public Networks (SNPN). The updates specifically modified the announce and monitor request procedures for both open and restricted discovery models to operate in the SNPN environment. Furthermore, new procedures were introduced for multi-hop UE-to-network relay discovery and link establishment over the PC5 interface, expanding relay capabilities.

  • Update on announce request procedure for restricted 5G ProSe direct discovery model A to support 5G ProSe in SNPN TS 24.554CR0645
  • Update on Direct discovery update procedure for open discovery to support 5G ProSe in SNPN TS 24.554CR0635
  • Update on Direct discovery update procedure for restricted discovery to support 5G ProSe in SNPN TS 24.554CR0636
  • Update on the parameter in 5G ProSe direct discovery messages over PC3a to support 5G ProSe in SNPN TS 24.554CR0666
  • Multi-hop UE-to-network relay discovery over PC5 interface with model A TS 24.554CR0621
  • Update on 5G ProSe UE-to-UE relay discovery over PC5 interface to support 5G ProSe in SNPN TS 24.554CR0661

+ 75 more changes

Explore further

Broader topics and technologies where DUIK plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)Encryption & IntegrityMEC (Edge Computing)LTE / LTE-AdvancedLawful Intercept
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference DUIK, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 24.334 vj00 ProSe Protocols and Procedures Rel-19
TS 24.514 vj30 Ranging & Sidelink Positioning in 5GS Rel-19
TS 24.554 vj40 5G Proximity Services (ProSe) Protocols Rel-19
TS 24.555 vj30 5G ProSe UE Policies Specification Rel-19
TS 29.345 vj00 Diameter-based PC6/PC7 interfaces for ProSe Rel-19
TS 31.102 vj40 USIM Application Specification Rel-19
TS 33.503 vj20 Security for Proximity Services (ProSe) in 5G Rel-19
TS 33.843 vf10 Security Study for ProSe UE-to-Network Relay Rel-15