Discovery User Scrambling Key

Description

The Discovery User Scrambling Key (DUSK) is a fundamental security component within the 3GPP Proximity Services (ProSe) architecture, specifically for the Direct Discovery function. It is a symmetric cryptographic key derived from a root key, the ProSe Key (PK), which is itself provisioned by the ProSe Function in the network. The primary role of DUSK is to provide confidentiality and integrity for the ProSe Application Code, which is the identifier broadcast by a device to announce its presence and services to other nearby devices. The scrambling process involves applying the DUSK to the ProSe Application Code using a cryptographic algorithm before it is transmitted over the PC5 reference point (the direct device-to-device interface). This transforms the code into a scrambled, unintelligible string for any eavesdropper.

Upon receiving a scrambled discovery message, an authorized discovering device, which must also have the corresponding DUSK (obtained through network provisioning for restricted discovery or derived for open discovery), applies the descrambling process. This process reverses the scrambling to recover the original ProSe Application Code. The possession of the correct DUSK serves as proof of authorization to discover that specific service. The key management for DUSK is handled by the ProSe Function, which securely delivers the key or the necessary key derivation material to the UE over the LTE-Uu or NR-Uu interface, ensuring it never traverses the insecure PC5 air interface directly.

Architecturally, DUSK operates within the ProSe protocol stack, interfacing with the ProSe application layer and the security sublayer. Its generation and lifecycle are tied to the ProSe subscription and the specific ProSe Application ID. The use of DUSK is crucial for different discovery models: in Open Discovery, a common DUSK may be used, while in Restricted Discovery, unique or group-specific DUSKs ensure that discovery is limited to a pre-authorized set of devices. This mechanism effectively separates the broadcast identifier from the user's permanent identity, adding a vital layer of privacy.

Purpose & Motivation

DUSK was introduced to address critical security and privacy challenges inherent in device-to-device discovery, a cornerstone of Proximity Services (ProSe) standardized from 3GPP Release 12 onwards. Without such a mechanism, devices broadcasting discovery codes in the clear would be vulnerable to privacy invasion, as malicious actors could track a user's location and associations over time by monitoring these persistent identifiers. Furthermore, spoofing attacks would be trivial, allowing any device to impersonate a legitimate service.

The creation of DUSK was motivated by the need to enable trusted discovery in commercial and public safety scenarios. Previous ad-hoc discovery methods, like Bluetooth device names, offered no standardized security. DUSK provides a standardized, network-assisted security framework that allows for both open and restricted discovery models. It solves the problem of how to publicly announce a service while controlling who can understand the announcement, thereby enabling new use cases like social networking, local advertising, and public safety team communication without compromising user privacy or network security.

Key Features

• Provides confidentiality for ProSe Application Codes during broadcast over PC5 interface.
• Enables authorization control for device discovery; only devices with the correct key can decode messages.
• Derived from a network-provisioned root key (ProSe Key), ensuring centralized key management.
• Supports both Open and Restricted Discovery models with different key distribution strategies.
• Prevents long-term tracking by scrambling the discoverable identifier, enhancing user privacy.
• Integrates with the ProSe Function for secure key provisioning and lifecycle management.

Evolution Across Releases

Defining Specifications