DUSK

Discovery User Scrambling Key

Security →
Introduced in Rel-13 Also in: User Equipment, Security

DUSK is a cryptographic key used to scramble and secure discovery messages in Proximity Services, ensuring only authorized devices can decode the information to protect privacy and prevent unauthorized tracking.

Category
Security
Introduced
Rel-13
Where
Services
Also touches
2 segments
Specifications
8 specs
DUSK Description Purpose Related Classification Detected Changes Specifications

Description

The Discovery User Scrambling Key (DUSK) is a fundamental security component within the 3GPP Proximity Services (ProSe) architecture, specifically for the Direct Discovery function. It is a symmetric cryptographic key derived from a root key, the ProSe Key (PK), which is itself provisioned by the ProSe Function in the network. The primary role of DUSK is to provide confidentiality and integrity for the ProSe Application Code, which is the identifier broadcast by a device to announce its presence and services to other nearby devices. The scrambling process involves applying the DUSK to the ProSe Application Code using a cryptographic algorithm before it is transmitted over the PC5 reference point (the direct device-to-device interface). This transforms the code into a scrambled, unintelligible string for any eavesdropper.

Upon receiving a scrambled discovery message, an authorized discovering device, which must also have the corresponding DUSK (obtained through network provisioning for restricted discovery or derived for open discovery), applies the descrambling process. This process reverses the scrambling to recover the original ProSe Application Code. The possession of the correct DUSK serves as proof of authorization to discover that specific service. The key management for DUSK is handled by the ProSe Function, which securely delivers the key or the necessary key derivation material to the UE over the LTE-Uu or NR-Uu interface, ensuring it never traverses the insecure PC5 air interface directly.

Architecturally, DUSK operates within the ProSe protocol stack, interfacing with the ProSe application layer and the security sublayer. Its generation and lifecycle are tied to the ProSe subscription and the specific ProSe Application ID. The use of DUSK is crucial for different discovery models: in Open Discovery, a common DUSK may be used, while in Restricted Discovery, unique or group-specific DUSKs ensure that discovery is limited to a pre-authorized set of devices. This mechanism effectively separates the broadcast identifier from the user's permanent identity, adding a vital layer of privacy.

Purpose & Motivation

DUSK was introduced to address critical security and privacy challenges inherent in device-to-device discovery, a cornerstone of Proximity Services (ProSe) standardized from 3GPP Release 12 onwards. Without such a mechanism, devices broadcasting discovery codes in the clear would be vulnerable to privacy invasion, as malicious actors could track a user's location and associations over time by monitoring these persistent identifiers. Furthermore, spoofing attacks would be trivial, allowing any device to impersonate a legitimate service.

The creation of DUSK was motivated by the need to enable trusted discovery in commercial and public safety scenarios. Previous ad-hoc discovery methods, like Bluetooth device names, offered no standardized security. DUSK provides a standardized, network-assisted security framework that allows for both open and restricted discovery models. It solves the problem of how to publicly announce a service while controlling who can understand the announcement, thereby enabling new use cases like social networking, local advertising, and public safety team communication without compromising user privacy or network security.

Classification

Part ofProSe

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (458 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-13, normative work from Rel-15.

Rel-15 16 changes

In Release 15, the DUSK (Discovery User Scrambling Key) function was newly introduced to enhance security for restricted ProSe direct discovery over WLAN. Specifically, it was defined within updates to the authorization and request procedures for both model A and model B discovery. These changes provided a mechanism for secure discovery in WLAN-based ProSe scenarios as part of the broader enhancements for WLAN Direct Discovery.

  • Updates to ProSe Service Authorisation for WLAN Direct Discovery TS 24.334CR0298
  • Updates to Announce request procedure for open WLAN based ProSe direct discovery TS 24.334CR0299
  • Updates to Announce request procedure for restricted WLAN based ProSe direct discovery model A TS 24.334CR0300
  • Updates to Discoveree request procedure for restricted ProSe direct discovery model B TS 24.334CR0301
  • Updates to Discoverer request procedure for restricted ProSe direct discovery model B TS 24.334CR0302
  • Updates to Monitor request procedure for open ProSe direct discovery TS 24.334CR0303

+ 10 more changes

Rel-17 116 changes

In Release 17, the DUSK function was enhanced to support the new UE-to-network relay discovery and security procedures over the PC5 interface. Specifically, new mechanisms were introduced for providing discovery security material from the 5G DDNMF and for handling security parameters in the relay discovery process. This included defining the validity timer for discovery security parameters and integrating the 5GPRUK ID into the direct link re-keying procedure.

  • ProSe remote user key procedure TS 24.554CR0007
  • 5G ProSe UE-to-network relay discovery security parameters request procedure for PC8 interface TS 24.554CR0012
  • Add target user ID in relay discovery solicitation message TS 24.554CR0028
  • ProSe application traffic descriptor introduction TS 24.554CR0041
  • Resolving the EN related to possible changes to the 5G ProSe direct link re-keying procedure due to the security requirements of UE-to-network relay TS 24.554CR0063
  • Resolving the EN related to possible changes to the 5G ProSe direct link security mode control procedure due to the security requirements of UE-to-network relay TS 24.554CR0065

+ 110 more changes

Rel-18 169 changes

In Release 18, the DUSK function was enhanced to support 5G ProSe UE-to-UE relay operations, specifically for relay discovery over the PC5 interface using both Model A and Model B. These updates introduced new procedures for U2U relay unicast direct communication and integrated the relay case into the UE-requested ProSe provisioning procedure. Furthermore, the release defined mechanisms for direct link establishment, modification, and release specifically tailored for the UE-to-UE relay scenario.

  • 5G ProSe U2U relay unicast direct communication over PC5 TS 24.554CR0232
  • Updating the UE-requested ProSeP provisioning procedure to consider the 5G ProSe UE-to-UE relay case TS 24.554CR0279
  • Configuration parameter for 5G ProSe UE-to-UE relay TS 24.554CR0244
  • 5G ProSe U2U relay discovery over PC5 interface with model A TS 24.554CR0229
  • 5G ProSe U2U relay discovery over PC5 interface with model B TS 24.554CR0230
  • Using the 5G ProSe direct link modification procedure for UE-to-UE relay TS 24.554CR0273

+ 163 more changes

Rel-19 157 changes

In Release 19, the DUSK function was enhanced to support Proximity Services (ProSe) within Standalone Non-Public Networks (SNPN). This included updates to specific procedures such as the announce request procedure for restricted ProSe direct discovery Model A and the handling of ProSe Application Codes and IDs within the SNPN context. These changes ensure the secure operation of direct discovery and communication for UEs in SNPN environments.

  • Update on 5G ProSe Discoverer request procedure to support 5G ProSe in SNPN TS 24.554CR0634
  • Update on UE-to-network relay selection procedure to support 5G ProSe in SNPN TS 24.554CR0637
  • Update on QoS handling for 5G ProSe layer-3 UE-to-network relay with N3IWF to support 5G ProSe in SNPN TS 24.554CR0639
  • Update on 5G ProSe configuration information to support 5G ProSe in SNPN TS 24.554CR0643
  • Updating 5G ProSe direct link management procedures for SNPN TS 24.554CR0668
  • Update on announce request procedure for restricted 5G ProSe direct discovery model A to support 5G ProSe in SNPN TS 24.554CR0645

+ 151 more changes

Explore further

Broader topics and technologies where DUSK plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)Encryption & IntegrityPrivacy (SUPI, SUCI)MEC (Edge Computing)LTE / LTE-Advanced
Technologies
LTE

Defining Specifications

3GPP specifications that define or reference DUSK, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 24.334 vj00 ProSe Protocols and Procedures Rel-19
TS 24.514 vj30 Ranging & Sidelink Positioning in 5GS Rel-19
TS 24.554 vj40 5G Proximity Services (ProSe) Protocols Rel-19
TS 24.555 vj30 5G ProSe UE Policies Specification Rel-19
TS 29.345 vj00 Diameter-based PC6/PC7 interfaces for ProSe Rel-19
TS 31.102 vj40 USIM Application Specification Rel-19
TS 33.503 vj20 Security for Proximity Services (ProSe) in 5G Rel-19
TS 33.843 vf10 Security Study for ProSe UE-to-Network Relay Rel-15