What is GMK? Group Management Key

Description

The Group Management Key (GMK) is a fundamental security credential in 3GPP architectures, specifically designed to protect group-based services. It is a symmetric cryptographic key that is shared among all legitimate members of a group and trusted network entities, such as the Group Management Server (GMS) or ProSe Function. The GMK serves as a root key for deriving other security keys used for various protection functions, including authentication between group members and the network, integrity protection of group management signaling, and encryption of group communication traffic. Its management lifecycle—generation, distribution, storage, and revocation—is critical to the security of services like Mission Critical Push-to-Talk (MCPTT), Proximity Services (ProSe) direct communication, and IoT group messaging.

Architecturally, the GMK is typically generated by a central authority within the network, such as the GMS residing in the home network or a dedicated Key Management Center. For ProSe, the ProSe Function may generate the GMK. The key is then securely distributed to each group member's UE via protected signaling channels, often using individual subscriber keys for over-the-air encryption during distribution. Once stored in the UE's secure environment (e.g., in the Group Management Client), the GMK is used to derive session-specific keys, such as the Group Traffic Key (GTK) for encrypting user plane data or the Group Integrity Key (GIK) for protecting control messages. This key hierarchy ensures that compromise of a derived session key does not expose the root GMK.

The operation of GMK involves several protocols and interfaces. For example, in MCPTT, when a UE joins a group, the GMS authenticates the UE and then provisions the GMK (or a key-encrypting key to deliver the GMK) to the UE's GMC. The specifications detail key derivation functions (KDFs) that use the GMK along with other parameters like group identifiers and sequence numbers to produce fresh keys. The GMK is also periodically updated or rekeyed by the network to maintain forward and backward secrecy, especially when group membership changes. In ProSe scenarios, the GMK may enable direct secure communication between UEs without network infrastructure, using the key for mutual authentication and encryption over the PC5 reference point.

Purpose & Motivation

The GMK was introduced to address the lack of standardized, secure key management for group communications in cellular networks, a gap that became critical with the standardization of Mission Critical Services and ProSe in Release 12. Prior to this, group services either used insecure methods or relied on application-layer security that was not integrated with network authentication, making them vulnerable to eavesdropping, impersonation, and replay attacks. The need for secure, low-latency group communications for public safety and critical infrastructure demanded a network-level security solution.

The creation of the GMK provides a unified cryptographic foundation for group security within the 3GPP framework. It solves the problem of scalable and efficient key distribution for dynamic groups by defining a centralized key management architecture. This allows the network to control group membership cryptographically; only UEs possessing the valid GMK can participate in secure group communications. It addresses limitations of pairwise keying, which would require a separate key for each pair of members and does not scale for large groups.

Historically, security in cellular networks focused primarily on individual subscriber authentication (e.g., using Ki in SIM cards). The GMK extends this paradigm to groups, enabling new service models. Its design was motivated by requirements from public safety organizations for secure push-to-talk and proximity-based communication during emergencies. By integrating with existing 3GPP security frameworks like the Authentication and Key Agreement (AKA), the GMK ensures that group security leverages the robust subscriber authentication already in place, while adding the necessary group-oriented key management to support both network-based and direct device-to-device communication scenarios.

Classification

Part ofAKA

Related approaches

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (30 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-12, normative work from Rel-15.

Rel-15 10 changes

In Release 15, the GMK (Group Master Key) function was clarified for management purposes, specifically to support the discreet listening service for mission critical group communications. The enhancements ensure that an authorized user's client can access the GMK to decrypt end-to-end encrypted group calls without other participants' knowledge. This was part of broader updates for Mission Critical services, including interworking key management (InterSD) and clarifications on security for temporary group mechanisms.

Updates to Non-controlling MCPTT function for Multi Talker TS 24.380CR0183
Application Group Paging procedure TS 24.380CR0189
Enhanced group call setup TS 24.380CR0196
MBMS procedures for group dynamic data TS 24.380CR0214
Application Group Paging procedure TS 24.581CR0036
MBMS procedures for group dynamic data TS 24.581CR0039

+ 4 more changes

Rel-16 1 change

In Release 16, the enhancements for the Group Management Key (GMK) function specifically addressed its use for enabling the discreet listening feature for encrypted group communications. The change ensured that an authorized user's client could obtain the GMK to monitor target users within group calls without breaking end-to-end encryption. This involved clarifying procedures for temporary group call-related scenarios to support this new monitoring capability.

Correction to definition about temporary group call related procedures TS 33.180CR0139

Rel-17 9 changes

In Release 17, the GMK function was enhanced to support discreet listening of group communications, requiring the authorized user's client to obtain the Group Master Key to access encrypted media. This was defined alongside new scenarios for discreet listening across MCPTT, MCVideo, and MCData services, where the GMS originates the GMK for distribution to group members. The release also included clarifications for preconfigured groups and alignments for MCPTT client and participating functions.

[33.180] R17 Preconfigured group clarification TS 33.180CR0177
Introducing support of TLS v1.3 in ProSe TS 33.303 TS 33.303CR0135
MCPTT client and Participating MCPTT function alignments TS 24.380CR0296
Error in floor control when groups are regrouped. TS 24.380CR0316
Corrections in Non-Controlling MCPTT function of an MCPTT group TS 24.380CR0317
Group subscription TS 33.180CR0173

+ 3 more changes

Rel-18 9 changes

In Release 18, the GMK (Group Management Key) function was enhanced to specifically support the discreet listening feature for mission-critical group communications. The enhancements ensure that an authorized user's client can obtain the GMK to decrypt media, thereby enabling the monitoring of target users within group calls without breaking end-to-end encryption. This allows the authorized user to discreetly listen to transmissions from specific target users within a group, even if the listener is not a pre-defined member of that MC service group.

Addition of 5G MBS in MCPTT media plane TS 24.380CR0332
Add timers and counters in the participating MCPTT function for MBS channel control TS 24.380CR0347
MCPTT Adding user ID in Floor Request message from NCF to CF TS 24.380CR0348
MCPTT support of multiplexing - SSRC used in RTCP signalling over 5MBS TS 24.380CR0363
MCPTT support of multiplexing - SSRCs used for RTP audio and RTCP floor control TS 24.380CR0356
Corrections to MCPTT User Identity field TS 24.380CR0365

+ 3 more changes

Rel-19 1 change

In Release 19, the GMK (Group Master Key) function was enhanced to specifically support discreet listening for multi-talker media management in ad hoc group calls. The enhancements ensure an authorized user's client can access the GMK to decrypt end-to-end encrypted group communications without other participants' knowledge. This allows the authorized user to discreetly listen to target users' transmissions within a group call, even when not a member of the group.

Multi-talker media management for ad hoc group call TS 24.380CR0370

Explore further

Broader topics and technologies where GMK plays a role.

Topics

SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)Mission Critical (MCPTT)Encryption & Integrity Lawful Intercept SMS & Messaging

Defining Specifications

3GPP specifications that define or reference GMK, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

Specification	Title	Release
TS 23.784 vg00	Discreet Listening for Mission Critical Services	Rel-16
TS 24.380 vj10	MCPTT Media Plane Control Protocol	Rel-19
TS 24.581 vj00	MCVideo Media Plane Control Protocol Specification	Rel-19
TS 24.582 vj00	MCData Media Plane Control Protocols	Rel-19
TS 29.380 vj00	MCPTT-LMR Interworking Media Plane Control	Rel-19
TS 29.582 vj00	MCData Interworking with LMR Systems	Rel-19
TS 33.179 vdc0	MCPTT Security Architecture and Procedures	Rel-13
TS 33.180 vk00	Security of Mission Critical (MC) Service	Rel-20
TS 33.303 vj00	ProSe Security Specification for EPS	Rel-19
TS 33.879 vd10	MCPTT Security Study	Rel-13
TS 33.880 vf10	Security Study for Enhanced Mission Critical Services	Rel-15
TR 33.938 vj10	3GPP Cryptographic Inventory for 5G	Rel-19