MGV-S

MBMS key Generation and Validation Storage

Security
Introduced in Rel-8
A secure storage function that works with the MGV-F to safeguard long-term MBMS cryptographic keys, such as the MBMS User Key (MUK) and MBMS Service Key (MSK). It ensures the persistent and protected retention of key material essential for subscriber authentication and service key derivation.

Description

The MBMS key Generation and Validation Storage (MGV-S) is a logical security storage entity defined in 3GPP specifications, operating in tandem with the MGV-F (Generation and Validation Function). While the MGV-F is responsible for the active generation and processing of keys, the MGV-S provides a secure repository for the long-term, sensitive key material. It is typically co-located with or closely integrated into the MBMS Service Center (BM-SC), though logically distinct. The primary contents of the MGV-S are the MBMS User Keys (MUKs) and the MBMS Service Keys (MSKs). An MUK is a unique key shared between the network and an individual subscriber's User Services Identity Module (USIM) for a specific MBMS service. An MSK is a key associated with an MBMS service and is used to protect the session-specific MBMS Traffic Keys (MTKs) during broadcast distribution.

Architecturally, the MGV-S interfaces with the MGV-F. When the MGV-F generates a new MUK for a subscribing user, it securely stores this key in the MGV-S. Similarly, when an MSK is generated or updated for a service, it is persisted in the MGV-S. The MGV-F retrieves keys from the MGV-S when needed, for example, to re-key a service or to validate a user's subscription status. The security of the MGV-S is paramount, as compromise of its stored keys would break the confidentiality of the MBMS services. Therefore, its implementation involves strong access controls, tamper-resistant hardware (such as Hardware Security Modules - HSMs), and robust audit logging. The design ensures that key material is never exposed in plaintext outside of this protected environment.

How it works is integral to the MBMS subscription and service activation flow. During service subscription, the MGV-F generates the MUK and stores it in the MGV-S. This MUK is then securely provisioned to the user's USIM, often via Over-The-Air (OTA) protocols leveraging the existing mobile network security. The MUK in the USIM and the MUK in the MGV-S form a shared secret. Later, when the user attempts to access an MBMS broadcast, the network can validate the user's rights based on the presence of the corresponding MUK in the MGV-S. For ongoing sessions, the MGV-F retrieves the relevant MSK from the MGV-S to encrypt the current MTK for broadcast. By separating the active processing function (MGV-F) from the secure storage function (MGV-S), the architecture follows a security best practice principle of separation of duties, limiting the attack surface and facilitating more secure and manageable key lifecycle management.

Purpose & Motivation

The MGV-S was created to fulfill a critical requirement in the MBMS security architecture: the need for a highly secure, persistent, and reliable storage for long-term cryptographic key material. The MGV-F handles dynamic key generation for sessions, but the foundational keys that identify subscribers (MUK) and services (MSK) must be retained for the duration of a subscription or service offering, which could be years. Storing these sensitive keys within the general-purpose memory or databases of the active MGV-F function would pose a significant security risk.

The purpose of the MGV-S is to provide a dedicated, fortified vault for these keys, addressing the limitations of inadequate key storage practices. It ensures the confidentiality and integrity of the master keys upon which the entire broadcast security chain depends. By logically separating storage from processing, the design also enhances operational security and compliance. It allows for the MGV-S to be implemented on specialized, certified secure hardware (HSMs), providing physical and logical protection against key extraction. This separation was motivated by the need to meet stringent content protection requirements demanded by media and broadcasting companies for premium mobile TV services. The MGV-S, therefore, exists to provide the trust anchor for MBMS digital rights management, ensuring that the business model of conditional access for broadcast services is technically robust and resilient against attacks.

Key Features

  • Secure persistent storage for long-term MBMS keys: MUK (User Key) and MSK (Service Key)
  • Logically separate from, but interfaces with, the active MGV-F processing function
  • Designed for high security, often implemented using Hardware Security Modules (HSMs)
  • Provides a trusted repository for subscriber-service binding information
  • Essential for validating user authorization during MBMS service access
  • Enables secure key lifecycle management, including archival and secure deletion

Evolution Across Releases

Rel-8 Initial

Introduced alongside the MGV-F as part of the complete MBMS security architecture for LTE (eMBMS). Defined its role as the secure storage for the MUK and MSK, establishing the logical separation between key generation (MGV-F) and key storage (MGV-S) to enhance system security.

TS 33.246

Defining Specifications

SpecificationTitle
TS 33.246 3GPP TR 33.246