Master Key Identifier

Description

The Master Key Identifier (MKI) is a field used in 3GPP security architectures to identify a specific Master Key (MK) within a key hierarchy. A Master Key is a long-term cryptographic key from which session-specific keys are derived for protecting user plane and control plane traffic. The MKI allows both the user equipment (UE) and the network (e.g., the core network's security functions) to uniquely reference and select the appropriate MK when multiple keys are stored, which is essential for efficient key management, session resumption, and handover scenarios.

In practice, the MKI is included in security-protected protocol messages, such as those in the NAS (Non-Access Stratum) or AS (Access Stratum) security procedures. For example, during the authentication and key agreement (AKA) process in EPS or 5G systems, a Master Key (K_ASME in EPS, K_AUSF in 5G SA) is established. While the key itself is not transmitted, an identifier for it may be used in subsequent signaling. The MKI helps correlate derived session keys (like K_eNB, K_NG-RAN, or ciphering/integrity keys) back to their root Master Key. This is particularly important when a UE has multiple simultaneous security contexts (e.g., for multiple network slices, PDN connections, or during inter-RAT handovers) and needs to indicate which context and underlying master key should be used.

The MKI is defined and used across various 3GPP specifications covering different interfaces and protocols. In the context of IMS and multimedia services (specified in TS 24.380, TS 24.581), the MKI is used within the Secure Real-time Transport Protocol (SRTP) and its key management protocol, MIKEY (Multimedia Internet Keying), to identify the cryptographic session keys used for encrypting media streams. Here, the MKI allows a receiver to identify which key from its key store should be used to decrypt an incoming SRTP packet when keying material has been updated or multiple keys are in use.

Architecturally, the MKI is a label or index rather than a key itself. Its length and format can be specified by the application or protocol using it. The network entities responsible for security management, such as the Authentication Server Function (AUSF), Security Anchor Function (SEAF), or application servers in IMS, ensure that the MKI values are coordinated and understood by both endpoints. The use of MKI enhances the flexibility and robustness of security protocols by enabling key rotation without service interruption, support for pre-shared key scenarios, and efficient handling of multiple security associations.

Purpose & Motivation

The MKI was introduced to solve the problem of key identification and selection in scenarios where multiple cryptographic keys are available or need to be managed over time. In early mobile communication systems, key management was simpler, often involving a single active key pair per subscriber. However, with the increasing complexity of services, the introduction of IP Multimedia Subsystem (IMS), and requirements for forward secrecy and periodic key updates, mechanisms were needed to unambiguously identify which key should be used for a given session or packet.

Without an identifier like the MKI, endpoints would have difficulty managing multiple keys, especially during transitions such as handovers between cells or changes in security context. This could lead to synchronization failures, decryption errors, or service interruptions. The MKI provides a lightweight, in-band signaling method to reference the correct master or session key, enabling smoother key lifecycle management, including key derivation, update, and revocation.

Its creation was motivated by the need for scalable security in multimedia services over IP (e.g., VoLTE, ViLTE) and later for enhanced core network security in EPS and 5G. By standardizing the MKI field across different protocols (NAS, AS, SRTP/MIKEY), 3GPP ensured interoperability between network equipment and UEs from different vendors. It addresses the limitation of implicit or stateful key selection, providing an explicit, robust mechanism that is critical for maintaining secure, continuous communication in modern mobile networks with their multitude of concurrent sessions and advanced services.