SAKKE

Sakai-Kasahara Key Encryption

Security
Introduced in Rel-13
SAKKE is an identity-based encryption (IBE) scheme standardized by 3GPP for secure group communication, particularly in Mission Critical Push-to-Talk (MCPTT) services. It enables efficient key distribution by deriving public keys directly from user identities, eliminating the need for public key certificates. This is crucial for scalable, low-latency secure group calls in public safety networks.

Description

SAKKE is a cryptographic mechanism based on pairing-based cryptography, specifically the Sakai-Kasahara Key Encryption algorithm. It operates within the framework of Identity-Based Cryptography (IBC), where a user's publicly known identifier (such as a phone number or a group ID) serves as their public key. This eliminates the traditional Public Key Infrastructure (PKI) requirement of distributing and managing digital certificates. A trusted third party, called the Key Management Server (KMS) or Private Key Generator (PKG), holds a master secret key. The KMS uses this master key to generate private keys for users, corresponding to their identities. These private keys are securely provisioned to the user's device.

For encryption, a sender uses the recipient's identity (the public key) and system-wide public parameters to compute an encryption key. This process involves mathematical operations on elliptic curve groups and bilinear pairings. The encrypted message and a short key encapsulation data block are sent to the recipient. The recipient, possessing their unique private key from the KMS, can decrypt the key encapsulation data to recover the symmetric content encryption key and then decrypt the message. This is highly efficient for one-to-many scenarios, as the same encrypted content key can be decrypted by multiple recipients using their respective private keys.

Within the 3GPP architecture, SAKKE is integrated into the Security Manager Function (SeMF) and the Key Management Function (KMF) defined for Mission Critical Services. It is primarily specified for securing Group Communication System Enablers (GCSE) and MCPTT, ensuring that media and signaling for group calls remain confidential and that only authorized group members can decrypt the traffic. The scheme's ability to handle dynamic group membership changes efficiently makes it a cornerstone for secure, real-time group communications in LTE and 5G networks for public safety and critical infrastructure.

Purpose & Motivation

SAKKE was introduced to address the significant challenges of key management and distribution for secure group communication in large-scale, dynamic environments like public safety networks. Traditional certificate-based PKI systems introduce substantial overhead, latency, and complexity in managing certificates for thousands of users who may need to form ad-hoc groups instantly. For Mission Critical Push-to-Talk, where a dispatcher must securely communicate with a large group of first responders, waiting for certificate validation or distributing individual encrypted streams is impractical.

The primary motivation for adopting SAKKE was to enable efficient, identity-based encryption that scales seamlessly. By binding the encryption key directly to a user's or group's identity, the system removes the need for prior certificate exchange or a complex online negotiation protocol. This results in faster call setup times and reduced signaling overhead. It solves the problem of secure multicast or broadcast where the sender does not need to know the complete list of recipients' public keys in advance, only their identities, which are often already known in the group context. This makes it ideal for the 3GPP's vision of standardized, interoperable, and secure critical communications over commercial cellular networks.

Key Features

  • Identity-Based Encryption (IBE): Public keys are derived directly from user or group identifiers (e.g., SIP URI).
  • Efficient Group Key Distribution: Enables a sender to encrypt a message for multiple recipients using a single broadcast, with per-recipient key encapsulation.
  • Elliptic Curve and Pairing-Based Cryptography: Provides strong security with relatively short key sizes compared to traditional RSA.
  • No Certificate Management: Eliminates the need for a traditional PKI and certificate revocation lists (CRLs) for encryption keys.
  • Dynamic Group Support: Easily accommodates users joining or leaving groups without requiring re-keying of the entire group from the sender's side.
  • Integration with 3GPP MCPTT Architecture: Specified as part of the KMF/SeMF for end-to-end security of mission critical services.

Evolution Across Releases

Rel-13 Initial

SAKKE was initially introduced in Release 13 as the core cryptographic algorithm for securing Mission Critical Push-to-Talk (MCPTT) group communications. The architecture established the Key Management Function (KMF) and Security Manager Function (SeMF) to host SAKKE operations, defining procedures for private key generation, identity-based encryption, and decryption for group calls.

TS 23.782TS 24.334TS 33.303TS 33.885

Defining Specifications

SpecificationTitle
TS 23.782 3GPP TS 23.782
TS 24.334 3GPP TS 24.334
TS 33.303 3GPP TR 33.303
TS 33.885 3GPP TR 33.885