Secure Real-time Transport Protocol Master Key Identifier

Description

The SRTP-MKI (Secure Real-time Transport Protocol Master Key Identifier) is a variable-length field within the SRTP packet format that acts as a pointer to the specific SRTP Master Key (SRTP-MK) and Master Salt (SRTP-MS) used to generate the session keys for that packet. It is an optional but crucial component for key management in long-lived or dynamic media sessions. When present, the MKI is appended to the end of the SRTP or SRTCP packet. The value of the MKI is agreed upon by the communicating endpoints during the session establishment signaling, typically within the SDP offer/answer exchange. It identifies a particular key context among potentially several that are active or cached.

Operationally, the SRTP-MKI works in conjunction with the key derivation process. Each distinct SRTP-MK (and associated SRTP-MS) is assigned a unique MKI value. When the sender encrypts a packet, it includes the MKI corresponding to the master key used for that packet's key derivation. The receiver, which maintains a lookup table mapping MKI values to the actual SRTP-MK and SRTP-MS, reads the MKI from the incoming packet. It then retrieves the correct master key and salt, re-derives the necessary session keys (encryption key, authentication key), and proceeds to decrypt and verify the packet. This mechanism is vital for scenarios like key renewal, where a new SRTP-MK is provisioned mid-session; packets encrypted with the old key and the new key can coexist on the wire, differentiated by their MKI.

In the 3GPP architecture, the use and format of the SRTP-MKI are governed by profiles and network policies. For IMS media services, the P-CSCF or other policy functions can mandate its use to facilitate network-driven key updates, such as those triggered by security policy changes or handovers. The MKI itself does not carry any cryptographic secret; its purpose is purely identificatory. Therefore, its transmission in the clear does not weaken security. The length of the MKI field is negotiated, allowing a balance between overhead (as it adds bytes to each packet) and the scale of key identifiers needed. Its implementation is a key enabler for robust, manageable media security that can adapt over time without interrupting the real-time media flow.

Purpose & Motivation

The SRTP-MKI was introduced to solve the operational problem of cryptographic key lifecycle management within an ongoing real-time media session. Without an identifier, all packets in a session must be encrypted with keys derived from a single, static master key. To change the key, the session would need to be re-negotiated, causing interruption—an unacceptable outcome for a voice or video call. The MKI provides a graceful, in-band mechanism for key rotation and context identification.

Historically, as SRTP was adopted from IETF standards into 3GPP for carrier-grade services, the need for scalable key management became apparent. Networks require the ability to update keys periodically for forward secrecy or in response to security events. The MKI addresses the limitation of a single active key context by allowing multiple key contexts to be valid simultaneously. Its creation was motivated by the requirement for uninterrupted service during handovers between access networks or upon expiration of a key's lifetime as per network policy. By simply tagging packets with an identifier, the complex coordination of exact packet boundaries for key switchover is avoided. The receiver can asynchronously manage multiple key sets, significantly simplifying the state synchronization between sender and receiver and enhancing the reliability and security of the media plane.

Key Features

• Unique identifier for an active SRTP-MK and SRTP-MS pair
• Carried in-band within the SRTP/SRTCP packet trailer
• Enables multiple active cryptographic contexts within a single RTP session
• Supports seamless key renewal and rollover without service interruption
• Length is negotiable during session setup to optimize overhead
• Essential for network-driven key management and handover scenarios in 3GPP

Evolution Across Releases

Defining Specifications