UID

User Identifier for MIKEY-SAKKE

Security →
Introduced in Rel-8 Also in: Services

UID is a cryptographic identifier that uniquely identifies a user within a Key Management Service domain for key distribution and identity-based encryption in the MIKEY-SAKKE protocol.

Category
Security
Introduced
Rel-8
Where
Security
Also touches
1 segments
Specifications
8 specs
UID Description Purpose Detected Changes Specifications

Description

The User Identifier (UID) is a fundamental component within the MIKEY-SAKKE security framework standardized by 3GPP for protecting group communications, such as those in Mission Critical Push-To-Talk (MCPTT) and other secure multimedia services. Technically, the UID is a string that uniquely identifies a user (or device) within the scope of a specific Key Management Service (KMS) domain. It is used within the MIKEY-SAKKE protocol, which is an identity-based encryption (IBE) scheme. The UID serves as the public key for a user; the corresponding private key is generated by the KMS based on this identifier and the KMS's master secret. During a secure session setup, a sender uses the receiver's UID, along with parameters from the KMS, to encrypt a traffic encryption key (TEK). This encrypted key, encapsulated in a MIKEY-SAKKE I_MESSAGE, is sent to the receiver. The receiver, upon authentication with the KMS, can derive its private key and decrypt the TEK to establish secure media communication. The architecture involves the KMS as a trusted entity that manages the cryptographic parameters and user identities (UIDs). The UID is typically formatted as a Uniform Resource Identifier (URI), such as a SIP URI (e.g., sip:[email protected]), ensuring it aligns with existing user addressing schemes in IMS-based services. Its role is central to enabling scalable, efficient key management without requiring pre-shared certificates or complex public key infrastructure (PKI) for every group member.

Purpose & Motivation

The UID and the MIKEY-SAKKE protocol were created to address the critical need for efficient and secure group key management in real-time communication services, particularly for mission-critical users like public safety agencies. Traditional key exchange methods, such as Diffie-Hellman or certificate-based PKI, can introduce significant latency and management overhead when establishing group calls with many participants, which is unacceptable for emergency response. MIKEY-SAKKE, using identity-based encryption, simplifies this process. The UID leverages a user's existing identifier (like a phone number or SIP URI) as their public key, eliminating the need to distribute and validate individual certificates prior to communication. This solves the problem of rapid secure session establishment for large, dynamic groups. Historically, secure group communication in cellular networks was limited or relied on complex infrastructure. The introduction of UID and MIKEY-SAKKE in 3GPP Release 8 provided a standardized, cryptographically sound method tailored for the latency-sensitive and scalability requirements of emerging LTE-based mission-critical services, enabling secure push-to-talk, video, and data with immediate call setup.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (4 CRs across 2 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-8, normative work from Rel-15.

Rel-15 2 changes

In Release 15, the UID function for MIKEY-SAKKE saw the addition of test vectors for validation and received clarifications for its specific values. These updates provided implementation guidance for the User Identifier, which is the 24-bit Unit Identifier (UID) that is unique within its home system as part of the P25-derived Subscriber Unit ID structure. The changes supported the key management processes where MIKEY-SAKKE payloads are used for private and group call encryption in MCPTT.

  • Addition of test vector for MIKEY-SAKKE UID TS 33.180CR0071
  • [MCSec] 33180 R15. Clarification for MIKEY-SAKKE values TS 33.180CR0088
Rel-17 2 changes

In Release 17, the UID function was updated with a new encoding specification and received a clarification regarding MIKEY signature procedures. These changes provided a more precise technical framework for handling the User Identifier within the MIKEY-SAKKE key management protocol, which is used for securing private and group calls in MCPTT services.

  • [33.180] R17 UID encoding (mirror) TS 33.180CR0166
  • [33.180] R17 MIKEY signature clarification (mirror) TS 33.180CR0183

Explore further

Broader topics and technologies where UID plays a role.

Topics
Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)Mission Critical (MCPTT)Encryption & IntegrityEmergency ServicesLTE / LTE-Advanced
Technologies
LTE

Defining Specifications

3GPP specifications that define or reference UID, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.782 vf00 Interworking between LTE MC and non-LTE MC systems Rel-15
TS 29.163 vj00 Interworking between 3GPP IM CN and CS networks Rel-19
TS 33.180 vk00 Security of Mission Critical (MC) Service Rel-20
TS 33.303 vj00 ProSe Security Specification for EPS Rel-19
TS 33.879 vd10 MCPTT Security Study Rel-13
TS 33.880 vf10 Security Study for Enhanced Mission Critical Services Rel-15
TR 33.980 vj00 GAA & Liberty Alliance Interworking Guidelines Rel-19
TR 37.941 vj20 RF Conformance Testing Background for Radiated BS Requirements Rel-19