XPK

XML Protection Key

Security →
Introduced in Rel-13

XPK is a cryptographic key used to protect XML-based messages in 3GPP networks, ensuring confidentiality and integrity for services like SMS and MMS.

Category
Security
Introduced
Rel-13
Where
Services › IMS
Specifications
6 specs
XPK Description Purpose Related Classification Detected Changes Specifications

Description

The XML Protection Key (XPK) is a security mechanism defined within 3GPP specifications to safeguard XML-formatted data exchanged between network entities and user equipment. It operates at the application layer, specifically for services that utilize XML as a data format, such as Multimedia Messaging Service (MMS) and certain IP Multimedia Subsystem (IMS) applications. The key is used in conjunction with cryptographic algorithms to perform encryption and integrity protection, ensuring that XML messages remain confidential and unaltered during transmission.

Architecturally, XPK is managed within the security framework of the network, often involving key generation, distribution, and storage functions. It may be provisioned to user equipment via secure channels, such as those established by the Authentication and Key Agreement (AKA) protocol, or derived from existing master keys. The key is applied to XML documents using standards like XML Encryption and XML Signature, which define how to encrypt specific elements or sign the document for integrity.

In practice, when an XML message is sent, the sending entity uses the XPK to encrypt sensitive portions of the XML payload or to generate a digital signature. The receiving entity, possessing the same or a corresponding key, decrypts the data or verifies the signature. This process protects against eavesdropping and manipulation, which is critical for services carrying personal or financial information. XPK's role is integral to the end-to-end security of XML-based applications, complementing lower-layer protections like IPsec or TLS.

The specifications detailing XPK, such as 3GPP TS 24.281 and 33.179, outline its usage in specific protocols and interfaces. For instance, it may be employed in the MMS environment to protect message content between the mobile device and the MMS server. The key's lifecycle, including updates and revocation, is managed to maintain security over time. By providing a standardized approach to XML protection, XPK ensures interoperability across different vendors and network deployments, enhancing overall system security.

Purpose & Motivation

XPK was introduced to address the security vulnerabilities inherent in XML-based communications within mobile networks. As services like MMS and IMS gained popularity, they relied heavily on XML for data structuring, but early implementations often lacked robust application-layer security. This left sensitive information exposed to interception or alteration during transmission, posing risks to user privacy and data integrity.

The creation of XPK was motivated by the need for a standardized, cryptographic solution tailored to XML's unique characteristics. Previous approaches might have relied on general transport security (e.g., SSL/TLS), which protects the connection but not necessarily the XML content end-to-end, especially if messages traverse multiple nodes. XPK fills this gap by enabling encryption and signing at the XML element level, allowing fine-grained security controls. It aligns with broader 3GPP efforts to enhance application security beyond core network protocols.

Historically, as 3GPP evolved from Release 13 onward, the increasing complexity of services demanded more sophisticated security mechanisms. XPK provided a way to secure XML payloads in a manner that is independent of underlying transport, ensuring protection even in scenarios where intermediate nodes process the data. This addressed limitations of earlier security models that were not designed for XML's extensible structure, thereby supporting the safe expansion of multimedia and messaging services in 4G and 5G networks.

Classification

Part ofAKA

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (9 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-13, normative work from Rel-15.

Rel-15 1 change

In Release 15, the XPK (XML Protection Key) function was introduced to provide confidentiality and integrity protection for sensitive XML data in MCVideo services. It established two specific key types: a Client-Server Key (CSK) for protection between an MCVideo client and server, and a Signalling Protection Key (SPK) for protection between MCVideo servers and across domains. The release also defined the procedures for applying this protection, including the use of MIKEY-SAKKE for secure CSK transport and configuration to determine when encryption or signing is required.

  • Protection of functional alias TS 24.379CR0407
Rel-16 1 change

In Release 16, the new XPK (XML Protection Key) function introduced a standardized method for providing both confidentiality and integrity protection for MCVideo signalling data, using XML encryption (xmlenc) for elements and a specific scheme for attributes, and XML signatures (xmlsig) for integrity. The protection relies on a shared XPK, which is implemented as a client-server key (CSK) for client-server communication and as a signalling protection key (SPK) for server-to-server and inter-domain communication. The procedures detail how these keys are generated, provisioned, and used to encrypt/sign and subsequently verify/decrypt XML MIME bodies within SIP messages based on configurable protection requirements.

  • Algorithm selection for MCData signalling protection TS 33.180CR0134
Rel-17 5 changes

In Release 17, the new work for the XPK function expanded integrity protection to specific XML MIME body types, namely `pidf+xml` and `xcap-diff+xml`, as per the Change Requests. Furthermore, the release introduced corrections and clarifications regarding the protection attribute for certain location elements and data payload protection procedures.

  • Integrity protection of pidf+xml and xcap-diff+xml MIME bodies TS 24.281CR0119
  • Integrity protection of pidf+xml and xcap-diff+xml MCData TS 24.282CR0225
  • Data payload protection clarification TS 24.282CR0312
  • Corrections to protection attribute for altitude and loctimestamp elements TS 24.379CR0669
  • Integrity protection of pidf+xml and xcap-diff+xml MIME bodies TS 24.379CR0707
Rel-18 2 changes

In Release 18, the XPK (XML Protection Key) function was enhanced to extend confidentiality protection to the `<associated-group-id>` and `<group-geo-area-ind>` XML elements. Furthermore, integrity protection using XML signatures was newly mandated for the XCAP-diff event package, specifically for NOTIFY messages carrying XML MIME bodies. These additions leveraged the existing XPK framework, using either the client-server key (CSK) or signalling protection key (SPK) as configured.

  • Protection of &lt;associated-group-id&gt; and &lt;group-geo-area-ind&gt; elements TS 24.379CR0883
  • Integrity protection added to NOTIFY for xcap-diff TS 37.579CR0005

Explore further

Broader topics and technologies where XPK plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)Encryption & IntegrityMEC (Edge Computing)Privacy (SUPI, SUCI)
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference XPK, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 24.281 vj40 MCVideo Signalling Control Specification Rel-19
TS 24.282 vj50 MCData Signalling Control Protocols Rel-19
TS 24.379 vj50 Mission Critical Push To Talk (MCPTT) call control Rel-19
TS 33.179 vdc0 MCPTT Security Architecture and Procedures Rel-13
TS 33.180 vk00 Security of Mission Critical (MC) Service Rel-20
TS 37.579 vi40 Mission Critical services conformance testing Rel-18