BCMCS Key Derivation Procedure

1. BCMCS Key Derivation Procedure Harmonization with IETF SRTP

2. SRTP Keying hierarchy • Using BCMCS terms, SRTP keying starts at BAK • SRTP considers Key Management done by external protocols • SRTP has two levels of key hierarchy: • Session-level Master key (equivalent to BAK) • Delivered somehow by external means • Traffic level keys SKencrypt, SKauth, SKsalt • Derived locally from BAK and packet index • Used to encrypt RTP, encrypt and authenticate RTCP

3. BCMCS Longer Term Session key (BAK) One key (SK) for traffic protection Encryption only Key Derived from BAK SK Manager (server) tells when to change SK SK derivation is defined by 3GPP2 SRTP Longer Term Session Key (Master Key) Three keys for traffic protection SKencrypt, SKauth, SKsalt Key Derived from MK SK’s are changed by an internal counter - SRTP session parameter key_derivation_rate SRTP RFC mandates its own key derivation algorithm Comparison between BCMCS and SRTP • BAK is equivalent to SRTP Master key • both are allowed attributes (lifetime, key_id, etc) • both are at most session-long, but can be changed sooner

4. Proposed solution – Preferred Modify proposed BCMCS SK derivation algorithm • Make it compliant with SRTP draft • Advantages • Similar Key Hierarchy with current BAK (BAK->SK) • Compatibility with SRTP out-of-box • Need to deliver only BAK and parameters to SRTP and BCMCS • BAK_id, BAK lifetime, SK derivation rate • Ability to secure both RTP and RTCP • RTCP mandates authentication, so one SK not enough • Disadvantages: • Requires change to BCMCS Security Framework document

5. Proposed solution – Alternative Use BCMCS SK as Master key (BAK equiv) in SRTP • Advantages: • Avoids changing the current BCMCS Security Framework • Disadvantages: • SK has no attributes (new work – add items) • SK is likely to change much more frequently than either BAK or SRTP Master key, so efficiency may suffer • Introduces unnecessary extra key level in the hierarchy • Secondary short-term session keys