PGK ProSe Group Key

PGK, which stands for ProSe Group Key, is a key management scheme used in the Proximity Services (ProSe) feature of Long-Term Evolution (LTE) and 5G networks. ProSe enables direct communication between devices in close proximity without relying on the cellular network infrastructure, offering benefits such as low latency, high reliability, and improved user experience. To establish secure group communication in ProSe, the PGK scheme is utilized.

Group communication is a common requirement in various scenarios, such as emergency services, public safety, and enterprise applications. In these situations, multiple devices need to securely exchange information within a defined group. The ProSe Group Key mechanism ensures confidentiality, integrity, and authenticity of group communications.

In the PGK scheme, a group key is generated and distributed to the members of a particular group. This key is used for encrypting and decrypting messages exchanged within the group, providing secure communication. The PGK scheme utilizes a combination of symmetric and asymmetric encryption techniques to achieve its objectives.

The process of establishing a PGK can be divided into several phases:

1. Group Formation: Initially, a group is formed, and a Group Manager (GM) is selected. The GM is responsible for managing the group key and performing key management operations.
2. Group Key Generation: The GM generates a new group key, which is a symmetric key. This key serves as the encryption and decryption key for the group. The GM also generates a corresponding group public-private key pair.
3. Group Key Distribution: The GM securely distributes the group key to the group members. This distribution can be achieved using various techniques such as secure channels, pre-shared keys, or key transport protocols. The group members must possess the group key to participate in secure group communication.
4. Group Key Agreement: The group members perform a key agreement protocol with the GM to establish a shared secret key. This shared key is used to protect the group key during transmission and ensure its confidentiality.
5. Group Key Update: Periodically, the GM updates the group key to maintain security. This can be triggered by predefined conditions such as time-based intervals or cryptographic key freshness. The GM securely distributes the updated group key to the group members.
6. Group Membership Changes: The PGK scheme supports dynamic group membership changes. When a new member joins the group, the GM securely distributes the group key to the new member. Similarly, when a member leaves the group, the GM revokes their access to the group key.

The PGK scheme utilizes both symmetric and asymmetric encryption algorithms. Symmetric encryption is used for encrypting and decrypting the actual group messages, while asymmetric encryption is used for protecting the group key during distribution and updates.

To protect the group key during distribution, the GM encrypts the group key using the public keys of the group members. Each group member possesses a unique public-private key pair. The GM encrypts the group key multiple times, each time using the public key of a specific member. This process is known as key wrapping. The encrypted group key is securely delivered to the corresponding member using a secure channel or other secure distribution mechanisms.

During group key updates, the GM generates a new group key and encrypts it using the public keys of the group members. The encrypted new group key is securely distributed to the group members, and they update their local copy of the group key accordingly.

To ensure the integrity and authenticity of the group key, digital signatures are used. The GM signs the group key with its private key, and the group members verify the signature using the GM's public key. This ensures that the group key has not been tampered with during distribution or updates.

In summary, the PGK ProSe Group Key scheme enables secure group communication in Proximity Services by generating a group key, distributing it to the group members using a combination of symmetric and asymmetric encryption techniques, and performing key updates and membership changes securely. The scheme ensures confidentiality, integrity, and authenticity of group communication, making it suitable for various applications requiring secure group communication in LTE and 5G networks.