Lawful interception requirements for encrypted services such as enhanced IMS Media Security are detailed in Section 5.7 of Third Generation Partnership Project (3GPP) Technical Specification (TS) 33.106. In one requirement, interception shall be performed in such a manner as to avoid detectability by the target or others. In another requirement, an encryption solution shall not prohibit commencement of interception and decryption of an existing communication.
In the Multimedia Internet KEYing Ticket (MIKEY-TICKET) key exchange protocol, an initiator user equipment (UE) generates a random number RANDRi which is included as a field in a ticket sent to a Key Management Service (KMS). The KMS returns to the initiator UE a generating key that is to be used to generate a Traffic Encryption Key (TEK) for secure communication with a responder UE. The generating key is called a TEK Generation Key (TGK). The RANDRi value together with a Crypto Session Identity (CS ID) and the TGK are used by the initiator UE and by a responder UE to generate the TEK used for ciphering in Secure Realtime Transport Protocol (SRTP) communication between the initiator UE and the responder UE.
The RANDRi and TGK information is discarded by the KMS when replying to the initiator UE. As such, information to regenerate the TEK for lawful interception is discarded by, and becomes unavailable to, the KMS. Therefore, mid-call interception of MIKEY-TICKET TEK based SRTP communications between the initiator UE and the responder UE is currently possible only through re-keying. Unfortunately, re-keying is detectable by both the initiator UE and the responder UE, thereby breaking the lawful interception requirements listed above.