5G

Cisco Pune

Security In 5G

1
 Rel 15 Security features

Ciphering & integrity protection

• User encryption mandatory to support (128 & 256-bit encryption keys)

• UP integrity mandatory to support and optional to use by 5G UEs and 5G networks

Terminating points Ciphering Integrity Protection

NAS Signalling AMF AMF
RRC Signalling gNB gNB
User Plane Data gNB gNB

Authentication Support:

• Two authentication methods, 5G AKA (enhancing LTE’s EPS AKA) and EAP-AKA’
• AKA: Authentication and Key Agreement, EAP: Extensible Authentication Protocol
• Both applicable for 3GPP as well as non-3GPP access

User plane data is encrypted and can be integrity protected. User plane
integrity protection is a new feature (not present in 4G) that thwarts attacks
against modification of encrypted addresses and content. It is valuable for
small data transmissions, particularly for constrained IoT devices. It is worth
noting that this feature is mandatory to support in UE and gNB, but optional to
use.

For the authentication between user equipment (UE) and network: There are
two authentication methods as shown in this table. Both are applicable for
3GPP as well as non-3GPP access.

2
 Algorithms
User data and signaling data confidentiality
•UE: NEA0, 128-NEA1, 128-NEA2

•Confidentiality protection of the user data between the UE and the gNB
is optional to use. Confidentiality protection of the RRC- signaling, and
NAS-signaling is optional to use.

•User data and signaling data integrity

•NIA0, 128-NIA1, 128-NIA2

EEA0 : no encryption

3
 5G AKA Protocol
Authentication key agreement

5G-AKA is a four-party protocol

• UE: User Equipment (SUPI)

• SEAF: Security Anchor Function
• AUSF: Authentication Server Function
• ARPF: Authentication credential Repository and Processing Function
Location : Hardware Security Module

Note : UE and ARPF alone share the user’s long-term secret symmetric key, K

5G-AKA is a four-party protocol (in both the roaming and non-roaming

context). These parties are:
• UE: the ‘User Equipment’.
This can be for example mobile phones or USB 5G dongles. Each UE is
uniquely identified by its Subscription Permanent Identifier (SUPI). In 5G, the
SUPI performs the same role as the ‘IMSI’ in pre-5G standards.
SEAF: the ‘Security Anchor Function’.
In the roaming context, this is within the Serving Network.
AUSF: the ‘Authentication Server Function’. This role falls within the Home
Network.
• ARPF: the ‘Authentication credential Repository and Processing Function.
This also falls within the Home Network, and may typically reside within a
secure location, such as a Hardware Security Module.

UE and ARPF alone share the user’s long-term secret symmetric key, K. In
5G-AKA, the SUPI should never be exposed publicly; a ‘Subscription
Concealed Identifier’ or SUCI is used to achieve this.
The SIDF, or the Subscriber Identity De-concealing Function is used to
decrypt a SUCI value into a SUPI: this functionality resides within (or is co-
located with) the AR

4
 Security Channel
Communication
1. UE ↔ SEAF
2. SEAF ↔ AUSF
3. AUSF ↔ ARPF

4.

1.UE sends its ephemerally encrypted ‘concealed ID’ (SUCI) and the name of
its Home Network to the nearest SEAF.
2.SEAF sends a 5G-AIR message containing this and the name of the
Serving Network to an AUSF in the relevant Home Network.
3. AUSF then transmits this information in an ‘Auth-Info Request’ message to
the Home Network’s ARPF.

Note : Parties and channels involved in the 5G-AKA protocol. Parties inside
the dashed box are within the 5G Core Network; dashed channels are
considered ‘secure’. The left two parties (UE and SEAF) can be remote, or
roaming, and the right two parties are within the Home Network.

5
Flow

6
 AKA Procedure

Parties and channels involved in the 5G-AKA protocol. Parties inside the dashed box are
within the 5G Core Network; dashed channels are considered ‘secure’. The left two parties
(UE and SEAF) can be remote, or roaming, and the right two parties are within the Home
Network.
The UE sends its ephemerally encrypted ‘concealed ID’ (SUCI) and the name of its Home
Network to the nearest SEAF.
2. The SEAF sends a 5G-AIR message containing this and the name of the Serving Network
to an AUSF in the relevant Home Network
3. The AUSF then transmits this information in an ‘Auth-Info Request’ message to the Home
Network’s ARPF.
The ARPF here does follwing :
(a) De-conceals the SUCI into its respective SUPI. This technically occurs in the SIDF, but
these are normally co-located. The ARPF uses the SIDF to find the relevant K for this user,
and then
(b) Generates a random number ‘RAND’, a number of Authentication Vectors (derived from
RAND and the user’s long term key K), an ‘Expected Response’ value (XRES*) so that other
parties can verify that the user responded correctly without knowing the long term K, and a
session key for the AUSF, K AUSF . These are transmitted to the AUSF in an ‘Auth-Info
Response’ message
5. The AUSF sends a 5G-AIA message containing the Authentication Vectors, a hash of the
‘Expected Response’ (i.e. HXRES*), the new ‘anchor key’ K SEAF (derived from K AUSF ),
and the SUPI of the intended recipient
6. The SEAF sends RAND and the Authentication Vectors to the UE in an Auth-Req
message.
7. The UE proves its identity (and implicitly, ownership of K) by responding to the SEAF with
RES* (i.e. the ‘Response’) within an Auth-Resp message; the UE can now calculate the keys

7
K AUSF and K SEAF
8. The SEAF calculates the hash of RES* (i.e. HRES*) received from the UE, and checks that
it matches with the hash of the ‘Expected Response’, HXRES* value from the AUSF. If it
matches, the SEAF considers the authentication to have been successful, and sends an
Authentication Confirmation (5G-AC) message containing the user’s SUPI, the Serving
Network’s ID, and optionally the response, to the AUSF.

7
SEPP

5G roaming local breakout architecture

VPLMN HPLMN
NRF UDSF UDM UDR NEF NRF UDSF UDM UDR NEF

NSSF AUSF SMSF EIR LMF SEPP SEPP NSSF AUSF SMSF EIR LMF

N1
AMF SMF PCF PCF

N2 N4

U 4G/5G UPF Internet

E N3 N6
n3GPP N3IWF

Protect messages that are sent over the N32

interface

8
 Security Summary
The gNB can be split in DU and
CU; and CU can reside in a
physically secure location. This
was important for reaching
agreement on UP security
termination in the gNB.
AMF is collocated
with the SEAF (SEcurity Anchor
Function ) that holds the root key
(anchor key
The SEAF shall support primary
authentication using SUCI.
The SEPP (Security Edge UDM uses the subscription data stored in UDR and
Protection Proxy) implements implements the application logic to perform various
application layer security for all functionalities such as authentication credential
the service layer information generation, user identification, service and session
exchanged between two NFs continuity etc
across two different PLMNs
ARPF (Authentication
The AUSF (Authentication credential Repository
server function )shall handle and Processing Function
authentication requests for ) keeps the
both, 3GPP access and non- authentication
3GPP access credentials

UE

ME
AM SEA UDM
CU AUS
DU F F
SEPP SEPP
USIM F ARP
F
N32
roaming scenario

AMF is collocated with the Sccurity Anchor Function (SEAF) that holds the
root key (anchor key) for the visited network: The SEAF forwards Extensible
Authentication Protocol (EAP) messages between the UE and the EAP server
in the Authentication Server Function (AUSF), where AMF/SEAF acts as an
EAP authenticator. It receives from the AUSF and holds the Master Key that
serves as anchor key for protecting further communication between UE and
serving network. This anchor key is common for all accesses.

To protect messages that are sent over the N32 interface, 5G System
architecture introduces Security Edge Protection Proxy (SEPP) as the entity
sitting at the perimeter of the PLMN network. The SEPP implements
application layer security for all the service layer information exchanged
between two NFs across two different PLMNs.

The Authentication server function (AUSF) shall handle authentication

requests for both, 3GPP access and non-3GPP access. And the
Authentication credential Repository and Processing Function (ARPF) keeps
the authentication credentials.