The present document specifies the security architecture, i.e., the security features and the security mechanisms for the 5G System and the 5G Core, and the security procedures performed within the 5G System including the 5G Core and the 5G New Radio.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
TR 21.905 "Vocabulary for 3GPP Specifications".
TS 23.501 "System Architecture for the 5G System".
TS 33.210 "3G security; Network Domain Security (NDS); IP network layer security".
RFC 4303: "IP Encapsulating Security Payload (ESP)".
TS 33.310 "Network Domain Security (NDS); Authentication Framework (AF)".
RFC 4301: "Security Architecture for the Internet Protocol".
TS 22.261 "Service requirements for next generation new services and markets".
TS 23.502 "Procedures for the 5G System".
TS 33.102 "3G security; Security architecture".
TS 33.401 "3GPP System Architecture Evolution (SAE); Security architecture".
TS 33.402 "3GPP System Architecture Evolution (SAE); Security aspects of non-3GPP accesses".
RFC 5448: " Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')".
Editor's note: This reference will be removed and references to it updated when the IETF updates the RFC and publishes a new RFC that supercedes this RFC.
TS 24.301 " Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3".
TS 35.215 " Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 1: UEA2 and UIA2 specifications".
 NIST: "Advanced Encryption Standard (AES) (FIPS PUB 197)".
 NIST Special Publication 800-38A (2001): "Recommendation for Block Cipher Modes of Operation".
 NIST Special Publication 800-38B (2001): "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication".
TS 35.221 " Specification of the 3GPP Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 1: EEA3 and EIA3 specifications".
TS 23.003 "Numbering, addressing and identification".
TS 22.101 "Service aspects; Service principles".
RFC 4187: "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)".
TS 38.331 "NR; Radio Resource Control (RRC); Protocol specification".
TS 38.323 "NR; Packet Data Convergence Protocol (PDCP) specification".
TS 33.117 "Catalogue of general security assurance requirements".
RFC 7296: "Internet Key Exchange Protocol Version 2 (IKEv2)"
RFC 3748: "Extensible Authentication Protocol (EAP)".
TS 33.220 "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".
 SECG SEC 1: Recommended Elliptic Curve Cryptography, Version 2.0, 2009. Available http://www.secg.org/sec1-v2.pdf
 SECG SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0, 2010. Available at http://www.secg.org/sec2-v2.pdf
TS 38.470 "NG-RAN; F1 General aspects and principles".
TS 38.472 "NG-RAN; F1 signalling transport".
TS 38.474 "NG-RAN; F1 data transport".
TS 38.413 "NG-RAN; NG Application Protocol (NGAP)"
TS 24.501 "Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3".
TS 35.217 "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 3: Implementors' test data".
TS 35.223 "Specification of the 3GPP Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 3: Implementors' test data".
RFC 5216: "The EAP-TLS Authentication Protocol".
RFC 4346: "The Transport Layer Security (TLS) Protocol Version 1.1".
RFC 5246: "The Transport Layer Security (TLS) Protocol Version 1.2".
TS 38.460 "NG-RAN; E1 general aspects and principles".
RFC 6749: "OAuth2.0 Authorization Framework".
RFC 7519: "JSON Web Token (JWT)".
RFC 7515: "JSON Web Signature (JWS)".
RFC 7748: "Elliptic Curves for Security".
RFC 7540: " Hypertext Transfer Protocol Version 2 (HTTP/2)".
RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile".
RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP".
RFC 6066: "Transport Layer Security (TLS) Extensions: Extension Definitions".
TS 37.340 "Evolved Universal Terrestrial Radio Access (E-UTRA) and NR; Multi-connectivity; Stage 2".
TS 38.300 "NR; NR and NG-RAN Overall Description; Stage 2".
TS 33.122 "Security Aspects of Common API Framework for 3GPP Northbound APIs".
 3GPP TS28.533: " Management and orchestration; Architecture framework".
 3GPP TS28.531: "Management and orchestration of networks and network slicing; Provisioning".
RFC 4279 "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)".
RFC 7542: "The Network Access Identifier".
RFC 6083: " Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)".
RFC 7516: "JSON Web Encryption (JWE)".
RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3".
RFC 5705,"Keying Material Exporters for Transport Layer Security (TLS)".
RFC 5869 "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)".
 NIST Special Publication 800-38D: "Recommendation for Block Cipher Modes of Operation: Galois Counter Mode (GCM) and GMAC".
TS 31.115 "Secured packet structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applications.
TS 31.111 "Universal Subscriber Identity Module (USIM), Application Toolkit (USAT)".
 Internet draft draft-ietf-emu-rfc5448bis: "Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')".
TS 29.510 "5G System; Network function repository services".
TS 36.331 "Radio Resource Control (RRC); Protocol specification".
TS 29.505 "5G System; Usage of the Unified Data Repository services for Subscription Data; Stage 3".
TS 24.302 "Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access networks; Stage 3".
TS 23.216 "Single Radio Voice Call Continuity (SRVCC)".
TS 29.500 "Technical Realization of Service Based Architecture".
TS 29.500 "5G System; Technical Realization of Service Based Architecture; Stage 3".
 IEEE TSN network aspects: see 3GPP TS 23.501  references , , , , , and .
 Internet draft draft-ietf-emu-eap-tls13: "Using EAP-TLS with TLS 1.3"
RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3".
TS 38.401 "NG-RAN; Architecture description".
TS 23.316 "Wireless and wireline convergence access support for the 5G System (5GS)"
 IEEE Std 802.11-2016 (Revision of IEEE Std 802.11-2012) - IEEE Standard for Information technology-Telecommunications and information exchange between systems Local and metropolitan area networks-Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.
RFC 2410 "The NULL Encryption Algorithm and Its Use With IPsec".
TS 33.535 "Authentication and key management for applications based on 3GPP credentials in the 5G System (5GS)".
RFC 7858: "Specification for DNS over Transport Layer Security (TLS)".
RFC 8310: "Usage Profiles for DNS over TLS and DNS over DTLS".
RFC 4890: "Recommendations for Filtering ICMPv6 Messages in Firewalls".
TS 23.273 "5G System (5GS) Location Services (LCS); Stage 2".
TS 38.305 "Stage 2 functional specification of User Equipment (UE) positioning in NG-RAN".
TS 36.300 "Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access (E-UTRAN); Overall description; Stage 2".
For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
5G security context:
The state that is established locally at the UE and a serving network domain and represented by the "5G security context data" stored at the UE and a serving network.
5G AS security context for 3GPP access:
The cryptographic keys at AS level with their identifiers, the Next Hop parameter (NH), the Next Hop Chaining Counter parameter (NCC) used for next hop access key derivation, the identifiers of the selected AS level cryptographic algorithms, the UE security capabilities, and the UP Security Policy at the network side, UP security activation status and the counters used for replay protection.
5G AS security context for non-3GPP access:
The key K N3IWF, the cryptographic keys, cryptographic algorithms and tunnel security association parameters used at IPsec layer for the protection of IPsec SA.
5G AS Secondary Cell security context:
The cryptographic keys at AS level for secondary cell with their identifiers, the identifier of the selected AS level cryptographic algorithms for secondary cell, the UP Security Policy at the network side, and counters used for replay protection.
5G Home Environment Authentication Vector:
authentication data consisting of RAND, AUTN, XRES*, and K AUSF for the purpose of authenticating the UE using 5G AKA.
5G Authentication Vector:
authentication data consisting of RAND, AUTN, HXRES*, and K SEAF.
5G NAS security context:
The key K AMF with the associated key set identifier, the UE security capabilities, the uplink and downlink NAS COUNT values.
5G Serving Environment Authentication Vector:
a vector consisting of RAND, AUTN and HXRES*.
Parameter that provides antibidding down protection of security features against security features introduced in higher release to a lower release and indicates the security features that are enabled in the current network.
activation of security context:
The process of taking a security context into use.
The security key K SEAF provided during authentication and used for derivation of subsequent security keys.
applicaton Layer Security:
mechanism by which HTTP messages, exchanged between a Network Function in one PLMN and a Network Function in another PLMN, are protected on the N32-f interface between the two SEPPs in the two PLMNs.
An authentication vector or transformed authentication vector.
A vector consisting of CK, IK, RAND, AUTN, and XRES.
The property that for an entity with knowledge of Kn, it is computationally infeasible to compute any previous Kn-m (m>0) from which Kn is derived.
IPX provider entity with a business relationship with the cSEPP operator.
consumer's SEPP (cSEPP):
The SEPP residing in the PLMN where the service consumer NF is located.
current 5G security context:
The security context which has been activated most recently.
The fulfilment of the property that for an entity with knowledge of Km that is used between that entity and a second entity, it is computationally infeasible to predict any future Km+n (n>0) used between a third entity and the second entity.
full native 5G security context:
A native 5G security context for which the 5G NAS security context is full according to the above definition.
Home Network Identifier:
An identifier identifying the home network of the subscriber.
Home Network Public Key Identifier:
An identifier used to indicate which public/private key pair is used for SUPI protection and de-concealment of the SUCI.
A native 5G security context that is not the current one.
partial native 5G security context:
A partial native 5G security context consists of K AMF with the associated key set identifier, the UE security capabilities, and the uplink and downlink NAS COUNT values, which are initially set to zero before the first NAS SMC procedure for this security context.
producer's IPX (pIPX):
IPX provider entity with a business relationship with the pSEPP operator.
producer's SEPP (pSEPP):
The SEPP residing in the PLMN where the service producer NF is located.
Protection Scheme Identifier:
An identifier identifying a protection scheme that is used for concealing the SUPI.
The set of values in the USIM and in the home operator's network, consisting of at least the long-term key(s) and the subscription identifier SUPI, used to uniquely identify a subscription and to mutually authenticate the UE and 5G core network.
The SUbscription Permanent Identifier (SUPI).
subscription concealed identifier:
A one-time use subscription identifier, called the SUbscription Concealed Identifier (SUCI), which contains the Scheme-Output, and additional non-concealed information needed for home network routing and protection scheme usage.
subscription identifier de-concealing function:
The Subscription Identifier De-concealing Function (SIDF) service offered by the network function UDM in the home network of the subscriber responsible for de-concealing the SUPI from the SUCI.
transformed authentication vector:
an authentication vector where CK and IK have been replaced with CK' and IK'.
UE 5G security capability:
The UE security capabilities for 5G AS and 5G NAS.
UE security capabilities:
The set of identifiers corresponding to the ciphering and integrity algorithms implemented in the UE.
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
5G Core Network
5G Access Network
5G Residential Gateway
5G Radio Access Network
5G Authentication Vector
5G HE AV
5G Home Environment Authentication Vector
5G SE AV
5G Serving Environment Authentication Vector
Anti-Bidding down Between Architectures
Authenticated Encryption with Associated Data
Advanced Encryption Standard
Authentication and Key Agreement
Access and Mobility Management Function
Authentication Management Field
Authentication credential Repository and Processing Function