When deriving a K AMF
from K SEAF
the following parameters shall be used to form the input S to the KDF.
FC = 0x6D
P0 = IMSI or NAI or GCI or GLI
L0 = P0 length - number of octets in P0
P1 = ABBA parameter
L1 = P1 length - number of octets in P1
The input key KEY shall be the 256-bit K SEAF
For P0, when the SUPI type is IMSI, P0 shall be set to IMSI as defined in clause 2.2 of TS 23.003
. For P0, when the SUPI type is network specific identifier, the P0 shall be set to Network Access Identifier (NAI) as defined in clause 28.7.2 of TS 23.003
. When the SUPI type is GLI, P0 shall be set to GLI taking format of NAIas defined in clause 28.15.2 of TS 23.003
. When the SUPI type is GCI, P0 shall be set to GLI taking format of NAIas defined in clause 28.16.2 of TS 23.003
. P0 shall be represented as a character string as specified in B.2.1.2 of TS 33.220
, for both SUPI types.
For ABBA parameter values please refer to clause A.7.1
ABBA parameter is provided to the UE from SEAF and shall be used as an input parameter for K AMF
derivation. To support flexible set of security features ABBA parameter is defined when security features change. To ensure forward compatibility, the ABBA parameter is a variable length parameter.
The SEAF shall set the ABBA parameter to 0x0000. The UE shall use the ABBA parameter provided by the SEAF in the calculation of K AMF
The following values have been defined for this parameter.
ABBA parameter value
Initial set of security features defined for 5GS.
When deriving keys for NAS integrity and NAS encryption algorithms from K AMF
in the AMF and UE or ciphering and integrity keys from K gNB
/ KSN in the gNB and UE, the following parameters shall be used to form the string S.
FC = 0x69
P0 = algorithm type distinguisher
L0 = length of algorithm type distinguisher (i.e. 0x00 0x01)
P1 = algorithm identity
L1 = length of algorithm identity (i.e. 0x00 0x01)
The algorithm type distinguisher shall be N-NAS-enc-alg for NAS encryption algorithms and N-NAS-int-alg for NAS integrity protection algorithms. The algorithm type distinguisher shall be N-RRC-enc-alg for RRC encryption algorithms, N-RRC-int-alg for RRC integrity protection algorithms, N-UP-enc-alg for UP encryption algorithms and N-UP-int-alg for UP integrity protection algorithms (see Table A.8-1). The values 0x00 and 0x07 to 0xf0 are reserved for future use, and the values 0xf1 to 0xff are reserved for private use.
The algorithm identity (as specified in clause 5
) shall be put in the four least significant bits of the octet. The two least significant bits of the four most significant bits are reserved for future use, and the two most significant bits of the most significant nibble are reserved for private use. The entire four most significant bits shall be set to all zeros.
For the derivation of integrity and ciphering keys used between the UE and gNB, the input key shall be the 256-bit K gNB
// KSN. For the derivation of integrity and ciphering keys used between the UE and AMF, the input key shall be the 256-bit K AMF
For an algorithm key of length n bits, where n is less or equal to 256, the n least significant bits of the 256 bits of the KDF output shall be used as the algorithm key.