5G Security (5G AKA Authentication)

5G Security (5G AKA Authentication)

prasanna sahu
Latest posts by prasanna sahu (see all)

5G Security Procedure between UE and Network

Security Types in 5G Network

  1. Security required for UE to access network services comes under Network access security. This security mainly cover Authentication, Integrity and ciphering of Signalling and data.
  2. Domain Security mainly covers secure communication between different Network nodes.
  3. Application domain security covers security mechanism between peer applications.
  4. There are two different kind of authentication

Different Authentication, Ciphering and Integrity Algorithms

  • In most cases for Authentication Key Agreement(AKA), operators use Milenage/TUAK algorithm. But some cases proprietary algorithm.
  • For Cyphering and Integrity Protection following Algorithms are used. 

Ciphering Algorithms

Integrity Algorithms

Key Distribution

5G AKA Authentication Procedure

Authentication Flow Steps

  1. After receiving Registration Request, AMF  initiates authentication procedure with UE, if UE security context is not existing with AMF.
  2. AMF sends Nausf_UEAuthentications Request with SUCI or SUPI and Serving network name.
  3. AUSF based on the Serving Network name, determine if AMF is authorised to send this message.
  4. Then AUSF, sends Nudm_UEAuthentication_Get Request with SUPI/SUCI to UDM.
  5. UDM Calculates the 5G HE AV as below. UDM Uses Milenage functions to derive MAC, XRES, CK, IK and AK.
  • UDM derives Kausf is as follows using HMAC-SHA-256(K, S) KDF(Key Derivation Function) function as below.
  • UDM derives XRES* as follows using HMAC-SHA-256(K, S) KDF function.
  • UDM derives 5G HE AV from above derived keys as below and send it to AUSF with message “Nudm_Authentication get Response” 5G HE AV = RAND ‖ XRES* ‖ Kausf ‖ AUTN
  1. Derivation of 5G SE AV at AUSF
  • HXRES* Calculation at AUSF: HXRES* is 128 bit MSB of the output of SHA-256 hash, calculated by passing RAND || XRES* as input to SHA-256 algorithm.
  • AUSF derives Kseaf from Kausf by passing K= Kausf  and S = 0x6C || Serving Network Name || Lenth of Serving Network Name to KDF function.
  • AUSF calculates 5G AV and 5G SE AV as below and send 5G SE AV to AMF. 5G AV = RAND ‖ HXRES* ‖ Kseaf ‖ AUTN 5G SE AV = RAND ‖ HXRES* ‖ AUTN
  1. AMF Sends NAS Authentication Request to UE with RAND and AUTN from 5G SE AV.
  1. UE Uses Milenage functions to derive XMAC, RES, CK, IK as below.
  1. UE Verify the MAC received in AUTN with XMAC calculated above to authenticate the network and check the freshness of AUTN. Here if the comparison fails then it will send authentication failure with AUTS.
  1. UE derives RES* as follows using HMAC-SHA-256(K, S) KDF function. using keys calculated above, and then sends RES* to AMF.
  1. AMF Calculates HRES* from RES* : HRES* is 128 bit MSB of the output of SHA-256 hash, calculated by passing RAND || RES* as input to SHA-256 algorithm.
  1. AMF compares HRES*(Calculated above) with HXRES* received from AUSF to check for successful authentication.
  1. AMF sends RES* received from UE to AUSF with “Authenticate Request” message.
  1. AUSF compares RES* with the XRES*(part of 5G HE AV) received from UDM in step 5.
  1. If Comparison is successful, AUSF sends Authentication Event notification to UDM with “Success”.

prasanna sahu

Telecom Professional


Satya Bhonagiri Posted on6:12 am - March 30, 2020

Wonderful Paper

harashta Posted on10:21 am - July 29, 2020

Thank you so much for your clear article. May I know the source? I have searched on ETSI / 3GPP document but haven’t found it. Thanks!

Honey Posted on5:21 pm - August 6, 2020

What is the full form of AUTN and AUTS

chen Posted on9:55 am - October 27, 2020

Is there any test data for 5G AKA? I want to verify my code is correct or not.

    Maxime Posted on9:35 am - June 22, 2021

    Same here, if anyone has …
    As I understand, USIM will compute RES from OPc & RAND using Milenage. I believe https://www.sqimway.com/milenage.php can be a way to verify your milenage algo.
    But after this, RES* will be compute from RES using HMAC-SHA256(K(CK||IK), (FC||SNN||len(SNN)||RAND||len(RAND)||RES||len(RES)))
    It is here that I fail to retrieve RES*.
    Any advice/Test data is welcome

Comments are closed.

Comments are closed.