Every network function, asked one question: what is your security job?
“You cannot protect a network you cannot draw. Draw this one until you can do it from memory.”
— THE WHITEBOARD RULE
This chapter is the book’s reference map. We walk through every network function (NF) in the 5G system — not as an architecture course, but asking one question of each box: what is its security job, and what happens if it falls? Master this chapter and Parts 2–7 become applications of a picture you already own.
🎯 Learning objectives
Draw the 5G system and name the security role of every NF.
Explain where SEAF, ARPF, SIDF live and why they are roles, not boxes.
Describe CP/UP separation as a security property.
Annotate the interface map (N1–N4, N6, N9, N32, SBI) with its protection mechanism.
Explain the SBA security concept and rank NFs by blast radius.
📘 Standards reference box — Chapter 3
Specification
Title
Release / version verified
TS 23.501
System architecture for the 5G System
Rel-19, v19.6.0
TS 33.501
Security architecture and procedures for 5G System
Rel-18, v18.11.0 (2026-04)
TS 23.502
Procedures for the 5G System
Rel-19, v19.5.0
Checked June 2026 — verify against the latest 3GPP version.
3.1 The 5G System at a Glance
A 5G system has three zones: the UE (mobile equipment + the USIM holding the long-term key K), the NG-RAN (gNBs converting radio into IP), and the 5G Core — software network functions where control-plane NFs talk HTTP/2 APIs over a common service-based bus, and the user plane is one function, the UPF, forwarding subscriber packets.
FIGURE 3.1The Full 5G System Reference Architecture
Purpose: the master map every later diagram zooms into. Two representations in one: the blue bus (service-based view, secured by TLS+OAuth) and the numbered lines (reference points, secured per link).
FIGURE 3.2Service-Based vs Reference-Point Representation
Purpose: end the perennial confusion — same network, two official drawings. SBA security follows the bus; transport security follows the lines.
3.2 Walking the Functions: Who Does What for Security
UE and USIM — the credential vault you don’t control
The UE is the only 5G element deployed into hostile territory by design. The USIM (an application on the tamper-resistant UICC) stores K, runs the AKA algorithms (MILENAGE or TUAK), maintains the sequence number, and usually computes SUCI. The ME holds session keys only and executes NAS/AS protection. Malware on the phone OS can steal session keys; K never leaves the card.
Purpose: the credential split that gives SIM-swap and malware attacks different ceilings. Everything red is permanent secret; everything blue is replaceable session state.
AMF & SEAF — mobility manager and security anchor
The AMF is the UE’s control-plane front door: it terminates N1 (NAS) and N2, runs registration and mobility, and enforces NAS security. Inside it lives the SEAF — a role, co-located with the AMF — holding the anchor key KSEAF. Compromise the AMF and you hold NAS keys and the anchor for every attached UE in its region.
FIGURE 3.4AMF and the SEAF Anchor Role
Purpose: SEAF is a function inside the AMF, not a separate product. Note the key shelf: this single NF holds live security state for every attached subscriber in its region.
AUSF, UDM, ARPF, SIDF — the home-network security trio (plus two hidden roles)
AUSF: home-side authentication — verifies the final proof (RES*), derives and delivers KSEAF, anchors KAUSF for SoR/UPU protection and AKMA.
UDM: the subscription brain — chooses the authentication method per subscriber, generates authentication vectors, fronts the UDR data store.
ARPF: a role inside UDM — the vault that stores K and computes the AKA functions; serious deployments back it with an HSM.
SIDF: also co-located with UDM — the only entity holding the home network private key that can decrypt SUCI → SUPI.
💡 Key idea
SEAF, ARPF, and SIDF are functions, not boxes — you will not find them in a product catalog. SEAF lives in the AMF; ARPF and SIDF live in the UDM. 3GPP names them separately so the security responsibilities are specified independently of vendor packaging.
Purpose: map four home-side names onto two deployable products and one HSM. The red box is the most valuable object in the operator’s estate — Chapter 7 explains why losing it means losing everything.
SMF & UPF, and the supporting cast
The SMF controls PDU sessions and — critically — originates the UP security policy (ciphering/integrity required, preferred, or not needed per session), enforced by the gNB; it commands UPFs over N4 (PFCP), a chronically under-protected interface. The UPF forwards all subscriber traffic but holds no subscriber keys — UP encryption terminates at the gNB; its risks are interception points, DDoS, and the internet edge (N6).
The rest: PCF (policy is power — a manipulated PCF silently reroutes or degrades), NSSF (slice selection underpins tenant isolation), NRF (the directory and OAuth authorization server — the single most security-critical NF in the SBA), NEF (the deliberate doorway), AF (trusted internal vs untrusted external, mediated by NEF), SCP (routing fabric — concentrates traffic, concentrates risk), SEPP (the PLMN border guard, Chapter 13).
FIGURE 3.6Security Role of Each NF — the Annotated Architecture
Purpose: the chapter’s thesis on one page — every box has a security job. The two red-framed crown jewels reappear in every threat chapter.
3.3 Control/User Plane Separation as a Security Property
5G fully separates signaling (everything except UPF) from packet forwarding (UPF only). Security consequences: containment (the internet-facing surface touches the UPF only; keys and identities never transit it), independent placement (UPFs at exposed edge sites while control NFs stay protected — if N4/N9 are protected), and distinct monitoring (registration storms vs volumetric DDoS need different telemetry — Chapter 26 splits its KPIs along exactly this line).
FIGURE 3.7Control Plane / User Plane Separation
Purpose: CUPS as a containment boundary. An internet-side attacker touches packets, not keys; a signaling-side attacker never touches the packet path — unless N4 is left open.
3.4 The Interface Map with Security Annotations
Interface
Between
Carries
Protection (baseline)
Uu
UE ↔ gNB
radio: RRC + user data
AS security: NEA/NIA in PDCP
N1
UE ↔ AMF
NAS signaling
NAS ciphering + integrity
N2
gNB ↔ AMF
NGAP signaling
NDS/IP (IPsec) or DTLS
N3
gNB ↔ UPF
GTP-U user data
IPsec (esp. untrusted backhaul)
N4
SMF ↔ UPF
PFCP session control
NDS/IP — often forgotten
N6
UPF ↔ data network
raw user traffic
firewalls, DDoS defense
N9
UPF ↔ UPF
inter-UPF user data
IPsec where untrusted
SBI
NF ↔ NF
HTTP/2 APIs
mTLS + OAuth 2.0
N32
SEPP ↔ SEPP
inter-PLMN signaling
TLS or PRINS
⚠️ Warning
NAS security (N1) and AS security (Uu) protect subscriber traffic — they do nothing for infrastructure links. A gNB whose N2/N3 backhaul runs unencrypted over leased lines exposes NGAP signaling and GTP-U packets regardless of how perfect the air-interface crypto is. Infrastructure links need their own protection (Chapter 14).
FIGURE 3.8The N-Interface Map with Security Annotations
Purpose: one-glance answer to “what protects this link?” In audits, walk this map left to right and demand a packet capture per link — diagrams lie, captures don’t.
3.5 The SBA Security Concept
Inside the core, TS 33.501 mandates a three-layer defense for every service call (full treatment in Chapter 10): 1 — transport: mutual TLS between NFs; 2 — authorization: OAuth 2.0 client-credentials tokens issued by the NRF, validated by the producer (token, scope, audience); 3 — border: the SEPP applies inter-PLMN policy on N32, because your roaming partner’s core is not your trust domain.
FIGURE 3.9SBA Bus Concept — mTLS Everywhere, Tokens From the NRF
Purpose: the entire Chapter-10 model previewed. Steps ① and ② happen for every inter-NF service call in a properly configured core — millions of times per hour.
FIGURE 3.10SEPP at the PLMN Border
Purpose: the roaming security model in one frame: nothing crosses the border except through the SEPPs. Chapter 13 opens this gate and inspects every bolt.
FIGURE 3.11Direct vs Indirect Communication — Where the Token Comes From
Purpose: communication models change where security checks happen. Before approving an SCP deployment, ask: who fetches tokens, and who can now impersonate whom?
3.6 Where the Keys Live
The fastest security review of any 5G design: which keys does this element hold?
Element
Keys held
Blast radius if compromised
USIM
K, SQN, home public key
one subscriber, permanently — reissue card
UDM/ARPF (+HSM)
K for every subscriber
catastrophic — total network
AUSF
K_AUSF per UE
SoR/UPU forgery, AKMA keys; per-UE
AMF/SEAF
K_SEAF, K_AMF, NAS keys, NH
all NAS traffic + keys in its region
gNB
K_gNB, AS keys
radio traffic of its cells until refresh
UPF
none (subscriber crypto)
sees forwarded traffic; no key theft possible
NRF
token signing capability
forge authorization for the whole SBA
SEPP
N32 session keys, inter-PLMN certs
roaming traffic manipulation
FIGURE 3.12Where Keys Live — NF-to-Key Placement Map
Purpose: key placement is the skeleton of Chapter 7 — and your asset-criticality ranking. Patch windows, monitoring depth and admin-access rules should follow this map, not an alphabetical NF list.
3.7 The Practical Operator View
Build your asset criticality ranking from the blast-radius table — UDM/ARPF and NRF first, then AMF and SEPP.
On every architecture review, walk the interface table and demand the named protection per link — N4 and intra-site SBI are the chronic gaps.
Insist vendor diagrams show SEAF/ARPF/SIDF placement explicitly; “it’s in there somewhere” hides HSM and key-export questions.
For shared/edge sites, re-run the analysis assuming the site is hostile.
Common misconfiguration risks
N4 (PFCP) left unprotected because “it’s internal” — it commands every user-plane session.
UDM deployed without HSM backing; K exportable “for migration.”
NRF reachable from OAM or enterprise networks without mTLS.
SCP introduced for routing convenience, silently bypassing per-NF authorization assumptions.
Trusted-AF status granted to applications that should be behind NEF.
3.8 Threats and Mitigations
Threat
Target
Primary mitigation
Ch.
Long-term key theft
UDM/ARPF
HSM, no export, strict admin path
11, 29
Token forgery / rogue authorization
NRF
NRF hardening, mTLS, token validation
10–11
NAS key harvesting
AMF
platform hardening, region isolation
8, 11
Cell-site key extraction
gNB
secure boot, key storage, IPsec backhaul
15
Traffic interception
UPF, N3/N9
IPsec, edge physical security
14, 22
Cross-PLMN signaling abuse
SEPP/N32
filtering, TLS/PRINS, policy
13
3.9 Terminology, Example, Checklist
Term
Meaning
NF / SBI / SBA
Network Function · Service-Based Interface · the architecture built from them
SEAF / ARPF / SIDF
Security roles hosted in AMF (SEAF) and UDM (ARPF, SIDF)
UDR
Unified Data Repository backing the UDM
CUPS
Control / User Plane Separation
N1…N32 / Uu
Reference points / the radio interface
Real network example. A Southeast Asian operator commissioned a 5G SA core from two vendors (control plane from vendor A, UPFs from vendor B). Integration review found N4 running plain PFCP across a shared MPLS network that also carried enterprise VPN customers — each vendor assumed the other secured the link. One IPsec policy fixed it; only the security view of the architecture caught it, because functionally everything had worked perfectly for weeks.
Can you draw, from your live network’s docs, where SEAF / ARPF / SIDF physically run? If not, ask the vendor today.
For each interface in the table, name the configured protection — and verify one packet capture per link.
Confirm HSM backing (or compensating controls) for ARPF key storage.
List which AFs hold “trusted” direct SBI access; justify each.
Verify the NRF is unreachable except over mTLS from registered NFs.
Check whether any UPF site is physically exposed and what that implies for N4/N9/N6.
★ Chapter Summary
Every NF has a security mission: USIM and ARPF guard K; AMF/SEAF anchors NAS security; AUSF gives the home verdict; SIDF alone reads SUCIs; SMF writes UP security policy; gNB executes radio crypto; NRF authorizes the SBA; NEF and SEPP guard the doors.
SEAF, ARPF, SIDF are roles, not products — pin down where vendors host them.
CP/UP separation is a containment boundary; the interface map names the protection per link — N4 is the classic omission.
Rank assets by key blast radius: UDM/ARPF and NRF are the crown jewels.
? Review Questions
Name the three security roles that do not exist as standalone products, and their host NFs.
Why does the UPF hold no subscriber keys, and what does that imply about where you fight interception vs DDoS?
An attacker compromises (a) one gNB, (b) one AMF, (c) the UDM/ARPF. Rank the impact and justify with key placement.
Which interface carries PFCP, why is it security-critical, and what protects it?
Explain trusted vs untrusted AF, and which NF mediates the untrusted case.
Why is the NRF called the SBA’s authorization server, and what fails if its token issuance is compromised?
Your vendor’s diagram shows “UDM” with no mention of SIDF. What three questions do you ask?
Give one security argument for deploying an SCP and one against.
🧪 Mini lab — the memory map
On a whiteboard, draw the full architecture from memory: all NFs, the SBA bus, and interfaces Uu, N1–N4, N6, N9, N32. Annotate: (1) a red key everywhere a long-term secret lives, (2) a blue key for session keys, (3) a lock on every protected interface with the mechanism named, (4) red stars on the two crown-jewel NFs. Compare against Figures 3.1, 3.8 and 3.12. Repeat tomorrow — when you can reproduce it cold, every authentication message in Chapters 5–6 will travel a path you can already see.