What is the difference between 4G and 5G security architecture?

5G introduces zero-trust security with OAuth 2.0 based SBA, SUCI/ECIES identity privacy replacing exposed IMSI, split anchor key model (K_AUSF/K_SEAF), mandatory user plane integrity protection, and SEPP-based N32 roaming replacing vulnerable SS7/Diameter interconnects.

How does 5G protect against IMSI catchers?

5G uses SUCI (Subscription Concealed Identifier) with ECIES encryption. The MSIN is encrypted using the home network's public key, and only the SIDF in UDM can decrypt it. This makes IMSI catchers ineffective as the permanent identity is never transmitted in cleartext.

What is the SEPP N32 interface in 5G roaming?

SEPP (Security Edge Protection Proxy) provides end-to-end protection for 5G inter-PLMN signaling via the N32 interface, replacing vulnerable SS7/Diameter with mutual TLS and PRINS (Protocol for N32 Interconnect Security) using JWS/JWE for integrity and confidentiality.

5G Core & Security Architecture: Protocol-Level Analysis

Trust Model & Core Architecture Shift

The fundamental security paradigm shift from 4G to 5G represents a move from perimeter-based implicit trust to zero-trust architecture with explicit authorization.

4G LTE / EPC

5G SA / SBA

4G LTE

EPC Architecture

Core Protocols

Diameter (S6a, S11) GTP-C/U SCTP/IP

Security Model

Perimeter-based Hop-by-hop trust IPSec tunnels

Key Risk: Once inside IPX, nodes are implicitly trusted. A compromised node gains full lateral movement capability.

Click for 5G fix

5G Solution: OAuth 2.0 + mTLS on every NF-to-NF API call. Even compromised NFs cannot access unauthorized services.

EPC Trust Assumption

EPC assumes network honesty, not network compromise. Physical security boundaries are the primary defense.

5G SA

SBA Architecture

Core Protocols

HTTP/2 REST APIs JSON/OpenAPI

Security Model

Zero Trust TLS 1.2/1.3 OAuth 2.0

Security Impact: Even if an NF is compromised, unauthorized lateral API access is blocked by OAuth 2.0 authorization.

Zero Trust by Design

Each NF (AMF, SMF, UDM, PCF) must authenticate, present access tokens, and be explicitly authorized per service.

5G SBA Security Architecture with OAuth 2.0

NF Registration

NF registers with NRF, providing NF profile and supported services

Token Request

NF Consumer requests OAuth 2.0 access token from NRF for target NF

Token Issuance

NRF validates and issues JWT with scope, expiry, and audience claims

Service Access

NF Consumer presents token; NF Producer validates before processing

OAuth 2.0 Access Token (JWT)

{
  "iss": "nrf.5gc.mnc001.mcc001.3gppnetwork.org",
  "sub": "amf-001",
  "aud": "udm.5gc.mnc001.mcc001.3gppnetwork.org",
  "scope": "nudm-uecm nudm-sdm",
  "exp": 1704931200,
  "claims": {
    "nfType": "AMF",
    "nfInstanceId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "allowedPlmns": [{ "mcc": "001", "mnc": "01" }]
  }
}
                        

Identity Privacy: IMSI vs SUCI (ECIES)

5G introduces cryptographic identity protection using ECIES to eliminate IMSI exposure vulnerabilities that enable subscriber tracking and surveillance attacks.

IMSI Catcher Attack (4G) vs SUCI Protection (5G)

4G IMSI Exposure

5G SUCI Protection

4G LTE

IMSI Exposure

Permanent Identifier

IMSI (15 digits) MCC + MNC + MSIN

Cleartext Transmission

IMSI sent in cleartext during Attach Request if GUTI is unavailable or rejected by network.

Attack Vectors: IMSI Catchers, Location Tracking, Silent SMS, Subscriber Profiling, Targeted Surveillance

Click for 5G fix

5G Solution: SUCI uses ECIES encryption. Only the home network SIDF in UDM can de-conceal the identity. IMSI catchers are rendered ineffective.

IMSI Structure

// IMSI: 310150123456789
MCC: 310      // Mobile Country Code (USA)
MNC: 150      // Mobile Network Code
MSIN: 123456789 // Subscriber ID (CLEARTEXT)
                                    

5G SA

SUCI Protection

Identity Scheme

SUPI (Permanent) SUCI (Concealed) 5G-GUTI (Temporary)

ECIES Encryption

MSIN encrypted using Home Network public key. Only SIDF (in UDM) can decrypt to reveal SUPI.

Critical Improvement: Serving Network (AMF) never sees the real permanent identity. IMSI catchers are rendered ineffective.

SUCI Structure (TS 23.003)

// SUCI: suci-0-001-01-0-0-0-<encrypted_msin>
suci-0-        // SUPI Type (0 = IMSI)
001-01-       // MCC-MNC (Cleartext)
0-0-          // Routing Indicator
0-            // Protection Scheme (Profile A)
<ECIES_Output> // Ephemeral PK + Ciphertext + MAC
                                    

SUCI Generation Flow (ECIES - Profile A/B)

USIM Storage

USIM stores Home Network Public Key (HNPK) provisioned by operator. Profile A uses Curve25519, Profile B uses secp256r1.

Ephemeral Key Generation

UE generates fresh ephemeral key pair (ePK, eSK) for each SUCI computation. Ensures unlinkability between sessions.

ECDH Key Agreement

Shared secret derived: SS = ECDH(eSK, HNPK). Used to derive encryption key (EK) and MAC key (MK) via KDF.

MSIN Encryption

MSIN encrypted using AES-128-CTR with EK. MAC computed over ciphertext using HMAC-SHA-256 with MK.

SUCI Output

SUCI = MCC || MNC || Routing Ind || Protection Scheme || ePK || Ciphertext || MAC. Only SIDF can decrypt.

3GPP TS 33.501 Section 6.12

SUCI concealment is mandatory for 5G SA. The SIDF (Subscription Identifier De-concealing Function) resides in UDM and is the only entity capable of de-concealing SUPI from SUCI.

Authentication & Key Hierarchy

5G introduces a split anchor key model that prevents serving network compromise from exposing home network key material, fundamentally changing the trust boundary.

5G-AKA Authentication Flow (Animated)

Key Hierarchy: 4G EPS-AKA (Red) vs 5G-AKA (Green)

4G EPS-AKA

5G-AKA Split Key

4G LTE

EPS-AKA Key Hierarchy

K (USIM/AuC)

CK, IK

K_ASME (stored in MME)

K_NASenc

K_NASint

K_eNB

Vulnerability: K_ASME stored in MME. Compromised MME = attacker can derive all access stratum and NAS keys.

Click for 5G fix

5G Fix: Home network (AUSF/UDM) never exposes K_AUSF. Serving network only receives K_SEAF -- context-limited, non-reversible to K.

5G SA

5G-AKA Split Key Model

K (USIM/UDM)

K_AUSF (Home Network Only)

K_SEAF (Sent to AMF)

K_AMF

K_NASenc

K_NASint

K_gNB

Key Improvement: Home network (AUSF/UDM) never exposes K_AUSF. Serving network only receives K_SEAF -- context-limited, non-reversible to K.

5G Authentication Methods (TS 33.501)

5G-AKA

Primary method for SIM-based devices. Enhanced EPS-AKA with home network confirmation and concealed identity support.

Key Features

HRES* verification SUCI support Anchor key split

EAP-AKA'

EAP framework method enabling WLAN interworking and non-3GPP access. Binds to access network name for serving network authentication.

Key Features

AT_KDF binding Non-3GPP access WLAN integration

EAP-TLS

Certificate-based authentication for non-SIM IoT devices and enterprise deployments. Mutual authentication via X.509 certificates.

Key Features

No SIM required X.509 certs Enterprise IoT

5G-AKA Extensions

Extensibility for future authentication methods including AKMA (Authentication and Key Management for Applications) per TS 33.535.

Key Features

AKMA GBA successor App-level keys

5G Key Derivation Functions (TS 33.501 Annex A)

// K_AUSF derivation (in UDM/ARPF)
K_AUSF = KDF(CK || IK, "6A" || SN_name || SQN ^ AK)

// K_SEAF derivation (in AUSF)
K_SEAF = KDF(K_AUSF, "6C" || SN_name)

// K_AMF derivation (in SEAF/AMF)
K_AMF = KDF(K_SEAF, "6D" || SUPI || ABBA)

// NAS keys derivation
K_NASint = KDF(K_AMF, "69" || alg_type || alg_id)
K_NASenc = KDF(K_AMF, "69" || alg_type || alg_id)

// K_gNB derivation
K_gNB = KDF(K_AMF, "6E" || NAS_UL_COUNT || Access_Type)
                        

Radio Interface Security (PDCP Layer)

5G NR introduces mandatory user plane integrity protection and 256-bit algorithm support to address bit-flip attacks and provide quantum-resistant cryptographic options.

Encryption & Integrity Algorithms (TS 33.501 Section 5.6)

4G LTE Algorithms

NEA1 / NIA1

SNOW 3G (128-bit)

NEA2 / NIA2

AES-128

NEA3 / NIA3

ZUC-128

NEA0 / NIA0

NULL (No protection)

5G NR Algorithms

NEA1 / NIA1

SNOW 3G (128-bit)

NEA2 / NIA2

AES-128

NEA3 / NIA3

ZUC-128

NEA4 / NIA4

AES-256

NEW

NEA5 / NIA5

SNOW-256

NEW

NEA6 / NIA6

ZUC-256

NEW

Quantum Resistance Considerations

256-bit symmetric algorithms provide defense against Grover's algorithm, which effectively halves the security of symmetric keys. AES-256 provides ~128-bit post-quantum security.

User Plane Integrity Protection (UPIP)

4G LTE - No UPIP

5G NR - Mandatory UPIP

4G LTE - No UPIP

Protection Scope

RRC Signaling OK User Plane Data NONE

aLTEr Attack (CVE-2019-15619): DNS redirection via bit-flip on encrypted user plane without detection.

Click for 5G fix

5G Fix: Mandatory UPIP. UE and gNB must support user plane integrity. Critical for URLLC (autonomous vehicles, industrial control).

5G NR - Mandatory UPIP

Protection Scope

RRC Signaling OK NAS Signaling OK User Plane Data OK

TS 33.501 Mandate: UE and gNB must support UPIP. Critical for URLLC (autonomous vehicles, industrial control) where data integrity is paramount.

PDCP Integrity Protection (TS 33.501 Section 5.6.3)

// User Plane Integrity Protection MAC calculation
MAC-I = NIA(K_UP-int, COUNT, BEARER, DIRECTION, MESSAGE)

// Where:
K_UP-int   = User Plane Integrity Key (derived from K_gNB)
COUNT      = 32-bit PDCP COUNT (HFN || PDCP SN)
BEARER     = 5-bit Radio Bearer ID
DIRECTION  = 1-bit (0=UL, 1=DL)
MESSAGE    = PDCP PDU (Header + Data)

// MAC-I appended to PDCP PDU for receiver verification
                        

Roaming & Interconnect Security

5G replaces vulnerable SS7/Diameter interconnects with SEPP-based N32 interface, providing end-to-end protection against IPX-based attacks.

SEPP-Based N32 Roaming Architecture (Animated)

4G SS7/Diameter

5G SEPP + N32

4G LTE

SS7/Diameter Roaming

Interconnect Protocols

SS7 (MAP) Diameter (S6a/d) GTP (S8)

Security Model

IPX filtering DRA/DEA proxies Implicit trust

Known Attacks: Location leakage, Silent interception, DRA spoofing, Subscriber DoS, Fraud (SS7 MAP attacks)

Click for 5G fix

5G Fix: SEPP + PRINS (N32) provides end-to-end protection. IPX nodes cannot read or modify signaling. JWS for integrity, JWE for confidentiality.

5G SA

SEPP + N32 Interface

Interconnect Protocol

N32-c (Control) N32-f (Forwarding) HTTP/2 + JSON

Security Stack

Mutual TLS PRINS (App Layer) JWS/JWE

Protection: Intermediate IPX nodes cannot read or alter signaling content. End-to-end integrity and optional confidentiality.

SEPP-Based N32 Roaming Architecture (TS 33.501 Section 13)

Home PLMN (HPLMN)

UDM AUSF PCF

hSEPP

N32 Interface

mTLS JWS JWE

IPX cannot inspect/modify

Visited PLMN (VPLMN)

AMF SMF vPCF

vSEPP

N32-f PRINS Message Protection (TS 29.573)

// N32-f message with PRINS protection
{
  "n32fContextId": "ctx-12345",
  "dataToIntegrityProtectBlock": {
    "metaData": { // Visible to IPX (routing)
      "n32fPeerId": "hsepp.mnc001.mcc001.3gppnetwork.org"
    },
    "requestLine": {
      "method": "POST",
      "uri": "/nudm-uecm/v1/imsi-001010123456789/registrations/amf-3gpp-access"
    },
    "payload": "<JWS-protected JSON>" // Integrity protected
  },
  "dataToIntegrityProtectAndCipherBlock": {
    "payload": "<JWE-encrypted JSON>" // Confidential + Integrity
  }
}
                        

PRINS Modes (TS 33.501 Section 13.2)

TLS-only: Transport layer protection only. PRINS: Application layer protection using JWS (integrity) and JWE (confidentiality). PRINS enables sensitive IEs to remain protected even when IPX proxies terminate TLS.

Anti-Bidding Down Protection

5G implements cryptographic detection of capability downgrade attacks that allow MITM attackers to force null encryption or legacy RAT fallback.

4G Vulnerable

5G Cryptographic Detection

4G LTE

Vulnerable to Downgrade

Attack Vector

UE capabilities sent unencrypted in Attach Request. MITM can modify to remove strong algorithms, forcing NEA0 (null encryption) or legacy RAT downgrade to 2G/3G.

Attack Consequences

Null encryption 2G/3G fallback Eavesdropping

5G SA

Cryptographic Detection

Detection Mechanism

UE resends integrity-protected hash of original capabilities after security establishment. Network compares with initial capabilities -- mismatch = attack detected.

Protection Features

ABBA parameter UE capabilities hash Session termination

5G Anti-Bidding Down Detection Flow (TS 33.501 Section 6.2)

1. Registration Request (Unprotected)

UE sends 5G NR Security Capabilities, S1 UE Network Capability in cleartext. Potentially modifiable by MITM.

AMF

2. Security Mode Command

AMF selects algorithms, sends SMC with integrity protection. Includes Replayed UE Security Capabilities for verification.

3. Security Mode Complete (Integrity Protected)

UE compares replayed capabilities with original. If mismatch, UE rejects. UE includes HASH(UE capabilities) in protected message.

AMF

4. Verification

AMF computes HASH of received capabilities, compares with UE-provided hash. Mismatch indicates MITM attack.

Hash Match = Secure Session Established

Capabilities verified, no downgrade detected. Proceed with selected algorithms.

Hash Mismatch = Attack Detected

Session terminated. Security event logged. UE may attempt re-registration.

ABBA Parameter (Anti-Bidding down Between Architectures)

// ABBA parameter in K_AMF derivation (TS 33.501 Annex A.7)
K_AMF = KDF(K_SEAF, "6D" || SUPI || ABBA)

// ABBA value indicates security features supported
ABBA = {
  // Bit 0: 5G-AKA vs EAP-AKA'
  // Bit 1: Serving network authentication supported
  // Bits 2-15: Future extensions
}

// If ABBA is modified by MITM, K_AMF will differ between UE and AMF
// -> Security Mode Complete verification will fail
                        

Technical Comparison Summary

Security Domain	4G (LTE/EPC)	5G (SA/SBA)	3GPP Reference
Identity Protection	IMSI (Cleartext)	SUCI (ECIES)	TS 33.501 Section 6.12
Trust Model	Perimeter-based	Zero Trust	TS 33.501 Section 13
Core Protocol	Diameter / GTP	HTTP/2 + REST + OAuth	TS 29.500
NF Authorization	Implicit trust	OAuth 2.0 (NRF)	TS 33.501 Section 13.3
Key Exposure	K_ASME in MME	K_SEAF only	TS 33.501 Section 6.2
UP Integrity	Not supported	Mandatory UPIP	TS 33.501 Section 5.6.3
256-bit Crypto	Not available	AES-256, SNOW-256, ZUC-256	TS 33.501 Section 5.6.4
Roaming Security	IPX trust	SEPP + PRINS	TS 33.501 Section 13.2
Anti-Downgrade	Vulnerable	ABBA + Hash verification	TS 33.501 Section 6.4
Authentication	EPS-AKA only	5G-AKA, EAP-AKA', EAP-TLS	TS 33.501 Section 6.1

Key Takeaway for Architects

5G SA security is designed for cloud-native, multi-vendor, sliced, and roaming-heavy environments with zero-trust assumptions. The protocol changes are not incremental improvements -- they represent a fundamental architectural shift to address threats that EPC security was not designed to handle.

Recommended Courses

🛰 6G Vision Course 10 Modules • THz, RIS, AI-Native, NTN • $2.99 📡 5G Core Network Architecture Bestseller • SA/NSA, AMF, SMF, UPF, SBA • FREE 📡 O-RAN & Open Networks New • O-RAN Architecture, RIC, xApps • FREE

View All 25+ Courses

Test Your Knowledge

1. What is the primary function of SIDF in 5G identity privacy?

SIDF (Subscription Identifier De-concealing Function) resides in UDM and is the only entity capable of de-concealing the permanent identity (SUPI) from the concealed identifier (SUCI) using the home network private key.

2. How does the ABBA parameter prevent downgrade attacks?

ABBA (Anti-Bidding down Between Architectures) is included in K_AMF derivation. If a MITM modifies ABBA, the derived K_AMF will differ between UE and AMF, causing Security Mode Complete verification to fail and terminating the session.

3. What vulnerability does 5G UPIP address that 4G LTE cannot?

5G's mandatory User Plane Integrity Protection (UPIP) addresses the aLTEr attack (CVE-2019-15619), where an attacker could perform bit-flip modifications on encrypted user plane data (e.g., DNS redirection) because 4G LTE only provides encryption without integrity checking on the user plane.

5G Core & Security Architecture

Target Audience

Target Audience

Target Audience

Target Audience

Trust Model & Core Architecture Shift

EPC Architecture

EPC Trust Assumption

SBA Architecture

Zero Trust by Design

Identity Privacy: IMSI vs SUCI (ECIES)

IMSI Exposure

Cleartext Transmission

SUCI Protection

ECIES Encryption

USIM Storage

Ephemeral Key Generation

ECDH Key Agreement

MSIN Encryption

SUCI Output

3GPP TS 33.501 Section 6.12

What Comes After 5G Security?

Authentication & Key Hierarchy

EPS-AKA Key Hierarchy

5G-AKA Split Key Model

5G-AKA

EAP-AKA'

EAP-TLS

5G-AKA Extensions

6G Vision: The Future of Wireless Networks

Radio Interface Security (PDCP Layer)

4G LTE Algorithms

5G NR Algorithms

Quantum Resistance Considerations

4G LTE - No UPIP

5G NR - Mandatory UPIP

Roaming & Interconnect Security

SS7/Diameter Roaming

SEPP + N32 Interface

Home PLMN (HPLMN)

Visited PLMN (VPLMN)

PRINS Modes (TS 33.501 Section 13.2)

Master 5G Core Architecture

Anti-Bidding Down Protection

Vulnerable to Downgrade

Attack Vector

Cryptographic Detection

Detection Mechanism

1. Registration Request (Unprotected)

2. Security Mode Command

3. Security Mode Complete (Integrity Protected)

4. Verification

Hash Match = Secure Session Established

Hash Mismatch = Attack Detected

Technical Comparison Summary

Key Takeaway for Architects

Recommended Courses

Test Your Knowledge