5G Core Course  /  Course home  /  Module 6 — Security: SUCI, 5G-AKA, the key hierarchy and SBA security
3GPP Release 19
MODULE M6 · ~45 MIN · CINEMATIC + CAMERA

Security &
Trust.

The module where the network learns to trust a stranger over the open air. Identity privacy with the SUCI, the full 5G-AKA authentication dance, the key hierarchy from K to the four radio keys, the cipher and integrity algorithms, security mode commands, forward-secure handovers, and how the core protects its own API calls and the roaming border — narrated and fully animated, with a cinematic camera.

SUCIprivacySUPI concealed on the air
5G-AKA12 stepsmutual · verbatim
KEYtreeK → K SEAF → radio
TLS·OAuthSBA + SEPP border
EN·فاkaraoke subs
TS 33.501 V19.5.0 §4 · §5.11 · §6.1–6.2 · §6.7 · §6.9 · §6.12 · §13 · Figures 6.1.3.2-1 · 6.2.1-1
▶ VIDEO · MODULE 6 · ~45 MIN

Security — a chain of trust, assembled in under a second

The player screen is a live animation stage with a cinematic camera — the key tree grows, the AKA challenge flies, and the security chain locks exactly as the narration reaches it. Karaoke subtitles in English, two subtitle modes, fullscreen.

Module 6 · 5G Core Masterclass · security & trust
Security: SUCI → 5G-AKA → key hierarchy → SBA
0:00 / 0:00
REFERENCE · THE SECURITY IEs
The M6 IE catalogue →
Every structure the video opens — the SUCI, AUTN, the 5G HE/SE authentication vectors, the whole key hierarchy, the NEA/NIA algorithms, the security mode commands, OAuth tokens and the SEPP/N32 message — clause-cited, searchable.
REFERENCE · THE M6 IE CATALOGUE

Every information element in the module

Each security structure the video opens — its interface, direction, purpose and clause. Click any row to open its full breakdown. Filter to find any of them.

StructureInterfaceDirWhat it doesClause
TS 33.501 V19.5.0 §5.11 · §6.1 · §6.2 · §6.7 · §6.9 · §6.12 · §13
REFERENCE · DOMAINS · SUCI · 5G-AKA · KEY TREE · ALGORITHMS · SBA · SEPP

5G Security, at protocol depth

Everything the video animates, as reference you can scan: the six security domains, how the SUCI conceals identity, the exact 5G-AKA exchange, the full key hierarchy, the cipher and integrity algorithms, and how the core protects its own API calls and the roaming border. All spec-cited to TS 33.501 V19.5.0.

The six security domains (TS 33.501 §4)

① Network Access

  • Device ⇄ network — the air link.
  • Primary authentication, NAS & AS security, key hierarchy.
  • Most of this module lives here.

② Network Domain

  • Secure traffic between network functions.
  • Transport protection (NDS/IP, TLS).

③ User Domain

  • USIM ⇄ device mutual authentication.
  • The PIN — user to UICC.

④ Application Domain

  • App on device ⇄ app in the network.
  • Out of scope of the access procedures.

⑤ SBA Domain

  • Protects the API calls between NFs.
  • TLS + OAuth 2.0 · SEPP/PRINS at the border (§13).

⑥ Visibility & Config.

  • Can the user see whether security is on?
  • Serving-network identifier available to apps.
Identity privacy — SUPI · SUCI · SIDF (TS 33.501 §6.12)

SUPI — the secret name

  • Permanent identity (IMSI or NAI form).
  • Shall NEVER be sent over the air in the clear.
  • Recovered only at the UDM.

SUCI — the sealed envelope

  • Readable: SUPI Type · Home Net Id · Routing Indicator · Scheme Id · HN Key Id.
  • Secret: the Scheme Output (encrypted subscriber part).
  • Schemes (Annex C): null · Profile A (Curve25519) · Profile B (secp256r1) — ECIES.
  • Fresh & random each time → unlinkable ciphertext.

SIDF — the letter-opener

  • De-conceals SUCI → SUPI at the UDM.
  • Uses the Home Network Private Key.
  • Only home-network elements may invoke it.
5G-AKA — the exact exchange, verbatim (TS 33.501 §6.1.3.2, Figure 6.1.3.2-1)
StepWhereWhat happens
1UDM/ARPFgenerate AV: RAND, AUTN (separation bit = 1), derive K AUSF, compute XRES* → the 5G HE AV = RAND · AUTN · XRES* · K AUSF
2UDM→AUSFreturn the 5G HE AV + the SUPI (deconcealed by SIDF)
3AUSFstore XRES* temporarily
4AUSFcompute HXRES* from XRES*, derive K SEAF from K AUSF → the lean 5G SE AV = RAND · AUTN · HXRES*
5AUSF→SEAFsend only the 5G SE AV (K SEAF and XRES* stay home)
6SEAF→UEAuthentication Request: RAND · AUTN · ngKSI · ABBA
7USIM/MEUSIM verifies AUTN (freshness + MAC) → network proven; returns RES, CK, IK; ME computes RES*, K AUSF, K SEAF
8UE→SEAFAuthentication Response: RES*
9SEAFcompute HRES* from RES*, compare to HXRES* → serving-side check
10SEAF→AUSFforward the real RES*
11AUSFcompare RES* to stored XRES* — the home network confirms the subscriber (what 4G lacked)
12AUSF→SEAFResult + SUPI + K SEAF released; SEAF derives K AMF from K SEAF · ABBA · SUPI → to the AMF

EAP-AKA′ (§6.1.3.1): the AUSF is the EAP server; CK′/IK′ → EMSK; the most significant 256 bits of EMSK become K AUSF; the run ends with an EAP-Success. Same anchor key (K SEAF) at the end. The UDM picks the method.

The 5G key hierarchy — each key from its parent, one-way (TS 33.501 §6.2, Fig 6.2.1-1)
KeyDerived by / fromKDF inputsPurpose
KUSIM + ARPF (permanent)the root · 128 or 256 bit · never leaves
CK, IKfrom K, during AKARAND (→ CK′, IK′ for EAP-AKA′)cipher / integrity keys
K AUSFME + ARPF/AUSFSN name · SQN⊕AK (or EMSK)home key
K SEAFME + AUSF, from K AUSFSN namethe anchor key · SEAF-only, then deleted
K AMFME + SEAF, from K SEAFSUPI · ABBAtop of the serving-network tree
K NASint / K NASencME + AMF, from K AMFNAS-int/enc-alg · Alg-IDNAS signalling protection
K gNB / NHME + AMF, from K AMFNAS UL/DL COUNTto the base station / handover Next Hop
K RRCint / K RRCencME + gNB, from K gNBRRC-int/enc-alg · Alg-IDradio signalling protection
K UPint / K UPencME + gNB, from K gNBUP-int/enc-alg · Alg-IDuser-plane protection · truncated 256→128

Key separation: the KDF is one-way — a child key can never reveal its parent. A captured radio key exposes one tower; it can never climb back to K AMF or K SEAF. Damage stays local.

Cipher & integrity algorithms (TS 33.501 §5.11.1) · UP security policy (§6.6)

Ciphering — NEA

  • 0000₂ NEA0 — null ciphering.
  • 0001₂ 128-NEA1 — SNOW 3G.
  • 0010₂ 128-NEA2 — AES in CTR mode.
  • 0011₂ 128-NEA3 — ZUC.

Integrity — NIA

  • 0000₂ NIA0 — null integrity (emergency only).
  • 0001₂ 128-NIA1 — SNOW 3G.
  • 0010₂ 128-NIA2 — AES in CMAC mode.
  • 0011₂ 128-NIA3 — ZUC.

Selection & bidding-down (§5.11.2): the UE sends its security capabilities; the network selects the best shared algorithm and echoes the choice back, integrity protected, inside the Security Mode Command — so no attacker can silently downgrade. NAS SMC (§6.7.2) locks signalling — integrity protected with K NASint before ciphering; AS SMC (§6.7.4) locks the radio. UP security policy (§6.6): integrity and confidentiality each Required / Preferred / Not-needed, per DRB.

Handover key handling — forward security (TS 33.501 §6.9)

Horizontal

  • Next K gNB from the current K gNB.
  • Fast — but the old tower can compute it. NCC unchanged.

Vertical

  • Next K gNB from a fresh Next Hop (NH).
  • No link to the old tower → forward security. NCC increased.

{NH, NCC} · paths

  • AMF pre-computes the NH chain; NCC = Next Hop Chaining Counter.
  • Xn (tower⇄tower) · N2 (through core) · intra-gNB re-key.
  • Inter-AMF: source derives K AMF′ (§6.9.3).
Service-Based Architecture security — TLS · OAuth 2.0 (TS 33.501 §13.1, §13.4)

Transport & authentication

  • Mutual TLS on every NF-to-NF API call (§13.1).
  • Telescopic FQDN / 3gpp-Sbi-Target-apiRoot header for shared certs.
  • Direct communication · or via the SCP (indirect).
  • CCA — a self-signed JWT for application-layer authentication (§13.3.8).

OAuth 2.0 authorization (§13.4.1)

  • NRF = authorization server · NF consumer = client · NF producer = resource server.
  • Grant: Client Credentials (RFC 6749 §4.4).
  • Access token = JWT (RFC 7519) signed with JWS (RFC 7515).
  • The scope claim = the exact services allowed. No token, no service.
The roaming border — SEPP · N32 · PRINS (TS 33.501 §13.2)

SEPP & N32

  • The Security Edge Protection Proxy guards every message leaving/entering a PLMN.
  • N32-c — control: negotiate cipher suites & protection policy.
  • N32-f — forwarding: the protected traffic.
  • IPUPS — Inter-PLMN UP Security for the user-plane tunnels.

PRINS with JOSE

  • Application-layer security so IPX intermediaries can still edit legitimately.
  • JWE encrypts sensitive IEs; JWS signs the whole message.
  • Each intermediary modification is separately signed → auditable.
  • The receiving SEPP verifies exactly what changed, rejects the rest.
Every security element — searchable (keys · algorithms · vectors · SBA)

Filter by name, clause, or family — IDENTITY · KEY · AUTH · ALGO · SBA.

ElementFamilyWhereClauseWhat it is
TS 33.501 V19.5.0 §5.11 · §6.1 · §6.2 · §6.7 · §6.9 · §6.12 · §13 — identifiers verbatim

The rule to remember: 5G security is not a wall — it is a chain of trust, link by link, where every link refreshes and no link can forge its neighbour. Conceal the identity, authenticate mutually, grow the key tree, lock signalling then radio, refresh on every move, and protect the core’s own conversations. See that chain and any security failure becomes a readable story.

Built from ETSI TS 133 501 V19.5.0 · Figures 6.1.3.2-1, 6.2.1-1 · Tables §5.11.1.1/§5.11.1.2
QUIZ · 10 QUESTIONS

5G Security mastery check

Questions and answers reshuffle every load. 70%+ to consider Module 6 done.