Security &
Trust.
The module where the network learns to trust a stranger over the open air. Identity privacy with the SUCI, the full 5G-AKA authentication dance, the key hierarchy from K to the four radio keys, the cipher and integrity algorithms, security mode commands, forward-secure handovers, and how the core protects its own API calls and the roaming border — narrated and fully animated, with a cinematic camera.
Security — a chain of trust, assembled in under a second
The player screen is a live animation stage with a cinematic camera — the key tree grows, the AKA challenge flies, and the security chain locks exactly as the narration reaches it. Karaoke subtitles in English, two subtitle modes, fullscreen.
Every information element in the module
Each security structure the video opens — its interface, direction, purpose and clause. Click any row to open its full breakdown. Filter to find any of them.
| Structure | Interface | Dir | What it does | Clause |
|---|
5G Security, at protocol depth
Everything the video animates, as reference you can scan: the six security domains, how the SUCI conceals identity, the exact 5G-AKA exchange, the full key hierarchy, the cipher and integrity algorithms, and how the core protects its own API calls and the roaming border. All spec-cited to TS 33.501 V19.5.0.
① Network Access
- Device ⇄ network — the air link.
- Primary authentication, NAS & AS security, key hierarchy.
- Most of this module lives here.
② Network Domain
- Secure traffic between network functions.
- Transport protection (NDS/IP, TLS).
③ User Domain
- USIM ⇄ device mutual authentication.
- The PIN — user to UICC.
④ Application Domain
- App on device ⇄ app in the network.
- Out of scope of the access procedures.
⑤ SBA Domain
- Protects the API calls between NFs.
- TLS + OAuth 2.0 · SEPP/PRINS at the border (§13).
⑥ Visibility & Config.
- Can the user see whether security is on?
- Serving-network identifier available to apps.
SUPI — the secret name
- Permanent identity (IMSI or NAI form).
- Shall NEVER be sent over the air in the clear.
- Recovered only at the UDM.
SUCI — the sealed envelope
- Readable: SUPI Type · Home Net Id · Routing Indicator · Scheme Id · HN Key Id.
- Secret: the Scheme Output (encrypted subscriber part).
- Schemes (Annex C): null · Profile A (Curve25519) · Profile B (secp256r1) — ECIES.
- Fresh & random each time → unlinkable ciphertext.
SIDF — the letter-opener
- De-conceals SUCI → SUPI at the UDM.
- Uses the Home Network Private Key.
- Only home-network elements may invoke it.
| Step | Where | What happens |
|---|---|---|
| 1 | UDM/ARPF | generate AV: RAND, AUTN (separation bit = 1), derive K AUSF, compute XRES* → the 5G HE AV = RAND · AUTN · XRES* · K AUSF |
| 2 | UDM→AUSF | return the 5G HE AV + the SUPI (deconcealed by SIDF) |
| 3 | AUSF | store XRES* temporarily |
| 4 | AUSF | compute HXRES* from XRES*, derive K SEAF from K AUSF → the lean 5G SE AV = RAND · AUTN · HXRES* |
| 5 | AUSF→SEAF | send only the 5G SE AV (K SEAF and XRES* stay home) |
| 6 | SEAF→UE | Authentication Request: RAND · AUTN · ngKSI · ABBA |
| 7 | USIM/ME | USIM verifies AUTN (freshness + MAC) → network proven; returns RES, CK, IK; ME computes RES*, K AUSF, K SEAF |
| 8 | UE→SEAF | Authentication Response: RES* |
| 9 | SEAF | compute HRES* from RES*, compare to HXRES* → serving-side check |
| 10 | SEAF→AUSF | forward the real RES* |
| 11 | AUSF | compare RES* to stored XRES* — the home network confirms the subscriber (what 4G lacked) |
| 12 | AUSF→SEAF | Result + SUPI + K SEAF released; SEAF derives K AMF from K SEAF · ABBA · SUPI → to the AMF |
EAP-AKA′ (§6.1.3.1): the AUSF is the EAP server; CK′/IK′ → EMSK; the most significant 256 bits of EMSK become K AUSF; the run ends with an EAP-Success. Same anchor key (K SEAF) at the end. The UDM picks the method.
| Key | Derived by / from | KDF inputs | Purpose |
|---|---|---|---|
| K | USIM + ARPF (permanent) | — | the root · 128 or 256 bit · never leaves |
| CK, IK | from K, during AKA | RAND (→ CK′, IK′ for EAP-AKA′) | cipher / integrity keys |
| K AUSF | ME + ARPF/AUSF | SN name · SQN⊕AK (or EMSK) | home key |
| K SEAF | ME + AUSF, from K AUSF | SN name | the anchor key · SEAF-only, then deleted |
| K AMF | ME + SEAF, from K SEAF | SUPI · ABBA | top of the serving-network tree |
| K NASint / K NASenc | ME + AMF, from K AMF | NAS-int/enc-alg · Alg-ID | NAS signalling protection |
| K gNB / NH | ME + AMF, from K AMF | NAS UL/DL COUNT | to the base station / handover Next Hop |
| K RRCint / K RRCenc | ME + gNB, from K gNB | RRC-int/enc-alg · Alg-ID | radio signalling protection |
| K UPint / K UPenc | ME + gNB, from K gNB | UP-int/enc-alg · Alg-ID | user-plane protection · truncated 256→128 |
Key separation: the KDF is one-way — a child key can never reveal its parent. A captured radio key exposes one tower; it can never climb back to K AMF or K SEAF. Damage stays local.
Ciphering — NEA
- 0000₂ NEA0 — null ciphering.
- 0001₂ 128-NEA1 — SNOW 3G.
- 0010₂ 128-NEA2 — AES in CTR mode.
- 0011₂ 128-NEA3 — ZUC.
Integrity — NIA
- 0000₂ NIA0 — null integrity (emergency only).
- 0001₂ 128-NIA1 — SNOW 3G.
- 0010₂ 128-NIA2 — AES in CMAC mode.
- 0011₂ 128-NIA3 — ZUC.
Selection & bidding-down (§5.11.2): the UE sends its security capabilities; the network selects the best shared algorithm and echoes the choice back, integrity protected, inside the Security Mode Command — so no attacker can silently downgrade. NAS SMC (§6.7.2) locks signalling — integrity protected with K NASint before ciphering; AS SMC (§6.7.4) locks the radio. UP security policy (§6.6): integrity and confidentiality each Required / Preferred / Not-needed, per DRB.
Horizontal
- Next K gNB from the current K gNB.
- Fast — but the old tower can compute it. NCC unchanged.
Vertical
- Next K gNB from a fresh Next Hop (NH).
- No link to the old tower → forward security. NCC increased.
{NH, NCC} · paths
- AMF pre-computes the NH chain; NCC = Next Hop Chaining Counter.
- Xn (tower⇄tower) · N2 (through core) · intra-gNB re-key.
- Inter-AMF: source derives K AMF′ (§6.9.3).
Transport & authentication
- Mutual TLS on every NF-to-NF API call (§13.1).
- Telescopic FQDN / 3gpp-Sbi-Target-apiRoot header for shared certs.
- Direct communication · or via the SCP (indirect).
- CCA — a self-signed JWT for application-layer authentication (§13.3.8).
OAuth 2.0 authorization (§13.4.1)
- NRF = authorization server · NF consumer = client · NF producer = resource server.
- Grant: Client Credentials (RFC 6749 §4.4).
- Access token = JWT (RFC 7519) signed with JWS (RFC 7515).
- The scope claim = the exact services allowed. No token, no service.
SEPP & N32
- The Security Edge Protection Proxy guards every message leaving/entering a PLMN.
- N32-c — control: negotiate cipher suites & protection policy.
- N32-f — forwarding: the protected traffic.
- IPUPS — Inter-PLMN UP Security for the user-plane tunnels.
PRINS with JOSE
- Application-layer security so IPX intermediaries can still edit legitimately.
- JWE encrypts sensitive IEs; JWS signs the whole message.
- Each intermediary modification is separately signed → auditable.
- The receiving SEPP verifies exactly what changed, rejects the rest.
Filter by name, clause, or family — IDENTITY · KEY · AUTH · ALGO · SBA.
| Element | Family | Where | Clause | What it is |
|---|
The rule to remember: 5G security is not a wall — it is a chain of trust, link by link, where every link refreshes and no link can forge its neighbour. Conceal the identity, authenticate mutually, grow the key tree, lock signalling then radio, refresh on every move, and protect the core’s own conversations. See that chain and any security failure becomes a readable story.
Built from ETSI TS 133 501 V19.5.0 · Figures 6.1.3.2-1, 6.2.1-1 · Tables §5.11.1.1/§5.11.1.25G Security mastery check
Questions and answers reshuffle every load. 70%+ to consider Module 6 done.