{"id":36,"date":"2020-11-19T04:38:39","date_gmt":"2020-11-19T04:38:39","guid":{"rendered":"http:\/\/cybersecinfinity.in\/?p=36"},"modified":"2020-12-29T15:10:01","modified_gmt":"2020-12-29T15:10:01","slug":"5g-aka-authentication-process-3gpp-33501","status":"publish","type":"post","link":"http:\/\/cybersecinfinity.in\/index.php\/2020\/11\/19\/5g-aka-authentication-process-3gpp-33501\/","title":{"rendered":"5G AKA authentication process \u2013 (3GPP 33501)"},"content":{"rendered":"\n

5G AKA authentication process \u2013 (3GPP 33501)<\/u><\/strong><\/p>\n\n\n\n

Hello my readers today we will talk about two ways to authenticate a UE in 5G :-<\/p>\n\n\n\n

5G AKA (Authentication Key Agreement)<\/p>\n\n\n\n

EAP AKA<\/p>\n\n\n\n

The below components in the 5G network architecture are instrumental in the authentication process<\/p>\n\n\n\n

\"\"
Step 1 \u2013 UE searches for the SN<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

UE \u2013 User equipment<\/p>\n\n\n\n

SEAF \u2013 Security anchor function<\/p>\n\n\n\n

AUSF \u2013 Authentication server function<\/p>\n\n\n\n

UDM \u2013 Unified data management<\/p>\n\n\n\n

You can consider AUSF as the MME\/MSC and UDM as HSS \/ HLR of the older generation of 3GPP<\/p>\n\n\n\n

Here is the step vise authentication process for the UE to the network and vice versa :-<\/p>\n\n\n\n

  1. On the N1 interface UE send {N1 message with SUCI (if attach for 1st time) else 5G GUTI}<\/li><\/ol>\n\n\n\n
    \"\"
    Step 2 \u2013 UE first time attach request to SEAF<\/figcaption><\/figure>\n\n\n\n

    <\/p>\n\n\n\n

    Quick recap on the permanent and temporary identifier used during the attach request and subsequent network usage<\/p>\n\n\n\n

    2G,3G<\/strong><\/td>4G,5G<\/strong><\/td>Type of subscriber identifier<\/strong><\/td>When is this used<\/strong><\/td><\/tr>
    IMSI Internation mobile subscriber identity<\/td>SUPI Subscriber permanent identity<\/td>Permanent<\/td>In order to avoid MITM, only during exceptional scenarios of first time attach Or When the network is unable to resolve SUPI from SUCI\/GUTI<\/td><\/tr>
    TMSI Temparory mobile subscriber identity<\/td>GUTI Global unique temparory identifier<\/td>Temporary<\/td>Each time location is updated or attach attempt is made or call is attempted or as set in the PLMN parameters<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
    \"\"
    Step 3 \u2013 at SEAF<\/figcaption><\/figure>\n\n\n\n

    <\/p>\n\n\n\n

    \"\"
    Step 4 \u2013 at AUSF<\/figcaption><\/figure>\n\n\n\n

    <\/p>\n\n\n\n

    \"\"
    Step 5 \u2013 at UDM first time HEAV is derived<\/figcaption><\/figure>\n\n\n\n

    <\/p>\n\n\n\n

    HEAV \u2013 Home environment authentication vector<\/p>\n\n\n\n

    \"\"
    Step 6 \u2013 at AUSF AV<\/figcaption><\/figure>\n\n\n\n

    <\/p>\n\n\n\n

    AV \u2013 Authentication vector<\/p>\n\n\n\n

    \"\"
     Step 7 \u2013 at SEAF<\/figcaption><\/figure>\n\n\n\n
    \"\"
    Step 8 \u2013 at UE [ the UE authentication is complete here]
    <\/figcaption><\/figure>\n\n\n\n
    \"\"
    Step 9 \u2013 at SEAF [ the serving network authentication is complete here]<\/figcaption><\/figure>\n\n\n\n