User Authentication in 5G

sanjaynolkha · June 18, 2024, 9:47am

User Authentication in 5G is slightly different than 4G as Home Network has a better role to play in Authentication.

First level of Authentication is done at AMF (Just like MME in 4G) but second level of authentication is done at AUSF which was not existent in 4G Networks.

What about 𝐒𝐄𝐀𝐅, 𝐒𝐄𝐏𝐏, 𝐀𝐑𝐏𝐅 𝐚𝐧𝐝 𝐒𝐈𝐃𝐅 and what role they play?

Admin note: this post was updated with image below.

1718703713141

LinkedIn:

Shivamgoswami143 · June 19, 2024, 11:59am

In 5G networks, the authentication framework has been significantly enhanced to provide better security and flexibility compared to 4G. The new architecture introduces several key components that work together to ensure secure and efficient user authentication. Here’s a detailed look at the roles of SEAF, SEPP, ARPF, and SIDF in 5G authentication:

Key Components in 5G Authentication

SEAF (Serving Network Function):
- The SEAF is part of the Access and Mobility Management Function (AMF).
- Its primary role is to receive the initial authentication request from the user equipment (UE) and forward it to the Authentication Server Function (AUSF).
- SEAF also manages the Security Anchor Key (K_SEAF), which is derived during the authentication process and used for subsequent security procedures.
AUSF (Authentication Server Function):
- The AUSF is a new component in 5G that handles the second level of authentication.
- It receives authentication requests from SEAF and communicates with the Unified Data Management (UDM) to authenticate the user.
- AUSF supports various authentication methods, including 5G-AKA (Authentication and Key Agreement) and EAP-AKA’ (Extensible Authentication Protocol for AKA).
ARPF (Authentication Credential Repository and Processing Function):
- The ARPF stores and manages authentication credentials and performs cryptographic operations.
- It is responsible for generating authentication vectors used in the 5G-AKA protocol.
- The ARPF works in conjunction with the AUSF and UDM to authenticate the user and provide the necessary cryptographic keys.
SEPP (Security Edge Protection Proxy):
- SEPP acts as a security gateway between different network domains, such as between the home network and visited networks.
- It provides end-to-end security for control plane messages exchanged between operators.
- SEPP ensures that sensitive information is protected while traversing untrusted networks by encrypting and integrity-protecting the signaling messages.
SIDF (Subscription Identifier De-concealing Function):
- The SIDF is responsible for de-concealing the Subscription Permanent Identifier (SUPI) to the Subscription Concealed Identifier (SUCI).
- SUPI is a permanent identifier similar to the IMSI in 4G, but it is encrypted into SUCI to protect user privacy.
- SIDF performs the de-concealing operation only in a secure environment within the home network to ensure the SUPI is not exposed.

*) Authentication Process in 5G

Initial Authentication:
- The UE sends an initial authentication request to the AMF.
- The AMF (SEAF) forwards this request to the AUSF.
Authentication Verification:
- The AUSF communicates with the UDM and ARPF to verify the user’s identity and retrieve authentication vectors.
- If authentication is successful, the AUSF sends a response to the SEAF.
Key Management:
- SEAF derives the K_SEAF from the authentication vectors and provides it to the UE.
- Subsequent security procedures use this key to ensure secure communication between the UE and the network.
Cross-Domain Security:
- If the UE is in a visited network, the SEPP ensures that all control plane messages between the visited and home networks are securely protected.
Subscription Identifier Protection:
- The SIDF in the home network de-conceals the SUCI to SUPI, ensuring that the permanent identifier is not exposed during transit.

By introducing these new components and enhancing the authentication procedures, 5G networks provide a more secure and flexible framework for user authentication, ensuring robust protection against various security threats.

I hope your all points have been cleared in this answer. Let me know if Any other clarification is required.

https://www.linkedin.com/in/shivam-goswami-iws

Topic		Replies	Views
AMF (Access Management Function) In 5G-NR - techLTEworld 5G NR 5g-nr , amf	0	588	April 22, 2023
5G: Do we need a BSF? 5G NR 5g-nr , 5gc	1	3196	June 19, 2023
How Network Repository Function Plays a Critical Role in Cloud Native 5G SA Network 5G NR 5g-sa	0	199	May 7, 2024
A Comparison between 4G NEs (Network Elements) and 5G NFs (Network Functions) RAN 5g-nr , 4g-lte	0	1470	January 24, 2024
Comparison of Key Radio Features and Parameters (4G vs 5G) 5G NR 5g-nr	2	2779	March 15, 2023
Main differences between NSA and SA call 5G NR 5g-nr , 5g-sa , 5g-nsa	10	4439	December 31, 2023
5G Network Architecture Function in a single diagram 5G NR 5g-nr	0	1659	March 20, 2023
5G Core Architecture: Faculty Development Program 5G NR 5g-nr , core , 5g-core	0	279	April 12, 2024
5G QoS (Quality of Service) Architecture 5G NR 5g-nr , 4g-lte , qos , upf	1	3058	August 22, 2023
5G NF and Services 5G NR 5g-nr	0	1720	September 26, 2022

User Authentication in 5G

Related Topics