User Authentication in 5G

User Authentication in 5G is slightly different than 4G as Home Network has a better role to play in Authentication.

First level of Authentication is done at AMF (Just like MME in 4G) but second level of authentication is done at AUSF which was not existent in 4G Networks.

What about ๐’๐„๐€๐…, ๐’๐„๐๐, ๐€๐‘๐๐… ๐š๐ง๐ ๐’๐ˆ๐ƒ๐… and what role they play?

Admin note: this post was updated with image below.


LinkedIn: :point_down:

In 5G networks, the authentication framework has been significantly enhanced to provide better security and flexibility compared to 4G. The new architecture introduces several key components that work together to ensure secure and efficient user authentication. Hereโ€™s a detailed look at the roles of SEAF, SEPP, ARPF, and SIDF in 5G authentication:

Key Components in 5G Authentication

  1. SEAF (Serving Network Function):

    • The SEAF is part of the Access and Mobility Management Function (AMF).
    • Its primary role is to receive the initial authentication request from the user equipment (UE) and forward it to the Authentication Server Function (AUSF).
    • SEAF also manages the Security Anchor Key (K_SEAF), which is derived during the authentication process and used for subsequent security procedures.
  2. AUSF (Authentication Server Function):

    • The AUSF is a new component in 5G that handles the second level of authentication.
    • It receives authentication requests from SEAF and communicates with the Unified Data Management (UDM) to authenticate the user.
    • AUSF supports various authentication methods, including 5G-AKA (Authentication and Key Agreement) and EAP-AKAโ€™ (Extensible Authentication Protocol for AKA).
  3. ARPF (Authentication Credential Repository and Processing Function):

    • The ARPF stores and manages authentication credentials and performs cryptographic operations.
    • It is responsible for generating authentication vectors used in the 5G-AKA protocol.
    • The ARPF works in conjunction with the AUSF and UDM to authenticate the user and provide the necessary cryptographic keys.
  4. SEPP (Security Edge Protection Proxy):

    • SEPP acts as a security gateway between different network domains, such as between the home network and visited networks.
    • It provides end-to-end security for control plane messages exchanged between operators.
    • SEPP ensures that sensitive information is protected while traversing untrusted networks by encrypting and integrity-protecting the signaling messages.
  5. SIDF (Subscription Identifier De-concealing Function):

    • The SIDF is responsible for de-concealing the Subscription Permanent Identifier (SUPI) to the Subscription Concealed Identifier (SUCI).
    • SUPI is a permanent identifier similar to the IMSI in 4G, but it is encrypted into SUCI to protect user privacy.
    • SIDF performs the de-concealing operation only in a secure environment within the home network to ensure the SUPI is not exposed.

*) Authentication Process in 5G

  1. Initial Authentication:

    • The UE sends an initial authentication request to the AMF.
    • The AMF (SEAF) forwards this request to the AUSF.
  2. Authentication Verification:

    • The AUSF communicates with the UDM and ARPF to verify the userโ€™s identity and retrieve authentication vectors.
    • If authentication is successful, the AUSF sends a response to the SEAF.
  3. Key Management:

    • SEAF derives the K_SEAF from the authentication vectors and provides it to the UE.
    • Subsequent security procedures use this key to ensure secure communication between the UE and the network.
  4. Cross-Domain Security:

    • If the UE is in a visited network, the SEPP ensures that all control plane messages between the visited and home networks are securely protected.
  5. Subscription Identifier Protection:

    • The SIDF in the home network de-conceals the SUCI to SUPI, ensuring that the permanent identifier is not exposed during transit.

By introducing these new components and enhancing the authentication procedures, 5G networks provide a more secure and flexible framework for user authentication, ensuring robust protection against various security threats.

I hope your all points have been cleared in this answer. Let me know if Any other clarification is required.

1 Like