In 5G networks, the 5G Authentication and Key Management (5G-AKA) protocol is used for secure authentication and key establishment between the user equipment (UE) and the core network. 5G-AKA is an enhanced version of the Authentication and Key Agreement (AKA) protocol used in earlier generations of mobile networks.
1-Initial Attach: When a UE initially attaches to a 5G network, it sends an Attach Request to the core network. The core network responds with an Attach Accept message, which includes the initial security context for the UE.
2-Authentication Setup: The UE and the Authentication Server Function (AUSF) exchange messages to perform mutual authentication. The UE sends an Authentication Request containing the SUPI or SUCI (Subscriber Permanent/Concealed Identifier). The AUSF generates a random challenge (RAND) and sends it back to the UE.
3-Authentication Response: The UE uses the received RAND, its security credentials (such as the Permanent Shared Key (PSK) or a derived key), and other parameters to compute an authentication response (RES). It sends the RES along with the SUPI/SUCI and the RAND to the AUSF.
4-Authentication Confirmation: The AUSF compares the received RES with its own computation. If they match, the authentication is successful. The AUSF generates an authentication confirmation (AUTN) and a sequence number (SQN) to verify the freshness of the authentication request. These are sent to the UE.
5-Security Context Establishment: Based on the successful authentication, the UE and the AUSF establish a secure security context. They derive session keys, including the Encryption Key (Kseaf) and the Integrity Key (Kamf), which are used for subsequent secure communication between the UE and the core network.
6-Key Derivation: The UE derives additional keys from the session keys for various security functions, such as the Key for User Plane Integrity Protection (Kup), Key for User Plane Encryption (Kue), and more.
7-Registration: After the authentication and key establishment, the UE sends a Registration Request to complete the attach procedure. The core network verifies the registration and assigns resources to the UE for its subsequent communication.