F.3 Subscriber identity and key derivation

33.5013GPPRelease 18Security architecture and procedures for 5G SystemTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

EAP-AKA’ uses the subscriber identity (Identity) as an input to the key derivation when the key derivation function has value 1 ( i.e. MK = PRF'(IK’|CK’,"EAP-AKA’"|Identity)). RFC 4187 [21] clause 7 describes that the Identity is taken from the EAP-Response/Identity or EAP-Response/AKA-Identity AT_IDENTITY attribute sent by the peer. This principle is not applied to the 5GS.

If the AT_KDF_INPUT parameter contains the prefix "5G:", the AT_KDF parameter has the value 1 and the authentication is not related to fast re-authentication, then the UE shall set as the Identity for key derivation. When the SUPI Type is IMSI, the Identity shall be set to IMSI as defined in clause 2.2 of TS 23.003 [19]. When the SUPI type is network specific identifier, the Identity shall be set to Network Access Identifier (NAI) as defined in clause 28.7.2 of TS 23.003 [19]. When the SUPI type is GLI, the Identity shall be set to GLI taking format of NAI as defined in clause 28.15.2 of TS 23.003 [19]. When the SUPI type is GCI, the Identity shall be set to GLI taking format of NAI as defined in clause 28.16.2 of TS 23.003 [19]. This principle applies to all full EAP-AKA’ authentications, even if the UE sent SUCI in NAS protocol or if the UE sent SUCI in the respose to the EAP identity requests as described in Table F.2-1 or if no identity was sent because the network performed re-authentication. The only exception is fast re-authentication when the UE follows the key derivation as described in RFC 5448 [12] for fast re-authentication.

NOTE 1: The fast re-authentication is not supported in 5GS.

NOTE 2: The prefix "5G:" is part of serving network name as specified in clause 6.1.1.4.