H.2 Authentication and key agreement

3GPP43.020Release 17Security related network functionsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The security feature related to the entity authentication is as defined by TS 33.102 [18] subclause 5.1.2.

UMTS AKA is the authentication and key agreement procedure that shall be used over enhanced GPRS in relation to Cellular IoT (as specified in TS 33.102 [18]). 2G AKA and 2G SIM shall not be used by the ME or by the network. If the ME receives a 2G AKA RAND, it shall ignore it.

An ME that has EC-GSM-IoT radio capability shall support the UICC(USIM)-ME interface as specified in TS 31.102 [18].

When using USIM AKA, the USIM shall compute CK and IK which are sent to the ME. If the USIM computes a Kc (i.e. GPRS Kc) from CK and IK using conversion function c3 as described in TS 33.102 [18], and sends it to the ME, then the ME shall ignore such GPRS Kc and not store the GPRS Kc on USIM or in ME.

The CK/IK produced by UMTS AKA shall be used by the ME and the eSGSN as the basis of the keying material for CIoT control plane (CP) and user plane (UP) ciphering key (Kc128) as well as CP integrity protection key (Ki128).

NOTE 1: Key derivation of Kc128 and Ki128 is specified in subclause H.6.