Authentication, Authorization, and Accounting

Description

Authentication, Authorization, and Accounting (AAA) is a comprehensive security and management framework defined by 3GPP to control access to network resources, enforce policies, and record usage data. In the 3GPP architecture, AAA functions are primarily implemented within the Core Network, often interacting with the Home Subscriber Server (HSS) or Unified Data Management (UDM) for credential verification and user profile data. The framework is protocol-agnostic in concept but is commonly realized using the Diameter protocol (specified in 3GPP TS 29.229 and related specs) for communication between network functions, such as between a Policy and Charging Rules Function (PCRF) and an Online Charging System (OCS).

The process begins with Authentication, where a user or device proves its identity to the network, typically by presenting credentials (like an IMSI and a shared secret) that are verified against data stored in the HSS/UDM. This step ensures the entity is who it claims to be. Following successful authentication, Authorization determines what services, data rates, or network resources the user is permitted to access based on their subscription profile, current network policies, and service agreements. This is enforced by network elements like the Policy Control Function (PCF).

Finally, Accounting involves the collection of resource consumption data for purposes of billing, trend analysis, or capacity planning. This can be done in real-time (online charging) or as a batch process after the session (offline charging). The AAA framework integrates deeply with the 3GPP Policy and Charging Control (PCC) architecture, where authorization and accounting policies are dynamically applied and updated during a user session. Its role is critical not just for basic access but for enabling sophisticated service differentiation, secure network slicing, and flexible business models like sponsored data.

Purpose & Motivation

The AAA framework was created to address the fundamental requirements of commercial telecommunications networks: ensuring that only legitimate, paying subscribers can access services, that they use only the services they are entitled to, and that their usage can be accurately measured and billed. Prior to standardized AAA, early mobile networks had simpler, less scalable mechanisms for access control and billing. The formalization of AAA in 3GPP, beginning with Release 4, provided a structured, interoperable, and scalable model that could support the transition from circuit-switched voice to packet-switched data services and the complex service portfolios of 3G and beyond.

Its creation was motivated by the need for a unified security and management layer that could work across diverse access technologies (e.g., GPRS, WLAN interworking, 5G NR) and service types. It solves the problem of fragmented access control by providing a centralized point for credential verification and policy decision-making. Furthermore, it enables advanced business operations by supporting flexible charging models (pre-paid, post-paid, volume-based, time-based) and detailed auditing trails, which are essential for regulatory compliance and fraud prevention. In essence, AAA is the cornerstone that transforms a raw connectivity pipe into a secure, billable, and manageable commercial service.

Key Features

• Centralized user authentication against HSS/UDM credentials
• Dynamic authorization based on subscriber profiles and network policies
• Real-time (online) and batch (offline) accounting and charging
• Integration with Policy and Charging Control (PCC) architecture
• Support for access-agnostic security (3GPP and non-3GPP access)
• Enables detailed usage reporting for billing and analytics

Evolution Across Releases

Defining Specifications