AES

Advanced Encryption Standard

Security
Introduced in Rel-8
AES is a symmetric block cipher standardized by NIST and adopted by 3GPP for securing user data and signaling. It provides strong confidentiality and integrity protection for air interface and core network traffic. Its efficiency and proven security are fundamental to 3GPP system trust.

Description

The Advanced Encryption Standard (AES) is a symmetric-key block cipher algorithm that encrypts and decrypts data in fixed-size blocks, typically 128 bits, using cryptographic keys of 128, 192, or 256 bits. Within 3GPP systems, AES is implemented as a core cryptographic primitive within various security algorithms defined in the specifications. It operates through multiple rounds of substitution, permutation, and mixing operations (SubBytes, ShiftRows, MixColumns, and AddRoundKey) on a state array representing the data block. The number of transformation rounds—10, 12, or 14—depends on the key length, ensuring a high level of diffusion and confusion to resist cryptanalysis.

Architecturally, AES is integrated into 3GPP's security framework through specific confidentiality and integrity algorithms. For example, in LTE and 5G, the 128-EEA1 and 128-EIA1 algorithms are based on AES in Counter (CTR) mode for encryption and AES in CMAC mode for integrity protection, respectively. In the 5G security suite defined in TS 33.501, AES is a foundational component for the NEA0, NIA0 (null algorithms for migration), and the 128/256-bit variants of the NEA and NIA families. The algorithm is executed within the User Equipment (UE) and the network's security entities, such as the Authentication Server Function (AUSF) and Security Anchor Function (SEAF), to protect both user plane data and control plane signaling messages.

Its role in the network is pivotal for ensuring end-to-end security. For air interface protection, AES secures the Radio Resource Control (RRC) signaling and user data between the UE and the base station (gNB/eNB) via the PDCP layer. In the core network, it can be used in security protocols for network domain security (NDS/IP) as specified in TS 33.210. The algorithm's design allows for efficient hardware and software implementation, which is critical for meeting the low-latency and high-throughput requirements of modern mobile networks, including 5G NR. AES's robustness against known attacks, such as linear and differential cryptanalysis, underpins the trust model of 3GPP systems, safeguarding against eavesdropping and data tampering.

Purpose & Motivation

AES was created to address the limitations of older encryption standards like the Data Encryption Standard (DES), which had a small 56-bit key size vulnerable to brute-force attacks. The National Institute of Standards and Technology (NIST) initiated a public competition in 1997, culminating in the selection of the Rijndael algorithm as AES in 2001. Its adoption by 3GPP, starting in Release 8 for LTE, was motivated by the need for a strong, publicly vetted, and royalty-free cipher to replace the aging SNOW 3G-based and Kasumi-based algorithms used in 3G UMTS, providing enhanced security for evolving network architectures.

The primary problems AES solves in 3GPP networks are ensuring robust data confidentiality and integrity against increasingly sophisticated threats. It provides a standardized, high-performance cryptographic solution that can be efficiently implemented across diverse hardware, from resource-constrained IoT devices to high-capacity network servers. This universality supports seamless security across generations, from LTE to 5G and beyond, facilitating secure mobility and service continuity. Furthermore, AES's flexibility in key sizes allows networks to balance security strength with computational overhead, adapting to different service requirements, such as those for massive IoT or ultra-reliable low-latency communications (URLLC).

Historically, the transition to AES in 3GPP reflected a broader industry shift towards stronger, algorithmically transparent security. Its integration addressed vulnerabilities in predecessor algorithms and aligned with global regulatory and compliance standards. By providing a future-proof foundation, AES enables 3GPP systems to withstand long-term cryptographic threats, ensuring user privacy and network integrity as mobile services expand into critical infrastructure and sensitive applications.

Key Features

  • Symmetric block cipher with 128-bit block size
  • Support for key lengths of 128, 192, and 256 bits
  • High resistance to linear and differential cryptanalysis
  • Efficient implementation in both hardware and software
  • Foundation for 3GPP confidentiality (EEA) and integrity (EIA) algorithms
  • Used in multiple modes of operation (e.g., CTR, CMAC) within 3GPP specs

Evolution Across Releases

Rel-8 Initial

Introduced AES as a core cryptographic algorithm for LTE security. Defined the 128-EEA1 and 128-EIA1 algorithms based on AES in CTR and CMAC modes, respectively, for securing air interface communications between UE and eNB. This provided a stronger alternative to the SNOW 3G-based algorithms from 3G, enhancing confidentiality and integrity protection for the new OFDMA-based radio access.

TS 26.805TS 31.822TS 33.204TS 33.210TS 33.401TS 33.402TS 33.501TS 33.700TS 33.916TS 35.205TS 35.234TS 35.235TS 35.236TS 35.249TS 35.909TS 35.934TS 35.937TS 37.901

Defining Specifications

SpecificationTitle
TS 26.805 3GPP TS 26.805
TS 31.822 3GPP TR 31.822
TS 33.204 3GPP TR 33.204
TS 33.210 3GPP TR 33.210
TS 33.401 3GPP TR 33.401
TS 33.402 3GPP TR 33.402
TS 33.501 3GPP TR 33.501
TS 33.700 3GPP TR 33.700
TS 33.916 3GPP TR 33.916
TS 35.205 3GPP TR 35.205
TS 35.234 3GPP TR 35.234
TS 35.235 3GPP TR 35.235
TS 35.236 3GPP TR 35.236
TS 35.249 3GPP TR 35.249
TS 35.909 3GPP TR 35.909
TS 35.934 3GPP TR 35.934
TS 35.937 3GPP TR 35.937
TS 37.901 3GPP TR 37.901