AES

Advanced Encryption Standard

Security →
Introduced in Rel-8 Also in: Core Network

AES is the standardized symmetric block cipher adopted by 3GPP to provide strong confidentiality and integrity protection for securing user data and signaling traffic across the air interface and core network.

Category
Security
Introduced
Rel-8
Where
Security
Also touches
1 segments
Specifications
18 specs
AES Description Purpose Detected Changes Specifications

Description

The Advanced Encryption Standard (AES) is a symmetric-key block cipher algorithm that encrypts and decrypts data in fixed-size blocks, typically 128 bits, using cryptographic keys of 128, 192, or 256 bits. Within 3GPP systems, AES is implemented as a core cryptographic primitive within various security algorithms defined in the specifications. It operates through multiple rounds of substitution, permutation, and mixing operations (SubBytes, ShiftRows, MixColumns, and AddRoundKey) on a state array representing the data block. The number of transformation rounds—10, 12, or 14—depends on the key length, ensuring a high level of diffusion and confusion to resist cryptanalysis.

Architecturally, AES is integrated into 3GPP's security framework through specific confidentiality and integrity algorithms. For example, in LTE and 5G, the 128-EEA1 and 128-EIA1 algorithms are based on AES in Counter (CTR) mode for encryption and AES in CMAC mode for integrity protection, respectively. In the 5G security suite defined in TS 33.501, AES is a foundational component for the NEA0, NIA0 (null algorithms for migration), and the 128/256-bit variants of the NEA and NIA families. The algorithm is executed within the User Equipment (UE) and the network's security entities, such as the Authentication Server Function (AUSF) and Security Anchor Function (SEAF), to protect both user plane data and control plane signaling messages.

Its role in the network is pivotal for ensuring end-to-end security. For air interface protection, AES secures the Radio Resource Control (RRC) signaling and user data between the UE and the base station (gNB/eNB) via the PDCP layer. In the core network, it can be used in security protocols for network domain security (NDS/IP) as specified in TS 33.210. The algorithm's design allows for efficient hardware and software implementation, which is critical for meeting the low-latency and high-throughput requirements of modern mobile networks, including 5G NR. AES's robustness against known attacks, such as linear and differential cryptanalysis, underpins the trust model of 3GPP systems, safeguarding against eavesdropping and data tampering.

Purpose & Motivation

AES was created to address the limitations of older encryption standards like the Data Encryption Standard (DES), which had a small 56-bit key size vulnerable to brute-force attacks. The National Institute of Standards and Technology (NIST) initiated a public competition in 1997, culminating in the selection of the Rijndael algorithm as AES in 2001. Its adoption by 3GPP, starting in Release 8 for LTE, was motivated by the need for a strong, publicly vetted, and royalty-free cipher to replace the aging SNOW 3G-based and Kasumi-based algorithms used in 3G UMTS, providing enhanced security for evolving network architectures.

The primary problems AES solves in 3GPP networks are ensuring robust data confidentiality and integrity against increasingly sophisticated threats. It provides a standardized, high-performance cryptographic solution that can be efficiently implemented across diverse hardware, from resource-constrained IoT devices to high-capacity network servers. This universality supports seamless security across generations, from LTE to 5G and beyond, facilitating secure mobility and service continuity. Furthermore, AES's flexibility in key sizes allows networks to balance security strength with computational overhead, adapting to different service requirements, such as those for massive IoT or ultra-reliable low-latency communications (URLLC).

Historically, the transition to AES in 3GPP reflected a broader industry shift towards stronger, algorithmically transparent security. Its integration addressed vulnerabilities in predecessor algorithms and aligned with global regulatory and compliance standards. By providing a future-proof foundation, AES enables 3GPP systems to withstand long-term cryptographic threats, ensuring user privacy and network integrity as mobile services expand into critical infrastructure and sensitive applications.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (6 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-8, normative work from Rel-15.

Rel-15 2 changes

In Release 15, the changes for the AES function were focused on corrections and subscriber privacy testing. Specifically, one change corrected the encryption key in the confidentiality clause. Another introduced test data for ECIES-based encryption in the User Equipment to enhance subscriber privacy.

  • Correct the encryption key in confidentiality clause TS 33.501CR0259
  • Subscriber privacy: test data for ECIES-based encryption in the UE TS 33.501CR0565
Rel-17 2 changes

In Release 17, the updates for the AES function focused on resolving interoperability details for media transport. Specifically, changes were made to align the JSON format for an encryption information element with other technical specifications and to resolve an editor's note concerning encryption policy mismatches between Security Edge Protection Proxies (SEPPs).

  • Resolving editor's note on encryption policy mismatch between SEPPs TS 33.501CR1019
  • Mirror: align the JSON format on encryption IE with CT4 in Rel17 TS 33.501CR1048
Rel-18 2 changes

In Release 18, the standardization work for the AES function introduced clarifications regarding its application for media transport. Specifically, this included a clarification on the data-type encryption policy and a clarification on the use of NULL encryption. These updates provide more precise guidance for implementing AES-based security, such as within protocols like Secure Reliable Transport (SRT) which supports encryption using AES.

  • Clarification on data-type encryption policy TS 33.501CR1634
  • NULL encryption clarification TS 33.501CR1795

Explore further

Broader topics and technologies where AES plays a role.

Topics
Authentication (5G-AKA, EAP)RRC (Radio Resource Control)Encryption & IntegrityPrivacy (SUPI, SUCI)LTE / LTE-Advanced5G NR (New Radio)
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference AES, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TR 26.805 vh01 Study on Media Production over 5G NPN Systems Rel-17
TR 31.822 vi10 Technical Report on GBA_U based APIs Rel-18
TS 33.204 vj00 TCAP Security (TCAPsec) Stage 2 Specification Rel-19
TS 33.210 vj20 UMTS Security for IP Networks Rel-19
TS 33.401 vj10 EPS Security Architecture Rel-19
TS 33.402 vj00 Security for non-3GPP access to EPS Rel-19
TS 33.501 vk00 5G Security Architecture and Procedures Rel-20
TS 33.700 3GPP TR 33.700 Rel-8
TR 33.916 vj00 3GPP Security Assurance Methodology (SECAM) Rel-19
TS 35.205 vj00 MILENAGE Algorithm Set: General Overview Rel-19
TS 35.234 vj00 MILENAGE-256 Algorithm Set Specification Rel-19
TS 35.235 vj00 MILENAGE-256 Algorithm Set Specification Rel-19
TS 35.236 vj00 MILENAGE-256 Algorithm Set Specification Rel-19
TS 35.249 vj10 f5** Algorithm for MILENAGE and Tuak Rel-19
TR 35.909 vj00 3GPP MILENAGE Algorithm Design Report Rel-19
TR 35.934 vj00 Tuak algorithm set for 3GPP auth & key gen Rel-19
TR 35.937 vj00 MILENAGE-256 Algorithm Set Specification Rel-19
TR 37.901 vf10 UE Application Layer Data Throughput Performance Rel-15