Description
The Authentication Framework (AF) is the cornerstone of security in 3GPP networks, encompassing the protocols, algorithms, and procedures for authenticating users and network entities. At its core is the Authentication and Key Agreement (AKA) protocol, which performs mutual authentication between the User Equipment (UE) and the network's core, specifically the Home Subscriber Server (HSS) or Authentication Server Function (AUSF) in 5G. The process is based on a shared secret key (K) stored securely in the UE's Universal Subscriber Identity Module (USIM) and the network's authentication center (AuC). The framework generates session keys for ciphering and integrity protection of user data and signaling messages over the air interface.
Architecturally, the AF integrates several functional entities. The UE and its USIM are the client-side components. In the network, the HSS/AuC generates authentication vectors (AVs), each containing a random challenge (RAND), an expected response (XRES), a cipher key (CK), an integrity key (IK), and an authentication token (AUTN). These vectors are sent to the serving network's Mobility Management Entity (MME) in 4G or the Access and Mobility Management Function (AMF) in 5G. The serving network then challenges the UE with the RAND and AUTN. The UE's USIM verifies the AUTN to authenticate the network, computes its response (RES), and derives the same CK and IK. The serving network compares the RES with the XRES to authenticate the UE.
The framework's operation involves a precise sequence. First, the serving network requests authentication vectors from the home network. Upon receiving a vector, it sends the RAND and AUTN to the UE. The USIM checks the AUTN's freshness and authenticity using sequence numbers (SQN) and message authentication codes (MAC). If valid, the USIM computes the RES and the keys. The UE sends the RES back, and if it matches the XRES, mutual authentication is successful, and the derived keys (CK, IK) are installed for securing the subsequent communication session. In 5G, this evolved into the 5G AKA and EAP-AKA' protocols, introducing key separation and enhanced home network control.
The role of the AF extends beyond initial access. It supports security context management, enabling re-authentication and key refresh without full AKA runs for handovers. It also provides the foundation for securing network slices and enabling authentication for non-3GPP access (like Wi-Fi) via trusted or untrusted interfaces. The framework's robustness lies in its use of strong cryptographic algorithms (MILENAGE, TUAK), protection against replay attacks via sequence numbers, and the clear separation of the long-term secret from the operational session keys.
Purpose & Motivation
The Authentication Framework was created to solve the fundamental security problem in cellular networks: establishing a trusted relationship between a mobile device and a vast, distributed network operated by multiple entities. Prior to standardized authentication in digital cellular systems (like GSM), analog systems had virtually no security, making them vulnerable to cloning and eavesdropping. The initial framework in GSM introduced one-way authentication (network authenticating the subscriber) but was later found vulnerable to false base station attacks. The creation of the 3GPP AF with UMTS (Release 99/4) was motivated by the need for mutual authentication and stronger cryptographic algorithms to enable secure mobile data services, e-commerce, and corporate access.
The framework addresses critical limitations of previous approaches. GSM's A3/A8 algorithms were weak and provided only one-way authentication. The 3GPP AF introduced mutual authentication via the AUTN token, allowing the UE to verify the network's legitimacy, thus mitigating man-in-the-middle attacks. It also strengthened key derivation, increased key lengths, and introduced integrity protection (IK) alongside encryption (CK). This was essential as networks evolved from primarily voice to carrying sensitive data. The framework's design also solves the problem of secure roaming by defining how the serving (visited) network can authenticate a user using credentials and procedures controlled by the home network, establishing a global trust model.
Furthermore, its evolution is driven by new threats and service requirements. The move to all-IP networks (EPS in 4G) and cloud-native architectures (5GC in 5G) introduced new threat vectors. The AF adapted by enhancing key hierarchy (e.g., introducing the K_ASME in 4G and KAUSF in 5G for key separation between network layers), supporting new authentication protocols like EAP, and integrating with identity management frameworks. It provides the essential trust anchor for network slicing, IoT massive connectivity, and edge computing, ensuring that security scales and adapts with the network architecture.
Architecture
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (299 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.
Studied in Rel-4, normative work from Rel-15.
In Release 15, the AF function saw significant enhancements focused on traffic routing influence and QoS, particularly for new PDU session types like Ethernet, with clarifications and corrections to these procedures. It introduced support for an AF session binding with QoS for Ethernet UEs and provided the AF with N6 user plane tunneling information. Furthermore, updates were made to the framework for secondary authentication and for handling AF requests to multiple PCFs.
- Correction to AF influence on traffic routing TS 23.501CR0037
- Clarifications to AF influence on traffic routing TS 23.501CR0038
- Supporting Common API framework for NEF TS 23.501CR0124
- Clarifications for QoS Framework TS 23.501CR0134
- Updates to AF influence on traffic routing TS 23.501CR0150
- Correction to Providing AF request to multiple PCFs TS 23.501CR0161
+ 19 more changes
In Release 16, the Authentication Framework (AF) was enhanced with new capabilities including slice-specific authentication and authorisation, and support for the Framework for Live Uplink Streaming (FLUS) over the Rx and Npcf_PolicyAuthorization interfaces. It also introduced AF acknowledgement procedures for User Plane path event notifications and charging interactions, such as the reallocation of credit reporting to the AF and support for an AF charging identifier. Furthermore, the AF gained influence over traffic forwarding in 5G-VN groups and the ability to bind sessions to PDU sessions for TSN networks, including the transport of TSC assistance information.
- Description of solution 7 in 23.725 as replication framework TS 23.501CR0872
- Introduction of Slice-Specific Authentication and Authorisation TS 23.501CR1174
- Update NRF descriptions to support AF Available Data Registration as described in TS23.288 TS 23.501CR1406
- AF influence for traffic forwarding in 5G-VN TS 23.501CR1443
- Support of QCI values for Framework for Live Uplink Streaming (FLUS) TS 29.212CR1698
- Support of Framework for Live Uplink Streaming (FLUS) in Rx interface TS 29.214CR1632
+ 52 more changes
In Release 17, the Authentication Framework (AF) was expanded with new support for Multi-USIM devices, 5G ProSe services, and SNPN authentication via an AAA Server. It introduced capabilities for AF-requested Time Sensitive Communication support and enhanced AF influence for traffic routing and EAS IP replacement or rediscovery. The release also added mechanisms for remote credential provisioning for secondary authentication and enabled AF-specific UE ID retrieval across several key network APIs.
- Function Description for Multi-USIM devices TS 23.401CR3622
- AF Services for 5G ProSe TS 23.501CR2596
- SNPN support AAA Server for primary authentication and authorization TS 23.501CR2611
- AF Influence enhancement for EAS IP replacement TS 23.501CR2672
- Remote provisioning of credentials for NSSAA or secondary authentication/authorisation TS 23.501CR2714
- AF Influence enhancement for EAS IP replacement TS 23.501CR2757
+ 75 more changes
In Release 18, the AF function was enhanced to support traffic influence and DNAI selection for common EAS (Edge Application Server), enabling the AF to guide user plane routing to specific network edge locations. New capabilities were introduced for Group AF Sessions to manage QoS resource allocation and monitoring for multiple members simultaneously. Furthermore, the AF's ability to request QoS, including parameters like Packet Delay Variation and timing information, for a target UE was formally added to the AsSessionWithQoS API.
- Secondary DN authentication and authorization in EPS IWK case TS 23.501CR3701
- KI#4 23.501 AF traffic influence for common EAS, DNAI selection TS 23.501CR3788
- Common EAS/DNAI selection by AF TS 23.501CR3789
- PCF support of 5GS Packet Delay Variation monitoring based on QoS monitoring mechanism and exposed to AF TS 23.501CR3792
- KI#4 AF traffic influence for common EAS, DNAI selection TS 23.501CR3987
- AF obtaining DNAI associated to EAS TS 23.501CR4054
+ 80 more changes
In Release 19, the AF function was enhanced with new capabilities to request network slice replacement and influence traffic routing with energy-related information. It also gained the ability to trigger PCEF failure checking, receive user plane path event reports via the PCF, and support expedited transfer indications. Furthermore, the release introduced support for AF request rate limitation reporting and enhancements for N6 delay measurement.
- KI#3: Enhancement for AF influence on traffic routing with Energy related information TS 23.501CR5713
- Support of Slice change based on AF request TS 23.501CR5764
- AF request and functionalities enhancement to support N6 delay measurement TS 23.501CR5443
- VFL support during the discovery of NWDAF, NEF, and AF instances TS 23.501CR5630
- Corrections for 23.501 Data boosting triggered by AS/AF TS 23.501CR5651
- Support of AF request rate limitation information reporting TS 29.122CR0903
+ 43 more changes
Explore further
Broader topics and technologies where AF plays a role.
Defining Specifications
3GPP specifications that define or reference AF, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 23.125 v1700 | Flow Based Charging Architecture | Rel-7 |
| TS 23.139 vj00 | 3GPP-Fixed Broadband Interworking Stage 2 | Rel-19 |
| TS 23.203 vj20 | Policy and charging control architecture | Rel-19 |
| TS 23.207 vj00 | End-to-End QoS Framework for GPRS | Rel-19 |
| TS 23.222 vj80 | Common API Framework for 3GPP Northbound APIs | Rel-19 |
| TS 23.287 vj00 | 5G V2X Architecture Enhancements | Rel-19 |
| TS 23.401 vj50 | Evolved Packet System (EPS) Stage 2 Description | Rel-19 |
| TS 23.417 v1700 | IMS Core Component for NGN Architecture | Rel-7 |
| TS 23.433 vk00 | SEAL Data Delivery (SEALDD) for Verticals | Rel-20 |
| TS 23.501 vk00 | 5G System Architecture Stage 2 | Rel-20 |
| TS 23.517 v1800 | IMS Core Component for NGN Architecture | Rel-8 |
| TS 23.558 vk00 | Architecture for Edge Applications | Rel-20 |
| TS 23.700 vk00 | XR Services Application Enablement Layer | Rel-20 |
| TS 23.701 vc00 | WebRTC Access to IMS Architecture Study | Rel-12 |
| TS 23.722 vf10 | Common API Framework (CAPIF) for 3GPP Northbound APIs | Rel-15 |
| TR 23.745 vh00 | Study on App Layer Support for Factories of the Future in 5G | Rel-17 |
| TR 23.758 vh00 | Study on Edge Application Architecture | Rel-17 |
| TR 23.799 ve00 | Study on Next Generation System Architecture | Rel-14 |
| TS 23.802 v1700 | Enhanced End-to-End QoS Architecture | Rel-7 |
| TS 23.803 v1700 | PCC Architecture Harmonization Study | Rel-7 |
| TR 23.923 v1300 | Mobile IP+ Feasibility Study for UMTS/GPRS | Rel-4 |
| TR 23.958 vj00 | EDGEAPP alignment with ETSI MEC and GSMA OP | Rel-19 |
| TS 24.519 vh10 | TSN AF to DS-TT/NW-TT Protocol Aspects | Rel-17 |
| TS 24.538 vj30 | MSGin5G Service Protocol Specification | Rel-19 |
| TS 24.539 vj30 | NW-TT Protocol Aspects | Rel-19 |
| TS 24.549 vj10 | SEAL Network Slice Capability Enablement Protocol | Rel-19 |
| TS 26.501 vj30 | 5G Media Streaming (5GMS) Architecture | Rel-19 |
| TS 26.510 vj10 | Media Delivery APIs for 5GMS and RTC Systems | Rel-19 |
| TS 26.512 vj10 | 5G Media Streaming Protocols & APIs | Rel-19 |
| TS 26.531 vj00 | Data Collection & Reporting Architecture for 5G | Rel-19 |
| TS 26.532 vj00 | 5G Data Collection and Reporting API Specification | Rel-19 |
| TS 26.565 vj00 | Split Rendering Media Service Enabler | Rel-19 |
| TR 26.803 vh00 | 5G Media Streaming Extensions for Edge Processing | Rel-17 |
| TR 26.919 vj00 | Study on 5G Conversational Media Handling | Rel-19 |
| TR 26.924 vj00 | MTSI QoS Improvement Study | Rel-19 |
| TR 26.927 vj00 | AI/ML in 5G Media Services Study | Rel-19 |
| TR 26.942 vj00 | Study on Media Energy Consumption Exposure & Evaluation | Rel-19 |
| TR 26.998 vj00 | 5G AR/MR Glasses Integration Study | Rel-19 |
| TS 28.802 vf00 | Management Study for 5G Network Architecture | Rel-15 |
| TR 28.816 vh00 | Charging for 5G Cellular IoT | Rel-17 |
| TR 28.833 vi01 | Technical Report on 5G LAN-type Service Management | Rel-18 |
| TS 29.122 vj40 | T8 Reference Point for Northbound APIs | Rel-19 |
| TS 29.201 vj00 | RESTful Rx Interface for AF-PC Communication | Rel-19 |
| TS 29.212 vj00 | Gx/Gxx/Sd/St Diameter Protocol | Rel-19 |
| TS 29.213 vj20 | PCC Signalling Flows and QoS Mapping | Rel-19 |
| TS 29.214 vj20 | Policy and Charging Control over Rx | Rel-19 |
| TS 29.215 vj00 | S9 Reference Point Stage 3 Specification | Rel-19 |
| TS 29.217 vj00 | Policy and Charging Control (PCC) for Np Interface | Rel-19 |
| TS 29.255 vj20 | USS Services for UAS in 5G | Rel-19 |
| TS 29.508 vj40 | 5G Session Management Event Exposure Service | Rel-19 |
| TS 29.512 vj40 | 5G Session Management Policy Control Service | Rel-19 |
| TS 29.513 vj40 | 5G PCC Signalling Flows & QoS Mapping | Rel-19 |
| TS 29.514 vj40 | 5G System; Policy Authorization Service; Stage 3 | Rel-19 |
| TS 29.517 vj40 | 5G AF Event Exposure Service Stage 3 | Rel-19 |
| TS 29.520 vj40 | 5G Network Data Analytics Services Stage 3 | Rel-19 |
| TS 29.521 vj40 | 5G Binding Support Management Service Stage 3 | Rel-19 |
| TS 29.522 vj40 | 5G NEF Northbound APIs Stage 3 | Rel-19 |
| TS 29.523 vj20 | 5G Policy Control Event Exposure Service | Rel-19 |
| TS 29.530 vj00 | AF AI/ML Services Stage 3 Protocol | Rel-19 |
| TS 29.534 vj20 | 5G Access & Mobility Policy Authorization Service | Rel-19 |
| TS 29.535 vj40 | 5G AKMA Anchor Services Stage 3 Protocol | Rel-19 |
| TS 29.536 vj30 | NSACF Service Based Interface Protocol | Rel-19 |
| TS 29.543 vj20 | 5G Data Transfer Policy Control Services Stage 3 | Rel-19 |
| TS 29.552 vj40 | 5G Network Data Analytics Signalling Flows | Rel-19 |
| TS 29.554 vj10 | 5G Background Data Transfer Policy Control Service | Rel-19 |
| TS 29.558 vj40 | Enabling Edge Applications | Rel-19 |
| TS 29.564 vj50 | Nupf Service Based Interface Protocol | Rel-19 |
| TS 29.574 vj40 | 5G Data Collection Coordination Services Stage 3 | Rel-19 |
| TS 29.575 vj40 | 5G Analytics Data Repository Services Stage 3 | Rel-19 |
| TS 29.576 vj40 | 5G Messaging Framework Adaptor Services Stage 3 | Rel-19 |
| TS 29.581 vj20 | MBSTF Service Based Interface Protocol Specification | Rel-19 |
| TS 29.591 vj40 | 5G NEF Southbound Services Stage 3 | Rel-19 |
| TS 29.675 vj10 | UE Radio Capability Provisioning Service | Rel-19 |
| TS 29.816 va00 | PCRF Failure & Restoration Study | Rel-10 |
| TS 29.817 vc10 | Study on XML-based Rx interface for PCC | Rel-12 |
| TS 29.889 vj10 | Study on UPF data collection for AI/ML | Rel-19 |
| TS 29.890 vg00 | CT3 5G System Technical Report | Rel-16 |
| TS 32.240 vj40 | Charging Management Architecture & Principles | Rel-19 |
| TS 32.255 vk10 | Telecom Management; Charging for 5G Data Connectivity | Rel-20 |
| TS 32.272 vj00 | Charging for Push-to-Talk over Cellular (PoC) | Rel-19 |
| TS 32.273 vj00 | MBMS Charging Management | Rel-19 |
| TS 32.279 vj00 | 5G MBS Session Converged Charging | Rel-19 |
| TS 32.291 vj40 | Charging Management: Service-Based Interface Protocol | Rel-19 |
| TS 32.820 v1801 | Charging Architecture Study for Evolved 3GPP | Rel-8 |
| TS 32.899 vf10 | 5G Charging Architecture Study | Rel-15 |
| TS 33.127 vj50 | Lawful Interception Architecture and Functions | Rel-19 |
| TS 33.310 vj50 | 3GPP Authentication Framework for Network Nodes | Rel-19 |
| TS 33.503 vj20 | Security for Proximity Services (ProSe) in 5G | Rel-19 |
| TS 33.535 vj00 | 5G AKMA: Authentication and Key Management for Apps | Rel-19 |
| TR 33.739 vi10 | Study on security enhancement of support for | Rel-18 |
| TR 33.741 vi01 | Home Network Triggered Authentication | Rel-18 |
| TS 33.749 vj00 | Study on security aspects of edge computing enhancement | Rel-19 |
| TS 33.836 vg10 | Security Study for Advanced V2X Services | Rel-16 |
| TR 33.847 vh10 | 5G Proximity Services Security Study | Rel-17 |
| TR 33.866 vh00 | Security aspects of Network Automation enablers for 5GS | Rel-17 |
| TR 33.882 vi01 | Technical Report on 5G Security for Personal IoT Networks | Rel-18 |