AKI

Asymmetric Key Index

Security
Introduced in Rel-6
AKI is a security parameter used in 3GPP networks to identify which public key from a pair should be used for authentication or encryption. It's essential for managing multiple cryptographic keys in subscriber identity modules (SIM/USIM) and network elements, enabling secure key lifecycle management and preventing authentication failures during key updates.

Description

The Asymmetric Key Index (AKI) is a critical security parameter defined within 3GPP specifications, primarily in the context of UICC (Universal Integrated Circuit Card) and USIM (Universal Subscriber Identity Module) applications. It functions as an identifier that points to a specific public key within an asymmetric key pair stored on the card. In practical terms, when a network entity (like a Home Subscriber Server - HSS) needs to authenticate a USIM or establish a secure channel, it must know which public key to use from potentially several available on the card. The AKI provides this reference, typically being a single-octet value (0-255) that corresponds to a particular key pair index in the USIM's file system.

Architecturally, the AKI is embedded within security-related data structures, most notably within the Authentication Vector (AV) used in the AKA (Authentication and Key Agreement) procedure. When the HSS generates an AV for a subscriber, it includes the AKI value to inform the serving network (e.g., MSC, SGSN, MME) which public key infrastructure (PKI) key should be referenced if certificate-based authentication methods are employed or for secure messaging. The USIM, upon receiving a challenge, uses the AKI to select the correct private key for generating a response or decrypting information. This mechanism is vital for scenarios where multiple service providers or network operators have their keys on the same USIM, or during key rollover periods where old and new keys coexist.

Its role extends beyond basic authentication. In the Generic Bootstrapping Architecture (GBA), the AKI can be used to identify the correct keying material for bootstrapping application security. In the context of the 3GPP security architecture defined in TS 33.102 and UICC application specifications like TS 31.102, the AKI ensures that cryptographic operations are performed with the intended key pair, maintaining the chain of trust. The management of AKI values is tightly controlled through OTA (Over-The-Air) platforms and card personalization processes, ensuring that network operators can securely update and manage cryptographic keys on deployed SIM/USIM cards without causing service disruption.

Purpose & Motivation

The AKI was introduced to solve the problem of managing multiple asymmetric cryptographic keys on a single USIM card. Prior to its standardization, SIM cards typically used symmetric key algorithms (like COMP128) for authentication, where a single secret key (Ki) was shared between the card and the network. With the evolution towards more secure PKI-based mechanisms for applications like digital signatures, secure OTA updates, and enhanced authentication protocols, the need arose to store several public/private key pairs on the card. Without an index, the network had no way to specify which key to use for a given operation, leading to potential ambiguity and authentication failures.

Historically, as 3GPP networks evolved from 2G to 3G (UMTS) and beyond, the security requirements became more stringent. The introduction of USIM in 3G required support for stronger authentication algorithms and the possibility for value-added services requiring PKI. The AKI provided a simple, efficient mechanism to reference the correct key, enabling features like network authentication using certificates, secure application provisioning, and support for multiple service provider credentials on a single card. It addressed the limitation of having a static, single key pair by allowing dynamic key management and lifecycle operations, such as key renewal or revocation, without replacing the physical SIM card.

Furthermore, the AKI facilitates interoperability in multi-operator environments (e.g., roaming) and for machine-to-machine (M2M) communications where a device's UICC might contain keys for different network profiles or applications. By including the AKI in authentication vectors and signaling messages, it ensures that both the network and the USIM are synchronized on the active cryptographic context, preventing security breaches and service denial that could occur from key mismatches. Its creation was motivated by the need for scalable, future-proof security that could accommodate evolving cryptographic standards and the growing complexity of mobile services.

Key Features

  • Uniquely identifies an asymmetric key pair within a USIM's file system
  • Enables support for multiple PKI keys on a single UICC for different services or operators
  • Integrates into Authentication Vectors (AV) for network-directed key selection during AKA
  • Facilitates secure key lifecycle management including updates and rollovers via OTA
  • Supports Generic Bootstrapping Architecture (GBA) by identifying correct keying material
  • Ensures interoperability in roaming and multi-application UICC scenarios

Evolution Across Releases

Rel-6 Initial

Introduced the Asymmetric Key Index (AKI) as part of enhanced USIM application security features. Initial architecture defined its encoding as a single octet within authentication data structures in TS 31.102 and security procedures in TS 33.102. Enabled basic PKI key management for applications like secure messaging and early certificate-based authentication scenarios.

TS 21.905TS 31.113

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905
TS 31.113 3GPP TR 31.113