Authenticable Non-3GPP Devices

Description

Authenticable Non-3GPP (AUN3) devices represent a crucial component in 5G's converged network architecture, enabling the secure integration of non-3GPP access networks with the 5G Core (5GC). These devices include Wi-Fi access points, fixed network gateways, and other access equipment that can establish trusted connections to the 5G system through standardized authentication procedures. The AUN3 framework allows these heterogeneous access technologies to be treated as trusted entry points into the 5G network, subject to the same security controls and policies as native 3GPP radio access.

The technical implementation of AUN3 involves several key components working in coordination. The Non-3GPP Interworking Function (N3IWF) serves as the primary interface between non-3GPP access networks and the 5G Core, establishing IPsec tunnels for secure data transmission. The Authentication Server Function (AUSF) performs the actual authentication of devices using Extensible Authentication Protocol (EAP) methods, while the Unified Data Management (UDM) stores authentication credentials and subscription data. The Access and Mobility Management Function (AMF) coordinates the overall authentication and registration procedures, ensuring seamless mobility between 3GPP and non-3GPP access.

The authentication process for AUN3 devices follows a sophisticated protocol flow defined in 3GPP specifications. When a device attempts to connect through non-3GPP access, it initiates an authentication request that travels through the N3IWF to the AMF. The AMF then coordinates with the AUSF to perform EAP-based authentication, which may involve various methods including EAP-AKA' for 5G-specific authentication or EAP-TLS for certificate-based authentication. During this process, the device proves its identity using credentials stored in the Universal Subscriber Identity Module (USIM) or through certificate-based mechanisms, while the network authenticates itself to the device to prevent man-in-the-middle attacks.

Security considerations for AUN3 devices are comprehensive and multi-layered. The framework mandates mutual authentication between the device and the network, ensuring both parties verify each other's identities. IPsec security associations provide confidentiality and integrity protection for user plane traffic, while control plane signaling is protected through NAS security mechanisms. The system also supports key hierarchy management, with separate keys derived for different security contexts including integrity protection, confidentiality, and key refresh procedures. This layered security approach ensures that even though the physical access medium differs from 3GPP radio, the security level remains equivalent.

The role of AUN3 in the 5G ecosystem extends beyond basic connectivity to enable advanced service capabilities. By authenticating non-3GPP devices, operators can offer seamless service continuity as users move between cellular and Wi-Fi networks, implement consistent quality of service policies across different access types, and enable network slicing that spans both 3GPP and non-3GPP domains. This convergence capability is particularly important for enterprise deployments, where private 5G networks often integrate with existing Wi-Fi infrastructure, and for fixed wireless access scenarios where 5G core services are delivered through non-cellular last-mile technologies.

Purpose & Motivation

The AUN3 framework was developed to address the growing need for converged network architectures that can seamlessly integrate diverse access technologies under a unified security and management umbrella. As 5G networks evolved beyond traditional cellular deployments, operators faced increasing pressure to incorporate Wi-Fi, fixed access, and other non-3GPP technologies into their service offerings while maintaining the robust security standards expected from 3GPP systems. Previous approaches to non-3GPP integration, such as those in 4G EPC, offered limited authentication capabilities and often treated non-3GPP access as secondary or less secure alternatives.

Historically, non-3GPP access integration suffered from fragmented security implementations and inconsistent authentication mechanisms across different technologies. Wi-Fi networks typically used WPA2/WPA3 with separate authentication servers, while fixed networks employed various proprietary authentication methods. This fragmentation created security gaps, complicated roaming scenarios, and prevented operators from applying consistent policy controls across their entire network footprint. The AUN3 framework addresses these limitations by providing a standardized, 3GPP-aligned authentication framework that brings non-3GPP devices under the same security governance as native 5G access.

The creation of AUN3 was motivated by several key industry trends: the proliferation of Wi-Fi 6/6E technologies offering performance comparable to 5G NR, the emergence of fixed wireless access as a primary broadband delivery method, and the growing enterprise demand for private networks that blend cellular and non-cellular technologies. By enabling secure authentication of non-3GPP devices, the framework supports these use cases while maintaining the end-to-end security principles that are fundamental to 3GPP systems. This allows operators to leverage their existing infrastructure investments while expanding service coverage and capabilities through heterogeneous access integration.

Key Features

• Standardized authentication of non-3GPP devices using 3GPP security protocols
• Support for EAP-AKA' and EAP-TLS authentication methods
• Integration with 5G Core authentication functions (AUSF, UDM)
• IPsec-based security for user plane protection
• Seamless mobility between 3GPP and non-3GPP access
• Consistent security policies across heterogeneous networks

Evolution Across Releases

Defining Specifications