AUTN

Authentication Token

Security
Introduced in Rel-2
AUTN is a network-generated token used in 3GPP authentication and key agreement (AKA) protocols. It authenticates the network to the user equipment (UE), proving legitimacy and preventing attacks like man-in-the-middle. It is fundamental for establishing mutual authentication and securing the initial network attachment.

Description

The Authentication Token (AUTN) is a critical component within the 3GPP Authentication and Key Agreement (AKA) framework, used in UMTS, LTE, and 5G systems. It is generated by the network's Authentication Centre (AuC) and sent to the User Equipment (UE) as part of an authentication vector during the primary authentication procedure. The AUTN serves a singular, vital purpose: to authenticate the serving network to the UE. This provides mutual authentication, as the UE also authenticates itself to the network using a separate response parameter (RES).

Technically, the AUTN is a concatenated bit string composed of several sub-components. The primary elements are a Message Authentication Code (MAC) and a Sequence Number (SQN). The MAC is calculated by the AuC using the secret subscriber key (K) and a set of input parameters including the SQN, a random challenge (RAND), and the serving network identifier. This MAC proves the token originated from a legitimate entity possessing the correct key. The SQN is a freshness parameter that ensures the authentication request is new and guards against replay attacks. The UE, which also possesses the secret key K, independently computes an expected MAC (XMAC) from the received RAND and SQN. If the computed XMAC matches the MAC within the AUTN, the network is verified as authentic.

Upon receiving the AUTN, the UE performs several checks. First, it verifies the MAC to confirm the network's authenticity. Second, it checks the SQN to ensure it is within an acceptable range, confirming the request's freshness and preventing the network from reusing old authentication vectors. If these checks pass, the UE considers the network legitimate and proceeds to generate its authentication response. The successful validation of AUTN triggers the derivation of the Ciphering Key (CK) and Integrity Key (IK) from the same secret key K and the RAND, establishing the secure keys for subsequent encrypted and integrity-protected communication.

In the overall network architecture, the AUTN is part of the authentication vector (AV), typically a quintet (for 3G/4G) or a quintet/vector (for 5G) that includes RAND, AUTN, XRES (Expected Response), CK, and IK. This vector is generated by the AuC/ARPF (Authentication credential Repository and Processing Function) and delivered to the serving network node (e.g., VLR/SGSN/MME/AMF). The serving node then forwards the RAND and AUTN to the UE to initiate the challenge. The AUTN's role is thus pivotal in the initial handshake, establishing a trusted relationship before any user data is exchanged.

Purpose & Motivation

AUTN was created to address a critical security flaw in previous cellular generations (e.g., GSM), which only provided one-way authentication (network authenticating the user). This asymmetry left systems vulnerable to false base station attacks, where a rogue network element could impersonate a legitimate operator to intercept communications or track users. The primary purpose of AUTN is to enable mutual authentication, ensuring the UE can verify it is connecting to a genuine, authorized 3GPP network.

Historically, GSM's security relied on a shared secret (Ki) and a challenge-response mechanism, but the network's legitimacy was never cryptographically proven to the handset. The introduction of AUTN in 3G UMTS (Release 99) as part of the UMTS AKA protocol fundamentally changed this paradigm. It solved the problem of network authentication by providing a verifiable token, thereby mitigating man-in-the-middle and impersonation attacks. This was a necessary evolution to support new services, increased data privacy concerns, and the growing value of mobile transactions.

Furthermore, AUTN incorporates freshness through the SQN, which addresses replay attacks where an adversary could capture and reuse old authentication messages. By forcing the network to prove it is using a fresh, sequentially appropriate challenge, AUTN ensures the entire authentication exchange is current and secure. This combination of authenticity and freshness checks forms the bedrock of trust for all subsequent secure communications in 3GPP networks, from voice calls in 3G to high-speed data and IoT services in 4G and 5G.

Key Features

  • Provides network authentication to the UE, enabling mutual authentication
  • Contains a Message Authentication Code (MAC) for cryptographic proof of origin
  • Includes a Sequence Number (SQN) to ensure freshness and prevent replay attacks
  • Triggers the derivation of ciphering and integrity keys (CK/IK) upon successful validation
  • Fundamental component of Authentication Vectors in UMTS, LTE, and 5G AKA procedures
  • Generated by the Authentication Centre (AuC)/ARPF using the subscriber's secret key (K)

Evolution Across Releases

Rel-2 Initial

Introduced as a core component of the UMTS Authentication and Key Agreement (AKA) protocol. Defined the AUTN structure containing the MAC and SQN to provide mutual authentication between the UE and the network, a critical security enhancement over GSM. It established the foundational mechanism for network authentication and key derivation in 3G systems.

TS 21.905TS 23.060TS 24.109TS 24.229TS 29.109TS 31.102TS 31.103TS 31.900TS 33.102TS 33.105TS 33.401TS 33.501TS 33.835

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905
TS 23.060 3GPP TS 23.060
TS 24.109 3GPP TS 24.109
TS 24.229 3GPP TS 24.229
TS 29.109 3GPP TS 29.109
TS 31.102 3GPP TR 31.102
TS 31.103 3GPP TR 31.103
TS 31.900 3GPP TR 31.900
TS 33.102 3GPP TR 33.102
TS 33.105 3GPP TR 33.105
TS 33.401 3GPP TR 33.401
TS 33.501 3GPP TR 33.501
TS 33.835 3GPP TR 33.835