CK

Confidentiality Key

Security
Introduced in R99
The Confidentiality Key (CK) is a cryptographic key used in 3GPP networks to encrypt user data and signaling messages, ensuring privacy over the air interface. It is a core component of the authentication and key agreement (AKA) process, generated alongside an integrity key (IK). Its primary role is to prevent eavesdropping and protect the confidentiality of communications between the user equipment and the network.

Description

The Confidentiality Key (CK) is a fundamental element within the 3GPP security architecture, specifically defined as part of the Authentication and Key Agreement (AKA) protocol. It is a 128-bit cryptographic key derived during the mutual authentication process between the User Equipment (UE) and the network's Authentication Centre (AuC) within the Home Subscriber Server (HSS). The derivation uses the Milenage algorithm or other standardized algorithms, with inputs including a shared secret key (K) stored on the USIM and in the AuC, a random challenge (RAND) generated by the network, and other parameters. The CK is generated simultaneously with the Integrity Key (IK), forming a key pair for securing communications.

Upon successful authentication, the CK is delivered from the HSS/AuC to the serving network node—such as the SGSN in UMTS or the MME in LTE/5G—via authentication vectors. The serving node then provides the CK to the relevant radio access network entity (e.g., RNC in UMTS, eNB in LTE, gNB in 5G NR) for use in ciphering algorithms. The CK is used as an input to the confidentiality algorithm (f8 in UMTS, 128-EEA in LTE, 128-NEA in 5G) to produce a keystream that encrypts user plane data and certain signaling messages over the air interface. This encryption occurs at the Packet Data Convergence Protocol (PDCP) layer in LTE and 5G, and at the Radio Resource Control (RRC) and user plane layers in UMTS.

The CK's role is strictly confined to protecting the confidentiality of data in transit between the UE and the radio network controller/base station. It is never used for integrity protection, which is the separate function of the IK. The key is specific to a particular authentication instance and is refreshed with each new AKA run, enhancing security by limiting the amount of data encrypted under a single key. In 5G, the paradigm evolved with the introduction of the anchor key (K_AMF) and the derivation of separate confidentiality keys (e.g., K_RRCenc, K_UPenc) for different protection scopes, but the core concept of a key dedicated to confidentiality remains. The CK's strength and proper management are critical for mitigating threats like eavesdropping, traffic analysis, and user data interception.

Purpose & Motivation

The CK was introduced to address the critical need for privacy and confidentiality in digital cellular communications, a significant weakness in earlier analog systems that were susceptible to eavesdropping. Its creation was motivated by the 3GPP's commitment to building robust, standardized security into the network architecture from the ground up, starting with UMTS (Release 99). Prior to 3G, security mechanisms were often weaker or optional. The CK provides a mandatory, algorithmically strong mechanism to encrypt all user traffic and sensitive signaling, ensuring that communications cannot be understood by unauthorized parties.

The CK solves the problem of securing data over the inherently vulnerable radio link. By being dynamically generated from a long-term secret and a random challenge for each authentication, it provides perfect forward secrecy—compromising a single CK does not reveal past or future session keys. This approach addresses limitations of static or less frequently changed encryption keys. The separation of the CK from the Integrity Key (IK) also follows the principle of cryptographic key separation, enhancing overall security by limiting the impact of a potential compromise in one algorithm. Its integration into the standardized AKA protocol ensures interoperability across different network equipment and UE vendors, which is essential for global mobile system security.

Key Features

  • 128-bit cryptographic key for strong encryption
  • Dynamically generated during each Authentication and Key Agreement (AKA) procedure
  • Used as input to standardized confidentiality algorithms (e.g., f8, 128-EEA, 128-NEA)
  • Protects user plane data and selected signaling messages over the air interface
  • Derived alongside, but separate from, the Integrity Key (IK) for cryptographic separation
  • Delivered from core network (HSS/AuC) to serving network and radio access network for ciphering

Evolution Across Releases

R99 Initial

Introduced as a core component of the UMTS Authentication and Key Agreement (AKA). The CK was defined as a 128-bit key, generated by the AuC and USIM using the Milenage algorithm. It was used with the f8 confidentiality algorithm to encrypt data between the UE and the RNC over the Uu and Iub interfaces, establishing mandatory link-layer encryption for 3G.

TS 21.905TS 23.060TS 23.228TS 24.109TS 24.229TS 29.109TS 31.102TS 31.103TS 31.121TS 31.900TS 33.102TS 33.105TS 33.401TS 33.835TS 33.841TS 33.859TS 33.863TS 35.205TS 35.909TS 35.934

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905
TS 23.060 3GPP TS 23.060
TS 23.228 3GPP TS 23.228
TS 24.109 3GPP TS 24.109
TS 24.229 3GPP TS 24.229
TS 29.109 3GPP TS 29.109
TS 31.102 3GPP TR 31.102
TS 31.103 3GPP TR 31.103
TS 31.121 3GPP TR 31.121
TS 31.900 3GPP TR 31.900
TS 33.102 3GPP TR 33.102
TS 33.105 3GPP TR 33.105
TS 33.401 3GPP TR 33.401
TS 33.835 3GPP TR 33.835
TS 33.841 3GPP TR 33.841
TS 33.859 3GPP TR 33.859
TS 33.863 3GPP TR 33.863
TS 35.205 3GPP TR 35.205
TS 35.909 3GPP TR 35.909
TS 35.934 3GPP TR 35.934