Description
The Confidentiality Key (CK) is a fundamental element within the 3GPP security architecture, specifically defined as part of the Authentication and Key Agreement (AKA) protocol. It is a 128-bit cryptographic key derived during the mutual authentication process between the User Equipment (UE) and the network's Authentication Centre (AuC) within the Home Subscriber Server (HSS). The derivation uses the Milenage algorithm or other standardized algorithms, with inputs including a shared secret key (K) stored on the USIM and in the AuC, a random challenge (RAND) generated by the network, and other parameters. The CK is generated simultaneously with the Integrity Key (IK), forming a key pair for securing communications.
Upon successful authentication, the CK is delivered from the HSS/AuC to the serving network node—such as the SGSN in UMTS or the MME in LTE/5G—via authentication vectors. The serving node then provides the CK to the relevant radio access network entity (e.g., RNC in UMTS, eNB in LTE, gNB in 5G NR) for use in ciphering algorithms. The CK is used as an input to the confidentiality algorithm (f8 in UMTS, 128-EEA in LTE, 128-NEA in 5G) to produce a keystream that encrypts user plane data and certain signaling messages over the air interface. This encryption occurs at the Packet Data Convergence Protocol (PDCP) layer in LTE and 5G, and at the Radio Resource Control (RRC) and user plane layers in UMTS.
The CK's role is strictly confined to protecting the confidentiality of data in transit between the UE and the radio network controller/base station. It is never used for integrity protection, which is the separate function of the IK. The key is specific to a particular authentication instance and is refreshed with each new AKA run, enhancing security by limiting the amount of data encrypted under a single key. In 5G, the paradigm evolved with the introduction of the anchor key (K_AMF) and the derivation of separate confidentiality keys (e.g., K_RRCenc, K_UPenc) for different protection scopes, but the core concept of a key dedicated to confidentiality remains. The CK's strength and proper management are critical for mitigating threats like eavesdropping, traffic analysis, and user data interception.
Purpose & Motivation
The CK was introduced to address the critical need for privacy and confidentiality in digital cellular communications, a significant weakness in earlier analog systems that were susceptible to eavesdropping. Its creation was motivated by the 3GPP's commitment to building robust, standardized security into the network architecture from the ground up, starting with UMTS (Release 99). Prior to 3G, security mechanisms were often weaker or optional. The CK provides a mandatory, algorithmically strong mechanism to encrypt all user traffic and sensitive signaling, ensuring that communications cannot be understood by unauthorized parties.
The CK solves the problem of securing data over the inherently vulnerable radio link. By being dynamically generated from a long-term secret and a random challenge for each authentication, it provides perfect forward secrecy—compromising a single CK does not reveal past or future session keys. This approach addresses limitations of static or less frequently changed encryption keys. The separation of the CK from the Integrity Key (IK) also follows the principle of cryptographic key separation, enhancing overall security by limiting the impact of a potential compromise in one algorithm. Its integration into the standardized AKA protocol ensures interoperability across different network equipment and UE vendors, which is essential for global mobile system security.
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (1 CRs across 1 releases). Complements the general historical overview above with the evidence-based evolution of this function.
In Release 15, a new Elementary File (EF) was introduced to store keys generated by the Mobile Equipment (ME) from the Confidentiality Key (CK) and the Integrity Key (IK). This change specifically involves the creation of this new EF that contains these derived keys. The update pertains to the storage and management of keys related to the confidentiality and integrity of information.
- Introduce an EF that contains keys generated by ME from CK and IK. TS 31.102CR0774
Explore further
Broader topics and technologies where CK plays a role.
Defining Specifications
3GPP specifications that define or reference CK, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TR 21.905 vj00 | 3GPP Technical Terms and Definitions | Rel-19 |
| TS 23.060 vj00 | GPRS Service Description Stage 2 | Rel-19 |
| TS 23.228 vj50 | IMS Stage-2 Service Description | Rel-19 |
| TS 24.109 vj00 | HTTP Digest AKA & GAA Stage 3 | Rel-19 |
| TS 24.229 vj50 | IMS call control protocol based on SIP and SDP | Rel-19 |
| TS 29.109 vj00 | GAA Bootstrapping Interfaces (Zh, Dz, Zn, Zpn) | Rel-19 |
| TS 31.102 vj40 | USIM Application Specification | Rel-19 |
| TS 31.103 vj00 | ISIM Application Specification | Rel-19 |
| TS 31.121 vi50 | UICC-terminal interface test specification | Rel-18 |
| TR 31.900 vj00 | 3GPP TS 31.900: Security Interworking Guidance | Rel-19 |
| TS 33.102 vj10 | 3G Security Architecture Specification | Rel-19 |
| TS 33.105 vj00 | 3G Security: Cryptographic Algorithm Requirements | Rel-19 |
| TS 33.401 vj10 | EPS Security Architecture | Rel-19 |
| TS 33.835 vg10 | Study on authentication and key management for apps | Rel-16 |
| TR 33.841 vg10 | Security aspects; Study on 256-bit algorithms for 5G | Rel-16 |
| TS 33.859 vb10 | UTRAN Key Hierarchy Enhancement Study | Rel-11 |
| TS 33.863 ve20 | Security for Battery-Efficient IoT Device to Enterprise | Rel-14 |
| TS 35.205 vj00 | MILENAGE Algorithm Set: General Overview | Rel-19 |
| TR 35.909 vj00 | 3GPP MILENAGE Algorithm Design Report | Rel-19 |
| TR 35.934 vj00 | Tuak algorithm set for 3GPP auth & key gen | Rel-19 |