CSK

Client-Server Key

Security
Introduced in Rel-14
A cryptographic key used in 3GPP's Generic Bootstrapping Architecture (GBA) to secure communication between a client (UE) and a network application server (NAF). It enables secure service access without requiring separate authentication procedures for each service. CSK is derived from the long-term shared secret between the UE and the network, providing a strong, service-specific security foundation.

Description

The Client-Server Key (CSK) is a fundamental security element within the 3GPP Generic Bootstrapping Architecture (GBA). It is a cryptographic key, typically derived from the master session key (Ks) established during the AKA (Authentication and Key Agreement) procedure between the User Equipment (UE) and the Bootstrapping Server Function (BSF). The derivation process uses a key derivation function (KDF) with specific inputs, including the key identifier (B-TID), the Fully Qualified Domain Name (FQDN) of the target Network Application Function (NAF), and other optional parameters. This ensures each CSK is unique to the combination of user, session, and specific application server.

Architecturally, the CSK generation occurs after successful bootstrapping. The UE and the BSF independently derive the same Ks_NAF (a NAF-specific key) from the shared Ks. The CSK is then derived from this Ks_NAF. The BSF provides the necessary keying material (often the Ks_NAF itself or a reference) to the NAF via the Zn interface, while the UE computes the CSK locally. This architecture allows the NAF to verify the UE's identity and establish a secure channel without directly participating in the primary AKA procedure, offloading authentication complexity from application servers.

In operation, the CSK is used to secure the communication link between the UE and the NAF. It can serve as the basis for generating further session keys for confidentiality (encryption) and integrity protection for the application-layer protocol (e.g., HTTPS, SIP). The UE presents its B-TID to the NAF when requesting service. The NAF uses this B-TID to fetch the corresponding key material from the BSF. Both entities then independently derive the same CSK, enabling mutual authentication and the establishment of a secure, encrypted session. This process is detailed in specifications like 3GPP TS 33.220 for GBA and TS 33.222 for NAF-UE security.

The role of the CSK is critical for enabling secure, standardized access to IP-based services (IMS, location services, device management) in 3GPP networks. It provides a scalable and efficient method for service authentication, eliminating the need for the UE to store separate credentials for every service provider. By leveraging the robust security of the USIM-based AKA, the CSK inherits strong cryptographic properties, ensuring that compromise of one service key does not affect others or the core network authentication credentials.

Purpose & Motivation

The CSK was introduced to address the growing need for secure authentication and key agreement for a multitude of IP-based services beyond the core network access. Prior to GBA and the CSK concept, application servers often had to implement their own, potentially weaker, authentication mechanisms (like username/password) or manage complex PKI infrastructures. This created security vulnerabilities, poor user experience due to multiple logins, and increased operational overhead for service providers.

The creation of the CSK was motivated by the desire to leverage the strong, SIM-based authentication of the mobile network for value-added services. It solves the problem of how to securely authenticate a user to a third-party application server without revealing the user's long-term secret (Ki) to that server. The CSK provides a delegated authentication mechanism, where the trust from the core network (HSS/BSF) is propagated securely to the application layer. This enables single sign-on (SSO) capabilities across different services from the same or different providers.

Historically, as 3GPP networks evolved to offer rich multimedia and IoT services (e.g., IMS, M2M communication), a standardized, network-operator-controlled security framework became essential. The CSK, as part of GBA, provided this framework. It addressed limitations of previous ad-hoc approaches by offering a standardized, cryptographically sound method to derive service-specific keys from a single, strong network authentication, thereby enhancing overall ecosystem security and interoperability.

Key Features

  • Derived from the master session key (Ks) established via AKA, ensuring strong cryptographic lineage.
  • Unique per combination of user, bootstrapping session, and target Network Application Function (NAF).
  • Enables mutual authentication between the User Equipment (UE) and the application server (NAF).
  • Serves as a root key for generating further session-specific encryption and integrity keys.
  • Supports key lifetime management inherited from the bootstrapping session.
  • Facilitates standardized secure access to IMS and other IP-based services without separate credentials.

Evolution Across Releases

Rel-14 Initial

Introduced the Client-Server Key (CSK) as part of the enhanced Generic Bootstrapping Architecture (GBA). It defined the fundamental derivation mechanism from the Ks_NAF, establishing the security framework for securing UE-NAF communication. Specifications such as TS 33.220 and TS 33.222 were updated to incorporate CSK procedures for application layer security.

TS 24.281TS 24.282TS 24.379TS 24.380TS 24.582TS 33.180TS 33.880TS 33.938TS 37.579

Defining Specifications

SpecificationTitle
TS 24.281 3GPP TS 24.281
TS 24.282 3GPP TS 24.282
TS 24.379 3GPP TS 24.379
TS 24.380 3GPP TS 24.380
TS 24.582 3GPP TS 24.582
TS 33.180 3GPP TR 33.180
TS 33.880 3GPP TR 33.880
TS 33.938 3GPP TR 33.938
TS 37.579 3GPP TR 37.579