EEA

EPS Encryption Algorithm

Security →
Introduced in Rel-8

EEA is the set of standardized cryptographic algorithms used to encrypt user data and signaling messages on LTE Evolved Packet System interfaces to ensure communication confidentiality and integrity.

Category
Security
Introduced
Rel-8
Where
Security
Specifications
1 specs
EEA Description Purpose Related Classification Detected Changes Specifications

Description

The EPS Encryption Algorithm (EEA) is a suite of cryptographic algorithms specified by 3GPP to provide confidentiality protection for user plane data and control plane signaling within the Evolved Packet System (EPS). It operates in conjunction with the EPS Integrity Algorithm (EIA) to form the complete set of cryptographic primitives for the LTE security framework known as NAS (Non-Access Stratum) and AS (Access Stratum) security. The algorithms are implemented in the User Equipment (UE) and the network's security entities—specifically the eNodeB for AS security and the MME (Mobility Management Entity) for NAS security.

How EEA works is integral to the LTE authentication and key agreement (AKA) process. Upon successful mutual authentication between the UE and the network, a root key (K_ASME) is established. From this root key, a ciphering key (K_eNB) is derived, which is further used to generate the specific encryption keys (e.g., K_UPenc, K_RRCenc) for different channels. The EEA algorithm then uses these dynamically generated keys to encrypt the data. The encryption is applied using a stream cipher or a block cipher in a specific mode of operation, transforming plaintext into ciphertext to prevent eavesdropping on the radio interface and within the core network.

The primary EEA algorithms are EEA0 (null cipher), 128-EEA1 (based on SNOW 3G), 128-EEA2 (based on AES-CTR), and 128-EEA3 (based on ZUC). EEA0 provides no encryption and is used only in specific, predefined circumstances. The selection of which algorithm to use is negotiated during the Security Mode Command procedure between the network and the UE, based on their mutually supported capabilities. The encryption is applied per bearer and per direction (uplink/downlink), ensuring granular security. The EEA suite's role is critical in protecting against threats on the air interface, making it a fundamental component of the LTE security architecture detailed in TS 33.401.

Purpose & Motivation

The EPS Encryption Algorithm suite was created to address the security requirements of the new all-IP LTE architecture, which introduced different threat models compared to previous 3G circuit-switched networks. Prior security mechanisms from 2G/3G, while robust for their time, used older cryptographic algorithms and had architectural limitations. The move to a flatter, IP-based EPS required a new, stronger, and more flexible set of algorithms to ensure user data confidentiality and protect against sophisticated attacks on the radio access network.

The motivation for developing multiple algorithms (SNOW 3G, AES, ZUC) was to provide cryptographic agility and align with global regulatory requirements. Different regions have preferences or mandates for specific cryptographic standards (e.g., AES is a NIST standard, while ZUC is a Chinese standard). By standardizing a suite, 3GPP ensured global interoperability while allowing operators and regulators to choose algorithms that comply with local policies. This approach solved the problem of a single point of failure; if a vulnerability is discovered in one algorithm, networks can migrate to another without a complete overhaul of the security architecture. EEA, as part of the LTE security framework, was designed from the ground up to provide robust, algorithm-agile confidentiality protection suitable for high-speed mobile broadband services.

Classification

Part ofEPS
Related approachesEIA

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (8 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-8, normative work from Rel-15.

Rel-15 5 changes

In Release 15, changes were made to align and clarify the EPS Encryption Algorithm (EEA) procedures specifically for EN-DC scenarios involving an SgNB. This included aligning the algorithm names and the key derivation function with 5G specifications (TS 33.501) for the derivation of keys like K_UPenc used between the UE and the Secondary Node. The updates ensured consistent handling of security algorithms between the UE and both the MeNB and SgNB.

  • Aligning the specification of the key derivation function for key to use in security algorithms between UE and SgNB in EDCE5 with the 5G specification TS 33.401CR0625
  • Clarifying the security algorithms that are used between the UE and MeNB and the UE and SgNB TS 33.401CR0628
  • Aligning the algorithm names between EDCE5 and 5G TS 33.401CR0641
  • Handling the algorithms for use between a UE and SgNB for EN-DC TS 33.401CR0648
  • Referencing algorithm and key derivation description for EN-DC that exist in TS 33.501 TS 33.401CR0659
Rel-17 2 changes

In Release 17, the work on EPS Encryption Algorithms (EEA) focused on operational clarifications rather than introducing new cryptographic algorithms. Specifically, enhancements were made to ensure a UE's supported algorithms are correctly confirmed during the Path Switch procedure. Additionally, for User Plane integrity, a mapping mechanism was defined between the EPS integrity algorithm and the corresponding NR integrity algorithm.

  • Confirming UE supported algorithms in Path Switch procedure TS 33.401CR0700
  • UP IP: mapping of EPS integrity algorithm to NR integrity algorithm TS 33.401CR0707
Rel-18 1 change

In Release 18, the primary update concerning the EPS Encryption Algorithm (EEA) function was a correction to the security algorithm negotiation procedure for EN-DC (E-UTRA-NR Dual Connectivity). This change ensured the proper selection and application of the EEA, along with integrity algorithms, during the establishment of the AS security context in dual connectivity scenarios. The update reinforced that the chosen ciphering algorithm, indicated in the AS Security Mode Command, is used for both RRC and user plane traffic ciphering based on the configured network lists and UE security capabilities.

  • Correction on negotiation of security algorithms for EN-DC (R18) TS 33.401CR0717

Explore further

Broader topics and technologies where EEA plays a role.

Topics
Authentication (5G-AKA, EAP)RRC (Radio Resource Control)EPC (Evolved Packet Core)NAS (Non-Access Stratum)Encryption & IntegrityMEC (Edge Computing)
Technologies
LTE

Defining Specifications

3GPP specifications that define or reference EEA, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 33.401 vj10 EPS Security Architecture Rel-19