What is EIA? EPS Integrity Algorithm

Description

The EPS Integrity Algorithm (EIA) is a suite of cryptographic algorithms standardized by 3GPP to protect the integrity of signaling messages in the Evolved Packet System (EPS), which encompasses LTE and later 5G core networks interacting with E-UTRAN. Integrity protection is a fundamental security service that guarantees that received signaling data (e.g., RRC and NAS messages) is authentic and has not been altered in transit. The EIA algorithms compute a Message Authentication Code (MAC), often called an integrity token or MAC-I, for each protected message. This MAC is generated using a secret integrity key (IK), a time-dependent input (COUNT), a direction bit (uplink/downlink), the message itself, and a bearer identity.

The process works as follows: the sender (UE or eNodeB/MME) inputs the aforementioned parameters into the selected EIA algorithm. The algorithm outputs a MAC-I, which is appended to the message. The receiver independently computes the expected MAC-I using the same inputs and the shared secret key. If the computed MAC-I matches the received one, the message's integrity is verified. If not, the message is discarded, and a security failure procedure may be initiated. The specific algorithms defined include EIA0 (null integrity, used in some limited cases), EIA1 (based on SNOW 3G), EIA2 (based on AES), and EIA3 (based on ZUC).

The selection of which EIA algorithm to use for a session is part of the security mode negotiation during connection establishment, as defined in TS 33.401. The network indicates the allowed algorithms in its security capabilities, and the UE selects one. The integrity key (IK) is derived from the long-term secret key (K) stored in the USIM and the Authentication Centre (AuC) during the Authentication and Key Agreement (AKA) procedure. This layered key derivation ensures that the integrity key is fresh and unique for each session.

Purpose & Motivation

EIA was created to address the critical need for signaling message integrity in the new all-IP based LTE/EPS architecture. In previous 2G/3G networks, while ciphering was often used, integrity protection for signaling was not universally applied, leaving control channels vulnerable to certain types of attacks like message injection or manipulation. The move to an IP-based air interface increased the potential attack surface, making robust cryptographic protection essential.

The purpose of EIA is to prevent attacks such as replay attacks, man-in-the-middle attacks, and falsification of signaling commands (e.g., malicious handover or detach commands). By ensuring integrity, the network can trust that critical mobility management, session management, and connection control commands originate from an authenticated entity and have not been modified. This is a cornerstone of network access security, protecting both the network from malicious UEs and the UE from rogue network elements. The standardization of multiple algorithms (SNOW 3G, AES, ZUC) also provides cryptographic agility, allowing for algorithm updates in response to future cryptographic breakthroughs or regulatory requirements.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (9 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-8, normative work from Rel-15.

Rel-15 6 changes

In Release 15, the primary new introduction for the EPS Integrity Algorithm (EIA) function was the enabling of User Plane Integrity Protection for EDT (Early Data Transmission). Furthermore, the release focused on aligning and clarifying the use of integrity algorithms, specifically for EN-DC, by referencing the unified key derivation and algorithm descriptions from the 5G specification (TS 33.501) and aligning the algorithm names between the EDCE5 and 5G contexts.

Aligning the specification of the key derivation function for key to use in security algorithms between UE and SgNB in EDCE5 with the 5G specification TS 33.401CR0625
Clarifying the security algorithms that are used between the UE and MeNB and the UE and SgNB TS 33.401CR0628
Aligning the algorithm names between EDCE5 and 5G TS 33.401CR0641
Handling the algorithms for use between a UE and SgNB for EN-DC TS 33.401CR0648
Referencing algorithm and key derivation description for EN-DC that exist in TS 33.501 TS 33.401CR0659
User Plane Integrity Protection for EDT TS 33.401CR0699

Rel-17 2 changes

In Release 17, the EPS Integrity Algorithm (EIA) function was enhanced to confirm the UE's supported algorithms during the Path Switch procedure. Furthermore, a mapping mechanism was defined for the User Plane (UP) to translate an EPS integrity algorithm to its corresponding NR integrity algorithm.

Confirming UE supported algorithms in Path Switch procedure TS 33.401CR0700
UP IP: mapping of EPS integrity algorithm to NR integrity algorithm TS 33.401CR0707

Rel-18 1 change

In Release 18, the specific enhancement for the EPS Integrity Algorithm (EIA) function involved a correction on the negotiation of security algorithms for EN-DC (E-UTRA-NR Dual Connectivity). This change ensures proper synchronization and selection of integrity protection algorithms, such as 128-EIA1, 128-EIA2, or 128-EIA3, between the UE and the network during the security context establishment for dual connectivity scenarios.

Correction on negotiation of security algorithms for EN-DC (R18) TS 33.401CR0717

Explore further

Broader topics and technologies where EIA plays a role.

Topics

RRC (Radio Resource Control)Authentication (5G-AKA, EAP)NAS (Non-Access Stratum)Encryption & Integrity LTE / LTE-Advanced Lawful Intercept

Technologies

LTE 5G

Defining Specifications

3GPP specifications that define or reference EIA, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

Specification	Title	Release
TS 33.401 vj10	EPS Security Architecture	Rel-19