EMSK

Extended Master Session Key

Security
Introduced in Rel-14
A cryptographically strong key derived during the 5G Authentication and Key Agreement (AKA) procedure. It serves as a root key for generating further keys used to secure specific network services and application sessions, extending security beyond the core network access stratum. It is crucial for enabling secure service-based architecture and network slicing.

Description

The Extended Master Session Key (EMSK) is a keying material output generated by the Authentication and Key Agreement (AKA) protocol in 3GPP systems, specifically defined from Release 14 onwards for 5G and enhanced systems. It is derived alongside the Master Session Key (MSK) during the successful authentication process between the User Equipment (UE) and the network. The derivation uses the same cryptographic inputs as the MSK (such as the shared secret K, random challenges, and network identifiers) but applies a distinct Key Derivation Function (KDF) label to produce a separate, independent key. The EMSK is not exported from the AKA protocol instance; instead, it is retained locally within the entity that performed the AKA (typically the UE and the Authentication Server Function (AUSF) in 5G).

How it works is centered on key hierarchy and derivation. Following a successful 5G AKA, the UE and the AUSF independently compute the EMSK. This key is never transmitted over the air or to other network functions in its raw form. Its primary role is to act as a root key for the derivation of other specific cryptographic keys. These subsequent keys are generated by applying a KDF to the EMSK along with other binding parameters (like service identity, slice identifier, or application-specific strings). This process creates cryptographically separate keys for different purposes, ensuring key isolation.

Its role in the network is to provide a secure foundation for keying material beyond the scope of traditional access security. While keys derived from the KAUSF (itself derived from CK, IK in 5G AKA) protect the Radio Access Network (RAN) and NAS signaling, keys derived from the EMSK can be used to secure application-layer sessions, service-based interface communications between network functions, or provide authentication for specific network slices. This enables a flexible and scalable security model for the 5G Service-Based Architecture (SBA) and supports the security requirements of network slicing by allowing the generation of slice-specific application keys.

Purpose & Motivation

The EMSK was introduced to address the need for a standardized, cryptographically robust root key that could be used to secure services and applications beyond the traditional scope of 3GPP network access security. Prior to its definition, there was no standardized mechanism within 3GPP to derive keys for protecting application sessions or service-based communications that relied on the primary AKA procedure. This became a critical requirement with the advent of 5G and its Service-Based Architecture.

The historical context is the evolution towards network slicing and the decoupling of network functions. The 5G core network, with its SBA, requires secure communication between various Network Functions (NFs). Furthermore, a single UE subscription might access multiple isolated network slices, each potentially requiring its own set of application-level security keys. The EMSK provides a common, trusted source for deriving these diverse keys, ensuring they are cryptographically tied to the initial user authentication.

It solves the problem of key management scalability and isolation for advanced services. By deriving service-specific keys from the EMSK, the system avoids the complexity and potential risk of running separate authentication protocols for each service or slice. It also maintains a clear security separation; a compromise of a key derived for one service (e.g., a slice-specific key) does not compromise the core network access keys or keys derived for other services, as they all originate from different branches of the key derivation tree rooted at the EMSK.

Key Features

  • Derived during 5G AKA alongside the MSK
  • Retained locally and never exported in raw form
  • Serves as a root key for further key derivation
  • Enables generation of service-specific and slice-specific application keys
  • Provides key isolation between different services and the core access stratum
  • Fundamental for securing 5G Service-Based Architecture communications

Evolution Across Releases

Rel-14 Initial

Introduced the EMSK within the 3GPP security architecture for next-generation systems. Defined its derivation as part of the enhanced AKA procedures, establishing it as a key output for enabling future service and application security. Specified its role as a root key for key derivation functions beyond access security.

TS 33.402TS 33.501TS 33.835

Defining Specifications

SpecificationTitle
TS 33.402 3GPP TR 33.402
TS 33.501 3GPP TR 33.501
TS 33.835 3GPP TR 33.835