Description
The Extended Master Session Key (EMSK) is a keying material output generated by the Authentication and Key Agreement (AKA) protocol in 3GPP systems, specifically defined from Release 14 onwards for 5G and enhanced systems. It is derived alongside the Master Session Key (MSK) during the successful authentication process between the User Equipment (UE) and the network. The derivation uses the same cryptographic inputs as the MSK (such as the shared secret K, random challenges, and network identifiers) but applies a distinct Key Derivation Function (KDF) label to produce a separate, independent key. The EMSK is not exported from the AKA protocol instance; instead, it is retained locally within the entity that performed the AKA (typically the UE and the Authentication Server Function (AUSF) in 5G).
How it works is centered on key hierarchy and derivation. Following a successful 5G AKA, the UE and the AUSF independently compute the EMSK. This key is never transmitted over the air or to other network functions in its raw form. Its primary role is to act as a root key for the derivation of other specific cryptographic keys. These subsequent keys are generated by applying a KDF to the EMSK along with other binding parameters (like service identity, slice identifier, or application-specific strings). This process creates cryptographically separate keys for different purposes, ensuring key isolation.
Its role in the network is to provide a secure foundation for keying material beyond the scope of traditional access security. While keys derived from the KAUSF (itself derived from CK, IK in 5G AKA) protect the Radio Access Network (RAN) and NAS signaling, keys derived from the EMSK can be used to secure application-layer sessions, service-based interface communications between network functions, or provide authentication for specific network slices. This enables a flexible and scalable security model for the 5G Service-Based Architecture (SBA) and supports the security requirements of network slicing by allowing the generation of slice-specific application keys.
Purpose & Motivation
The EMSK was introduced to address the need for a standardized, cryptographically robust root key that could be used to secure services and applications beyond the traditional scope of 3GPP network access security. Prior to its definition, there was no standardized mechanism within 3GPP to derive keys for protecting application sessions or service-based communications that relied on the primary AKA procedure. This became a critical requirement with the advent of 5G and its Service-Based Architecture.
The historical context is the evolution towards network slicing and the decoupling of network functions. The 5G core network, with its SBA, requires secure communication between various Network Functions (NFs). Furthermore, a single UE subscription might access multiple isolated network slices, each potentially requiring its own set of application-level security keys. The EMSK provides a common, trusted source for deriving these diverse keys, ensuring they are cryptographically tied to the initial user authentication.
It solves the problem of key management scalability and isolation for advanced services. By deriving service-specific keys from the EMSK, the system avoids the complexity and potential risk of running separate authentication protocols for each service or slice. It also maintains a clear security separation; a compromise of a key derived for one service (e.g., a slice-specific key) does not compromise the core network access keys or keys derived for other services, as they all originate from different branches of the key derivation tree rooted at the EMSK.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (6 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.
Studied in Rel-14, normative work from Rel-15.
In Release 15, the specification clarified the handling of the Extended Master Session Key (EMSK) by acknowledging the possibility of its early calculation and providing clarification on the derivation of its first bits. The EMSK, derived during EAP-AKA' authentication according to RFC 5448, is used to generate subsequent keying material, such as the WLCP key sent to a Trusted WLAN AAA Proxy. Furthermore, the release notes that the EMSK is retained by the 3GPP AAA Server for the duration of the session.
In Release 17, clarifications were provided for the EMSK function regarding multicast security context handling in the session creation procedure. Additionally, the release included clarifications to the secondary authentication PDU Session Container, which involves the use of EMSK-derived keying materials for authentication and session establishment. These updates refined the procedures for key derivation and usage within specified authentication and session management flows.
In Release 18, the specification clarified the use of the Extended Master Session Key (EMSK) for deriving specific keys in trusted WLAN access, such as the WLCP key sent to the Trusted WLAN AAA Proxy. It also reinforced that EMSK-derived keys, like the MIP-RK for MIPv4 bootstrapping, have their lifetime bound to the EMSK itself. Furthermore, the release included a correction regarding procedures for unauthenticated IMS emergency sessions.
- Correction on unauthenticated IMS emergency sessions TS 33.501CR2028
Explore further
Broader topics and technologies where EMSK plays a role.
Defining Specifications
3GPP specifications that define or reference EMSK, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 33.402 vj00 | Security for non-3GPP access to EPS | Rel-19 |
| TS 33.501 vk00 | 5G Security Architecture and Procedures | Rel-20 |
| TS 33.835 vg10 | Study on authentication and key management for apps | Rel-16 |