EPS Authentication Vector

Description

The EPS Authentication Vector (EPS-AV) is a fundamental security data structure in 3GPP's Evolved Packet System (EPS), defined in TS 33.401. It is generated by the Home Subscriber Server (HSS) and its Authentication Centre (AuC) for a specific user and serves as the basis for the Authentication and Key Agreement (AKA) procedure between the network and the User Equipment (UE). Each EPS-AV contains four essential components: a random challenge (RAND), an expected response (XRES), a cipher key (CK), and an integrity key (IK). Additionally, it includes an authentication token (AUTN) which allows the UE to authenticate the network, ensuring mutual authentication. The HSS/AuC generates the EPS-AV using the subscriber's long-term secret key (K) and a sequence number (SQN) to ensure freshness and prevent replay attacks.

When a UE attaches to the EPS network, the Mobility Management Entity (MME) requests authentication vectors from the HSS. Upon receiving one or more EPS-AVs, the MME initiates the AKA procedure by sending the RAND and AUTN from one vector to the UE. The UE uses its own copy of the secret key (K) to process the AUTN, verifying the network's authenticity, and computes a response (RES) to the RAND challenge. The UE also derives the same CK and IK locally. The MME compares the UE's RES with the expected XRES from the EPS-AV. If they match, authentication is successful, and the MME and UE proceed to derive the subsequent hierarchy of keys used for NAS and AS security, specifically the K_ASME, from the CK and IK.

The EPS-AV's role is critical as it is the seed for all subsequent security keys in the EPS, including those for encryption and integrity protection of control-plane (NAS) and user-plane (AS) traffic. Its design ensures both user authentication and network authentication, protecting against impersonation attacks. The vector-based approach allows the MME to pre-fetch multiple EPS-AVs, enabling efficient authentication during mobility events like handovers without needing to query the HSS each time, thus reducing latency and signaling load. The security of the entire EPS relies on the confidentiality and integrity of the EPS-AV's generation and transmission between the HSS and MME, which is protected within the core network.

Purpose & Motivation

The EPS Authentication Vector was introduced in 3GPP Release 8 to provide a robust authentication and key agreement mechanism for the new Evolved Packet System (EPS/LTE). It addressed the need for a standardized, secure method to establish mutual trust between the user's device and the network, replacing and enhancing the authentication vectors used in legacy UMTS (3G) systems. The primary problem it solves is enabling secure initial access and key derivation in an all-IP flat architecture, which lacked the circuit-switched elements of previous generations.

Its creation was motivated by the evolution towards LTE's simplified network architecture, which introduced new network elements like the MME and required a key hierarchy distinct from UMTS. The EPS-AV provides the cryptographic material needed to generate the K_ASME, the root key for EPS security, ensuring seamless handovers and consistent security context management across the evolved network. It maintains backward compatibility principles with UMTS AKA while adapting to the new core network interfaces, such as S6a between MME and HSS.

Key Features

• Contains RAND (random challenge), XRES (expected response), CK (cipher key), IK (integrity key), and AUTN (authentication token)
• Enables mutual authentication between UE and network via the AKA procedure
• Serves as the cryptographic source for deriving the K_ASME and the entire EPS key hierarchy
• Allows batch pre-fetching by MME to support efficient consecutive authentications
• Generated by HSS/AuC using the subscriber's long-term secret key and sequence number
• Fundamental to establishing NAS and AS security context for encryption and integrity protection

Evolution Across Releases

Defining Specifications