ERP

EAP Re-authentication Protocol

Security
Introduced in Rel-5
A protocol that enables fast and efficient re-authentication of a user or device without requiring a full EAP authentication exchange. It reduces signaling overhead and latency during handovers or session resumptions, which is critical for seamless mobility and service continuity in 3GPP and non-3GPP access networks.

Description

The EAP Re-authentication Protocol (ERP) is a security protocol defined within the Extensible Authentication Protocol (EAP) framework, standardized by the IETF and adopted by 3GPP. Its primary function is to perform a lightweight re-authentication of an already authenticated peer (e.g., a UE) when it moves between access points or needs to refresh its security context, without executing the computationally intensive and time-consuming full EAP method again. ERP achieves this by leveraging cryptographic material derived from the initial, full EAP authentication, specifically the Master Session Key (MSK) and Extended Master Session Key (EMSK). From these keys, a Re-authentication Root Key (rRK) and subsequently a Re-authentication Integrity Key (rIK) and Re-authentication Encryption Key (rEK) are derived, forming a secure basis for the abbreviated exchange.

Architecturally, ERP involves three entities: the peer (UE), the authenticator (e.g., an access point or eNodeB/gNodeB), and the backend authentication server (e.g., an AAA server). The protocol operates by the peer initiating a re-authentication request using a dedicated EAP method, EAP-Initiate/Re-auth. This request is processed locally by the authenticator if it holds the necessary rIK, or is forwarded to the backend server. The exchange involves a minimal number of messages, typically just a request and a response, which include cryptographically protected sequence numbers and identifiers to prevent replay attacks. Successful completion results in the derivation of fresh keying material (a new MSK) for the new session, ensuring forward secrecy.

ERP's role in the 3GPP ecosystem is integral to enabling secure and fast handovers, particularly in scenarios involving non-3GPP access (like Wi-Fi) interworking with the 3GPP core, as defined in Access Network Discovery and Selection Function (ANDSF) and Non-3GPP InterWorking Function (N3IWF) architectures. It is a key component for optimizing the performance of authentication, authorization, and accounting (AAA) procedures during mobility events. By drastically reducing the authentication latency from potentially hundreds of milliseconds to tens of milliseconds, ERP directly contributes to improved user experience for latency-sensitive applications and supports the seamless mobility requirements of 5G and beyond systems.

Purpose & Motivation

ERP was created to address the significant performance bottleneck posed by full EAP authentication during frequent mobility events. In mobile networks, especially with the proliferation of heterogeneous access (e.g., switching between cellular and Wi-Fi), a device may need to re-authenticate often. A full EAP exchange involves multiple round-trips to a potentially distant AAA server, introducing substantial latency and signaling load on both the radio and core networks. This could severely degrade service continuity, causing perceptible interruptions in voice or video calls during handovers.

The motivation stemmed from the need for a standardized, cryptographically sound method to re-establish trust and session keys quickly. Prior to ERP, solutions were often vendor-specific or relied on stateful context transfer between network nodes, which had scalability and security limitations. ERP provides a stateless, protocol-based solution where the security of the re-authentication is rooted in the keys from the initial authentication. Its development was driven by requirements from 3GPP's work on System Architecture Evolution (SAE) and later 5G, which mandate efficient secure mobility across multiple access technologies.

By solving the re-authentication latency problem, ERP enables practical implementation of features like seamless offload to trusted and untrusted non-3GPP networks, fast reconnection after brief disconnections, and efficient support for massive numbers of IoT devices that may frequently sleep and wake. It is a foundational element for achieving the low-latency and high-reliability goals of modern cellular systems.

Key Features

  • Enables cryptographically secure re-authentication without full EAP method execution
  • Derives fresh session keys (MSK) from a Re-authentication Root Key (rRK)
  • Utilizes the EAP-Initiate/Re-auth protocol for the exchange
  • Minimizes authentication latency and signaling overhead during handovers
  • Supports mobility between 3GPP and non-3GPP access networks
  • Provides replay protection through sequence numbers and cryptographic binding

Evolution Across Releases

Rel-5 Initial

ERP was initially introduced in 3GPP Release 5 as part of the work on Wireless Local Area Network (WLAN) interworking. The initial architecture integrated the IETF-defined ERP protocol to enable fast re-authentication for UEs moving between WLAN access points, establishing the foundational use case for reducing AAA signaling latency in heterogeneous networks.

TS 21.905TS 22.804TS 22.832TS 23.003TS 24.302TS 26.114TS 26.118TS 26.131TS 26.132TS 26.918TS 26.926TS 26.928TS 26.955TS 26.956TS 26.962TS 26.998TS 29.273TS 33.402TS 36.755TS 36.761TS 36.779TS 36.790TS 37.843TS 38.892TS 43.050
Rel-8

With the introduction of the Evolved Packet Core (EPC) and the requirement for seamless mobility between 3GPP LTE and non-3GPP accesses, ERP's role was solidified. Its specifications were enhanced to work within the new S2a (Trusted non-3GPP) and S2b (Untrusted non-3GPP) interfaces, ensuring fast re-authentication was a core part of the mobility and security framework for LTE.

TS 21.905TS 22.804TS 22.832TS 23.003TS 24.302TS 26.114TS 26.118TS 26.131TS 26.132TS 26.918TS 26.926TS 26.928TS 26.955TS 26.956TS 26.962TS 26.998TS 29.273TS 33.402TS 36.755TS 36.761TS 36.779TS 36.790TS 37.843TS 38.892TS 43.050
Rel-13

Enhancements for LTE-WLAN Aggregation (LWA) and LTE-WLAN Radio Level Integration (LWIP) leveraged ERP to support fast and secure switching of data flows between LTE and WLAN links. This required optimizations to handle simultaneous connections and context management, further integrating ERP into radio-level integration scenarios.

TS 21.905TS 22.804TS 22.832TS 23.003TS 24.302TS 26.114TS 26.118TS 26.131TS 26.132TS 26.918TS 26.926TS 26.928TS 26.955TS 26.956TS 26.962TS 26.998TS 29.273TS 33.402TS 36.755TS 36.761TS 36.779TS 36.790TS 37.843TS 38.892TS 43.050
Rel-16

For 5G, ERP was adapted to support secure and efficient access via the Non-3GPP InterWorking Function (N3IWF) in the 5G Core network. The protocol's principles were applied to enable fast re-authentication for UEs connecting over untrusted non-3GPP access (e.g., public Wi-Fi) to the 5G core, which is critical for supporting 5G's seamless mobility and service-based architecture.

TS 21.905TS 22.804TS 22.832TS 23.003TS 24.302TS 26.114TS 26.118TS 26.131TS 26.132TS 26.918TS 26.926TS 26.928TS 26.955TS 26.956TS 26.962TS 26.998TS 29.273TS 33.402TS 36.755TS 36.761TS 36.779TS 36.790TS 37.843TS 38.892TS 43.050

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905
TS 22.804 3GPP TS 22.804
TS 22.832 3GPP TS 22.832
TS 23.003 3GPP TS 23.003
TS 24.302 3GPP TS 24.302
TS 26.114 3GPP TS 26.114
TS 26.118 3GPP TS 26.118
TS 26.131 3GPP TS 26.131
TS 26.132 3GPP TS 26.132
TS 26.918 3GPP TS 26.918
TS 26.926 3GPP TS 26.926
TS 26.928 3GPP TS 26.928
TS 26.955 3GPP TS 26.955
TS 26.956 3GPP TS 26.956
TS 26.962 3GPP TS 26.962
TS 26.998 3GPP TS 26.998
TS 29.273 3GPP TS 29.273
TS 33.402 3GPP TR 33.402
TS 36.755 3GPP TR 36.755
TS 36.761 3GPP TR 36.761
TS 36.779 3GPP TR 36.779
TS 36.790 3GPP TR 36.790
TS 37.843 3GPP TR 37.843
TS 38.892 3GPP TR 38.892
TS 43.050 3GPP TR 43.050