GAA Service Identifier

Description

The GAA Service Identifier (GSID) is a critical component within the 3GPP Generic Authentication Architecture (GAA), specified in documents like TS 29.109 and TS 33.980. GAA provides a generic mechanism to leverage the strong authentication of a UICC (Universal Integrated Circuit Card, e.g., SIM) in a user device for securing applications and services beyond the core mobile network, such as multimedia broadcast (MBMS), user plane security, or third-party services. The GSID uniquely identifies the service provider or the specific application that is requesting authentication credentials from the GAA infrastructure.

Operationally, when an application on a User Equipment (UE) needs to authenticate with a service (the Network Application Function or NAF), it contacts a Bootstrapping Server Function (BSF). The BSF performs a bootstrapping procedure with the UE and its Home Subscriber System (HSS) to establish a shared, temporary secret key. The UE and the BSF derive application-specific keys from this bootstrapped key. The GSID is a crucial parameter in this key derivation process. It is included in the authentication exchange between the UE and the BSF, and later between the UE and the NAF. The use of the GSID ensures that the derived keys are unique to that specific service, providing cryptographic separation. This means a key derived for one service (identified by one GSID) cannot be used to impersonate or access a different service (with a different GSID).

Architecturally, the GSID is part of the service context information. The BSF provides the GSID to the NAF, and the UE independently knows the GSID for the service it is accessing (often configured in the application). The NAF uses the GSID, along with other identifiers like the Bootstrapping Transaction Identifier (B-TID), to request the corresponding key material from the BSF. This architecture allows a single bootstrapping event to support secure access to multiple services, each identified by its own GSID, without requiring the user to enter passwords. The GSID thus acts as a namespace within the GAA ecosystem, enabling scalable, secure, and service-specific authentication derived from the robust 3GPP subscriber authentication.

Purpose & Motivation

The GSID was created to solve the problem of secure and convenient authentication for value-added services without proliferating user credentials. Before GAA and identifiers like GSID, service providers (e.g., for broadcast TV, banking apps, or corporate access) had to implement their own authentication systems, often relying on weak username/password combinations or complex public key infrastructure (PKI) deployments that were cumbersome for users. The 3GPP GAA framework aimed to reuse the strong, ubiquitous authentication already present in the SIM card.

The GSID is essential to this model because it provides service differentiation. Without a unique service identifier, a single bootstrapped security context could be misused to access any service using GAA, creating a significant security risk. The GSID ensures that the cryptographic material generated during bootstrapping is tightly bound to a specific service provider and application. This addresses the limitation of a one-size-fits-all key, enabling the 'generic' aspect of GAA—supporting multiple, independent services from a single authentication bootstrap. Its introduction in Release 8 alongside the broader GAA framework allowed mobile operators to securely offer a platform for third-party services, fostering innovation while maintaining high security standards derived from the mobile network.

Key Features

• Uniquely identifies a service or application within the GAA framework
• Used as an input in the key derivation function to generate service-specific keys
• Ensures cryptographic separation between different services using GAA
• Passed between UE, BSF, and NAF during authentication procedures
• Enables a single bootstrapping session to support multiple services
• Fundamental for the generic and scalable nature of the GAA architecture

Evolution Across Releases

Defining Specifications