Description
The HXRES (Hash eXpected RESponse) is a critical parameter within the 5G Authentication and Key Agreement (5G AKA) protocol defined in 3GPP TS 33.501. It is a cryptographic hash value derived from the expected response (XRES*) generated by the Authentication Server Function (AUSF) and the serving network name (SNN). Specifically, HXRES = KDF(XRES*, SNN), where KDF is a key derivation function. This value is sent from the network to the User Equipment (UE) as part of the authentication challenge during the primary authentication procedure.
During the authentication process, the AUSF, in conjunction with the Unified Data Management (UDM), generates an authentication vector containing several parameters, including the HXRES. This vector is sent to the Access and Mobility Management Function (AMF), which forwards the relevant challenge data, including the HXRES, to the UE. The UE independently calculates its own response (RES*) from the received challenge and its stored credentials. It then computes the hash of this RES* using the same parameters (HRES* = KDF(RES*, SNN)).
The UE does not send the RES* back to the network. Instead, it sends the calculated HRES* to the serving network (AMF). The AMF then compares the received HRES* from the UE with the HXRES it received from the AUSF. If they match, it proves that the UE possesses the correct secret key and has successfully authenticated the network's challenge, confirming mutual authentication. This mechanism of comparing hashed values, rather than the raw responses, enhances subscriber privacy by preventing the serving network from learning the raw authentication response, which could be used to track a subscriber across different serving networks.
The HXRES is fundamental to the 5G security architecture's goal of providing enhanced subscriber identity confidentiality. By ensuring the serving network only ever sees hashed values, it limits the ability of a network operator to correlate authentication events and track users. Its role is tightly integrated with other 5G security parameters like the SUCI (Subscription Concealed Identifier) and the home network public key, forming a comprehensive privacy and authentication framework.
Purpose & Motivation
The HXRES was introduced in 5G (Release 15) to address specific privacy and security shortcomings identified in previous generations, particularly in 4G EPS AKA. In 4G, the serving network received the expected response (XRES) in clear form from the home network and compared it directly with the response (RES) from the UE. This meant the serving network operator had access to a unique, subscriber-specific authentication token, which could potentially be used for tracking user movements and activities across the network, raising privacy concerns.
The primary purpose of HXRES is to enhance subscriber identity confidentiality. By replacing the direct comparison of XRES and RES with a comparison of their hashed counterparts (HXRES and HRES*), the serving network never learns the raw authentication response. This design limits the serving network's ability to create long-term identifiers for tracking. It solves the problem of serving network-based subscriber tracking, aligning with stricter data privacy regulations like GDPR.
Furthermore, its introduction was motivated by the need for a more robust authentication framework suitable for 5G's diverse service landscape, including network slicing and massive IoT. The hashing mechanism, tied to the serving network name, also provides a binding between the authentication and the specific network serving the UE, adding an extra layer of context-aware security. It represents a shift from a pure authentication check to a privacy-preserving authentication verification.
Key Features
- Cryptographic hash of the expected authentication response (XRES*).
- Generated by the home network's Authentication Server Function (AUSF).
- Used for verification in the serving network (AMF) without exposing the raw response.
- Enhances subscriber privacy by preventing serving network tracking.
- Derived using a Key Derivation Function (KDF) including the Serving Network Name.
- Core parameter in the 5G AKA primary authentication and key agreement procedure.
Evolution Across Releases
Introduced as a fundamental component of the new 5G AKA protocol defined in TS 33.501. It established the mechanism for privacy-preserving authentication verification, where the serving network compares hashed values (HXRES vs. HRES*) instead of raw authentication responses, enhancing subscriber identity confidentiality.
Enhanced specifications for integration with new services like Vehicle-to-Everything (V2X) and Ultra-Reliable Low-Latency Communications (URLLC). Clarifications and potential optimizations to the authentication procedures involving HXRES were provided, ensuring robustness for critical communications.
Continued evolution as part of 5G-Advanced, ensuring the HXRES-based authentication framework scales with new network capabilities, network slicing security, and enhanced edge computing architectures. Focus on maintaining privacy guarantees in increasingly decomposed network architectures.
Defining Specifications
| Specification | Title |
|---|---|
| TS 33.501 | 3GPP TR 33.501 |
| TS 33.835 | 3GPP TR 33.835 |