HXRES

Hash eXpected RESponse

Security →
Introduced in Rel-15

HXRES is a cryptographic hash value used in 5G authentication to allow the UE to verify the network's authenticity and establish a secure connection.

Category
Security
Introduced
Rel-15
Where
Security
Specifications
2 specs
HXRES Description Purpose Related Classification Detected Changes Specifications

Description

The HXRES (Hash eXpected RESponse) is a critical parameter within the 5G Authentication and Key Agreement (5G AKA) protocol defined in 3GPP TS 33.501. It is a cryptographic hash value derived from the expected response (XRES*) generated by the Authentication Server Function (AUSF) and the serving network name (SNN). Specifically, HXRES = KDF(XRES*, SNN), where KDF is a key derivation function. This value is sent from the network to the User Equipment (UE) as part of the authentication challenge during the primary authentication procedure.

During the authentication process, the AUSF, in conjunction with the Unified Data Management (UDM), generates an authentication vector containing several parameters, including the HXRES. This vector is sent to the Access and Mobility Management Function (AMF), which forwards the relevant challenge data, including the HXRES, to the UE. The UE independently calculates its own response (RES*) from the received challenge and its stored credentials. It then computes the hash of this RES* using the same parameters (HRES* = KDF(RES*, SNN)).

The UE does not send the RES* back to the network. Instead, it sends the calculated HRES* to the serving network (AMF). The AMF then compares the received HRES* from the UE with the HXRES it received from the AUSF. If they match, it proves that the UE possesses the correct secret key and has successfully authenticated the network's challenge, confirming mutual authentication. This mechanism of comparing hashed values, rather than the raw responses, enhances subscriber privacy by preventing the serving network from learning the raw authentication response, which could be used to track a subscriber across different serving networks.

The HXRES is fundamental to the 5G security architecture's goal of providing enhanced subscriber identity confidentiality. By ensuring the serving network only ever sees hashed values, it limits the ability of a network operator to correlate authentication events and track users. Its role is tightly integrated with other 5G security parameters like the SUCI (Subscription Concealed Identifier) and the home network public key, forming a comprehensive privacy and authentication framework.

Purpose & Motivation

The HXRES was introduced in 5G (Release 15) to address specific privacy and security shortcomings identified in previous generations, particularly in 4G EPS AKA. In 4G, the serving network received the expected response (XRES) in clear form from the home network and compared it directly with the response (RES) from the UE. This meant the serving network operator had access to a unique, subscriber-specific authentication token, which could potentially be used for tracking user movements and activities across the network, raising privacy concerns.

The primary purpose of HXRES is to enhance subscriber identity confidentiality. By replacing the direct comparison of XRES and RES with a comparison of their hashed counterparts (HXRES and HRES*), the serving network never learns the raw authentication response. This design limits the serving network's ability to create long-term identifiers for tracking. It solves the problem of serving network-based subscriber tracking, aligning with stricter data privacy regulations like GDPR.

Furthermore, its introduction was motivated by the need for a more robust authentication framework suitable for 5G's diverse service landscape, including network slicing and massive IoT. The hashing mechanism, tied to the serving network name, also provides a binding between the authentication and the specific network serving the UE, adding an extra layer of context-aware security. It represents a shift from a pure authentication check to a privacy-preserving authentication verification.

Classification

Part ofAUSF
Related approachesSUCIAMF

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (14 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 7 changes

In Release 15, the HXRES* function was introduced as part of the new 5G Serving Environment Authentication Vector, which consists of RAND, AUTN and HXRES*. This vector is sent from the AUSF to the SEAF within the Nausf_UEAuthentication_Authenticate Response message, replacing the XRES* used in the home network for authentication in the serving network.

  • Corrections on SUCI protection schemes TS 33.501CR0162
  • Privacy - adding missing details to SUCI content and format TS 33.501CR0313
  • Clarifications on AccessToken_Get Response message TS 33.501CR0382
  • Correction to 5G AKA procedure - no need for SUPI or SUCI (in step 10) TS 33.501CR0399
  • Clarifications to SUPI and SUCI TS 33.501CR0494
  • Modification on Use of SUCI in NAS signalling TS 33.501CR0572

+ 1 more changes

Rel-16 2 changes

In Release 16, the HXRES* function was formally defined as a component of the new 5G Serving Environment Authentication Vector, which is distinct from the Home Environment vector and is sent from the AUSF to the SEAF. This vector, consisting of RAND, AUTN, and HXRES*, is used specifically for authenticating the UE within the serving network. Furthermore, the release provided clarifications on SUCI computation, including the roles of the USIM and ME in its calculation based on the home operator's policy.

  • SUCI computation: implementers' test data for network specific identifier-based SUPI TS 33.501CR0847
  • Clarification on SUCI computation TS 33.501CR0824
Rel-17 5 changes

In Release 17, the HXRES* function itself was not modified, but related authentication procedures were enhanced to support an Anonymous SUCI configuration and its resolution by the UDM's SIDF service. Furthermore, the UDM was specified to include the Routing Indicator in the Nudm_UEAuthentication_Get Response, which is part of the authentication vector delivery chain where HXRES* is used. These changes improved subscriber privacy and routing during initial authentication, which precedes the generation and use of HXRES* by the SEAF.

  • Add Routing indicator into the Nudm_UEAuthentication_Get Response TS 33.501CR1151
  • Configuration of Anonymous SUCI TS 33.501CR1380
  • UDM interaction for Anonymous SUCI TS 33.501CR1381
  • Resolving Editor's note on using only null-scheme SUCI TS 33.501CR1397
  • Resolution of inconsistency in SUCI usage during UE onboarding. TS 33.501CR1401

Explore further

Broader topics and technologies where HXRES plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)Encryption & IntegrityPrivacy (SUPI, SUCI)MEC (Edge Computing)Lawful Intercept
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference HXRES, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 33.501 vk00 5G Security Architecture and Procedures Rel-20
TS 33.835 vg10 Study on authentication and key management for apps Rel-16