Integrity Key

Description

The Integrity Key (IK) is a fundamental security element within the 3GPP authentication and key agreement (AKA) framework. It is a 128-bit cryptographic key derived, alongside the Ciphering Key (CK), from the long-term secret key (K) shared between the Universal Subscriber Identity Module (USIM) and the Authentication Centre (AuC) in the home network. The derivation occurs during the AKA procedure, which can be the UMTS AKA, EPS AKA, or 5G AKA. The IK is specifically generated to provide integrity protection for signaling messages exchanged between the User Equipment (UE) and the network, and in some cases, for user plane data.

The IK is used as an input to integrity algorithms (e.g., UIA algorithms in UMTS, EIA algorithms in LTE, NIA algorithms in 5G NR). These algorithms, such as 128-EIA1 (SNOW 3G), 128-EIA2 (AES), and 128-EIA3 (ZUC), generate a Message Authentication Code (MAC) for each integrity-protected protocol data unit (PDU). The receiving entity (UE or network node) recalculates the MAC using the same IK and algorithm. If the calculated MAC matches the received MAC, the message's integrity and authenticity are verified, confirming it has not been altered in transit and originated from the legitimate peer. The IK is typically stored in the UE's non-volatile memory and in the relevant network nodes (e.g., MME in LTE, AMF in 5GC) for the duration of a security context.

In the overall security architecture, the IK works in tandem with the CK. While the CK is used for confidentiality (encryption), the IK is dedicated to integrity and data origin authentication. The separation of duties between CK and IK is a key security principle, limiting the impact of a potential compromise of one key. The IK is also used in the derivation of further keys within the key hierarchy, such as the Kenb in LTE or the KgNB in 5G, which are used for integrity protection on subsequent network interfaces (e.g., between eNB and UE). The strength of the integrity protection directly depends on the secrecy of the IK and the cryptographic robustness of the selected integrity algorithm.

Purpose & Motivation

The Integrity Key exists to address critical security threats in wireless communication, specifically message modification, injection, and replay attacks. Without integrity protection, an attacker could alter signaling messages (e.g., handover commands, session management messages) to disrupt service, redirect traffic, or impersonate the network or user. Prior to the standardized use of IK in 3GPP systems (from GSM onwards), security mechanisms were weaker; GSM, for example, provided only optional and weaker encryption for confidentiality and had no standardized integrity protection for signaling, making it vulnerable to certain active attacks.

The creation of the IK was motivated by the need for a stronger, mandatory security framework for 3G (UMTS) and beyond. The 3GPP security group designed a new, robust AKA protocol that explicitly separated integrity and confidentiality functions. This was a direct response to the limitations of GSM security and the evolving threat landscape. The IK provides assurance that critical control-plane signaling has not been tampered with, which is foundational for network access control, mobility management, and session management. Its derivation from a long-term secret via a secure one-way function ensures it is fresh for each session and cryptographically tied to the subscriber's identity, solving the problem of ensuring message authenticity in an untrusted radio environment.

Key Features

• A 128-bit cryptographic key derived during the AKA procedure
• Used exclusively for integrity protection and data origin authentication
• Input to standardized integrity algorithms (UIA/EIA/NIA) to generate MACs
• Stored locally in UE and network nodes for the duration of a security context
• Separated from the Ciphering Key (CK) to limit impact of key compromise
• Used as a root for deriving further keys in the access stratum key hierarchy

Evolution Across Releases

Defining Specifications