KAF

AKMA Application Key

Security →
Introduced in Rel-16

KAF is a cryptographic key derived in the AKMA framework to secure application-level communication between a user equipment and an application function, enabling efficient and secure service access.

Category
Security
Introduced
Rel-16
Where
Services
Specifications
3 specs
KAF Description Purpose Related Classification Detected Changes Specifications

Description

The KAF (AKMA Application Key) is a crucial security element within the Authentication and Key Management for Applications (AKMA) framework standardized by 3GPP. It is a symmetric cryptographic key uniquely generated for a specific user equipment (UE) and a specific Application Function (AF). The KAF is not directly provisioned but is dynamically derived from a root key known as the KAKMA (AKMA Anchor Key), which itself is established during the primary 5G AKA or EAP-AKA' authentication procedure between the UE and the network. The derivation process involves input parameters such as the AF's identity (e.g., its FQDN), ensuring key separation so that each UE-AF pair has a distinct KAF.

The generation of the KAF is a distributed process. The UE and the AKMA Anchor Function (AAnF) in the home network independently compute the same KAF using the shared KAKMA and the agreed-upon derivation inputs. The AAnF then securely provides this KAF to the requesting AF over the Naf interface. This architecture ensures the AF never learns the root KAKMA, and the UE never exposes the KAF externally, maintaining a strong security chain. The KAF's primary role is to enable the establishment of a secure channel, typically using TLS-PSK (Pre-Shared Key) or similar mechanisms, between the UE and the AF.

Once established, the KAF is used to secure application-layer communications. It can directly serve as a pre-shared key for TLS or be used to derive further session keys for encryption and integrity protection of application data. This model offloads authentication and key management from the application server to the 3GPP security infrastructure, leveraging the robust, subscription-based network authentication. The KAF's lifecycle is tied to the underlying KAKMA; it remains valid as long as the KAKMA is valid, which is typically aligned with the UE's registration state, providing a balance between security and service continuity.

Purpose & Motivation

The KAF was introduced to solve the problem of repetitive and inefficient authentication for over-the-top (OTT) and operator-hosted applications accessing 3GPP networks. Before AKMA, applications often required their own authentication mechanisms (like usernames/passwords or API tokens), which were separate from the robust cellular network authentication. This created a poor user experience, increased credential management overhead, and could introduce security weaknesses if application-level credentials were weak or poorly managed.

AKMA, and specifically the KAF, was created to leverage the strong, primary authentication performed by the 3GPP core network (5GC) for securing application access. Its purpose is to enable seamless and secure bootstrapping of application security. By deriving the KAF from the already-established network authentication, it eliminates the need for the user to perform a separate log-in for trusted applications. This is particularly valuable for services that require a verified mobile subscriber identity and for IoT scenarios where manual intervention is impossible.

The motivation stems from the need for a standardized, network-centric authentication framework for applications, moving beyond basic network access security. It addresses the limitation of previous approaches where application security was siloed. KAF provides a standardized way for Application Functions to obtain cryptographically strong keys tied to a proven subscriber identity, enabling new business models like identity-as-a-service and secure IoT service enablement directly from the 3GPP network trust anchor.

Classification

Part ofAKMA
Related approachesKAKMA

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (56 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-16 9 changes

In Release 16, the AKMA (Authentication and Key Management for Applications) function was enhanced with clarifications and corrections to its procedures and Service-Based Architecture (SBA) interfaces. Specifically, the release introduced detailed handling for the lifetime and expiration of the KAF (AKMA Application Key) and provided mechanisms for re-authentication within the AKMA process. Furthermore, updates were made to the reference point interface names and error response handling for the AKMA framework.

  • Clarifications on error response handling in AKMA process TS 33.535CR0009
  • Re-authentication in AKMA TS 33.535CR0013
  • Adding AKMA context description TS 33.535CR0020
  • Corrections to AKMA key lifetimes TS 33.535CR0024
  • Corrections and clarifications to AKMA procedures TS 33.535CR0025
  • AKMA SBA interface clarifications TS 33.535CR0032

+ 3 more changes

Rel-17 23 changes

In Release 17, key enhancements for the AKMA Application Key (KAF) function included the introduction of a new AAnF service to get an application key without requiring the user's SUPI, formalized as the ApplicationKey_AnonUser_Get service. The release also added explicit procedures for KAF lifetime expiration and clarification on how the UE is notified when a KAF expires. Furthermore, specifications were updated to prefer AKMA keys over GBA Digest and to include support for TLS 1.3 using AKMA-derived keys.

  • IMS: Addressing the interception due to the application of special media TS 33.127CR0119
  • CR adding LI for AKMA (stage 2) TS 33.127CR0140
  • AAnF checks AKMA service for UE and AF in clause 6.3 TS 33.535CR0055
  • Add Application Key Get service in clause 7.1 TS 33.535CR0057
  • Profiling the GBA TLS protocols for use with AKMA TS 33.535CR0066
  • Adding TLS 1.3 with AKMA keys TS 33.535CR0099

+ 17 more changes

Rel-18 24 changes

In Release 18, the AKMA (Authentication and Key Management for Applications) function introduced several new capabilities focused on key lifecycle management and protocol support. Key enhancements included the introduction of a formal KAF (AKMA Application Key) re-keying procedure, linking it to the refresh of the root KAKMA key, and the addition of new AKMA Ua protocols based on DTLS and IETF OSCORE. Furthermore, the release expanded policy control for AKMA in roaming scenarios and improved service management through updates to UDM services and the notification of AKMA service disabling via the NEF.

  • AKMA phase 2 security enhancement TS 33.535CR0154
  • KAKMA re-keying relaed to HONTRA TS 33.535CR0155
  • Add AKMA Ua protocol based on DTLS to TS 33.535 TS 33.535CR0164
  • IETF OSCORE as AKMA Ua protocol TS 33.535CR0175
  • AKMA roaming policy control in AAnF TS 33.535CR0207
  • Link KAF refresh to KAKMA refresh TS 33.535CR0165

+ 18 more changes

Explore further

Broader topics and technologies where KAF plays a role.

Topics
Authentication (5G-AKA, EAP)Encryption & IntegrityMEC (Edge Computing)Lawful InterceptSMS & Messaging5G Core (5GC)
Technologies
5G

Defining Specifications

3GPP specifications that define or reference KAF, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 29.522 vj40 5G NEF Northbound APIs Stage 3 Rel-19
TS 33.127 vj50 Lawful Interception Architecture and Functions Rel-19
TS 33.535 vj00 5G AKMA: Authentication and Key Management for Apps Rel-19