Description
The Key For Control Signalling (KFC) is a security key defined within specific 3GPP technical specifications, notably those concerning security for Machine-Type Communications (MTC) and enhancements for CIoT (Cellular IoT). It is a dedicated key derived to provide cryptographic protection for control signalling messages exchanged between a User Equipment (UE), such as an IoT device, and the network. Its primary role is to secure the control plane, which carries commands, configuration updates, and management information, as distinct from the user plane which carries application data.
Architecturally, KFC is part of a key hierarchy. It is typically derived from a root key established during authentication (e.g., K_ASME in EPS or K_AMF in 5GS) using a Key Derivation Function (KDF). The derivation includes specific input parameters that bind the key to its purpose—control signalling—and the relevant security context. This ensures cryptographic separation from keys used for user data encryption (e.g., KUP) or for other control plane functions like Non-Access Stratum (NAS) signalling. The key is stored and used within the secure environments of the UE and the relevant network functions, such as the MME in LTE or the AMF in 5G.
How it works involves the application of the key within a security protocol. Once derived, KFC is used as the input key for integrity protection and encryption algorithms applied to control signalling messages. For example, in certain CIoT optimizations like Control Plane CIoT EPS optimization, user data can be transmitted piggybacked on NAS signalling messages. In such cases, KFC would be used to protect those NAS messages, which now carry both control information and user data payloads. The specific cryptographic algorithms (e.g., 128-EEA1, 128-EIA1) and the exact point of application (e.g., for specific protocol data units) are defined by the network's security policy and the capabilities of the device. This ensures that commands sent to an IoT device (e.g., a remote reboot, a firmware update command) cannot be forged, replayed, or eavesdropped by unauthorized parties.
Purpose & Motivation
KFC exists to address the distinct security requirements of the control plane, especially in the context of IoT and MTC. IoT devices often have long lifespans, are deployed in unattended or hostile environments, and communicate infrequently with small data packets. A security breach in the control plane could allow an attacker to take over devices, disrupt services, or extract sensitive management information. By having a key dedicated to control signalling, the system enforces a security boundary; a compromise of a user data session key does not automatically compromise the keys protecting network commands.
Historically, earlier cellular systems provided security but often with less granular key separation tailored for high-volume human communication. The proliferation of IoT necessitated optimizations and enhanced security models for low-complexity devices. The introduction of KFC, notably around Release 14 with CIoT enhancements, was motivated by the need for efficient, yet robust, security for control-centric IoT communications. This includes scenarios where user data is sent via the control plane to reduce signalling overhead, making the protection of that control plane channel even more critical.
Furthermore, KFC supports regulatory and operational requirements for secure device management. For utilities, industrial sensors, or infrastructure monitoring, the integrity of a 'valve close' command or a 'meter read' request is paramount. KFC provides the cryptographic basis for ensuring these commands are authentic and confidential. It solves the problem of providing targeted, efficient security for the often-critical command-and-control link to potentially massive numbers of constrained devices, without the overhead of constantly re-establishing full security contexts for small data transmissions.
Key Features
- Dedicated key for control plane signalling confidentiality and integrity protection
- Derived from a root key using a KDF with purpose-specific input parameters
- Provides cryptographic separation from user plane traffic keys (KUP)
- Critical for securing IoT device management and command messages
- Used in CIoT EPS optimizations for protecting NAS messages carrying user data
- Enables secure over-the-air device configuration and control
Evolution Across Releases
Introduced as part of Cellular IoT (CIoT) security enhancements. The initial specification defined KFC within the context of Control Plane CIoT EPS optimization, where it is derived for protecting NAS signalling that may transport user data. It established the key's role in separating control signalling security from traditional user plane security contexts.
Alignment and evolution for the 5G System. The concept of a dedicated control signalling key was integrated into the 5G security key hierarchy, with analogous keys (like K_{NASint} and K_{NASenc}) serving similar purposes, while KFC remained relevant for EPS/CIoT specific deployments and interworking scenarios.
Enhancements for Industrial IoT and URLLC likely reinforced the need for robust and low-latency control plane security. Specifications may have further detailed the usage of keys like KFC in time-sensitive control scenarios and for secure communication in non-public networks used for industrial automation.
Defining Specifications
| Specification | Title |
|---|---|
| TS 33.180 | 3GPP TR 33.180 |
| TS 33.880 | 3GPP TR 33.880 |