Description
The Key Set Identifier (KSI) is a fundamental security identifier within the 3GPP authentication and key agreement (AKA) framework. It acts as a short, efficient reference to a complete set of derived cryptographic keys that exist both in the User Equipment (UE) and in the network's security context. The primary keys it identifies are the ciphering key (CK) and the integrity key (IK), which are generated during the AKA procedure. In later releases (e.g., for 5G), it also references the anchor key (K_AMF) and its derived keys.
Technically, the KSI is a small value (e.g., 3 bits in UMTS/LTE, part of a larger identifier in 5G) that is assigned by the network during a successful authentication. The network stores the full key set (CK, IK, and the sequence number SQN) in its security context database, indexed by the KSI and the user's permanent identity (like IMSI or SUPI). The UE stores the same key set locally, also associated with the KSI. When subsequent security-protected communication is initiated (e.g., for a service request or a location update), the network can include the KSI in a signaling message (like the RRC Connection Reconfiguration or NAS Security Mode Command) instead of sending the full keys. The UE uses the received KSI to look up its locally stored corresponding CK and IK, which are then used to initialize the ciphering and integrity protection algorithms (e.g., SNOW 3G, AES, ZUC).
There are different types of KSI to manage key contexts for different network domains. In UMTS and LTE, the KSI_ASME (where ASME is the Access Security Management Entity) is used for the EPS security context. The network may also maintain separate KSIs for ciphering (KSI_C) and integrity (KSI_I) in some legacy contexts. The KSI mechanism enables efficient key management by avoiding the need to re-run the full, computationally intensive AKA procedure for every connection setup. It supports security context transfer between network nodes (e.g., during handover) and allows for the reuse of established security contexts for a period of time, improving signaling efficiency and connection setup times while maintaining robust security.
Purpose & Motivation
The Key Set Identifier was created to solve the problem of efficient and secure key referencing in mobile networks. Without such an identifier, the network would need to either repeatedly perform full authentication (increasing latency and signaling load) or somehow transmit or negotiate which key set to use in an insecure manner. The KSI provides a secure shorthand.
Its primary purpose is to enable the reuse of established security contexts. After an initial authentication, a security context containing fresh cryptographic keys is established. The KSI allows this context to be referenced and reactivated for subsequent connections without repeating the full authentication, significantly speeding up procedures like idle-to-active transitions and handovers. This is critical for user experience, especially for services requiring frequent, short transmissions.
Historically, the concept evolved from GSM's Key Sequence Number but was significantly enhanced for 3G UMTS to provide stronger security within the new AKA protocol. In GSM, security was weaker, and key management less sophisticated. The introduction of mutual authentication and stronger algorithms in 3G necessitated a more robust key hierarchy and management system, of which the KSI is a core component. It addresses the limitation of not having a secure, agreed-upon reference to pre-shared key material, which is essential for the performance and scalability of secure mobile communications. In 5G, its role continues within the new 5G AKA and EAP-AKA' protocols, ensuring backward compatibility and efficient security context management in a more complex network slicing environment.
Key Features
- Unique Key Reference: Unambiguously identifies a specific set of cryptographic keys (CK, IK) in both UE and network.
- Signaling Efficiency: Allows secure reactivation of a security context by transmitting a short identifier instead of full keys or re-authenticating.
- Domain Separation: Different KSI types (e.g., KSI_ASME) can identify key sets for different network domains (CS, PS, EPS).
- Supports Handover: Enables the source network node to inform the target node about the UE's security context using the KSI, facilitating secure context transfer.
- Integrity Protection: The KSI itself is often integrity-protected when signaled to prevent tampering and context misassociation.
- Backward Compatibility: The concept and structure have evolved but maintained continuity from UMTS through LTE to 5G security architectures.
Evolution Across Releases
Introduced the Key Set Identifier (KSI) within the 3G security architecture for UMTS. Defined as a 3-bit value used to identify the ciphering key (CK) and integrity key (IK) pair generated during UMTS AKA. Established its role in the security mode setup procedure to allow reuse of existing security contexts without re-authentication.
Consolidated the use of KSI within the IP Multimedia Subsystem (IMS) security framework. Defined its application for securing IMS signaling, ensuring a consistent key referencing mechanism across both circuit-switched and packet-switched service domains.
Evolved the concept for EPS (LTE) as KSI_ASME. Introduced the Access Security Management Entity (ASME) and the associated KSI_ASME to identify the top-level key (K_ASME) derived during EPS AKA, from which all other NAS and AS keys are derived. This created a hierarchical key structure referenced by the KSI.
Adapted the KSI concept for 5G security. Introduced the 5G KSI, which identifies the security context anchored by the K_AMF key. It is used similarly but within the new 5G AKA and primary authentication framework, supporting both SUCI and SUPI identities.
Enhanced security context management for 5G, including refinements for verticals and network slicing. The KSI mechanism was ensured to work correctly in scenarios involving multiple concurrent security contexts for different network slices.
Further clarified and optimized the use of KSI in 5G standalone and non-standalone deployments, as well as in interworking scenarios with LTE-EPS, ensuring smooth security context mapping and transfer.
Defining Specifications
| Specification | Title |
|---|---|
| TS 21.905 | 3GPP TS 21.905 |
| TS 23.060 | 3GPP TS 23.060 |
| TS 24.301 | 3GPP TS 24.301 |
| TS 24.501 | 3GPP TS 24.501 |
| TS 31.102 | 3GPP TR 31.102 |
| TS 31.103 | 3GPP TR 31.103 |
| TS 31.121 | 3GPP TR 31.121 |
| TS 33.102 | 3GPP TR 33.102 |
| TS 33.401 | 3GPP TR 33.401 |
| TS 33.501 | 3GPP TR 33.501 |
| TS 33.859 | 3GPP TR 33.859 |