Message Authentication Code T

Description

Message Authentication Code T (MACT) is a cryptographic output defined within 3GPP security specifications, particularly TS 33.401. It is the result of the AES-CMAC (Cipher-based Message Authentication Code) algorithm, a block cipher-based MAC function. The 'T' specifically denotes the final MAC value produced by the algorithm. In 3GPP architectures, AES-CMAC and by extension MACT, are used for integrity protection and authentication in various key derivation and signaling protection mechanisms.

Architecturally, MACT is generated within security modules of network elements like the Mobility Management Entity (MME), Home Subscriber Server (HSS), and the User Equipment (UE). The calculation involves the AES encryption algorithm operating in CMAC mode. The inputs typically include a secret key (e.g., Kasme in EPS) and a message string that often comprises various network parameters (e.g., serving network identity, sequence numbers). The algorithm processes these inputs through a series of cryptographic operations to produce a fixed-length (e.g., 128-bit) output, which is the MACT.

Its role is pivotal in key hierarchy derivation. For instance, in EPS AKA (Authentication and Key Agreement), MACT values are used as building blocks to compute specific cryptographic keys like the Kenb (the key for the access network). The integrity of the key derivation process relies on the security properties of AES-CMAC; any alteration in the input message would produce a completely different MACT, thus preventing the derivation of the correct session keys. Furthermore, MACT may be used directly in signaling messages to provide integrity protection, allowing a receiving entity to verify that the message has not been tampered with and originates from a legitimate source possessing the correct key.

Purpose & Motivation

MACT and the underlying AES-CMAC algorithm were introduced to provide a robust, standardized cryptographic mechanism for integrity and authentication within 3GPP systems, succeeding earlier algorithms. The evolution from 3G to 4G (EPS) required stronger and more efficient security algorithms. AES-CMAC was adopted due to the cryptographic strength of the AES block cipher and the provable security of the CMAC mode of operation.

It solves the critical problem of ensuring the integrity of security-critical parameters used in key derivation. Without such a mechanism, an attacker could potentially manipulate parameters like the serving network ID during key generation, leading to the derivation of incorrect or compromised session keys. MACT provides a cryptographically strong binding between these parameters and the derived keys. Its creation was motivated by the need for algorithm agility and enhanced security compared to previous integrity algorithms, providing a foundation for the secure key hierarchy that protects user data and signaling in LTE and 5G networks.

Key Features

• Output of the standardized AES-CMAC cryptographic algorithm.
• Used as a fundamental component in EPS and 5G key derivation functions (KDF).
• Provides data integrity and origin authentication for security parameters.
• Typically a 128-bit value derived from a secret key and an input message.
• Essential for generating access-stratum and non-access-stratum security keys.
• Enables algorithm agility within the 3GPP security framework.

Evolution Across Releases

Defining Specifications