MBSSF

Multicast/Broadcast Service Security Function

Security →
Introduced in Rel-17

MBSSF is the 5G Core network function that provides security services for multicast and broadcast traffic by handling key management, authentication, and encryption to ensure secure content delivery.

Category
Security
Introduced
Rel-17
Where
Security
Specifications
1 specs
MBSSF Description Purpose Related Classification Detected Changes Specifications

Description

The Multicast/Broadcast Service Security Function is a critical security component within the 5G Core Network's Multicast/Broadcast Service architecture. It is responsible for the complete security lifecycle of a Multicast/Broadcast Service (MBS) session. The MBSSF generates, manages, and distributes the cryptographic keys used to protect MBS traffic (user plane confidentiality and integrity) and related signaling. It interfaces with other core network functions, primarily the MB-SMF (MBS Session Management Function) and the UDM (Unified Data Management), to authenticate and authorize UEs for specific MBS sessions.

Operationally, when an MBS session is established, the MB-SMF requests the MBSSF to initiate security procedures. The MBSSF generates a Master Session Key (MSK) for the MBS session. For each UE joining the session, the MBSSF derives a User-specific Key (UK) from the MSK and the UE's subscription identifier. This UK is then provisioned to the UE through a secure unicast channel, typically via the MB-SMF and the Access and Mobility Management Function (AMF) using NAS security. The UE uses this UK to derive the necessary traffic encryption keys (TEKs) for decrypting the multicast/broadcast data flow.

The MBSSF also supports key renewal and revocation processes to maintain security over time. It can periodically update the MSK and push new derived keys to authorized UEs, mitigating the risk of key compromise. Architecturally, the MBSSF may be a standalone Network Function (NF) or collocated with another function like the MB-SMF. It uses the 3GPP-defined service-based interfaces, notably Nmbsf, to communicate with other NFs. Its design ensures that multicast/broadcast security is integrated into the 5G security framework, leveraging the existing authentication infrastructure (5G AKA) while addressing the unique point-to-multipoint delivery model.

Purpose & Motivation

The MBSSF was created to address the specific security challenges inherent in multicast and broadcast services, which were reintroduced and enhanced in 5G. In a point-to-multipoint model, traditional unicast security mechanisms (like those between a UPF and a single UE) are inefficient and inadequate. The purpose of the MBSSF is to provide a standardized, scalable, and secure method for managing keys and access control for potentially massive numbers of receivers.

It solves the problem of secure key distribution for broadcast groups. Without a dedicated function like the MBSSF, the network would need to establish individual secure contexts with each UE for the same content, wasting signaling resources and complicating synchronized key updates. Previous MBMS security in 4G used the BM-SC for similar functions, but the MBSSF is redesigned as a native 5G Core service-based function, integrating with the new authentication framework and network slicing capabilities.

The motivation for its specification in Release 17 was driven by the expanded use cases for 5G MBS, including mission-critical group communications, public safety, V2X applications, and IPTV. These services demand robust security to prevent eavesdropping, service theft, and spoofing. The MBSSF provides the necessary foundation for commercial broadcast services where content protection (Digital Rights Management) is paramount, and for public safety where communication integrity and group authentication are critical.

Classification

Part ofMB-SMF
Related approachesMBS

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (134 CRs across 6 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 56 changes

In Release 15, the MBSSF (Multicast/Broadcast Service Security Function) was newly introduced as part of the foundational security architecture for 5G multicast-broadcast services, as referenced in the supporting specifications for these services. This function is established within the security framework to handle specific security aspects for multicast and broadcast user service delivery in the 5G System.

  • Clarifications to security requirements and features (clause 5) TS 33.501CR0161
  • Security Negotiation for RRC INACTIVE TS 33.501CR0183
  • Security Mechanism for Steering of Roaming TS 33.501CR0214
  • CR-slice-management-security TS 33.501CR0290
  • Security mechanisms for non-SBA interfaces in 5GC TS 33.501CR0374
  • Application layer security on the N32 interface TS 33.501CR0376

+ 50 more changes

Rel-16 21 changes

In Release 16, the MBSSF (Multicast/Broadcast Service Security Function) was introduced as a new security entity, as indicated by the addition of "Security entities at the perimeter of the 5G Core network." This function was defined to address the security architecture for 5G multicast-broadcast services, building upon the architectural enhancements specified for these services. Its introduction required new security procedures and context handling to manage keys and security for broadcast/multicast user plane delivery.

  • Security for non-public networks TS 33.501CR0641
  • Security for SRVCC for 5G to UTRAN CS TS 33.501CR0660
  • Security for roaming interfaces in indirect communication TS 33.501CR0675
  • Security requirements for SeCoP TS 33.501CR0692
  • Security for 5GLAN services TS 33.501CR0704
  • Intro to Security Annex for TSC service TS 33.501CR0705

+ 15 more changes

Rel-17 23 changes

In Release 17, the MBSSF (Multicast/Broadcast Service Security Function) saw enhancements focused on clarifying and correcting the security mechanisms for 5G Multicast-Broadcast Services (5MBS). Key additions included a specific security indication within the MBS security context and clarifications on multicast security context handling during the session creation procedure. These updates provided more detailed procedural guidance for security context management in MBS, building upon the foundational architecture defined in earlier releases.

+ 17 more changes

Rel-18 18 changes

In Release 18, the MBSSF function was enhanced with new security specifications for the MSGin5G service and for securing the transport between MSGin5G Servers. The release also introduced detailed security mechanisms for DNS in EDGE computing for both roaming and non-roaming scenarios, and defined security procedures for EAS discovery via the V-EASDF.

  • Security aspects of MSGin5G Service in rel-18 TS 33.501CR1565
  • Security aspects of enhanced support of Non-Public Networks phase 2 TS 33.501CR1671
  • Security of EAS discovery procedure via V-EASDF in roaming Scenario TS 33.501CR1741
  • Security handling in network sharing scenario TS 33.501CR1744
  • Security in 5G system location services to support user plane positioning TS 33.501CR1765
  • Security aspects of enablers for Network Automation for 5G TS 33.501CR1786

+ 12 more changes

Rel-19 15 changes

In Release 19, the MBSSF (Multicast/Broadcast Service Security Function) saw new security aspects introduced for the MSGin5G service as part of its Phase 3 development. Additionally, security details were provided for the forwarding mode in the XRM (Xcast Resource Management) function. These updates specifically enhanced the security architecture for multicast-broadcast services within the 5G System.

  • Adding security aspects of MSGin5G service Ph3 TS 33.501CR2047
  • Security of Signalling Traffic Monitoring TS 33.501CR2089
  • Security of N6 delay measurements TS 33.501CR2092
  • Security for PLMN hosting a NPN TS 33.501CR2137
  • Security procedure for inter-CU LTM TS 33.501CR2153
  • Security aspects of Core Network Enhanced Support for AIML TS 33.501CR2154

+ 9 more changes

Rel-20 1 change

In Release 20, the MBSSF (Multicast/Broadcast Service Security Function) introduced a new procedure to make certain security parameters visible to RIs (Ranging Initiators). This enhancement, detailed in the specification, provides the necessary mechanisms for these parameters to be securely accessed and utilized within the multicast-broadcast service security architecture.

  • Procedure to making some security parameters visible to RIs TS 33.501CR2191

Explore further

Broader topics and technologies where MBSSF plays a role.

Topics
Authentication (5G-AKA, EAP)NAS (Non-Access Stratum)Encryption & IntegrityMEC (Edge Computing)Lawful InterceptSMS & Messaging
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference MBSSF, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 33.501 vk00 5G Security Architecture and Procedures Rel-20