Non-Access Stratum

Description

The Non-Access Stratum (NAS) is a key protocol layer in the control plane of 3GPP systems, operating directly between the User Equipment (UE) and the Core Network's control nodes—specifically the Mobility Management Entity (MME) in 4G EPC and the Access and Mobility Management Function (AMF) in 5G Core. It sits above the Access Stratum (AS), which handles radio-specific signaling between the UE and the radio access network (e.g., eNB, gNB). This stratification allows NAS procedures to be largely independent of the specific radio technology (e.g., LTE, NR, non-3GPP access), enabling core network services to be delivered consistently across heterogeneous access networks. The NAS protocol is responsible for the most critical control signaling related to the UE's registration and reachability within the network.

NAS functionality is divided into two primary protocol entities: the Mobility Management (MM) entity and the Session Management (SM) entity. In EPS (4G), these are the EPS Mobility Management (EMM) and EPS Session Management (ESM) protocols. In 5GS, they are the 5G Mobility Management (5GMM) and 5G Session Management (5GSM) protocols. The MM entity handles procedures such as attach/detach, tracking area update, authentication, and security mode control. It manages the UE's registration state and ensures the network can locate and page the UE. The SM entity handles the establishment, modification, and release of Packet Data Unit (PDU) sessions or bearers, which are the data pipelines for user traffic. It negotiates quality of service (QoS) parameters and manages the lifecycle of these data contexts.

NAS messages are carried transparently by the Access Stratum. When a UE sends a NAS message (e.g., an Attach Request), it is encapsulated by the AS protocols (RRC in LTE/NR) and transported to the base station (eNB/gNB). The base station extracts the NAS message and forwards it to the appropriate core network node via the S1-AP or NG-AP interface without interpreting its content. This ensures a clear separation of concerns: the RAN handles radio resource management, while the CN handles subscriber and session management. NAS signaling is always integrity protected and, for sensitive messages, ciphered using keys established during authentication and key agreement (AKA). This end-to-end security between the UE and the core network is a cornerstone of 3GPP system security.

Over successive releases, NAS has evolved to support an increasing array of services and network architectures. It introduced support for emergency calls, power saving features like Power Saving Mode (PSM) and extended idle mode DRX, and enhanced coverage for IoT devices (CE mode). With 5G, the NAS protocol was redesigned to be more modular and forward-compatible, supporting network slicing, alternative authentication methods, and seamless interworking between 3GPP and non-3GPP (e.g., Wi-Fi) access. The NAS layer is therefore not just a connectivity enabler but a flexible framework that adapts to new service requirements and network paradigms defined across 3GPP releases.

Purpose & Motivation

The Non-Access Stratum was created to establish a clear, standardized, and access-agnostic signaling protocol between the mobile device and the core network. Prior to its formal definition in 3GPP, early cellular systems had more monolithic and technology-dependent control signaling. The stratification into Access Stratum and Non-Access Stratum, a concept solidified with GSM and fully realized in UMTS, was a pivotal architectural decision. It separated radio-specific control functions (handled in the AS by the RAN) from subscriber and connection management functions (handled in the NAS by the CN). This separation solved critical problems of network evolution and multi-vendor interoperability.

A primary motivation was to enable core network services to evolve independently from the radio interface. A network operator could upgrade its core network to support new services (e.g., IMS-based voice) without requiring changes to every base station, as long as the AS could transparently transport the new NAS messages. Conversely, new radio technologies (e.g., moving from GSM to UMTS to LTE) could be introduced without fundamentally altering the core network procedures for authenticating a user or establishing a data session. This greatly reduced complexity and cost for network modernization. It also facilitated seamless mobility and service continuity when a device moved between different radio access technologies (inter-RAT mobility), as the NAS context could be preserved and transferred between core network nodes.

Furthermore, NAS provides a secure, trusted endpoint for subscriber management. By terminating in the core network, it allows for centralized authentication, authorization, and key management. The security context established via NAS protocols (like AKA) is used to protect both NAS signaling itself and the user plane data. This architecture addresses the limitation of having critical security functions distributed or dependent on the potentially less-trusted radio access network. In summary, NAS exists to provide a stable, secure, and future-proof control plane foundation that decouples service logic from access technology, enabling the scalable and flexible mobile networks we have today.

Key Features

• Access Stratum independence, enabling operation over LTE, NR, and non-3GPP access
• End-to-end integrity protection and ciphering between UE and core network
• Mobility Management for registration, tracking area updates, and paging
• Session Management for establishment, modification, and release of PDU sessions/bearers
• Support for network slicing selection and negotiation in 5GS
• Mechanisms for power saving (PSM, eDRX) and enhanced coverage for IoT

Evolution Across Releases

Defining Specifications