Description
The Non-Access Stratum (NAS) is a key protocol layer in the control plane of 3GPP systems, operating directly between the User Equipment (UE) and the Core Network's control nodes—specifically the Mobility Management Entity (MME) in 4G EPC and the Access and Mobility Management Function (AMF) in 5G Core. It sits above the Access Stratum (AS), which handles radio-specific signaling between the UE and the radio access network (e.g., eNB, gNB). This stratification allows NAS procedures to be largely independent of the specific radio technology (e.g., LTE, NR, non-3GPP access), enabling core network services to be delivered consistently across heterogeneous access networks. The NAS protocol is responsible for the most critical control signaling related to the UE's registration and reachability within the network.
NAS functionality is divided into two primary protocol entities: the Mobility Management (MM) entity and the Session Management (SM) entity. In EPS (4G), these are the EPS Mobility Management (EMM) and EPS Session Management (ESM) protocols. In 5GS, they are the 5G Mobility Management (5GMM) and 5G Session Management (5GSM) protocols. The MM entity handles procedures such as attach/detach, tracking area update, authentication, and security mode control. It manages the UE's registration state and ensures the network can locate and page the UE. The SM entity handles the establishment, modification, and release of Packet Data Unit (PDU) sessions or bearers, which are the data pipelines for user traffic. It negotiates quality of service (QoS) parameters and manages the lifecycle of these data contexts.
NAS messages are carried transparently by the Access Stratum. When a UE sends a NAS message (e.g., an Attach Request), it is encapsulated by the AS protocols (RRC in LTE/NR) and transported to the base station (eNB/gNB). The base station extracts the NAS message and forwards it to the appropriate core network node via the S1-AP or NG-AP interface without interpreting its content. This ensures a clear separation of concerns: the RAN handles radio resource management, while the CN handles subscriber and session management. NAS signaling is always integrity protected and, for sensitive messages, ciphered using keys established during authentication and key agreement (AKA). This end-to-end security between the UE and the core network is a cornerstone of 3GPP system security.
Over successive releases, NAS has evolved to support an increasing array of services and network architectures. It introduced support for emergency calls, power saving features like Power Saving Mode (PSM) and extended idle mode DRX, and enhanced coverage for IoT devices (CE mode). With 5G, the NAS protocol was redesigned to be more modular and forward-compatible, supporting network slicing, alternative authentication methods, and seamless interworking between 3GPP and non-3GPP (e.g., Wi-Fi) access. The NAS layer is therefore not just a connectivity enabler but a flexible framework that adapts to new service requirements and network paradigms defined across 3GPP releases.
Purpose & Motivation
The Non-Access Stratum was created to establish a clear, standardized, and access-agnostic signaling protocol between the mobile device and the core network. Prior to its formal definition in 3GPP, early cellular systems had more monolithic and technology-dependent control signaling. The stratification into Access Stratum and Non-Access Stratum, a concept solidified with GSM and fully realized in UMTS, was a pivotal architectural decision. It separated radio-specific control functions (handled in the AS by the RAN) from subscriber and connection management functions (handled in the NAS by the CN). This separation solved critical problems of network evolution and multi-vendor interoperability.
A primary motivation was to enable core network services to evolve independently from the radio interface. A network operator could upgrade its core network to support new services (e.g., IMS-based voice) without requiring changes to every base station, as long as the AS could transparently transport the new NAS messages. Conversely, new radio technologies (e.g., moving from GSM to UMTS to LTE) could be introduced without fundamentally altering the core network procedures for authenticating a user or establishing a data session. This greatly reduced complexity and cost for network modernization. It also facilitated seamless mobility and service continuity when a device moved between different radio access technologies (inter-RAT mobility), as the NAS context could be preserved and transferred between core network nodes.
Furthermore, NAS provides a secure, trusted endpoint for subscriber management. By terminating in the core network, it allows for centralized authentication, authorization, and key management. The security context established via NAS protocols (like AKA) is used to protect both NAS signaling itself and the user plane data. This architecture addresses the limitation of having critical security functions distributed or dependent on the potentially less-trusted radio access network. In summary, NAS exists to provide a stable, secure, and future-proof control plane foundation that decouples service logic from access technology, enabling the scalable and flexible mobile networks we have today.
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (76 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.
In Release 15, key NAS enhancements included the introduction of a TCP protocol as an inner transport layer for NAS signaling, with procedures for the establishment and release of these TCP connections. It also defined new rules for the concurrent running of authentication and NAS Security Mode Control (SMC) procedures and clarified the handling of NAS COUNTs and security during N2 handover. Furthermore, mechanisms for triggering UE capability information retrieval using Downlink NAS TRANSPORT were specified.
- Enabling 3GPP PS data off in roaming-NAS MO TS 24.368CR0033
- Coding of AN-parameters in EAP 5G-NAS message TS 24.502CR0005
- TCP protocol as inner transport layer protocol for NAS signaling TS 24.502CR0040
- AMF congestion when receiving NAS message TS 24.502CR0051
- Rules on concurrent running of authentication and NAS SMC procedure TS 33.501CR0004
- Triggering UE capability info retrieval using DL NAS TRANSPORT (Stage 2) TS 36.300CR1160
+ 42 more changes
In Release 16, key NAS enhancements included the introduction of specific 5GSM cause codes (#27 and #70) for session management retry handling and clarified procedures for primary authentication and AMF reallocation when using the direct NAS reroute mechanism. The release also defined the NAS configuration for access restriction to RLOS and addressed the transport and handling of NAS messages, including EAP-5G, for wireline access scenarios. Furthermore, corrections and clarifications were made for initial NAS message protection and for the handling and coding of security-related containers during key derivation.
- NAS configuration for restriction on access to RLOS TS 24.368CR0046
- EAP-5G handling and transport of NAS messages for wireline access TS 24.502CR0110
- Clarification to Initial NAS message protection TS 33.501CR0636
- 5GSM cause #27 and #70 for NAS MO SM_RetryWaitTime TS 24.368CR0043
- Error in EAP-Response/5G-NAS message coding TS 24.502CR0066
- NAS handling error of nas-Container for security key derivation TS 36.331CR4099
+ 2 more changes
In Release 17, NAS enhancements included clarifications and corrections to security context derivations, such as the handling of NAS uplink COUNT for KgNB/KeNB derivation and Kausf storage in multi-NAS connections. It also introduced support for mapping complete UE security capabilities from NAS and provided corrections to UE behavior for NAS-based busy indication in RRC_INACTIVE state. Furthermore, adaptations were made for transport protocols to accommodate 5G-RG over wireline access and BBF developments.
- Support for mapping complete security capabilities from NAS [UE_Sec_Caps] TS 36.413CR1835
- Clairfication on AS key generation after runing NAS SMC TS 33.501CR1158
- Introduce "PLMNs not allowed to operate at the present UE location" in table AS/NAS functional division TS 36.304CR0853
- Correction on UE behavior for NAS-based busy indication in RRC_INACTIVE TS 36.331CR4822
- Correcting NAS transport between 5G RG and W-AGF to accommodate latest BBF developments TS 24.502CR0200
- Correct NAS uplink COUNT for KgNB/KeNB derivation TS 33.501CR1075
+ 4 more changes
In Release 18, the NAS protocol was enhanced to support new Location Services (LCS) PRU messages and to provide transport for the RSPP (Remote SIM Provisioning Protocol). It also introduced updates to the NAS configuration Management Object (MO) for SENSE functionality and included corrections for the transport of downlink SLPP messages and for security context derivation during idle mode mobility between S1 and N1 interfaces.
- NAS configuration MO for using SENSE TS 24.368CR0065
- NAS protocol supports LCS PRU messages TS 24.571CR0017
- NAS transport for RSPP TS 24.571CR0047
- Updates to NAS Configuration MO for SENSE TS 24.368CR0066
- Correction to NAS signalling transport for downlink SLPP messages TS 24.571CR0064
- Correction for mapped 5G NAS security context derivation during idle mode mobility from S1 to N1 TS 33.501CR1738
In Release 19, the NAS layer introduced new capabilities for satellite networks and Integrated Access and Backhaul (IAB) nodes. Specifically, it added a configuration parameter to allow disabling satellite access for a specific emergency cause and enhanced procedures to carry extra IAB-related information in downlink NAS transport and UE context modification. The release also included refinements to the uplink and downlink NAS transport messages and introduced a mechanism for setting a lower selection-priority for a PLMN during network selection.
- NAS MO Lower Selection-priority for PLMN Selection TS 24.368CR0087
- Extra IAB information in stage 2 related to Downlink NAS transport and to UE CONTEXT MODIFICATION REQUEST TS 33.127CR0255
- Adding NAS configuration parameter Satellite_Disabling_Allowed_for_EMM_cause_#15 TS 24.368CR0077
- Corrections to the UL NAS TRANSPORT and DL NAS TRANSPORT messages TS 24.571CR0093
Explore further
Broader topics and technologies where NAS plays a role.
Defining Specifications
3GPP specifications that define or reference NAS, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TR 21.905 vj00 | 3GPP Technical Terms and Definitions | Rel-19 |
| TS 23.110 vj00 | Access Stratum Services Specification | Rel-19 |
| TS 23.236 vj00 | Intra Domain Connection of RAN Nodes to Multiple CN Nodes | Rel-19 |
| TS 23.851 v1600 | Network Sharing Architecture for 3G Systems | Rel-6 |
| TR 23.923 v1300 | Mobile IP+ Feasibility Study for UMTS/GPRS | Rel-4 |
| TR 23.979 vj00 | PoC over 3GPP Systems Architectural Requirements | Rel-19 |
| TS 24.171 vj00 | NAS Protocol for LCS in E-UTRAN | Rel-19 |
| TS 24.206 v1700 | Voice Call Continuity Between CS and IMS | Rel-7 |
| TS 24.292 vj00 | IMS Centralized Services (ICS) Protocol | Rel-19 |
| TS 24.368 vj40 | NAS Configuration Management Object | Rel-19 |
| TS 24.502 vj20 | 5G Core Access via Non-3GPP Networks; Stage 3 | Rel-19 |
| TS 24.543 vj50 | SEAL Data Delivery Management Protocol | Rel-19 |
| TS 24.558 vj50 | Edge Enabler APIs Stage 3 | Rel-19 |
| TS 24.571 vj20 | Control Plane LCS Procedures | Rel-19 |
| TS 25.301 vj00 | UE-UTRAN Radio Interface Protocol Architecture | Rel-19 |
| TS 25.304 vj00 | UTRA Idle Mode Procedures Specification | Rel-19 |
| TS 25.305 vj00 | UTRAN UE Positioning Stage 2 | Rel-19 |
| TS 25.323 vj00 | Packet Data Convergence Protocol (PDCP) Specification | Rel-19 |
| TS 25.324 vj00 | Broadcast/Multicast Control Protocol | Rel-19 |
| TS 25.331 vj00 | UTRAN RRC Protocol Specification | Rel-19 |
| TS 25.367 vj00 | Home NodeB Mobility Procedures | Rel-19 |
| TS 25.401 vj00 | UTRAN Overall Architecture | Rel-19 |
| TS 25.410 vj00 | Iu Interface Introduction for UTRAN | Rel-19 |
| TS 25.413 vj00 | Radio Access Network Application Part (RANAP) | Rel-19 |
| TS 25.415 vj00 | Iu Interface User Plane Protocol | Rel-19 |
| TS 25.423 vj00 | UTRAN RNSAP Specification | Rel-19 |
| TS 25.824 v800 | HSPA Evolution for 1.28Mcps TDD Study | Rel-8 |
| TR 25.912 vj00 | Evolved UTRA and UTRAN Technical Report | Rel-19 |
| TS 25.913 v900 | Evolved UTRA and UTRAN Requirements | Rel-9 |
| TR 25.931 vj00 | UTRAN Signalling Procedures Examples | Rel-19 |
| TS 26.247 vj00 | 3GPP Progressive Download & DASH over HTTP | Rel-19 |
| TS 26.802 vj20 | Multicast Enhancements for 5G Media Streaming | Rel-19 |
| TS 26.891 vg00 | Media Distribution Services in 5G System | Rel-16 |
| TS 29.273 vj10 | AAA Protocols for Non-3GPP Access in EPS & 5GS NSWO | Rel-19 |
| TS 29.292 vj00 | IMS Centralized Services (ICS) Interworking | Rel-19 |
| TS 29.503 vj50 | UDM Service Based Interface Stage 3 | Rel-19 |
| TS 31.121 vi50 | UICC-terminal interface test specification | Rel-18 |
| TS 32.808 v1800 | Common User Profile Storage Framework | Rel-8 |
| TS 33.127 vj50 | Lawful Interception Architecture and Functions | Rel-19 |
| TS 33.401 vj10 | EPS Security Architecture | Rel-19 |
| TS 33.501 vk00 | 5G Security Architecture and Procedures | Rel-20 |
| TS 33.820 v1830 | Home NodeB/eNodeB Security Architecture | Rel-8 |
| TS 33.821 v900 | LTE/SAE Security Threat Analysis and Countermeasures | Rel-9 |
| TS 33.835 vg10 | Study on authentication and key management for apps | Rel-16 |
| TR 33.841 vg10 | Security aspects; Study on 256-bit algorithms for 5G | Rel-16 |
| TS 33.856 vg10 | Security for 5G to 3G Voice Continuity | Rel-16 |
| TS 33.859 vb10 | UTRAN Key Hierarchy Enhancement Study | Rel-11 |
| TR 33.938 vj10 | 3GPP Cryptographic Inventory for 5G | Rel-19 |
| TS 36.300 vj00 | E-UTRAN Radio Interface Protocol Architecture Overview | Rel-19 |
| TS 36.302 vj00 | E-UTRA Physical Layer Services | Rel-19 |
| TS 36.304 vj00 | UE Idle Mode Procedures in E-UTRA | Rel-19 |
| TS 36.331 vj00 | LTE RRC Protocol Specification | Rel-19 |
| TS 36.401 vj00 | E-UTRAN Overall Architecture Description | Rel-19 |
| TS 36.413 vj10 | S1 Application Protocol (S1AP) | Rel-19 |
| TS 36.444 vj00 | M3AP Protocol Specification for M3 Interface | Rel-19 |
| TS 36.938 v900 | E-UTRAN to 3GPP2/Mobile WiMAX Mobility | Rel-9 |
| TR 36.976 vj00 | LTE-based 5G Terrestrial Broadcast Overview | Rel-19 |
| TS 38.304 vj00 | UE RRC_IDLE and RRC_INACTIVE Procedures | Rel-19 |
| TS 38.401 vj10 | NG-RAN Architecture Specification | Rel-19 |
| TR 38.882 vi00 | Technical Report on UE Location Service | Rel-18 |
| TS 43.051 vj00 | GERAN Stage 2 Service Description | Rel-19 |
| TS 43.318 vj00 | Generic Access Network (GAN) Stage 2 | Rel-19 |
| TR 43.901 vj00 | Generic Access to A/Gb Interface Feasibility Study | Rel-19 |
| TR 43.902 vj00 | GAN Enhancements Feasibility Study | Rel-19 |
| TS 44.060 vj00 | GERAN RLC/MAC Protocol Specification | Rel-19 |
| TS 44.160 vg00 | GERAN Iu Mode RLC/MAC Protocol Specification | Rel-16 |
| TS 44.318 vj00 | Generic Access Network (GAN) Interface Procedures | Rel-19 |