Description
The NR Encryption Algorithm (NEA) is a suite of cryptographic algorithms specified by 3GPP for providing confidentiality protection in 5G systems. It is applied within the Packet Data Convergence Protocol (PDCP) layer for the user plane and the Radio Resource Control (RRC) layer for the control plane over the NR air interface (Uu). The NEA algorithms encrypt the data and signaling payloads before transmission, rendering them unintelligible to unauthorized parties. The specific algorithm to be used is negotiated during the initial security setup between the User Equipment (UE) and the network (specifically, the gNB and the Authentication Server Function - AUSF). The 3GPP specification 33.501 defines the security architecture and mandates the support for specific algorithm sets. The primary algorithm for 5G is the 128-bit NEA0, which is essentially the null encryption algorithm (used for testing or when no encryption is required), and the 128-bit and 256-bit variants of the AES-based algorithm in CTR mode, known as NEA1 and NEA2. NEA1 corresponds to SNOW 3G, and NEA2 corresponds to AES-CTR. A new algorithm, NEA3 (based on ZUC), is also specified. The gNB and the UE derive the same encryption key (K_{RRCenc} for control plane, K_{UPenc} for user plane) from the anchor key K_{gNB}. This key, along with other inputs like the bearer identity, direction, and a count value, is used by the selected NEA to generate a keystream for encryption/decryption. The integrity of the data is protected separately by the NR Integrity Algorithm (NIA). The use of strong, standardized encryption algorithms is fundamental to maintaining user privacy and network security in the 5G era.
Purpose & Motivation
The NEA suite exists to provide robust, standardized confidentiality protection for 5G communications, addressing the critical need for privacy in an increasingly connected world. It solves the problem of securing massive volumes of sensitive user data and network signaling transmitted over wireless links, which are inherently vulnerable to interception. The creation of a dedicated algorithm suite for 5G was motivated by the need for enhanced cryptographic strength compared to previous generations (like the EEAs in LTE), aligning with evolving security threats and regulatory requirements. It also ensures global interoperability by defining a common set of algorithms that all compliant UEs and networks must support. Historically, encryption in 3GPP systems evolved from the A5 algorithms in GSM (which were weak) to the stronger SNOW 3G and AES-based algorithms in 3G and 4G. The 5G NEA suite builds upon this, introducing support for 256-bit keys (for NEA2) and the ZUC cipher (NEA3), offering a portfolio of algorithms to cater to different regulatory environments and security assurance levels, thereby future-proofing the network against advances in cryptanalysis.
Key Features
- Provides confidentiality for user plane (UP) data and control plane (RRC) signaling
- Defined as a suite of algorithms including NEA0 (null), NEA1 (SNOW 3G), NEA2 (AES-CTR), and NEA3 (ZUC)
- Operates within the PDCP layer in the radio protocol stack
- Uses keys derived from the 5G Authentication and Key Agreement (5G-AKA) or EAP-AKA' procedures
- Supports 128-bit and 256-bit key lengths for enhanced security
- Algorithm selection is negotiated between UE and network during security mode command
Evolution Across Releases
Introduced the NEA algorithm suite as part of the foundational 5G security architecture in TS 33.501. Defined the mandatory support for NEA0 and NEA2 (128-bit AES), and specified NEA1 (SNOW 3G) and NEA3 (ZUC) as optional algorithms, establishing the framework for encryption in the NR PDCP layer.
Defining Specifications
| Specification | Title |
|---|---|
| TS 33.501 | 3GPP TR 33.501 |