Description
The NR Encryption Algorithm (NEA) is a suite of cryptographic algorithms specified by 3GPP for providing confidentiality protection in 5G systems. It is applied within the Packet Data Convergence Protocol (PDCP) layer for the user plane and the Radio Resource Control (RRC) layer for the control plane over the NR air interface (Uu). The NEA algorithms encrypt the data and signaling payloads before transmission, rendering them unintelligible to unauthorized parties. The specific algorithm to be used is negotiated during the initial security setup between the User Equipment (UE) and the network (specifically, the gNB and the Authentication Server Function - AUSF). The 3GPP specification 33.501 defines the security architecture and mandates the support for specific algorithm sets. The primary algorithm for 5G is the 128-bit NEA0, which is essentially the null encryption algorithm (used for testing or when no encryption is required), and the 128-bit and 256-bit variants of the AES-based algorithm in CTR mode, known as NEA1 and NEA2. NEA1 corresponds to SNOW 3G, and NEA2 corresponds to AES-CTR. A new algorithm, NEA3 (based on ZUC), is also specified. The gNB and the UE derive the same encryption key (K_{RRCenc} for control plane, K_{UPenc} for user plane) from the anchor key K_{gNB}. This key, along with other inputs like the bearer identity, direction, and a count value, is used by the selected NEA to generate a keystream for encryption/decryption. The integrity of the data is protected separately by the NR Integrity Algorithm (NIA). The use of strong, standardized encryption algorithms is fundamental to maintaining user privacy and network security in the 5G era.
Purpose & Motivation
The NEA suite exists to provide robust, standardized confidentiality protection for 5G communications, addressing the critical need for privacy in an increasingly connected world. It solves the problem of securing massive volumes of sensitive user data and network signaling transmitted over wireless links, which are inherently vulnerable to interception. The creation of a dedicated algorithm suite for 5G was motivated by the need for enhanced cryptographic strength compared to previous generations (like the EEAs in LTE), aligning with evolving security threats and regulatory requirements. It also ensures global interoperability by defining a common set of algorithms that all compliant UEs and networks must support. Historically, encryption in 3GPP systems evolved from the A5 algorithms in GSM (which were weak) to the stronger SNOW 3G and AES-based algorithms in 3G and 4G. The 5G NEA suite builds upon this, introducing support for 256-bit keys (for NEA2) and the ZUC cipher (NEA3), offering a portfolio of algorithms to cater to different regulatory environments and security assurance levels, thereby future-proofing the network against advances in cryptanalysis.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (17 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.
In Release 15, the NEA (NR Encryption Algorithm) function was newly introduced, defining a mandatory set of ciphering algorithms (NEA0, 128-NEA1, 128-NEA2) and an optional one (128-NEA3) for protecting user plane, RRC, and NAS signalling. The release also specified related procedures for algorithm selection, security mode command, and handling during N2 handovers and RRC reestablishment. Furthermore, it established requirements for key lengths and introduced considerations for subscriber privacy and algorithm negotiation for unauthenticated UEs.
- CR for Clause Security algorithm selection, key establishment and security mode command procedure TS 33.501CR0053
- Clarifications to Annex D.3 Integrity algorithms TS 33.501CR0217
- Clause 6.7.3.2 - Modification on algorithm selection during N2 handover TS 33.501CR0239
- Correct the encryption key in confidentiality clause TS 33.501CR0259
- Deletion of Editor Note in Annex D.2.1 Ciphering algorithm TS 33.501CR0260
- Algorithm Negotiation for Unauthenticated UEs in LSM TS 33.501CR0270
+ 5 more changes
In Release 17, the updates for the NEA function primarily involved enhancing the security policy alignment and data format consistency for encryption. Specifically, changes were made to resolve an encryption policy mismatch between SEPPs (Security Edge Protection Proxies) on the N32 interface. Furthermore, the JSON format for transporting encryption information elements was aligned with other Release 17 work, ensuring a unified format for the confidentiality protection of attributes like Authentication Vectors and cryptographic material.
In Release 18, the NEA function was updated with clarifications regarding its application policy for specific data-types and the explicit use of NULL encryption. These refinements precisely defined the scope of mandatory confidentiality protection for certain attributes, like Authentication Vectors, while providing clear operational guidance for the NEA0 NULL encryption algorithm.
In Release 19, the enhancements for the NR Encryption Algorithm (NEA) function focused on improving the reliability of algorithm selection. Specifically, the work ensured that the AMF selects a NAS encryption algorithm that is actually supported by the UE, preventing potential incompatibility. Additionally, clarifications were made to the text governing Access Stratum (AS) algorithm selection to remove ambiguity.
Explore further
Broader topics and technologies where NEA plays a role.
Defining Specifications
3GPP specifications that define or reference NEA, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 33.501 vk00 | 5G Security Architecture and Procedures | Rel-20 |