NIST

National Institute of Standards and Technology

Other
Introduced in Rel-12
A non-regulatory agency of the United States Department of Commerce, NIST develops and promotes measurement standards and technology. In 3GPP context, its P256 elliptic curve is referenced as a cryptographic standard for secure authentication and key agreement in 5G networks.

Description

Within the 3GPP standards, the National Institute of Standards and Technology (NIST) is referenced as the source for specific cryptographic standards and algorithms used to ensure network security. Most notably, the NIST-defined elliptic curve P-256 (also known as secp256r1 or prime256v1) is adopted as a standard cryptographic primitive. This curve is utilized in the 5G Authentication and Key Agreement (5G AKA) protocol and the EAP-AKA' authentication framework for generating keying material and providing mutual authentication between the User Equipment (UE) and the network.

The technical integration involves using the P-256 elliptic curve for Elliptic Curve Cryptography (ECC) operations. In 5G, the home network's Authentication Server Function (AUSF) and the UE both use a shared long-term secret key (K) stored on the Universal Subscriber Identity Module (USIM) and in the Authentication Credential Repository and Processing Function (ARPF) within the home network. During primary authentication, this shared secret is used in conjunction with ECC based on the NIST P-256 curve to generate session keys and provide cryptographic proof of identity. The use of a standardized, well-vetted curve like P-256 ensures a strong foundation for the secrecy and integrity of subsequent communications.

The role of NIST standards in 3GPP is to provide a trusted, publicly available, and rigorously evaluated set of cryptographic algorithms. This is critical for interoperability and global security assurance. By referencing NIST standards, 3GPP avoids designing its own proprietary cryptography, which could introduce vulnerabilities. Instead, it leverages algorithms that have undergone extensive public scrutiny by the global cryptographic community. The specific document referenced, 3GPP TS 35.934, details the implementation and use of these NIST-approved elliptic curves within the 3GPP security architecture.

Beyond the P-256 curve, NIST's broader role in defining standards for cryptographic hash functions (like SHA-256), random number generation, and other security guidelines indirectly influences the design of 3GPP security protocols. The reliance on such established standards is a fundamental principle in 3GPP security, ensuring that the mobile ecosystem benefits from state-of-the-art, internationally recognized cryptographic protection.

Purpose & Motivation

The inclusion of NIST standards in 3GPP specifications serves the critical purpose of providing a robust, verifiable, and interoperable cryptographic foundation for mobile network security. Cryptography is the bedrock of secure communication, protecting user privacy, network integrity, and operator assets. Designing proprietary, unproven cryptographic algorithms carries immense risk, as hidden flaws can lead to catastrophic security breaches. By adopting well-established standards from a reputable body like NIST, 3GPP ensures that the security mechanisms in billions of devices have undergone rigorous peer review and are resistant to known attacks.

The historical context is that earlier mobile generations (2G, 3G) used operator-specific or less transparent cryptographic algorithms, which faced various criticisms and vulnerabilities over time. For 5G, 3GPP placed a strong emphasis on enhanced security, including algorithm agility and transparency. Referencing NIST's publicly available standards aligns with this goal. It allows for independent verification of implementations, fosters global acceptance (as NIST standards are widely adopted), and facilitates compliance with various national and international security regulations.

Specifically, the choice of the NIST P-256 elliptic curve addresses the need for efficient and strong public-key cryptography. Elliptic curve cryptography offers equivalent security to traditional RSA with much smaller key sizes, which is crucial for resource-constrained devices and for reducing signaling overhead. The P-256 curve provides a 128-bit security level, which is considered secure against current computational threats. Its standardization by NIST makes it a safe, efficient, and globally recognized choice for the authentication and key agreement procedures that protect every 5G connection.

Key Features

  • Provides the standardized NIST P-256 (secp256r1) elliptic curve for 5G cryptography
  • Enables strong mutual authentication between UE and network in 5G AKA
  • Supports generation of secure session keys for confidentiality and integrity protection
  • Ensures algorithm transparency and public scrutiny through NIST publication
  • Promotes global interoperability for security implementations
  • Offers efficient cryptography with smaller key sizes compared to traditional RSA

Evolution Across Releases

Rel-12 Initial

Initially referenced NIST standards, particularly the P-256 elliptic curve, within the 3GPP security specification TS 35.934. This established the use of NIST-approved cryptography as a basis for future authentication and key management enhancements, providing a foundation for stronger algorithm security.

TS 35.934
Rel-13

Maintained and reinforced the use of NIST cryptographic primitives as part of ongoing security maintenance and the development of new features like IoT security, ensuring consistency in cryptographic foundations across different service types.

TS 35.934
Rel-14

Continued reliance on NIST standards for core cryptographic functions as the network evolved, ensuring backward compatibility and a stable security base for newly introduced services and network functions.

TS 35.934
Rel-15

Crucially adopted the NIST P-256 curve as a fundamental component of the new 5G Authentication and Key Agreement (5G AKA) protocol and the EAP-AKA' framework. This embedded the standardized curve into the heart of 5G primary authentication and key derivation.

TS 35.934
Rel-16

Extended the use of NIST-based cryptography into new 5G security domains, such as enhanced network slicing security and integrated access and backhaul (IAB), relying on the established P-256 curve for trust anchors and key generation.

TS 35.934
Rel-17

Further applied NIST cryptographic standards in the context of new verticals (e.g., industrial IoT, vehicle-to-everything) requiring high-security assurance, leveraging the well-understood security properties of the referenced algorithms.

TS 35.934
Rel-18

Continued to reference NIST standards as the cryptographic baseline for 5G-Advanced security features, ensuring ongoing resistance against evolving computational threats and quantum computing concerns through the use of strong, standardized elliptic curve cryptography.

TS 35.934
Rel-19

Maintains NIST standards as a core part of the 3GPP security architecture, with potential updates or additions referencing new NIST recommendations (e.g., post-quantum cryptography algorithms) as they become standardized and relevant for future network security.

TS 35.934

Defining Specifications

SpecificationTitle
TS 35.934 3GPP TR 35.934