NSCI

New Security Context Indicator

Security
Introduced in Rel-15
A flag used in NGAP (Next Generation Application Protocol) signaling to indicate that a new security context has been established for a UE. It triggers the RAN node to apply fresh cryptographic keys, enhancing protection against replay attacks during handovers and connection resumptions.

Description

The New Security Context Indicator (NSCI) is a critical security parameter within the 3GPP NG Application Protocol (NGAP), which is the signaling protocol between the 5G Core Network's Access and Mobility Management Function (AMF) and the Next Generation Radio Access Network (NG-RAN) node (gNB). It is a simple Boolean indicator (a single bit) included in specific NGAP messages, most notably the INITIAL CONTEXT SETUP REQUEST and the PATH SWITCH REQUEST ACKNOWLEDGE messages. Its primary function is to signal to the gNB that the core network has established a completely new security context for the User Equipment (UE) in question. A 'new security context' means that the core network (AMF and the Authentication Server Function, AUSF) has performed a fresh primary authentication and key agreement procedure with the UE, resulting in the generation of a new set of cryptographic keys distinct from any previously used keys.

Upon receiving an NGAP message with the NSCI set to 'true', the gNB understands that it must derive and apply a new set of access stratum (AS) security keys for that UE. These AS keys, namely the KgNB (the base key for the gNB) and the subsequent derived keys for integrity protection (KRRCint) and confidentiality (KRRCenc, KUPenc), are calculated using the new anchor key from the core network (the KAUSF or derived KAMF) and fresh nonces. This process is crucial because it ensures cryptographic separation between different security sessions. If the NSCI is set to 'false', the gNB may derive new keys based on the existing key context, typically using a key derivation function with fresh input parameters (like the Next Hop (NH) parameter), which is common during intra-AMF handovers.

The role of NSCI is fundamental in mitigating security threats, particularly replay attacks. During inter-AMF handovers or after a service request procedure following an idle mode, if the core network decides that a full re-authentication is necessary (e.g., due to security policy, timer expiry, or suspected compromise), it establishes a new security context. By explicitly indicating this to the RAN via NSCI, the system guarantees that old cryptographic material cannot be reused, even if an attacker captured previous signaling messages. This mechanism is a key part of 5G's forward security, ensuring that the compromise of a single session key does not affect the security of future sessions. The gNB's processing of the NSCI is mandatory and tightly integrated with the 5G security architecture defined in TS 33.501.

Purpose & Motivation

The NSCI was introduced in 5G (Release 15) to provide an explicit and reliable signaling mechanism for security context freshness, addressing limitations and ambiguities present in previous generations like LTE. In LTE, the indication of a new security context was implicit or tied to specific procedures, which could lead to implementation ambiguities and potential security vulnerabilities. For instance, during certain handover scenarios, it might not have been unequivocally clear to the eNB whether it should use a freshly derived key or a key derived from previous material. This ambiguity could be exploited in sophisticated attacks.

The core problem NSCI solves is ensuring synchronized security state between the core network and the RAN. The core network (AMF/AUSF) is the ultimate authority on UE authentication and key generation. When it decides to refresh the security context, the RAN must be unequivocally informed to discard any old keying material and start using new keys. The NSCI provides this clear, in-band signal within the standard NGAP signaling. This is especially important for 5G's enhanced mobility scenarios, including inter-system handovers and connections to non-3GPP access, where the security context might need to be re-established more frequently. Its creation was motivated by the need for stronger, more explicit, and future-proof security signaling to support the diverse and demanding use cases of 5G, including massive IoT and ultra-reliable communications, where security robustness is paramount.

Key Features

  • Boolean indicator within critical NGAP messages (e.g., INITIAL CONTEXT SETUP REQUEST).
  • Explicitly signals the establishment of a completely new security context from the core network to the RAN.
  • Triggers the derivation and application of a fresh set of Access Stratum (AS) cryptographic keys (KgNB) in the gNB.
  • Essential for enforcing security policies that mandate periodic re-authentication.
  • Mitigates replay attacks by ensuring old keys are not reused after a security context refresh.
  • Supports robust security during inter-AMF handovers and service request procedures after idle mode.

Evolution Across Releases

Rel-15 Initial

Initial definition and introduction of the NSCI parameter within the NGAP protocol (TS 38.413). Specified its inclusion in key messages like INITIAL CONTEXT SETUP REQUEST to unambiguously inform the gNB when a new security context, derived from a fresh primary authentication, is available.

TS 38.413

Defining Specifications

SpecificationTitle
TS 38.413 3GPP TR 38.413