Secure Hash Algorithm 2

Description

SHA-2 is a suite of cryptographic hash functions, including SHA-224, SHA-256, SHA-384, and SHA-512, defined by the National Institute of Standards and Technology (NIST) in FIPS PUB 180-4. Within the 3GPP architecture, SHA-2 is not a standalone protocol but a fundamental cryptographic primitive integrated into various security mechanisms. It operates by taking an input message of arbitrary length and processing it through a compression function based on the Merkle-Damgård construction (for most variants) or a dedicated structure for SHA-512/224 and SHA-512/256, producing a fixed-length hash value (digest). This deterministic process ensures that any alteration to the input data results in a completely different hash, enabling integrity verification.

The algorithm's internal structure involves message padding, parsing into blocks, and iterative processing through a series of logical functions (Ch, Maj, Σ, σ) and constant words. For instance, SHA-256 processes 512-bit message blocks using a 256-bit intermediate hash value updated over 64 rounds. In 3GPP systems, SHA-256 is particularly significant. It is employed in the Authentication and Key Agreement (AKA) procedures for generating cryptographic keys, in the integrity protection algorithms (like 128-EIA3) for signaling messages, and in certificate-based security for network functions. The hash function's one-way property and collision resistance are essential for proving data authenticity without revealing the original information.

Integration into 3GPP specifications, such as TS 35.934, involves defining the specific hash variants and their application contexts within the Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) security architecture. For 5G, SHA-256 is a mandatory component of the 5G AKA and the primary choice for integrity protection in the PDCP layer. The algorithm's computational efficiency and proven security make it suitable for the constrained processing environments of user equipment and network nodes, ensuring robust protection against forgery and tampering across all radio access and core network interfaces.

Purpose & Motivation

SHA-2 was introduced into 3GPP standards to replace the older MD5 and SHA-1 hash functions, which were becoming vulnerable to practical collision attacks. The primary motivation was to strengthen the cryptographic foundations of mobile network security as computational power increased and cryptographic attacks advanced. SHA-1, previously used in some early 3GPP security contexts, was shown to have theoretical weaknesses that could compromise the integrity of authentication and key agreement protocols.

By adopting the NIST-standardized SHA-2 family, 3GPP ensured alignment with global cryptographic best practices and provided a long-term, robust solution for data integrity and source authentication. This was particularly important for the evolution towards LTE and 5G, where new services and network architectures demanded higher security assurances. SHA-2 addresses the limitation of its predecessors by offering larger hash sizes (e.g., 256-bit) and a more secure internal structure, effectively mitigating known attack vectors like length extension and collision finding. Its implementation supports the growing need for secure network slicing, IoT device authentication, and protection of user plane data in an increasingly interconnected ecosystem.

Key Features

• Family of hash functions (SHA-224, SHA-256, SHA-384, SHA-512)
• Based on Merkle-Damgård construction with Davies-Meyer compression
• Produces fixed-length digests (e.g., 256 bits for SHA-256)
• Provides collision resistance and pre-image resistance
• Used for integrity protection (e.g., in 128-EIA3) and key derivation
• Standardized by NIST in FIPS 180-4 and adopted in 3GPP TS 35.934

Evolution Across Releases

Defining Specifications