Description
The Serving Network Name (SNN) is a critical identifier in the 5G System (5GS) defined in 3GPP Release 15 and beyond. It serves as a human-readable and machine-processable name for the network currently serving a User Equipment (UE). The primary purpose of the SNN is to provide an unambiguous identifier for the serving network during authentication and security key derivation procedures, ensuring that security contexts are bound to the correct network.
Architecturally, the SNN is constructed and used by the core network, specifically the Authentication Server Function (AUSF) and the UE. It is derived from the core network identifiers. For a public network, the SNN is typically constructed as "5G:mnc<MNC>.mcc<MCC>.3gppnetwork.org", where MNC and MCC are the Mobile Network Code and Mobile Country Code from the PLMN ID. For a Non-Public Network (NPN), the SNN may additionally include a Network Identifier (NID), formatted as "5G:mnc<MNC>.mcc<MCC>.nid<NID>.3gppnetwork.org". This structure ensures global uniqueness.
During the 5G Authentication and Key Agreement (5G-AKA) or Extensible Authentication Protocol (EAP)-based procedures, the SNN is sent from the network to the UE. The UE and the AUSF both use this SNN as an input parameter (along with other values like the Subscription Permanent Identifier (SUPI)) into the key derivation functions. This binds the generated security keys (like K_AUSF, K_SEAF) specifically to this serving network name. This mechanism prevents key reuse across different networks and enhances security, particularly in scenarios involving network slicing or roaming, by ensuring a cryptographic separation between different serving network contexts.
Purpose & Motivation
The SNN was introduced with 5G in Release 15 to address specific security and identification requirements that were not fully met by previous mechanisms like the Serving Network (SN) identity used in EPS. In 4G EPS, the network identity was implicitly derived from the PLMN ID but wasn't always explicitly and consistently formatted as a named parameter in all security procedures. 5G's enhanced security architecture demanded a more robust and explicit method.
Its creation was motivated by the need for stronger network authentication, support for new network deployment models like Non-Public Networks (NPNs), and the foundational requirements for network slicing. By having a standardized, structured name, the 5G system can more securely anchor the authentication process. It solves the problem of ensuring that the keys generated during authentication are uniquely tied to the specific network (or network slice instance) the UE is accessing, which is crucial for preventing security context confusion, especially in complex multi-operator, multi-slice, or private network environments.
Key Features
- Uniquely identifies the serving public land mobile network or non-public network
- Structured string format based on PLMN ID (MCC, MNC) and optional NID
- Mandatory parameter in 5G authentication and key agreement procedures
- Used as an input for 5G security anchor key (K_AUSF) derivation
- Supports identification of Network Slicing and Non-Public Networks (NPN)
- Enables cryptographic separation of security contexts between different networks
Evolution Across Releases
Introduced the Serving Network Name (SNN) as a fundamental component of the new 5G security architecture. Defined its construction from the PLMN ID for public networks and established its critical role as an input parameter in the 5G-AKA and EAP-AKA' authentication procedures for key derivation, providing explicit network binding for security keys.
Defining Specifications
| Specification | Title |
|---|---|
| TS 24.501 | 3GPP TS 24.501 |
| TS 24.890 | 3GPP TS 24.890 |