SQN (Sequence Number) — 3GPP Glossary

SQN (Sequence Number) is a security parameter in 3GPP authentication and key agreement (AKA) protocols, used to ensure freshness and prevent replay attacks. It is generated by the network and verified by the UE, playing a critical role in mutual authentication and key derivation for secure communication in mobile networks from 2G to 5G.

Description

The Sequence Number (SQN) is a fundamental security element in 3GPP systems, defined across multiple specifications such as 33.102 and 33.401, as part of the Authentication and Key Agreement (AKA) protocol. SQN is a counter or nonce value generated by the network's authentication center (AuC) or home subscriber server (HSS) to ensure the freshness of authentication vectors and prevent replay attacks. During the authentication process, SQN is included in the authentication token (AUTN) sent to the User Equipment (UE), which then verifies it against locally stored values to confirm that the authentication request is current and not a duplicate. This mechanism is essential for mutual authentication, where both the network and UE validate each other's legitimacy, and for deriving session keys (e.g., CK, IK) that secure subsequent communications.

Architecturally, SQN operates within the security layer of the core network and UE, interfacing with components like the AuC, HSS, and the UE's universal subscriber identity module (USIM). The SQN is typically a 48-bit value, structured to include sequence information and optionally an index for management. It works by being incremented or updated by the network for each authentication instance, ensuring uniqueness. When the UE receives an AUTN, it extracts the SQN, checks its freshness based on a window of acceptable values, and if valid, proceeds with key derivation. If the SQN is out of sync (e.g., due to network issues or attacks), the UE may trigger resynchronization procedures, as defined in specifications like 33.102, to restore security alignment without compromising service.

In operation, SQN is integral to the AKA process: the network generates an authentication vector containing RAND (random challenge), AUTN (which includes SQN masked with anonymity key AK), XRES (expected response), and session keys. The UE decrypts AUTN to retrieve SQN, verifies it using USIM-stored parameters, and computes a response (RES) for network validation. This ensures that each authentication session is unique and resistant to replay, protecting against eavesdropping and man-in-the-middle attacks. SQN's role extends from 2G (where it was simpler) to 5G, evolving to support enhanced privacy and security features, such as in 5G AKA where SQN handling is refined to address privacy concerns like subscriber traceability.

Purpose & Motivation

SQN was introduced to address security vulnerabilities in early mobile networks, particularly the lack of replay protection in authentication protocols. Prior to SQN, systems like GSM used simple challenge-response mechanisms without sequence tracking, making them susceptible to replay attacks where intercepted authentication messages could be reused to impersonate users. SQN solves this by adding freshness through a sequentially increasing number, ensuring that each authentication attempt is unique and time-sensitive. This enhancement was motivated by the need for stronger mutual authentication as networks evolved from 2G to 3G and beyond, supporting services like mobile banking and IoT that demand higher security.

Historically, SQN was standardized in 3GPP Rel-2 as part of the UMTS AKA protocol, building on lessons from GSM weaknesses. Its creation was driven by the requirement for robust key agreement and privacy in 3G networks, as outlined in specifications like 33.102. Over releases, SQN has been adapted to address new threats, such as in 4G EPS AKA (33.401) where it supports LTE security, and in 5G AKA (33.501) where its structure is optimized to prevent privacy leaks. By ensuring authentication freshness, SQN enables secure mobility, roaming, and service access across generations of mobile technology.

Key Features

Ensures freshness in authentication vectors to prevent replay attacks
48-bit value generated by AuC/HSS and verified by UE USIM
Integral part of AUTN in AKA protocols for mutual authentication
Supports resynchronization procedures to handle out-of-sync scenarios
Evolved across 2G to 5G with enhanced privacy and security refinements
Critical for deriving session keys (CK, IK) and securing communications

Evolution Across Releases

Rel-2 Initial

Introduced SQN as part of UMTS AKA in 3G networks, defining initial 48-bit sequence number for authentication freshness and replay protection. Specifications like 33.102 outlined its generation by AuC and verification by UE, establishing core security mechanisms.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-4

Enhanced SQN handling for multimedia services and early IP multimedia subsystem (IMS) integration, improving security for packet-switched domains.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-5

Extended SQN support for HSDPA and IMS-based services, refining authentication procedures for high-speed data and voice over IP.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-6

Added features for MBMS and WLAN interworking, optimizing SQN management for broadcast and heterogeneous network security.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-7

Improved SQN resynchronization and privacy mechanisms, addressing vulnerabilities in earlier 3G deployments.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-8

Adapted SQN for EPS AKA in LTE, as per 33.401, enhancing sequence number management for 4G security and mobility.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-9

Extended SQN support for HeNB and SON security, ensuring freshness in small cell and self-organizing network authentications.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-10

Enhanced SQN for carrier aggregation and advanced antenna systems, maintaining security in LTE-Advanced networks.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-11

Integrated SQN with MTC and D2D communication security, optimizing for IoT and proximity services.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-12

Further refinements for public safety and critical communications, strengthening SQN-based authentication for emergency scenarios.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-13

Extended SQN features for LTE-Advanced Pro and early 5G preparations, supporting enhanced mobile broadband security.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-14

Adapted SQN for V2X and industrial IoT, ensuring low-latency authentication for connected vehicle and automation use cases.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-15

Evolved SQN for 5G AKA as per 33.501, introducing privacy enhancements like SUPI concealment and improved sequence management for 5G core security.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-16

Enhanced SQN for URLLC and network slicing, supporting secure authentication in ultra-reliable low-latency and sliced network environments.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-17

Extended SQN support for RedCap devices and non-terrestrial networks (NTN), optimizing for IoT and satellite communication security.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-18

Further refinements for AI/ML-integrated security and advanced privacy features, ensuring SQN relevance in next-generation authentication systems.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Rel-19

Continued evolution with quantum-resistant cryptography preparations and enhanced SQN handling for future-proof mobile security.

TS 21.905 TS 24.109 TS 24.229 TS 31.102 TS 31.103 TS 31.900 TS 33.102 TS 33.105 TS 33.401 TS 33.863 TS 35.205 TS 35.909 TS 35.934

Defining Specifications

Specification	Title
TS 21.905	3GPP TS 21.905
TS 24.109	3GPP TS 24.109
TS 24.229	3GPP TS 24.229
TS 31.102	3GPP TR 31.102
TS 31.103	3GPP TR 31.103
TS 31.900	3GPP TR 31.900
TS 33.102	3GPP TR 33.102
TS 33.105	3GPP TR 33.105
TS 33.401	3GPP TR 33.401
TS 33.863	3GPP TR 33.863
TS 35.205	3GPP TR 35.205
TS 35.909	3GPP TR 35.909
TS 35.934	3GPP TR 35.934