Traffic Encryption Key

Description

The Traffic Encryption Key (TEK) is a symmetric cipher key derived during the authentication and key agreement (AKA) procedure between the User Equipment (UE) and the network. It is used by the encryption algorithm (e.g., AES, SNOW 3G, ZUC) to provide confidentiality protection for data transmitted over the radio interface. The TEK is not used directly but serves as the base from which actual encryption keystreams are generated. In 3GPP systems, the TEK is part of a hierarchy of keys. For EPS (LTE), the top-level key is the K_ASME derived from the CK and IK during AKA. From K_ASME, the MME derives the KeNB key. From KeNB, the eNodeB derives the K_UPenc key, which is the TEK for the user plane, and the K_RRCenc key for RRC signaling encryption. The derivation uses specific algorithm identity inputs to ensure key separation.

For the control plane, the encryption key for NAS signaling (K_NASenc) is derived from K_ASME by the MME and the UE. The process ensures that different keys are used for different protection scopes (user plane vs. control plane, access stratum vs. non-access stratum) and different cryptographic algorithms, preventing compromise in one area from affecting others. The TEK is dynamically generated for each session and can be updated during intra-cell handovers or through security mode command procedures without requiring a full re-authentication, a feature known as key forward security.

In 5G systems (based on 5G AKA or EAP-AKA'), the key hierarchy is enhanced but follows a similar principle. The anchor key is the K_AMF. From it, the SEAF derives the K_gNB. The gNB then derives the user plane encryption key (K_UPenc) and the RRC encryption key (K_RRCenc). The 5G security architecture also introduces the concept of cryptographic network separation, where the K_AMF can be further derived into keys specific to a network slice, ensuring slice isolation. The TEK (K_UPenc) is used within the PDCP layer in both LTE and NR to perform encryption on the user plane data before it is transmitted over the air, ensuring that user data cannot be eavesdropped.

Purpose & Motivation

The TEK exists to provide confidentiality, a fundamental security service that prevents unauthorized disclosure of information. In mobile networks, the radio interface is particularly vulnerable to eavesdropping. Without encryption, all user data (web browsing, messages, voice packets) and sensitive signaling messages would be transmitted in the clear, exposing users to privacy breaches and the network to various attacks. The motivation for a dedicated TEK, separate from integrity keys, stems from cryptographic best practices known as key separation. Using different keys for different functions (confidentiality vs. integrity) limits the impact of a potential key compromise.

Historically, earlier cellular systems had weaker or optional encryption. The creation of a robust, mandatory key hierarchy with the TEK in 3GPP UMTS and its evolution in EPS and 5G NR was driven by increasing demands for user privacy, the rise of data services carrying sensitive information (e.g., banking, email), and regulatory requirements. The TEK-based encryption addresses the limitation of static or poorly derived keys by ensuring keys are session-specific, derived from fresh authentication vectors, and can be re-keyed during the session to maintain forward security, meaning past communications remain secure even if a current key is compromised.

Key Features

• Symmetric key derived from the authentication and key agreement (AKA) process
• Used specifically for confidentiality protection (encryption) of user or control plane traffic
• Part of a key hierarchy ensuring separation between integrity and encryption keys
• Dynamically generated per session and can be updated during mobility events
• Algorithm-dependent derivation supports multiple ciphering algorithms (e.g., 128-EEA1, 128-EEA2, 128-EEA3)
• Applied at the PDCP layer for over-the-air protection in LTE and NR

Evolution Across Releases

Defining Specifications