UPU

UE Parameters Update

Security
Introduced in Rel-15
A security procedure in 5G where the network (AUSF/UDM) updates sensitive authentication parameters stored in the UE's Universal Subscriber Identity Module (USIM). It is triggered when network security policies change or credentials are compromised, ensuring long-term key freshness and mitigating key overuse.

Description

The UE Parameters Update (UPU) is a critical security maintenance procedure defined in the 5G System (5GS). Its primary function is to allow the network's authentication server function (AUSF), in conjunction with the Unified Data Management (UDM), to proactively and securely update the authentication credentials stored within a UE's USIM application. The key parameters subject to update are the long-term secret key (K) and the associated sequence number (SQN) used in the 5G Authentication and Key Agreement (5G-AKA) and Extensible Authentication Protocol (EAP)-AKA' protocols. The procedure is architecturally centered on the AUSF, which generates the new cryptographic material, and the UDM, which stores the subscriber's authentication credentials.

The UPU procedure is initiated by the AUSF/UDM, typically based on operator security policies—such as periodic key rotation, detection of potential credential compromise, or a change in cryptographic algorithms. The network sends a UPU message to the UE, transported securely via the serving AMF over the N1 reference point. This message contains the new authentication parameters (the new key K_new and SQN) encrypted and integrity-protected using security keys derived from the *current* credentials shared between the USIM and the UDM. This ensures that only the legitimate UE can decrypt and process the update. Crucially, the message includes a MAC (Message Authentication Code) that the UE verifies.

Upon receipt, the UE's USIM verifies the MAC. If valid, it replaces the old key (K) and SQN with the new values. The USIM then sends a confirmation back to the network. This entire transaction occurs transparently to the user and the UE's main processor, as it is handled within the secure environment of the USIM. Specifications 29.509 and 29.573 detail the service-based interfaces (Nausf_UEAuthentication, Nudm_UEAuthentication) used for this process, while 33.701 covers the security architecture and procedures. The UPU mechanism ensures that the fundamental root of trust for network access can be renewed without requiring physical SIM replacement, thereby maintaining the long-term security integrity of the subscriber identity.

Purpose & Motivation

UPU was introduced in 5G Release 15 to address a significant security limitation in previous cellular generations: the static nature of the long-term secret key (K) stored on the SIM/USIM. In 2G, 3G, and 4G, this key was typically provisioned once and never changed throughout the subscription's lifetime unless the physical SIM card was replaced. This static nature created risks, including the potential for key compromise through cryptographic attacks over time (key wear-out) and the inability to efficiently respond if a key was suspected to be breached.

The creation of UPU solves these problems by enabling remote, over-the-air rekeying of this foundational secret. This is motivated by the need for stronger, proactive security in 5G, which supports critical infrastructure and services. UPU allows operators to enforce key rotation policies, mitigating the risk of attacks that exploit long-term key usage. It also provides an efficient remediation path if a particular key generation algorithm is found to be weak or if a specific batch of credentials is potentially compromised, without the logistical and customer experience nightmare of mass SIM card replacement. It represents a shift towards dynamic, manageable security lifecycle for subscriber credentials.

Key Features

  • Securely updates the long-term secret key (K) and sequence number (SQN) in the USIM over-the-air.
  • Initiated by the network (AUSF/UDM) based on security policy or threat response.
  • Uses current credentials to cryptographically protect the update message, ensuring only the legitimate UE can apply it.
  • Execution is confined within the secure USIM environment, transparent to the UE's OS.
  • Provides a confirmation mechanism to ensure the update was successfully applied.
  • Integrates with the 5G service-based architecture via AUSF and UDM service interfaces.

Evolution Across Releases

Rel-15 Initial

Introduced as a new security feature for the 5G System. Defined the complete procedure for updating USIM parameters (K, SQN), including the generation of new material by the AUSF, secure delivery via the AMF, and verification/application by the USIM. Established the necessary service operations on Nausf and Nudm interfaces.

TS 29.509TS 29.573TS 33.701

Defining Specifications

SpecificationTitle
TS 29.509 3GPP TS 29.509
TS 29.573 3GPP TS 29.573
TS 33.701 3GPP TR 33.701