USS

User Security Settings

Security →
Introduced in Rel-7 Also in: Security, Core Network, Testing

USS is a subset of the Generic User Security Settings containing a user's security subscription data, which is used for authentication and key agreement to enable secure network access.

Category
Security
Introduced
Rel-7
Where
Services › IMS
Also touches
3 segments
Specifications
30 specs
USS Description Purpose Related Classification Detected Changes Specifications

Description

User Security Settings (USS) is a critical component within the 3GPP security architecture, specifically defined as part of the Generic User Security Settings (GUSS) framework. It represents a collection of security-related subscription parameters associated with a specific user. These settings are stored in the user's home network, typically within the Home Subscriber Server (HSS) or a Unified Data Management (UDM) function in 5G systems. The USS contains essential data required for authentication and key agreement (AKA) procedures, such as the long-term secret key (K), authentication algorithms (e.g., MILENAGE, TUAK), and key derivation parameters. When a user attempts to access the network, the serving network (e.g., VLR, SGSN, MME, AMF) requests authentication vectors from the home network. The home network uses the USS to generate these vectors, which include a random challenge (RAND), an expected response (XRES), a cipher key (CK), an integrity key (IK), and an authentication token (AUTN). The serving network then uses these vectors to challenge the user equipment (UE) and establish secure ciphering and integrity protection keys for the session.

The architecture for USS management involves interfaces between the HSS/UDM and other network functions. In legacy systems, the USS is accessed via the MAP or Diameter-based interfaces (e.g., Cx, S6a, S6d). In 5G, the UDM provides USS data to the Authentication Server Function (AUSF) and the Access and Mobility Management Function (AMF) via the Nudm service-based interface. The USS is not a monolithic block but can be structured to support different authentication methods and services. For instance, it may contain separate settings for 3G/4G AKA and 5G AKA, or for authentication to the IP Multimedia Subsystem (IMS). This modularity allows the network to apply appropriate security mechanisms based on the access technology and requested service.

The role of USS in the network is foundational for subscriber security. It ensures that each user is uniquely authenticated and that subsequent communications are protected. The integrity and confidentiality of the USS data are paramount, as compromise would allow impersonation and eavesdropping. Network functions never receive the long-term secret key (K) itself; instead, they receive derived authentication vectors, following the principle of never exposing the root secret outside the home domain. The USS also supports features like key freshness and sequence number management to prevent replay attacks. Its proper configuration and synchronization across network elements are essential for preventing authentication failures and service disruptions.

Purpose & Motivation

The USS exists to provide a standardized, secure, and manageable repository for user-specific security credentials within 3GPP networks. Prior to its formalization within the GUSS concept, security settings were often tightly coupled with other subscriber data, making it difficult to manage authentication for multiple services (e.g., circuit-switched, packet-switched, IMS) independently. This could lead to inefficiencies and potential security gaps when introducing new authentication methods or services. The USS framework was created to decouple security settings from other subscription data, enabling more flexible and robust security management.

The primary problem it solves is the need for a consistent and reliable source of truth for user authentication parameters across different network domains and generations. It addresses the challenge of supporting heterogeneous access technologies (2G, 3G, 4G, 5G, non-3GPP) and service platforms (IMS, MMTEL) with a unified security data model. By having a dedicated USS, operators can update security algorithms or key materials for a user or a service without affecting other aspects of the subscription. This is crucial for phased rollouts of new security standards (e.g., moving from 4G EPS-AKA to 5G AKA) and for providing service-specific authentication, enhancing overall network security posture.

Historically, as networks evolved from single-service voice to multi-service converged IP networks, the limitations of monolithic subscriber data management became apparent. The creation of USS, particularly as part of GUSS from 3GPP Release 7 onwards, was motivated by the need for a modular, future-proof security substrate. It allows the network to authenticate a user once and then leverage those credentials for access to multiple services (single sign-on concept for network access), improving user experience while maintaining stringent security. It forms the bedrock for secure mobility and service continuity in modern cellular networks.

Classification

Part ofGUSS
Related approachesAKA

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (157 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-7, normative work from Rel-15.

Rel-15 34 changes

In Release 15, the USS (User Security Settings) function was newly introduced to support Unmanned Aerial Vehicle (UAV) operations, enabling the USS/UTM to configure different aerial flight zones with specific UAV application settings and communication QoS policies. The 5G system provides mechanisms for the USS/UTM to supply this policy information to the network and UAV, and to identify these flight zones along a planned route. This enhancement allows the USS/UTM to track UAVs and manage their connectivity, including scenarios where traffic such as command and control or monitoring data is routed over specific PLMN connections based on these configured zone policies.

  • Signalling of UE's additional security capabilities TS 24.301CR2954
  • Security algorithm support for Dual Connectivity TS 24.301CR2960
  • Including UE additional security capability IE in Attach/TAU Request for UE supporting N1 mode TS 24.301CR3069
  • Establishment of a mapped EPS security context during inter-system handover from N1 mode TS 24.301CR3100
  • Alignment and correction of mapped security context creation at S1 to N1 mode HO TS 24.501CR0037
  • Common NAS security transparent container IE for intra-5G HO and S1 to N1 inter-system HO TS 24.501CR0182

+ 28 more changes

Rel-16 30 changes

In Release 16, the USS function was extended to enhance the safety and security of UAV operations, primarily by enabling the 5G system to support USS/UTM-driven flight zone configurations and QoS policies. The system gained mechanisms for the UTM to provide both the network and the UAV with policy information, including application settings and communication QoS, applicable to specific aerial zones. These enhancements allowed for dynamic adaptation of UAV connectivity and traffic management based on geographical flight zone settings controlled by the USS.

  • Authentication and security handling for restricted local operator services TS 24.301CR3162
  • NAS security mode control handling in case of RLOS access TS 24.301CR3218
  • Authentication and security handling for RLOS TS 24.301CR3334
  • Provisioning of DNS server security information to the UE TS 24.301CR3404
  • Security for W-AGF acting on behalf of an FN-RGt TS 24.501CR1278
  • Provisioning of DNS server security information to the UE TS 24.501CR2345

+ 24 more changes

Rel-17 48 changes

In Release 17, the USS function was enhanced with new security procedures and information handling specific to Unmanned Aerial Systems (UAS). Key updates included obtaining UAS security information during UUAA (UAS Uncrewed Aerial System Authentication and Authorization), associating CAA-level UAV IDs to 3GPP UAV IDs within the USS, and using the USS FQDN as a service-level-AA server address. These changes improved the integration of USS/UTM with the 5G system for enhanced control, safety, and security of UAV operations.

  • Unnecessary signalling for providing selected EPS NAS security algorithms to disaster roaming UEs TS 24.501CR3742
  • Adding the SOR security check criterion to the SOR-CMCI TS 24.501CR3702
  • UAS security information obtained during UUAA TS 24.501CR3765
  • Update to NAS security mode command during PC5 link establishment TS 24.501CR3995
  • Introducing the security aspects for MBS TS 24.501CR3951
  • Security updates for algorithms and protocols in 33.220 TS 33.220CR0211

+ 42 more changes

Rel-18 28 changes

In Release 18, the USS (User Security Settings) function was enhanced to support multi-USS deployments, introducing new capabilities for UAE layer registration and procedures for multi-USS configuration and management. This included a dedicated change of USS procedure, with new information elements added to related messages and an API for changing USS. Furthermore, the update enabled USS re-mapping for a UAS and introduced structured data semantics and XML schemas for both multi-USS configurations and the USS change support procedure.

  • Requirements for support for multi-USS deployments TS 23.255CR0026
  • Additions to functional entities on support for multi-USS deployments TS 23.255CR0029
  • Addition of multi-USS capabilities to UAE layer registration TS 23.255CR0030
  • Addition of procedures for multi-USS configuration and support at change of USS TS 23.255CR0031
  • Addition of IEs to messages related with change of USS TS 23.255CR0034
  • Addition of API for change of USS TS 23.255CR0035

+ 22 more changes

Rel-19 17 changes

In Release 19, the USS function was enhanced to support deployment of multiple USS instances serving different geographical areas, which is critical for UAV operations across flight zones. New capabilities include a dedicated NEF service operation for USS interactions, procedures for USS discovery in these multi-USS deployments, and the introduction of a new USS NTZ (No Transmit Zone) policy. Furthermore, the specifications were updated to define how USS addresses are listed and managed within both EPS and 5GS architectures.

  • KI#1.2: Support for multiple USS serving different geographical areas TS 23.256CR0127
  • KI#1.2: Adding a new NEF service operations for USS TS 23.256CR0128
  • USS discovery in multiple USS deployment TS 23.256CR0130
  • New USS NTZ policy TS 24.257CR0053
  • List of USS addresses in EPS TS 24.301CR4114
  • List of USS addresses in 5GS TS 24.501CR6450

+ 11 more changes

Explore further

Broader topics and technologies where USS plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)MEC (Edge Computing)Diameter & RadiusLawful Intercept
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference USS, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TR 22.843 vj20 Study on Uncrewed Aerial Vehicle (UAV) Phase 3 Rel-19
TS 23.255 vj50 UAS Application Layer Support Rel-19
TS 23.256 vj50 UAS Support Architecture Enhancements Rel-19
TS 23.700 vk00 XR Services Application Enablement Layer Rel-20
TR 23.755 vh00 Study on app layer support for UAS Rel-17
TS 24.109 vj00 HTTP Digest AKA & GAA Stage 3 Rel-19
TS 24.257 vj40 UAS Application Enabler (UAE) Layer Rel-19
TS 24.301 vj60 NAS protocol for Evolved Packet System Rel-19
TS 24.501 vj50 5G NAS Protocols Specification Rel-19
TS 27.007 vj40 AT Command Set for UE Rel-19
TS 28.853 vj10 Charging for Uncrewed Aerial Systems Rel-19
TS 29.109 vj00 GAA Bootstrapping Interfaces (Zh, Dz, Zn, Zpn) Rel-19
TS 29.255 vj20 USS Services for UAS in 5G Rel-19
TS 29.256 vj30 UAS-NF Stage 3 Protocol Specification Rel-19
TS 29.257 vj40 Application layer support for Uncrewed Aerial System (UAS) Rel-19
TS 29.274 vj50 GTPv2-C Control Plane Protocol Specification Rel-19
TS 29.309 vj10 Nbsp Service Based Interface for GBA BSF Rel-19
TS 29.502 vj50 5G System; Nsmf Service Based Interface; Stage 3 Rel-19
TS 31.121 vi50 UICC-terminal interface test specification Rel-18
TS 32.808 v1800 Common User Profile Storage Framework Rel-8
TS 33.110 vj00 UICC-Terminal Key Establishment Rel-19
TS 33.220 vj00 Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Rel-19
TS 33.223 vj00 GBA Push Function Specification Rel-19
TS 33.256 vj10 Security for Uncrewed Aerial Systems (UAS) Rel-19
TS 33.259 vj00 Key Establishment between UICC Hosting & Remote Device Rel-19
TR 33.854 vh10 Security aspects of Uncrewed Aerial Systems Rel-17
TR 33.924 vj00 GBA-OpenID Interworking Specification Rel-19
TR 33.980 vj00 GAA & Liberty Alliance Interworking Guidelines Rel-19
TS 38.213 vj10 NR Physical Layer Control Procedures Rel-19
TS 38.523 vj20 5G NR UE Conformance Testing: Idle/Inactive Rel-19