RADEXT WG S. Gundavelli Internet-Draft S. Kishore Intended status: Standards Track M. Grayson Expires: 11 January 2024 O. Pekar Cisco 10 July 2023 RADIUS Attributes for 3GPP 5G AKA Authentication Method draft-gundavelli-radext-5g-auth-00 Abstract This document proposes extensions to the Remote Authentication Dial- In User Service (RADIUS) protocol to support the 3rd Generation Partnership Project (3GPP) 5G Authentication and Key Agreement (5G- AKA) authentication method. The 5G-AKA protocol is a critical authentication method used in 5G networks for mutual authentication and key derivation between user devices and the network. By integrating 5G-AKA into RADIUS, enterprises can leverage existing RADIUS-based authentication infrastructure for authenticating 5G devices. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 11 January 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. Gundavelli, et al. Expires 11 January 2024 [Page 1] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 3 2.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Overview of 5G Security . . . . . . . . . . . . . . . . . . . 5 5. RADIUS Support for 5G-AKA Authentication Method . . . . . . . 6 5.1. Call Flow . . . . . . . . . . . . . . . . . . . . . . . . 6 6. 5G-AKA RADIUS Attribute Definitions . . . . . . . . . . . . . 7 6.1. 5G-Auth-RAND . . . . . . . . . . . . . . . . . . . . . . 7 6.2. 5G-Auth-AUTN . . . . . . . . . . . . . . . . . . . . . . 8 6.3. 5G-Auth-HXRES-STAR . . . . . . . . . . . . . . . . . . . 8 6.4. 5G-Auth-KSEAF . . . . . . . . . . . . . . . . . . . . . . 8 6.5. 5G-DNN . . . . . . . . . . . . . . . . . . . . . . . . . 8 6.6. 5G-SN-NAME . . . . . . . . . . . . . . . . . . . . . . . 8 6.7. User-Name . . . . . . . . . . . . . . . . . . . . . . . . 8 6.8. THREEGENPP_IMEISV . . . . . . . . . . . . . . . . . . . . 8 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction Authentication and key management are critical for ensuring secure communication within the access network. These mechanisms enable mutual authentication between the device and the access network, verifying identities and establishing trust. By validating the identities of both parties, these procedures ensure that only authorized devices can access the network. Additionally, these procedures derive cryptographic keys that safeguard both signaling and user plane data. By doing so, they protect the integrity and confidentiality of the transmitted information, preventing unauthorized access and maintaining a secure communication Gundavelli, et al. Expires 11 January 2024 [Page 2] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 environment within cellular networks. 3GPP 5G System architecture has defined support for different authentication methods - 5G AKA, EAP AKA' and EAP TLS and EAP TTLS. The currently supported authentication interfaces require the new network elements (e.g., AUSF, UDM) for supporting these authentication methods. Integrating this authentication method into RADIUS allows network operators to leverage existing RADIUS infrastructure for user authentication and authorization in 5G deployments. This document defines new RADIUS attributes to support the 5G-AKA procedure, enabling interoperability between RADIUS servers and 5G network elements. 2. Conventions and Terminology 2.1. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2.2. Terminology All the mobility terms used in this document are to be interpreted as defined in the IETF and 3GPP specifications. For convenience, the definitions for some of the terms are provided below. Subscription Permanent Identifier (SUPI)) A globally unique 5G Subscription Permanent Identifier (SUPI) is allocated to each subscriber in the 5G System. The SUPI value is provisioned in USIM and UDM/UDR function in 5G Core. The structure of SUPI and its privacy is specified [TS23501] Subscription Concealed Identifier (SUCI) The Subscription Concealed Identifier (SUCI) is a privacy preserving identifier containing the concealed SUPI. The UE generates a SUCI using the public key of the Home Network provisioned to the USIM. The structure of SUCI is specified in 3GPP specification [TS33501]. Permanent Equipment Identifier (PEI) In 5G System, the Permanent Equipment Identifier (PEI) is a unique Gundavelli, et al. Expires 11 January 2024 [Page 3] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 identifier of a UE accessing the private 5G System. The structure of the PEI is specified in 3GPP specification [TS23003]. International Mobile Station Equipment Identifier (IMEI) IMEI is a number that uniquely identifies a mobile device in Global System for Mobile Communications (GSM) The structure of the IMEI is specified in 3GPP specification [TS33102]. Sequence Number (SQN) SQN MS The highest sequence number the USIM has accepted. 3. Motivation Enterprises now have the opportunity to expand and enhance their wireless coverage density by complementing their existing IEEE 802.11-based wireless architectures with 3GPP-based 5G access networks. There are multiple deployment options available for implementing an enterprise 5G system. It can be deployed through a System Integrator (SI), a mobile operator, a Wi-Fi operator in collaboration with a cellular provider, potentially a cloud provider, or by the enterprise IT themselves if they possess their own licensed spectrum. While these options provide a strong foundation for enabling basic 5G access connectivity, there is considerable value in achieving convergence across these diverse access architectures and leveraging the already deployed network elements. It is highly desirable for enterprise IT to possess the capability to correlate identities across different access technologies and enforce consistent enterprise policies. Gundavelli, et al. Expires 11 January 2024 [Page 4] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 _------_ _( )_ +---+ -(Enterprise)--------|AAA| -( Network)- +---+ '-----' (RADIUS) | | +---------------+ | | +-----+ +-----+ |Wi-Fi| | P5G | +-----+ +-----+ . . . . . +------+ . . . |Device| . . +------+ Figure 1: Enterprise Architecture Enterprise network architectures have undergone extensive evolution over an extended period, resulting in intricate structures. These architectures are designed to be technology-agnostic, accommodating both Ethernet and Wi-Fi-based connections seamlessly. RADIUS-based infrastructure is widely employed for authentication and policy management purposes. As 5G-based private networks become integrated into enterprise environments, it is a natural progression to consider private 5G as another access technology, allowing the utilization of the existing RADIUS infrastructure to authenticate 5G devices. The adoption of a unified authentication and policy infrastructure across different access technologies enables the realization of identity correlation and ensures consistent policy enforcement. Based on this motivation, we put forward proposals for extending the RADIUS protocol to support the 5G-AKA authentication method. 4. Overview of 5G Security The 5G security architecture is given below. +----+ +-------+ +------+ +-----------------+ | UE | | AMF | |AUSF | | UDM | | | |(SEAF) | | | | (SIDF, ARPF) | +----+ +-------+ +------+ +-----------------+ Figure 2: Enterprise Architecture ARPF (Authentication credential Repository for Procession Function) Gundavelli, et al. Expires 11 January 2024 [Page 5] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 ARPF is part of UDM as per the standard. ARPF contains subscriber credentials, i.e long term keys and Subscriber Identifier (SUPI). Subscriber credentials may alternatively be stored in UDR [TS23003]. SIDF (Subscriber Identifier De-concealing Function) SIDF is a service offered by UDM in home network. It is responsible for resolving the SUPI from the SUCI. AUSF (Authentication Server Function) It is standalone NF located in subscriber's home network. It is handling authentication in home network based on information received from UE and UDM/ARPF SEAF (Security Anchor Function) SEAF is functionality provided by the AMF It is handling authentication in serving network based on information received from UE and AUSF. In 5G UE is authenticated by home network(AUSF) and serving network(SEAF). 5. RADIUS Support for 5G-AKA Authentication Method In the proposed approach the RADIUS server will implement the 5G-AKA algorithm. Furthermore, it is assumed there will be no support for interoperator roaming. +----+ +-------+ +---------------------+ | UE | | AMF | | RADIUS | | | |(SEAF) | | SERVER | +----+ +-------+ +---------------------+ Figure 3: Enterprise Architecture 5.1. Call Flow In the proposed approach, the RADIUS server will be the primary authentication function. Following are the interactions between the 5G system and the RADIUS Server. Gundavelli, et al. Expires 11 January 2024 [Page 6] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 +----+ +-----+ +---------+ | UE | | AMF | | RADIUS | +----+ +-----+ +---------+ | 1 | | | --------> | | | | 2 | | | ---------->| | | | | | 3 | | | <----------| Figure 4: 5G-AKA Authentication Flow * Step-1: UE Sends NAS message to AMF which includes SUCI or 5G- GUTI. * Step-2: AMF creates an "Access Request" containing RADIUS attributes User-Name that contains 5G subscriber identifier in format SUCI or SUPI and 5G-SN-NAME that identifies the serving network name. * Step-3: Once the RADIUS server receives the request it converts the SUCI to SUPI using SIDF function. RADIUS server consult the database of users to find the user whose name matches with SUPI in the request. This is equivalent to ARPF function in UDM. RADIUS server geneartes Authenticaion Vector using the 5G-AKA algorithm. This vector consists of RAND, AUTN, HXRES*, KAUSF. The AUSF function takes KAUSF and generates KSEAF. RADIUS creates Access Accept containing authentication vector attributes 5G-Auth_RAND, 5G-Auth-AUTN, 5G-Auth-HXRES-STAR, 5G-Auth-KSEAF, 3GPP-IMSI, 5G-DNN, 3GPP-IMEISV. All key derivations for 5G-AKA shall be performed using the key derivation function (KDF) specified in Annex B.2.0 of TS 33.220. * On successful lookup of 5G subscriber identity in the database and successful calculation of resulting 5G-AKA authentication vector RADIUS server sends Access-Accept message that contains the resulting authentication vector in 5G authentication RADIUS attributes specified in section 6 of this document. * If RADIUS server fails to execute one or more operations it sends RADIUS Access-Reject message indicating that 5G-AKA authentication failed. * Note-1: RADIUS server must be provided with 128-bit long K and 128-bit long OPC 5G-AKA parameters per subscriber identity SUPI to perform authentication vector calculations according to 5G-AKA algorithm. * Note-2: RADIUS server must be provided with the manaale SQN parameter that represents a 48-bits long sequence number. The initial value of SQN for 5G subscriber should be 1. The SQL parameter is increased on every 5G-AKA authentication for the specific 5G subscriber and when it reaches 0x7FFFFFFFFFFF it is rolled over to 1 as specified in TS 33.102 section C.3.2 * SQN sync flow Gundavelli, et al. Expires 11 January 2024 [Page 7] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 6. 5G-AKA RADIUS Attribute Definitions Following are the attributes that are required for supporting 5G-AKA Authentication Method. In addition to the new 5G-AKA specific attributes, the standard vendor specific attributes 3GPP-IMSI and 3GPP-IMEISV are used for identity exchange between RADIUS client and RADIUS server. 6.1. 5G-Auth-RAND Description The 5G-Auth-RAND is of type binary and contains the random number which is part of the authentication vector generated by 5G-AKA algorithm. The size of this value is 128 bits. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length 18 String A random value. Gundavelli, et al. Expires 11 January 2024 [Page 8] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 6.2. 5G-Auth-AUTN Description The 5G-Auth-AUTN is of type binary and contains the authentication token which is part of the authentication vector generated by 5G-AKA algorithm. The size of this value is 160 bits. AUTN is generated using this formula (SQN ^ AK) || AMF || MAC_A. AMF is set to 0x8000. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length 22 String The value of Authentication Token parameter of 5G-AKA algorithm. 6.3. 5G-Auth-HXRES-STAR Description The 5G-Auth-HXRES-STAR is of type binary and contains the 5G hash expected response which is part of the authentication vector generated by 5G-AKA algorithm. Refer TS33.501 Annex A.5 to generate this value. The maximum size of this value is 128 bits. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length >=18 String The value of Hash Expected Response parameter of 5G-AKA algorithm. Gundavelli, et al. Expires 11 January 2024 [Page 9] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 6.4. 5G-Auth-KSEAF Description The 5G-Auth-KSEAF is of type binary and contains the 128 bit long 5G security anchor key used to derive KAMF key. This is part of the authentication vector generated by 5G-AKA algorithm. Refer to: TS33.501 Annex A.6 to generate this value. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length 18 String The value of security anchor key of 5G-AKA algorithm. 6.5. 5G-DNN Description The 5G-DNN is of type string and contains the 5G data network name which is basically a address pool name. This is part of authorization attribute. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length >= 3 String The string that contains the 5G data network name. 6.6. 5G-SN-NAME Description The 5G-SN-NAME is of type string and contains the serving network name. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length >= 3 String The string that represents serving network name in the following format: o If NID is not present: "5G:mnc.mcc>.3gppnetwork.org", where 'd' is single decimal digit o If NID is present: "5G:mnc123.mcc456.3gppnetwork.org:CAFECAFECAFE", where 'd' is single decimal digit and 'X' is single capitalized hexadecimal digit Gundavelli, et al. Expires 11 January 2024 [Page 10] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 6.7. User-Name Description A standard RADIUS User-Name attribute is used to represet the UE Identifier 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 1 Length >= 3 String The User-Name is of type string and contains the UE identifier SUPI or SUCI. The format of SUPI identifier is given below. SUPI-xxxxxxxxxxxxxxx (15 digits) eg: SUPI-123456789012345. The format of SUCI identifier is given below. SUCI-SUCI Type - Home Network Identifier - Routing Indicator - Protection Scheme - HN Public key ID - Protection Scheme Output eg.: SUCI-0-123-456-0-0-0-150000100 6.8 Table of Attributes The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity. Request Accept Reject Challenge # Attribute 1 0-1 0 0 1 User-Name 0 0-1 0 0 TBD 5G-Auth-RAND 0 0-1 0 0 TBD 5G-Auth-HXRES-STAR 0 0-1 0 0 TBD 5G-Auth-KSEAF 0 0-1 0 0 TBD 5G-Auth-DNN 0-1 0 0 0 TBD 5G-Auth-SN-NAME 0 0-1 0 0 TBD 3GPP-IMEISV 0 0-1 0 0 TBD 3GPP-IMSI Gundavelli, et al. Expires 11 January 2024 [Page 11] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 7. IANA Considerations IANA is requested to assign the following values for the new RADIUS attributes defined in this document: TBD 8. Security Considerations The security of the 5G-AKA authentication method relies on the integrity and confidentiality of the exchanged authentication vectors, security algorithms, and cryptographic keys. Appropriate measures must be taken to protect these sensitive attributes during transmission between the RADIUS client and server. 9. Acknowledgements TBD 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . 10.2. Informative References [TS23003] 23.003, 3. T., "Numbering, addressing and identification", 2021. [TS23501] 23.501, 3. T., "Numbering, addressing and identification", 2021. [TS33102] 33.102, 3. T., "3GPP Security Architecture", 2021. [TS33501] 33.501, 3. T., "Architecture enhancements for non-3GPP accesses", 2021. Gundavelli, et al. Expires 11 January 2024 [Page 12] Internet-Draft 3GPP 5G AKA Authentication Method July 2023 Authors' Addresses Sri Gundavelli Cisco 170 West Tasman Drive San Jose, CA 95134 United States of America Email: sgundave@cisco.com Sangram L Kishore Cisco Bangalore India Email: sanl@cisco.com Mark Grayson Cisco 11 New Square Park Bedfont Lakes United Kingdom Email: mgrayson@cisco.com Oleg Pekar Cisco 1st Floor, EE5-6 South Netanya Israel Email: olpekar@cisco.com Gundavelli, et al. Expires 11 January 2024 [Page 13]