7
EPS Authentication and Key Agreement
This chapter describes how users are identified and authenticated for network access in EPS. section 7.1 introduces the means to identify subscribers and terminals, and the mechanisms to protect the related identities. section 7.2 then provides a detailed presentation of EPS AKA, the protocol used in EPS to authenticate subscribers and agree a local master key. Further keys are then derived from this local master key to protect signalling and user traffic over various interfaces between the UE and the network. The complete EPS key hierarchy resulting from this derivation process is described in section 7.3. In addition to keys, other security-related parameters need to be shared between two entities running a security protocol between them. These parameters, together with the keys, form a security context, and the various security contexts used in EPS are described in section 7.4.
7.1 Identification
We first describe the means to identify subscribers and terminals in EPS and explain the uses of the corresponding identities. We then proceed to describe the identity confidentiality features, which help to protect the user's privacy. These identities are specified in [TS23.003].
User identification
GSM, 3G and EPS all use the same type of permanent subscriber identity, the International Mobile Subscriber Identity (IMSI), to uniquely identify a subscriber. The IMSI is composed of three parts:
- The Mobile Country Code (MCC) identifies the country ...
