RADEXT WG                                                  S. Gundavelli
Internet-Draft                                                S. Kishore
Intended status: Standards Track                              M. Grayson
Expires: 11 January 2024                                        O. Pekar
                                                                   Cisco
                                                            10 July 2023


        RADIUS Attributes for 3GPP 5G AKA Authentication Method
                draft-gundavelli-radext-5g-auth-00

Abstract

   This document proposes extensions to the Remote Authentication Dial-
   In User Service (RADIUS) protocol to support the 3rd Generation
   Partnership Project (3GPP) 5G Authentication and Key Agreement (5G-
   AKA) authentication method.

   The 5G-AKA protocol is a critical authentication method used in 5G
   networks for mutual authentication and key derivation between user
   devices and the network.  By integrating 5G-AKA into RADIUS,
   enterprises can leverage existing RADIUS-based authentication
   infrastructure for authenticating 5G devices.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 11 January 2024.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.






Gundavelli, et al.       Expires 11 January 2024                [Page 1]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Terminology . . . . . . . . . . . . . . . . .   3
     2.1.  Conventions . . . . . . . . . . . . . . . . . . . . . . .   3
     2.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Motivation  . . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Overview of 5G Security . . . . . . . . . . . . . . . . . . .   5
   5.  RADIUS Support for 5G-AKA Authentication Method . . . . . . .   6
     5.1.  Call Flow . . . . . . . . . . . . . . . . . . . . . . . .   6
   6.  5G-AKA RADIUS Attribute Definitions . . . . . . . . . . . . .   7
     6.1.  5G-Auth-RAND  . . . . . . . . . . . . . . . . . . . . . .   7
     6.2.  5G-Auth-AUTN  . . . . . . . . . . . . . . . . . . . . . .   8
     6.3.  5G-Auth-HXRES-STAR  . . . . . . . . . . . . . . . . . . .   8
     6.4.  5G-Auth-KSEAF . . . . . . . . . . . . . . . . . . . . . .   8
     6.5.  5G-DNN  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     6.6.  5G-SN-NAME  . . . . . . . . . . . . . . . . . . . . . . .   8
     6.7.  User-Name . . . . . . . . . . . . . . . . . . . . . . . .   8
     6.8.  THREEGENPP_IMEISV . . . . . . . . . . . . . . . . . . . .   8
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   9
   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   9
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   9
     10.2.  Informative References . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   Authentication and key management are critical for ensuring secure
   communication within the access network.  These mechanisms enable
   mutual authentication between the device and the access network,
   verifying identities and establishing trust.  By validating the
   identities of both parties, these procedures ensure that only
   authorized devices can access the network.  Additionally, these
   procedures derive cryptographic keys that safeguard both signaling
   and user plane data.  By doing so, they protect the integrity and
   confidentiality of the transmitted information, preventing
   unauthorized access and maintaining a secure communication



Gundavelli, et al.       Expires 11 January 2024                [Page 2]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


   environment within cellular networks.

   3GPP 5G System architecture has defined support for different
   authentication methods - 5G AKA, EAP AKA' and EAP TLS and EAP TTLS.
   The currently supported authentication interfaces require the new
   network elements (e.g., AUSF, UDM) for supporting these
   authentication methods.

   Integrating this authentication method into RADIUS allows network
   operators to leverage existing RADIUS infrastructure for user
   authentication and authorization in 5G deployments.  This document
   defines new RADIUS attributes to support the 5G-AKA procedure,
   enabling interoperability between RADIUS servers and 5G network
   elements.

2.  Conventions and Terminology

2.1.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

2.2.  Terminology

   All the mobility terms used in this document are to be interpreted as
   defined in the IETF and 3GPP specifications.  For convenience, the
   definitions for some of the terms are provided below.

   Subscription Permanent Identifier (SUPI))

      A globally unique 5G Subscription Permanent Identifier (SUPI) is
      allocated to each subscriber in the 5G System.  The SUPI value is
      provisioned in USIM and UDM/UDR function in 5G Core.  The
      structure of SUPI and its privacy is specified [TS23501]

   Subscription Concealed Identifier (SUCI)

      The Subscription Concealed Identifier (SUCI) is a privacy
      preserving identifier containing the concealed SUPI.  The UE
      generates a SUCI using the public key of the Home Network
      provisioned to the USIM.  The structure of SUCI is specified in
      3GPP specification [TS33501].

   Permanent Equipment Identifier (PEI)

      In 5G System, the Permanent Equipment Identifier (PEI) is a unique




Gundavelli, et al.       Expires 11 January 2024                [Page 3]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


      identifier of a UE accessing the private 5G System.  The structure
      of the PEI is specified in 3GPP specification [TS23003].

   International Mobile Station Equipment Identifier (IMEI)

      IMEI is a number that uniquely identifies a mobile device in
      Global System for Mobile Communications (GSM) The structure of the
      IMEI is specified in 3GPP specification [TS33102].

   Sequence Number (SQN)

      SQN MS The highest sequence number the USIM has accepted.

3.  Motivation

   Enterprises now have the opportunity to expand and enhance their
   wireless coverage density by complementing their existing IEEE
   802.11-based wireless architectures with 3GPP-based 5G access
   networks.

   There are multiple deployment options available for implementing an
   enterprise 5G system.  It can be deployed through a System Integrator
   (SI), a mobile operator, a Wi-Fi operator in collaboration with a
   cellular provider, potentially a cloud provider, or by the enterprise
   IT themselves if they possess their own licensed spectrum.  While
   these options provide a strong foundation for enabling basic 5G
   access connectivity, there is considerable value in achieving
   convergence across these diverse access architectures and leveraging
   the already deployed network elements.  It is highly desirable for
   enterprise IT to possess the capability to correlate identities
   across different access technologies and enforce consistent
   enterprise policies.



















Gundavelli, et al.       Expires 11 January 2024                [Page 4]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


               _------_
             _(        )_        +---+
            -(Enterprise)--------|AAA|
             -( Network)-        +---+
               '-----'          (RADIUS)
                  |
                  |
         +---------------+
         |               |
      +-----+         +-----+
      |Wi-Fi|         | P5G |
      +-----+         +-----+
         .               .
         .               .
         .   +------+    .
         . . |Device|  . .
             +------+

                     Figure 1: Enterprise Architecture

   Enterprise network architectures have undergone extensive evolution
   over an extended period, resulting in intricate structures.  These
   architectures are designed to be technology-agnostic, accommodating
   both Ethernet and Wi-Fi-based connections seamlessly.  RADIUS-based
   infrastructure is widely employed for authentication and policy
   management purposes.  As 5G-based private networks become integrated
   into enterprise environments, it is a natural progression to consider
   private 5G as another access technology, allowing the utilization of
   the existing RADIUS infrastructure to authenticate 5G devices.  The
   adoption of a unified authentication and policy infrastructure across
   different access technologies enables the realization of identity
   correlation and ensures consistent policy enforcement.

   Based on this motivation, we put forward proposals for extending the
   RADIUS protocol to support the 5G-AKA authentication method.

4.  Overview of 5G Security

   The 5G security architecture is given below.

      +----+     +-------+    +------+     +-----------------+
      | UE |     | AMF   |    |AUSF  |     |      UDM        |
      |    |     |(SEAF) |    |      |     | (SIDF, ARPF)    |
      +----+     +-------+    +------+     +-----------------+

                     Figure 2: Enterprise Architecture

   ARPF (Authentication credential Repository for Procession Function)



Gundavelli, et al.       Expires 11 January 2024                [Page 5]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


      ARPF is part of UDM as per the standard.  ARPF contains subscriber
      credentials, i.e long term keys and Subscriber Identifier (SUPI).
      Subscriber credentials may alternatively be stored in UDR
      [TS23003].

   SIDF (Subscriber Identifier De-concealing Function)

      SIDF is a service offered by UDM in home network.  It is
      responsible for resolving the SUPI from the SUCI.

   AUSF (Authentication Server Function)

      It is standalone NF located in subscriber's home network.  It is
      handling authentication in home network based on information
      received from UE and UDM/ARPF

   SEAF (Security Anchor Function)

      SEAF is functionality provided by the AMF It is handling
      authentication in serving network based on information received
      from UE and AUSF.

   In 5G UE is authenticated by home network(AUSF) and serving
   network(SEAF).

5.  RADIUS Support for 5G-AKA Authentication Method

   In the proposed approach the RADIUS server will implement the 5G-AKA
   algorithm.  Furthermore, it is assumed there will be no support for
   interoperator roaming.


       +----+     +-------+     +---------------------+
       | UE |     | AMF   |     |      RADIUS         |
       |    |     |(SEAF) |     |      SERVER         |
       +----+     +-------+     +---------------------+


                     Figure 3: Enterprise Architecture

5.1.  Call Flow

   In the proposed approach, the RADIUS server will be the primary
   authentication function.  Following are the interactions between the
   5G system and the RADIUS Server.






Gundavelli, et al.       Expires 11 January 2024                [Page 6]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


        +----+     +-----+     +---------+
        | UE |     | AMF |     | RADIUS  |
        +----+     +-----+     +---------+
          |    1      |            |
          | --------> |            |
          |           |      2     |
          |           | ---------->|
          |           |            |
          |           |     3      |
          |           | <----------|

                Figure 4: 5G-AKA Authentication Flow

   *  Step-1: UE Sends NAS message to AMF which includes SUCI or 5G-
      GUTI.

   *  Step-2: AMF creates an "Access Request" containing RADIUS
      attributes User-Name that contains 5G subscriber identifier in
      format SUCI or SUPI and 5G-SN-NAME that identifies the serving
      network name.

   *  Step-3: Once the RADIUS server receives the request it converts
      the SUCI to SUPI using SIDF function.  RADIUS server consult the
      database of users to find the user whose name matches with SUPI in
      the request.  This is equivalent to ARPF function in UDM.  RADIUS
      server geneartes Authenticaion Vector using the 5G-AKA algorithm.
      This vector consists of RAND, AUTN, HXRES*, KAUSF.  The AUSF
      function takes KAUSF and generates KSEAF.  RADIUS creates Access
      Accept containing authentication vector attributes 5G-Auth_RAND,
      5G-Auth-AUTN, 5G-Auth-HXRES-STAR, 5G-Auth-KSEAF, 3GPP-IMSI,
      5G-DNN, 3GPP-IMEISV.  All key derivations for 5G-AKA shall be
      performed using the key derivation function (KDF) specified in
      Annex B.2.0 of TS 33.220.

   *  On successful lookup of 5G subscriber identity in the database
      and successful calculation of resulting 5G-AKA authentication
      vector RADIUS server sends Access-Accept message that contains the
      resulting authentication vector in 5G authentication RADIUS
      attributes specified in section 6 of this document.

   *  If RADIUS server fails to execute one or more operations it sends
      RADIUS Access-Reject message indicating that 5G-AKA authentication
      failed.

   *  Note-1: RADIUS server must be provided with 128-bit long K and
      128-bit long OPC 5G-AKA parameters per subscriber identity SUPI
      to perform authentication vector calculations according to 5G-AKA
      algorithm.

   *  Note-2: RADIUS server must be provided with the manaale SQN
      parameter that represents a 48-bits long sequence number. The
      initial value of SQN for 5G subscriber should be 1. The SQL
      parameter is increased on every 5G-AKA authentication for the
      specific 5G subscriber and when it reaches 0x7FFFFFFFFFFF it is
      rolled over to 1 as specified in TS 33.102 section C.3.2

   *  SQN sync flow <TBD>

Gundavelli, et al.       Expires 11 January 2024                [Page 7]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023

6.  5G-AKA RADIUS Attribute Definitions

   Following are the attributes that are required for supporting 5G-AKA
   Authentication Method.

   In addition to the new 5G-AKA specific attributes, the standard
   vendor specific attributes 3GPP-IMSI and 3GPP-IMEISV are used for
   identity exchange between RADIUS client and RADIUS server.

6.1.  5G-Auth-RAND

   Description

      The 5G-Auth-RAND is of type binary and contains the random number
      which is part of the authentication vector generated by 5G-AKA
      algorithm.  The size of this value is 128 bits.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |  Length       |            String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      <TBD>

   Length

      18

   String

      A random value.

Gundavelli, et al.       Expires 11 January 2024                [Page 8]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023

6.2.  5G-Auth-AUTN

   Description

      The 5G-Auth-AUTN is of type binary and contains the authentication
      token which is part of the authentication vector generated by
      5G-AKA algorithm.  The size of this value is 160 bits.  AUTN is
      generated using this formula (SQN ^ AK) || AMF || MAC_A.  AMF is
      set to 0x8000.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |  Length       |            String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      <TBD>

   Length

      22

   String

      The value of Authentication Token parameter of 5G-AKA algorithm.

6.3.  5G-Auth-HXRES-STAR

   Description

      The 5G-Auth-HXRES-STAR is of type binary and contains the 5G hash
      expected response which is part of the authentication vector
      generated by 5G-AKA algorithm.  Refer TS33.501 Annex A.5 to
      generate this value.  The maximum size of this value is 128 bits.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |  Length       |            String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      <TBD>

   Length

      >=18

   String

      The value of Hash Expected Response parameter of 5G-AKA algorithm.

Gundavelli, et al.       Expires 11 January 2024                [Page 9]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023

6.4.  5G-Auth-KSEAF

   Description

      The 5G-Auth-KSEAF is of type binary and contains the 128 bit long
      5G security anchor key used to derive KAMF key.  This is part of
      the authentication vector generated by 5G-AKA algorithm.  Refer
      to: TS33.501 Annex A.6 to generate this value.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |  Length       |            String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      <TBD>

   Length

      18

   String

      The value of security anchor key of 5G-AKA algorithm.

6.5.  5G-DNN

   Description

      The 5G-DNN is of type string and contains the 5G data network name
      which is basically a address pool name.  This is part of
      authorization attribute.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |  Length       |            String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      <TBD>

   Length

      >= 3

   String

      The string that contains the 5G data network name.

6.6.  5G-SN-NAME

   Description

      The 5G-SN-NAME is of type string and contains the serving network
      name.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |  Length       |            String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      <TBD>

   Length

      >= 3

   String

      The string that represents serving network name in the following
      format:

      o  If NID is not present:
         "5G:mnc<ddd>.mcc<ddd>>.3gppnetwork.org", where 'd' is single
         decimal digit
      o  If NID is present:
         "5G:mnc123.mcc456.3gppnetwork.org:CAFECAFECAFE", where 'd' is
         single decimal digit and 'X' is single capitalized hexadecimal
         digit

Gundavelli, et al.       Expires 11 January 2024               [Page 10]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


6.7.  User-Name

   Description

      A standard RADIUS User-Name attribute is used to represet the UE
      Identifier

          0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |  Length       |            String...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      1

   Length

      >= 3

   String

      The User-Name is of type string and contains the UE identifier
      SUPI or SUCI.  The format of SUPI identifier is given below.
      SUPI-xxxxxxxxxxxxxxx (15 digits) eg: SUPI-123456789012345. The
      format of SUCI identifier is given below.  SUCI-SUCI Type - Home
      Network Identifier - Routing Indicator - Protection Scheme - HN
      Public key ID - Protection Scheme Output eg.:
      SUCI-0-123-456-0-0-0-150000100

6.8   Table of Attributes

   The following table provides a guide to which attributes may be found
   in which kinds of packets, and in what quantity.

   Request   Accept   Reject   Challenge   #    Attribute
   1         0-1      0        0            1   User-Name
   0         0-1      0        0          TBD   5G-Auth-RAND
   0         0-1      0        0          TBD   5G-Auth-HXRES-STAR
   0         0-1      0        0          TBD   5G-Auth-KSEAF
   0         0-1      0        0          TBD   5G-Auth-DNN
   0-1       0        0        0          TBD   5G-Auth-SN-NAME
   0         0-1      0        0          TBD   3GPP-IMEISV
   0         0-1      0        0          TBD   3GPP-IMSI



Gundavelli, et al.       Expires 11 January 2024               [Page 11]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


7.  IANA Considerations

   IANA is requested to assign the following values for the new RADIUS
   attributes defined in this document: TBD

8.  Security Considerations

   The security of the 5G-AKA authentication method relies on the
   integrity and confidentiality of the exchanged authentication
   vectors, security algorithms, and cryptographic keys.  Appropriate
   measures must be taken to protect these sensitive attributes during
   transmission between the RADIUS client and server.

9.  Acknowledgements

   TBD

10.  References

10.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

10.2.  Informative References

   [TS23003]  23.003, 3. T., "Numbering, addressing and identification",
              2021.

   [TS23501]  23.501, 3. T., "Numbering, addressing and identification",
              2021.

   [TS33102]  33.102, 3. T., "3GPP Security Architecture", 2021.

   [TS33501]  33.501, 3. T., "Architecture enhancements for non-3GPP
              accesses", 2021.




Gundavelli, et al.       Expires 11 January 2024               [Page 12]


Internet-Draft      3GPP 5G AKA Authentication Method          July 2023


Authors' Addresses

   Sri Gundavelli
   Cisco
   170 West Tasman Drive
   San Jose, CA 95134
   United States of America
   Email: sgundave@cisco.com


   Sangram L Kishore
   Cisco
   Bangalore
   India
   Email: sanl@cisco.com


   Mark Grayson
   Cisco
   11 New Square Park
   Bedfont Lakes
   United Kingdom
   Email: mgrayson@cisco.com


   Oleg Pekar
   Cisco
   1st Floor, EE5-6
   South Netanya
   Israel
   Email: olpekar@cisco.com




















Gundavelli, et al.       Expires 11 January 2024               [Page 13]