5G Security Architecture
Master 3GPP security: Privacy, Authentication, and Provisioning.
What is 5G Security?
3GPP TS 33.501 defines the security architecture for 5G systems, introducing fundamental improvements over previous generations. In 2G/3G/4G networks, the subscriber's permanent identity (IMSI) was transmitted in cleartext over the air interface, enabling "IMSI catchers" — rogue base stations that intercept and track mobile users. 5G addresses this with , encrypting the subscriber identity before it ever leaves the device.
- IMSI sent in cleartext over the air
- IMSI catchers track & intercept users
- No subscriber identity privacy
- SUCI encrypts identity on the USIM
- -based concealment (Profile A/B)
- Mutual authentication ()
- Profile C: (Kyber) concealment
- Quantum-resistant subscriber privacy
- Under 3GPP SA3 study (TR 33.841)
The Three Pillars of 5G Security
5G security rests on three pillars that work together to protect subscribers from identity theft, network impersonation, and supply chain attacks. Each pillar addresses a different phase of the subscriber lifecycle.
The USIM encrypts the subscriber's permanent identity () into a concealed identifier (SUCI) using ECIES or KEM. Only the Home Network can de-conceal it.
Mutual authentication ensures both the network and subscriber prove their identity. Uses the algorithm (AES-128 based) and a 5G-specific key hierarchy.
Secure SIM manufacturing and key distribution. Subscriber keys (Ki) are generated in , encrypted for transport, and imported at the operator's UDM.
SUCI Protection Schemes
3GPP defines multiple protection schemes for SUCI concealment. Each scheme uses a different asymmetric algorithm for key agreement, but all follow the same ECIES pattern: generate an ephemeral key, derive a shared secret, encrypt the MSIN, and compute a MAC tag.
Curve25519 elliptic curve ()
32-byte public keys
AES-128-CTR encryption
HMAC-SHA-256 integrity
Quantum-vulnerable
NIST secp256r1 curve (ECDH)
65-byte uncompressed public keys
AES-128-CTR encryption
HMAC-SHA-256 integrity
Quantum-vulnerable
ML-KEM-768 lattice-based KEM
1,184-byte public keys
AES-256-CTR encryption
HMAC-SHA3-256 integrity
Quantum-resistant
Profile C is under active 3GPP SA3 study (TR 33.841) and not yet standardized. It supports both hybrid (X25519 + ML-KEM) and pure PQC modes.
5G-AKA Authentication
5G-AKA (Authentication and Key Agreement) provides mutual authentication between the subscriber and the network. At its core is the MILENAGE algorithm, which uses AES-128 to compute five cryptographic functions from the subscriber key (K) and a random challenge (RAND):
CK and IK feed the 5G key hierarchy: KAUSF (anchor key) → KSEAF → KAMF → KNASint / KNASenc → KgNB (radio layer).
SIM Provisioning & Supply Chain
Before a subscriber can connect, their keys must be securely generated, written to the USIM, and delivered to the mobile operator. This supply chain is a critical trust boundary — if keys are leaked during manufacturing or transport, all subsequent security is compromised.
Post-Quantum Threat to 5G
Not all parts of 5G security are equally vulnerable to quantum computers. SUCI concealment relies on asymmetric cryptography (ECDH in Profile A/B), which is broken by . However, 5G-AKA authentication uses MILENAGE, which is built on AES-128 — a symmetric algorithm where only halves the effective key length to 64 bits, still computationally secure.
- SUCI Profile A (X25519 ECDH)
- SUCI Profile B (P-256 ECDH)
- risk
- MILENAGE / 5G-AKA (AES-128)
- SIM provisioning (AES symmetric)
- Profile C (ML-KEM lattice-based)
Profile C is the migration path to quantum-resistant subscriber privacy. It replaces ECDH key agreement with ML-KEM (Kyber) encapsulation, supporting both a hybrid transition mode (X25519 + ML-KEM-768) and a pure PQC target mode.