5G | ShareTechnote

5G/NR - NAS

Registration in a Nutshell

Authentication messages are a set of NAS message involved in Athenticating UE to 5G RAN and Core Network
Mainly three NAS messages are involved : AuthenticationRequest, AuthenticationResponse
Important Information of RegistrationRequest are :

Authentication Key Information
RAND
AUTN

Important Information of RegistrationAccept are :

UE ID (GUTI)
Registraion Result
Allowed Network Slice List

Registration in Detail

Registration process in 5G/NR is similar to the Attach Process in LTE except many of the new Information elements added or renamed in various NAS message mainly due to core network structure changes in 5G/NR.

NOTE : Authentication is not only for NAS message signaling. A lot of things happens in Core Network and a lot of interactions among various core network components occurs. Regarding the core network side process for authentication, refer to this note.

Signaling(message) Sequence

< Case A > Normal Registration
< Case B > Authentication Reject
< Case C > Authentication Failure

Message Structure

Authentication Request

Information Element Structure

ngKSI
ABBA
RAND
EAP message

Signaling(message) Sequence

According to 24.501 - 5.5.1.2, Registration sequence for initial attach goes as follows. It can go through a little bit different path depending on how NW respond to UE after it get Registration Request.

< Case A > Normal Authentication

Direction	Message	UE Timer	NW Timer
UE <- NW(AMF)	Authentication Request	T3560 Start
UE -> NW(AMF)	Authentication Response	T3560 Stop

< Case B > Authentication Reject

: This happens when authentication not accepted by Network

Direction	Message	UE Timer	NW Timer
UE <- NW(AMF)	Authentication Request	T3560 Start
UE -> NW(AMF)	Authentication Response	T3560 Stop
UE <- NW(AMF)	Authentication Reject

< Case C > Registration Reject

This happens when authentication not accepted by UE

Direction	Message	UE Timer	NW Timer
UE <- NW(AMF)	Authentication Request	T3560 Start
UE -> NW(AMF)	Authentication Failure	T3560 Stop

Message Structure

There are several important NAS signaling messages related to 5G Authentication. In this section, I will summarize about a few most important messages and look into its structure.

Authentication Request

The "Registration Request" message is used by the mobile device to initiate the registration process with the 5G core network.

The Registration Request message contains important information about the mobile device, and is sent to the 5G core network via the Radio Access Network (RAN) and conveyed to AMF. The message also contains other information such as the device's capabilities and supported network features.

Followings are information that are included in RegistrationRequest message. Click on the link to get the details of each components (Information Elements).

Authentication Request (24.501 - 8.2.1.1)

ngKSI : 24.501 - 9.11.3.32

ABBA : 24.501 - 9.11.3.10

RAND (5G authentication challenge) : 24.501 - 9.11.3.16

AUTN (5G authentication challenge) : 24.501 - 9.11.3.15

EAP message : 24.501 - 9.11.2.2

Information Element Structure

ngKSI : 24.501 - 9.11.3.32

NAS key set identifier (TSC)

0 : native security context (for KSI_AMF)

1 : mapped security context (for KSI_ASME)

NAS key set identifier

0 (000) :

6 (100) :

7 (111) : no key is available (UE to network), reserved (network to UE)

ABBA : 24.501 - 9.11.3.10

The purpose of the ABBA(Anti-Bidding down Between Architectures) information element is to enable the bidding down protection of security features.

ABBA IEI

Length of ABBA contents

ABBA Contents

RAND (5G authentication challenge) : 24.501 - 9.11.3.16

AUTN (5G authentication challenge) : 24.501 - 9.11.3.15

EAP message : 24.501 - 9.11.2.2

The purpose of the EAP(Extensible Authentication Protocol) message information element is to transport an EAP message as specified in IETF RFC 3748

EAP message IEI

Length of EAP message contents

EAP message

Reference