5G Protect

5G Protect

The scalable and customizable solution for subscriber authentication and key agreement in mobile networks

  • Overview
  • Key Features
  • Description
  • Specifications
  • Resources
  • Platform Overview

About 5G Protect

5G Protect is the extension for Utimaco's General Purpose HSMs to allow subscriber identity de-concealing, authentication and key agreement in mobile networks within the tamper-proof environment of the Hardware Security Module. It complies with security requirements laid out in 3GPP specification TS 33.501.

Supported Platform: u.trust General Purpose HSM Se-Series

5G Protect

  • Key Features

  • Description

  • Specifications

Fulfills 3GPP security requirements

Fulfills 3GPP security requirements

Offers a secure environment that protects long-term keys K and Home Network Private keys from physical attacks.

Developed for network element providers

Developed for network element providers

Meets the needs of network element providers for subscriber identity de-concealing as well as authentication and key agreement in mobile networks.

Suitable for each network size

Suitable for each network size

Available for small or private mobile networks to large networks with millions of subscribers.

5G Protect ensures compliance with 3GPP TS 33.501 by providing a certified secure environment for safeguarding long-term keys K and Home Network Private Keys against physical attacks. It securely executes subscriber identity de-concealing, authentication, and key agreement within network elements.

Designed for 2G, 3G, 4G, and 5G networks, 5G Protect enables secure identity deconcealing and key generation following AKA protocols, making it the ideal solution for protecting sensitive subscriber data.

image
Cryptographic Interfaces (APIs)

  • Functions, features, and protocols

  • Cryptographic Algorithms

  • Compliant with latest requirements

  • Subscriber identity de-concealing function (SIDF)

  • Key Generation according to AKA protocols

  • Comprehensive API

Functions, features, and protocols

  • Subscriber Identifier De-Concealing Function, SIDF Profiles A and B
  • Authentication Vector Generation functions 5G-AKA, 5G-EAP-AKA’, 4G-EAP-AKA‘, EPS-AKA, EAP-AKA, UMTS-AKA, IMS-AKA, GBA-AKA, GSM-AKA
  • Bulk Authentication Vector Generation for 3G and 4G AKA protocols
  • Re-Synchronization function XMAC-S
  • Management of Home Network key pairs
  • Management of decryption keys for secure handling of subscriber keys
  • Management of Milenage and TUAK algorithm parameters
background image
image

Cryptographic Algorithms

  • ECIES with NIST, Edwards, Brainpool** and FRP256v1** curves
  • Milenage, TUAK, COMP
  • AES with 128, 192 and 256 bit key size
  • Hash-based deterministic RNG (NIST SP800-90A, AIS31 DRG.4)
  • True random number generator (AIS31 PTG.2)

    • **Available via extension or customization

background image
image

Compliant with latest requirements

  • Secure environment that protects against physical attacks as re-quired in 3GPP Technical Specification 33.501 “Security architecture and procedures for 5G System”
  • FIPS 140-2 Level 3, PCI HSM and Common Criteria proven Hardware Security Module and cryptographic algorithms
background-image
image

Subscriber identity de-concealing function (SIDF)

  • Decrypts the Subscriber Concealed Identifier (SUCI) with Subscriber Identity Deconcealing Function (SIDF) in the home network
  • Secures storage and usage of the Home Network Private Key to ensure privacy of the permanent identifier SUPI
  • Deconceals the SUCI inside the tamper protected HSM according to Profile A and Profile B
background-image
image

Key Generation according to AKA protocols

  • Support of all relevant 2G, 3G, 4G and 5G Subscriber Authentication and Key Agreement (AKA) protocols
  • Derives the key material from the subscriber’s unique key K inside the tamper protected HSM
background-image
image

Comprehensive API

  • MNAUTH API, the C-style application programming interface (API) dedicated for Mobile Network security use cases. Available for C and Java.
  • Easy Integration into mobile network functions by using MNAUTH API
background-image
image
image

Resources

Technology Brief Mobile Network Trustserver

The solution for mobile subscriber authentication and key agreement in mobile networks

Download
5G Protect

The solution for mobile subscriber authentication and key agreement in mobile networks

Download
Datasheet u.trust GP HSM

The u.trust General Purpose HSM Se-Series combines superior performance with multi-tenancy. From entry-level to high-performance use cases, all models are future-proof with post quantum cryptography readiness and are FIPS 140-2 Level 3 certified.

Download
u.trust General Purpose HSM Se-Series

The u.trust General Purpose HSM Se-Series combines superior performance with multi-tenancy. From entry-level to high-performance use cases, all models are future-proof with post quantum cryptography readiness and are FIPS 140-2 Level 3 certified.

Download
Whitepaper Ensuring Trustworthiness of Mobile Networks

This white paper provides a detailed example of how HSMs provide a secure environment that protects Long-term Subscriber Keys and Home Network Keys against physical attacks

Download
Ensuring Trustworthiness of Mobile Networks

This white paper provides a detailed example of how HSMs provide a secure environment that protects Long-term Subscriber Keys and Home Network Keys against physical attacks

Download

Platform Overview

U Trust App

u.trust General Purpose HSM Se-Series

The u.trust General Purpose HSM Se-Series combines scalable multi-tenancy functionality with superior performance. Its container-based architecture supports up to 31 containers and enables flexibility across use cases including PQC, 5G, blockchain, and custom applications.

Know More

Ready to Secure Your Digital Future?

Contact Sales

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.