5G Protect

Overview
Key Features
Description
Specifications
Resources
Platform Overview

About 5G Protect

5G Protect is the extension for Utimaco's General Purpose HSMs to allow subscriber identity de-concealing, authentication and key agreement in mobile networks within the tamper-proof environment of the Hardware Security Module. It complies with security requirements laid out in 3GPP specification TS 33.501.

Supported Platform: u.trust General Purpose HSM Se-Series

Key Features
Description
Specifications

Fulfills 3GPP security requirements

Offers a secure environment that protects long-term keys and Home Network Private keys from physical attacks.

Developed for network element providers

Meets the needs of network element providers for subscriber identity de-concealing as well as authentication and key agreement in mobile networks.

Suitable for each network size

Available for small or private mobile networks to large networks with millions of subscribers.

5G Protect ensures compliance with 3GPP TS 33.501 by providing a certified secure environment for safeguarding long-term keys K and Home Network Private Keys against physical attacks. It securely executes subscriber identity de-concealing, authentication, and key agreement within network elements.

Designed for 2G, 3G, 4G, and 5G networks, 5G Protect enables secure identity deconcealing and key generation following AKA protocols, making it the ideal solution for protecting sensitive subscriber data.

Functions, features, and protocols

Subscriber Identifier De-Concealing Function, SIDF Profiles A and B
Authentication Vector Generation functions 5G-AKA, 5G-EAP-AKA’, 4G-EAP-AKA‘, EPS-AKA, EAP-AKA, UMTS-AKA, IMS-AKA, GBA-AKA, GSM-AKA
Bulk Authentication Vector Generation for 3G and 4G AKA protocols
Re-Synchronization function XMAC-S
Management of Home Network key pairs
Management of decryption keys for secure handling of subscriber keys
Management of Milenage and TUAK algorithm parameters

Cryptographic Algorithms

ECIES with NIST, Edwards, Brainpool** and FRP256v1** curves
Milenage, TUAK, COMP
AES with 128, 192 and 256 bit key size
Hash-based deterministic RNG (NIST SP800-90A, AIS31 DRG.4)
True random number generator (AIS31 PTG.2)

**Available via extension or customization

Compliant with latest requirements

Secure environment that protects against physical attacks as re-quired in 3GPP Technical Specification 33.501 “Security architecture and procedures for 5G System”
FIPS 140-2 Level 3, PCI HSM and Common Criteria proven Hardware Security Module and cryptographic algorithms

Subscriber identity de-concealing function (SIDF)

Decrypts the Subscriber Concealed Identifier (SUCI) with Subscriber Identity Deconcealing Function (SIDF) in the home network
Secures storage and usage of the Home Network Private Key to ensure privacy of the permanent identifier SUPI
Deconceals the SUCI inside the tamper protected HSM according to Profile A and Profile B

Key Generation according to AKA protocols

Support of all relevant 2G, 3G, 4G and 5G Subscriber Authentication and Key Agreement (AKA) protocols
Derives the key material from the subscriber’s unique key K inside the tamper protected HSM

Comprehensive API

MNAUTH API, the C-style application programming interface (API) dedicated for Mobile Network security use cases. Available for C and Java.
Easy Integration into mobile network functions by using MNAUTH API

Resources

Technology Brief Mobile Network Trustserver

The solution for mobile subscriber authentication and key agreement in mobile networks

Download

5G Protect

The solution for mobile subscriber authentication and key agreement in mobile networks

Download

Datasheet

The u.trust General Purpose HSM Se-Series combines superior performance with multi-tenancy. From entry-level to high-performance use cases, all models are future-proof with post quantum cryptography readiness and are FIPS 140-2 Level 3 certified.

Download

u.trust General Purpose HSM Se-Series

Download

Whitepaper Ensuring Trustworthiness of Mobile Networks

This white paper provides a detailed example of how HSMs provide a secure environment that protects Long-term Subscriber Keys and Home Network Keys against physical attacks

Download

Ensuring Trustworthiness of Mobile Networks

This white paper provides a detailed example of how HSMs provide a secure environment that protects Long-term Subscriber Keys and Home Network Keys against physical attacks

Download

Platform Overview

u.trust General Purpose HSM Se-Series

The u.trust General Purpose HSM Se-Series combines scalable multi-tenancy functionality with superior performance. Its container-based architecture supports up to 31 containers and enables flexibility across use cases including PQC, 5G, blockchain, and custom applications.

Know More

Ready to Secure Your Digital Future?

Contact Sales

You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Direct download
Download via email

Your download request(s):

By submitting below form you will receive links for your selected downloads.

Your download request(s):

For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

About Utimaco's Downloads

Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.