Happy young African American woman passenger smile and using sma

Enea 3GPP AAA

SIM Authentication

SIM authentication provides a seamless and secure user experience

EAP-SIM/AKA/AKA’/5G-AKA

What is SIM Authentication?

SIM authentication, also known as EAP-SIM, EAP-AKA, EAP-AKA’, and 5G-AKA, provides a seamless and secure user experience. Users are automatically connected to secure Wi-Fi networks—enabled by 802.1x—defined in their Wi-Fi connection profiles. A 3GPP AAA, such as the Enea AAA Server, integrates with the mobile core’s user identity databases (HLR/HSS/AUSF) to authenticate and authorize users.

Furthermore, SIM authentication is used to derive keys for establishing IPsec tunnels to the mobile core for Wi-Fi Calling, as well as for generating cryptographic keys to secure the Wi-Fi network with encryption (WPA2/WPA3).

This approach effectively dispels the myth that Wi-Fi is inherently insecure. When employing EAP-based authentication, the Wi-Fi network is always secured with traffic encrypted over the air, providing a high level of security.

Additionally, EAP-based authentication is a foundational technology for Passpoint (Hotspot 2.0), enabling seamless and secure Wi-Fi roaming experiences, such as with the global network of OpenRoaming hotspots.

the why & how of

Wi-Fi Offloading

Download our white papers now.

Why? : An overview of the business benefits for mobile network operators (MNOs).

How?: A deep technical dive into successfully deploying a Wi-Fi offloading solution.

Download
Download our white papers Wi-Fiu Offloading Why? and How?

Seamless and Secure Authentication

A key element of a successful indoor coverage strategy that leverages mobile data offloading is providing users with a seamless and secure Wi-Fi experience. SIM-based authentication is a powerful tool to achieve this, allowing cellular devices to use the credentials stored in the SIM card or eSIM to authenticate on a secure Wi-Fi network (802.1x). This enables users to automatically and securely connect to Wi-Fi networks without manual intervention.

EAP Authentication for Wi-Fi Offloading

Our SIM Authentication server, an integrated module within Enea AAA Server, performs EAP-SIM, EAP-AKA, EAP-AKA’, and 5G-AKA authentication optimized with the standard 3GPP AAA functionalities required for offloading scenarios. This enables secure SIM-based authentication for any Wi-Fi network—whether operator-controlled or operated by third parties. Additionally, Enea’s mobile offloading solution supports various alternative authentication methods for devices that lack SIM cards or do not support EAP-SIM/AKA/AKA’.

Below, we summarize the key differences between these EAP methods for SIM authentication.

Consideration EAP-SIM EAP-AKA EAP-AKA’ 5G-AKA
Network Generation 2G/3G 3G/4G 4G/5G For 5G SA architecture. (Note that EAP-AKA′ will be used for a long time.)
Use Case Wi-Fi authentication. Wi-Fi authentication. Wi-Fi authentication. Cellular and Wi-Fi authentication.
Key Management K_i (shared with USIM). The key is derived from the SIM. The key is derived from the SIM and will be further enhanced with Perfect Forward Secrecy (PFS)1. The key is derived from the home network.
Security Features Weak encryption. Advanced security. Further improved key management and security features. Enhanced user equipment identity protection, no clear text identifiers2 enforced by SUCI in 5G.
Authentication Type Challenge-response. Challenge-response. Challenge-response. Challenge-response.
Key Derivation Based on GSM algorithms. Based on 3G/4G algorithms. Improved key derivation (SHA-256). Enhanced key separation.
Identity Protection Limited. Improved with protection against active attacks. Further improved with stronger encryption. Strong protection (SUCI)
Mutual Authentication3 Yes Yes Yes Yes
1) PFS is a cryptographic property that protects past sessions against future compromises of the underlying secret keys in the SIM.
2) The Enea Aptilo SMP IMSI encryption is a non-standard extension supported by both iPhone and Android, which means that identifiers will not be communicated in cleartext for EAP-SIM/AKA/AKA′. This provides a similar protection as 5G SUCI for EAP-AKA/AKA’.
3) Both the device and cellular network are verified in the process. It is not possible to present a “fake” mobile core.

In Conclusion

The most common EAP method for Wi-Fi offloading today is EAP-AKA, closely followed by EAP-AKA′. For obvious reasons, EAP-SIM is mostly used in legacy deployments, and it will take time before we see widespread adoption of 5G-AKA.

SIM Authentication Makes Wi-Fi as Secure as Cellular

Enea WiFi SMP SIM authentication with optional OSS BSS integration OL

Enea’s solutions for EAP-SIM/AKA/AKA’/5G-AKA

One of the key advantages of using SIM/eSIM-based authentication methods (such as EAP-SIM, EAP-AKA, EAP-AKA’, or 5G-AKA) is that both the authentication process and data exchange are on par with the security levels of the cellular network.

In this section, we explore how the integrated Enea 3GPP AAA within the Enea Aptilo Service Management Platform (SMP)—available as both software and a cloud-based service on AWS—provides significant value for your mobile data offloading strategy.

For detailed technical insights, refer to the SIM Authentication — How does it work? section.

In the SIM Authentication – The 3GPP Way” section, we will outline all the 3GPP-specified scenarios for SIM authentication. However, it’s important to note that approximately 90% of our customers perform local traffic break-out, as illustrated in the diagram above.

The primary reason for backhauling traffic is to maintain a single point for managing policy and charging. However, this approach does not offload the mobile core. Offloading the RAN alone offers limited benefits if similar control can be achieved locally at the edge by integrating with the mobile core for policy and charging. This approach allows for improved traffic management and rapid policy enforcement, including Wi-Fi-specific policies, while maintaining the security advantages of SIM-based authentication.

Delivered as a module on the Enea Aptilo SMP, the SIM Authentication server seamlessly integrates with the mobile core to ensure a secure, seamless and consistent user experience during device authentication. Whether deployed as Enea Aptilo SMP (software) or SMP-S (AWS cloud service), the platform supports seamless Wi-Fi offload, Carrier Wi-Fi, B2B guest Wi-Fi and Wi-Fi Calling, all within the same scalable architecture. If you are only looking for a 3GPP AAA functionality for Wi-Fi Calling, we recommend using the Enea AAA Server for this purpose (The core of SMP).

Using Existing Mobile Infrastructure

Mobile operators (MNOs/MVNOs) can leverage their existing infrastructure for HLR, HSS, and AUSF by integrating a dedicated EAP-SIM/AKA/AKA’/5G-AKA authentication function.

The Enea Aptilo SMP SIM authentication server functionality (3GPP AAA) facilitates subscriber authentication using credentials stored in the SIM/eSIM. It enables SIM/USIM-based authentication for Wi-Fi users by interfacing with the existing HSS over the Diameter Wx interface (supporting 3GPP Release 7 and later). It can also connect with the HLR via the SS7/MAP D’/Gr’ interfaces (supporting 3GPP Release 6 and later). Although the 3GPP AAA server is not explicitly defined in the 5G SA standards, we believe it will re-emerge in real-world deployments, driven by pragmatic considerations. For more insights, see the section “Making It Work in The Real World Deployments.”

Furthermore, the Enea SIM authentication server solution can interact with core network elements such as the PCRF/PCF, DPI, and OSS/BSS systems like CRM to enable advanced policy management. For example, it can authenticate users seamlessly and then deliver tailored portal experiences or send SMS/emails based on location-specific or user-specific policies.

We also support static traffic steering policies, such as onboarding users with specific data plans, during certain times of day, or based on other criteria, specifically for access to the Wi-Fi network—particularly in locations where Wi-Fi coexists with 4G/5G. Additionally, our QoE-based selective offloading dynamically steers traffic in real-time, leveraging session-specific QoE KPIs from the mobile network to optimize overall user experience.

Our vendor-agnostic approach allows deployment regardless of the HLR/HSS/AUSF vendor or the system generation, enabling flexible integration into existing infrastructures.

Scalability and Availability

When actively and automatically offloading cellular traffic, mobile operators need Wi-Fi services that are as reliable and scalable as their mobile networks.

This necessitates an architecture designed for high scalability and high availability. Our solution, built on the SMP core architecture, addresses this by offering linear scalability and geographic redundancy, ensuring both growth and resilience.

Additionally, it supports SNMP-based network management, allowing operators to seamlessly integrate it into their overall NOC operations and monitoring framework.

 

Flexible Connectivity to the Mobile Core

The Enea Aptilo SMP SIM Authentication server seamlessly connects to existing SS7 networks and offers an optional SS7 PCI-Express board for enhanced connectivity. For integration with next-generation IP networks, it supports SS7 over IP through built-in SIGTRAN capabilities. The IP-based SIGTRAN protocol and Diameter Wx utilize the server’s native high-capacity IP network adapter for robust physical connections.

To ensure smooth integration with the mobile core, the server supports a wide range of SS7 and SIGTRAN protocols, accommodating various national (ANSI, ITU, Chinese, Japanese) and hybrid variants. It provides authentication for both USIM- and SIM-based devices, enabling a seamless migration path from older to newer devices.

With a dedicated, purpose-built function for SIM-based authentication, service providers gain maximum flexibility regarding network topology. In environments with multiple HLR and HSS systems, we offer a central aggregation point for all Wi-Fi-based SIM authentication requests, allowing authentication across multiple HLR and HSS nodes from different vendors.

As discussed in the “Making It Work in The Real World Deployments” section, our solution can potentially extend to SIM authentication for 5G standalone (5G), even though the 3GPP AAA is no longer included in the 5G SA specifications. Utilizing the Enea Aptilo SMP’s Wi-Fi multi-vendor support for central aggregation, it is possible to integrate various Wi-Fi systems that use RADIUS signaling for the individual Wi-Fi networks.

Moreover, our solution allows for co-location with each HLR/HSS, and you can establish connectivity to the Wi-Fi AAA from each authentication node, optimizing network integration and efficiency.

Enea Aptilo SMP SIM authentication multi-HLR/HSS/AUSF environment

SIM Authentication – How does it work?

Below, you will find how SIM authentication works for all non-3GPP access (Wi-Fi) scenarios specified by 3GPP. Please note that most (90%) of real-word deployments do not backhaul traffic to the mobile core. However, the SIM authentication process is identitical to the one for trusted non-3GPP access even if the traffic is handled locally by the Wi-Fi gateway.

SIM Authentication – The 3GPP Way

SIM Authentication for Wi-Fi Access in 3G, 4G and 5G NSA

The 3GPP AAA server, exemplified here by the Enea Aptilo SMP, plays a crucial role in SIM authentication for 3G, 4G, and 5G NSA networks. It securely manages the authentication process by integrating with the mobile core to verify the device’s credentials.

SIM Authentication for Untrusted Wi-Fi Access in 3G, 4G and 5G NSA Networks

Untrusted non-3GPP Access is used for Wi-Fi networks that the mobile operator does not trust. This is why this is the access method of choice for Wi-Fi Calling, which must be available wherever there is a Wi-Fi network. Note that the 5G non-standalone (5G NSA) networks use the same mobile core (EPC) as 4G.

The user device is already assumed to be onboarded to the Wi-Fi network, for instance in a home, office or public hotspots. So, SIM authentication has nothing to do with security or login to the Wi-Fi network. Instead, SIM authentication is used to authenticate and authorize the user device to access the mobile core through an IPsec tunnel. The keys for setting up the IPsec tunnel are derived from the SIM authentication process.

EAP SIM-AKA in 3G/4G/5G NSA untrusted 3GPP access (Wi-Fi)

  1. The device initiates an Internet Key Exchange version 2 (IKEv2) connection to the evolved Packet Data Gateway (ePDG) in 4G/5G NSA or Tunnel Termination Gateway (TTG) in 3G, located in the mobile core. This creates an initial, unauthenticated tunnel.
  2. The device sends an IKE_AUTH request containing its identity through this initial tunnel. The ePDG/TTG forwards this request to the Enea Aptilo SMP (SMP) acting as a 3GPP AAA server to initiate the EAP-AKA authentication process. The SMP communicates with the Home Subscriber Server (HSS) or Home Location Register (HLR) to retrieve the user’s authentication vector. Based on the authentication vector, the SMP generates an EAP challenge (EAP-SIM/AKA/AKA’). This challenge is sent back through the ePDG/TTG to the device. The device processes the challenge using its SIM credentials and sends the response back to the SMP through the ePDG/TTG. The SMP verifies the device’s response and if successful, the SMP generates keying material for the IPsec tunnel and sends it to the ePDG/TTG. The SMP also sends an EAP Success message to the ePDG/TTG, which is forwarded to the device. The device independently derives keys for IPsec tunnel establishment based on the shared secret and parameters received in the EAP authentication process.
  3. The ePDG/TTG and device complete the IKEv2 exchange, utilizing the generated keys to establish a fully authenticated and encrypted IPsec tunnel. Optionally, additional IPsec Security Associations (SAs) may be established for different traffic types or QoS levels. The ePDG/TTG then establishes a GTP connection to the Packet Gateway (P-GW/GGSN) to provide the device with access to the mobile network services and the Internet.
SIM Authentication for Trusted Wi-Fi Access in 3G, 4G and 5G NSA Networks

In Wi-Fi networks, the 3GPP AAA serves a dual purpose for trusted non-3GPP access.

  • It authenticates users through SIM-based authentication for Wi-Fi network access.
  • It enables WPA2/WPA3 encryption of the Wi-Fi network upon successful authentication. This encryption ensures secure, over-the-air communication within the Wi-Fi network.

The user gets internet access through the local gateway, as shown in the picture below (the most common scenario). The traffic can also be backhauled to the mobile core using the 3GPP-specified trusted WAG/TWAG gateway functionality with an optional local traffic breakout.

EAP SIM-AKA in 3G/4G/5G NS trusted non-3GPPP access (Wi-Fi)

  1. During initialization, only EAP over LAN (EAPOL) 802.1x traffic is permitted between the device and the Wi-Fi access point (AP). All other traffic, such as DHCP or HTTP, is blocked. Initially, the Wi-Fi AP sends an EAP identity request to the device (EAP-SIM/AKA/AKA’). From this point, a secure end-to-end communication channel is established between the device and the Enea Aptilo Service Management Platform (SMP), which acts as a 3GPP AAA server for SIM authentication. The Wi-Fi AP’s role is to forward EAP messages over EAPOL to the AAA by encapsulating them in RADIUS and vice versa.
  2. In this multi-round trip EAP exchange, the device sends its identity to the SMP. The SMP contacts the HSS/HLR via the SS7/MAP or Diameter D’/Gr’ interface to retrieve the 3GPP authentication vectors needed to authenticate this identity. The SMP challenges the device for authentication based on these vectors. Note that it is not only the SMP that authenticates the device. The device also authenticates the network, i.e., the SMP and its connection to the mobile core.
  3. Upon mutual successful authentication, the Enea Aptilo SMP sends the generated encryption keys to the access point over RADIUS. The encryption keys are used to secure the Wi-Fi radio network through WPA2-Enterprise or WPA3-Enterprise encryption. The client must generate the same encryption keys to gain network access and correctly validate the authentication vectors through the SIM card. The derived encryption keys are unique to the connection, ensuring the device has its own encrypted and secure Wi-Fi connection.

SIM Authentication for Wi-Fi Access in 5G SA

Today (November 2024), relatively few 5G networks (50-60 networks) are utilizing the 5G standalone (5G SA) architecture, but this architecture will grow in importance over time. The authentication process for non-3GPP access, such as Wi-Fi, is more unified with the cellular authentication process, which introduces new technical challenges. One of these is how to be able to use Non-Access Stratum (NAS) signaling over Wi-Fi. The EAP-5G protocol has been introduced to encapsulate NAS messages to go over Wi-Fi through an IKV2 connection. So, EAP-5G is not an authentication protocol, which can be a bit confusing at first look.

SIM Authentication for untrusted Wi-Fi Access in 5G SA Networks

The principles are the same as for untrusted Wi-Fi access towards the Evolved Packet Core (4G/5G NSA). The user is assumed to be already onboarded to the Wi-Fi network, and security is enforced by having an IPsec tunnel between the device and the mobile core.

EAP-SIM in 5G standalone architecture for untrusted 3GPP access (Wi-Fi)

  1. The device initiates an Internet Key Exchange version 2 (IKEv2) connection to the selected Non-3GPP Interworking Function (N3IWF) located in the mobile core. This creates an initial unauthenticated tunnel.
  2. The device sends a NAS Registration Request message encapsulated in EAP-5G to the N3IWF over this initial tunnel. The N3IWF extracts and forwards the NAS message to the Access and Mobility Management Function (AMF). The NAS signaling between the device and AMF uses the N1 interface, similar to cellular access. The AMF initiates the authentication procedure by sending an authentication request to the Authentication Server Function (AUSF). The AUSF communicates with the Unified Data Management (UDM) to retrieve authentication data and the subscriber’s profile. The UDM, together with the Authentication credential Repository and Processing Function (ARPF), generates an authentication vector. The AUSF receives the authentication vector and initiates the EAP authentication procedure (EAP-AKA’ or 5G-AKA). The authentication challenge is returned to the device through the AMF and N3IWF. The device processes the challenge using its SIM credentials and sends the response back to the AUSF through the N3IWF and AMF. The AUSF verifies the device’s response. If successful, the AUSF generates keying material for the IPsec tunnel establishment and sends it to the AMF’s security anchor function. The AMF derives further keys for NAS security and N3IWF communication. The AMF initiates the NAS Security Mode Command procedure with the device to establish NAS security. The AUSF sends an EAP-Success message to the AMF, which in turn sends the EAP-Success message to the device through the N3IWF, utilizing the NAS security mode. The AMF also sends keying material to the N3IWF for IPsec tunnel establishment. The device independently derives keys for IPsec tunnel establishment based on the shared secret and parameters received in the EAP authentication process.
  3. The N3IWF and device complete the IKEv2 exchange, utilizing the generated keys to establish a fully authenticated and encrypted IPsec tunnel. Optionally, additional IPsec Security Associations (SAs) may be established for different traffic types or QoS levels. The N3IWF then establishes a GTP tunnel to the User Plane Function (UPF) packet gateway to provide the device with access to the mobile network services and the Internet.

SIM Authentication for Trusted Wi-Fi Access in 5G SA Networks

The authentication process is very similar to the process for untrusted Wi-Fi access, with some important exceptions:

  • The device is authenticated for access to the Wi-Fi network, while with untrusted Wi-Fi access, the device is assumed to be already onboarded to the Wi-Fi network.
  • The initial unauthorized IKEv2 connection used for untrusted Wi-Fi access is not necessary as the underlying link layer can transfer NAS messages encapsulated in EAP-5G.
  • The IPsec tunnel is NULL encrypted to avoid duplicated encryption with the encrypted (WPA2/WPA3) Wi-Fi network connection created in the EAP authentication process.
  • The N3IWF is replaced by the Trusted Non-3GPP Gateway Function (TNGF) or the Trusted WLAN Interworking Function (TWIF) used for legacy devices that do not support 5G NAS signaling over trusted Wi-Fi access. Note that these are all functions, so all three functions could be incorporated in the same gateway.

EAP-AKA in 5G-standalone architectures for trusted 3GPP access (Wi-Fi)

  1. The device discovers a trusted Wi-Fi network (trusted non-3GPP) and initiates an EAP-based authentication procedure towards the selected public or private cellular network (PLMN/SNPN) by sending a NAS Registration Request message encapsulated in EAP-5G to the trusted Wi-Fi AP (TNAP), which forwards it to the TNGF/TWIF gateway function. The TNGF/TWIF extracts and forwards the NAS message to the Access and Mobility Management Function (AMF). The NAS signaling between the device and AMF uses the N1 interface, similar to cellular access. The AMF initiates the authentication procedure by sending an authentication request to the Authentication Server Function (AUSF). The AUSF communicates with the Unified Data Management (UDM) to retrieve authentication data and the subscriber’s profile. The UDM, with the often-co-located Authentication credential Repository and Processing Function (ARPF), generates an authentication vector. The AUSF receives the authentication vector and initiates the EAP authentication procedure (EAP-AKA’ or 5G-AKA). The authentication challenge is sent back to the device through the AMF and TNGF/TWIF. The device processes the challenge using its SIM credentials and sends the response back to the AUSF through the TNGF/TWIF and AMF. The AUSF verifies the device’s response. If successful, the AUSF generates keying material for the NULL encryption IPsec tunnel establishment and sends it to the AMF’s security anchor function. The AMF derives further keys for NAS security and TNGF/TWIF communication. The AMF initiates the NAS Security Mode Command procedure with the device to establish NAS security. The AUSF sends an EAP-Success message to the AMF, which in turn sends the EAP-Success message to the device through the TNGF/TWIF, utilizing the NAS security mode. The AMF also sends keying material to the TNGF/TWIF for the (WPA2/WPA3) encryption of the Wi-Fi network connection and the IPsec tunnel establishment. The device independently derives keys for IPsec tunnel establishment and secure Wi-Fi connection based on the shared secret and parameters received in the EAP authentication process.
  2. Upon mutual successful authentication, the TNGF/TWIF sends the generated encryption keys to the access point over RADIUS. The encryption keys are used to secure the Wi-Fi radio network through WPA2-Enterprise or WPA3-Enterprise encryption. The device must generate the same encryption keys to gain network access and correctly validate the authentication vectors through the SIM card. The derived encryption keys are unique to the connection, ensuring the device has its own encrypted and secure Wi-Fi connection.
  3. The TNGF/TWIF and the device use the generated keys to establish the NULL-encrypted IPsec tunnel using IKEv2 signaling. Optionally, additional IPsec Security Associations (SAs) may be established for different traffic types or QoS levels. The TNGF/TWIF then establishes a GTP tunnel to the User Plane Function (UPF) packet gateway to provide the device with access to the mobile network services and the Internet.

Making It Work in The Real World Deployments

While the outlined flows above reflect 3GPP standards for SIM authentication, practical network implementations often favor pragmatic, hybrid approaches due to existing network design, equipment and investments.

In real-world deployments, the RADIUS protocol—widely used in Wi-Fi and various gateways—will likely continue to play a significant role alongside emerging 5G standards and protocols.

Historically, many 3GPP-specified interworking gateway functions for Wi-Fi (non-3GPP Access) have not seen widespread adoption for Wi-Fi offloading. For example, in 4G with the Evolved Packet Core (EPC), the tunnel-terminating ePDG gateway has primarily been used for Wi-Fi Calling rather than Wi-Fi offloading.

Wi-Fi Offloading

For Wi-Fi offloading in trusted Wi-Fi network environments, there has been limited demand for the WAG/TWAG to backhaul traffic to the EPC mobile core. In fact, the vast majority (around 90%) of Enea’s Wi-Fi offloading customer deployments opt to route traffic directly to the internet via a non-3GPP gateway, bypassing the mobile core. We foresee a similar trend in 5G SA, with a strong preference for local traffic breakout. Backhauling traffic through the mobile core only offloads the radio network (RAN), while local breakout delivers a more efficient solution by directly handling traffic at the edge.

In this context, the 3GPP AAA is expected to evolve and take the role of SIM-based authentication (control plane only) also in 5G SA, effectively offering a unified SIM authentication function across all generations of cellular networks. This evolution would give mobile operators a streamlined and pragmatic architecture, capable of handling SIM authentication seamlessly across both 4G and 5G core networks.

Wi-Fi Calling

For Wi-Fi Calling utilizing untrusted Wi-Fi access in 5G SA, the N3IWF function will still be required. One potential scenario is the adaptation of the 3GPP AAA function as a “bridging function” within the authentication flow for Wi-Fi Calling. Mobile Network Operators (MNOs) often prefer leveraging established, proven technologies over quickly adopting new standards when practical alternatives exist. It’s important to note that the N3IWF is only a reference in the 3GPP standard and not a specific gateway product. An adaptive authentication server (3GPP AAA), like Enea’s Aptilo SMP, could potentially evolve to integrate with the 5G SA core for control plane authentication while the existing ePDG gateways manage the N3IWF roles within the traffic plane. The same scenario could also happen for trusted access, with the existing WAG/TWAG gateways taking over the TNGF/TWIF functions in the traffic plane. These scenarios would require cooperation between the 3GPP AAA and gateway vendors.

Unified SIM authentication for 3G 4G 5G NSA 5G SA with Enea 3GPP AAA