Happy young African American woman passenger smile and using sma

Enea 3GPP AAA

SIM Authentication

SIM authentication provides a seamless and secure user experience

EAP-SIM/AKA/AKA’/5G-AKA

What is SIM Authentication?

SIM authentication, also known as EAP-SIM, EAP-AKA, EAP-AKA’, and 5G-AKA, provides a seamless and secure user experience. Users are automatically connected to secure Wi-Fi networks—enabled by 802.1x—defined in their Wi-Fi connection profiles. A 3GPP AAA, such as the Enea AAA Server, integrates with the mobile core’s user identity databases (HLR/HSS/AUSF) to authenticate and authorize users.

Furthermore, SIM authentication is used to derive keys for establishing IPsec tunnels to the mobile core for Wi-Fi Calling, as well as for generating cryptographic keys to secure the Wi-Fi network with encryption (WPA2/WPA3).

This approach effectively dispels the myth that Wi-Fi is inherently insecure. When employing EAP-based authentication, the Wi-Fi network is always secured with traffic encrypted over the air, providing a high level of security.

Additionally, EAP-based authentication is a foundational technology for Passpoint (Hotspot 2.0), enabling seamless and secure Wi-Fi roaming experiences, such as with the global network of OpenRoaming hotspots.

the why & how of

Wi-Fi Offloading

Download our white papers now.

Why? : An overview of the business benefits for mobile network operators (MNOs).

How?: A deep technical dive into successfully deploying a Wi-Fi offloading solution.

Download
Download our white papers Wi-Fiu Offloading Why? and How?

Seamless and Secure Authentication

A key element of a successful indoor coverage strategy that leverages mobile data offloading is providing users with a seamless and secure Wi-Fi experience. SIM-based authentication is a powerful tool to achieve this, allowing cellular devices to use the credentials stored in the SIM card or eSIM to authenticate on a secure Wi-Fi network (802.1x). This enables users to automatically and securely connect to Wi-Fi networks without manual intervention.

EAP Authentication for Wi-Fi Offloading

Our SIM Authentication server, an integrated module within Enea AAA Server, performs EAP-SIM, EAP-AKA, EAP-AKA’, and 5G-AKA authentication optimized with the standard 3GPP AAA functionalities required for offloading scenarios. This enables secure SIM-based authentication for any Wi-Fi network—whether operator-controlled or operated by third parties. Additionally, Enea’s mobile offloading solution supports various alternative authentication methods for devices that lack SIM cards or do not support EAP-SIM/AKA/AKA’.

Below, we summarize the key differences between these EAP methods for SIM authentication.

Consideration EAP-SIM EAP-AKA EAP-AKA’ 5G-AKA
Network Generation 2G/3G 3G/4G 4G/5G For 5G SA architecture. (Note that EAP-AKA′ will be used for a long time.)
Use Case Wi-Fi authentication. Wi-Fi authentication. Wi-Fi authentication. Cellular and Wi-Fi authentication.
Key Management K_i (shared with USIM). The key is derived from the SIM. The key is derived from the SIM and will be further enhanced with Perfect Forward Secrecy (PFS)1. The key is derived from the home network.
Security Features Weak encryption. Advanced security. Further improved key management and security features. Enhanced user equipment identity protection, no clear text identifiers2 enforced by SUCI in 5G.
Authentication Type Challenge-response. Challenge-response. Challenge-response. Challenge-response.
Key Derivation Based on GSM algorithms. Based on 3G/4G algorithms. Improved key derivation (SHA-256). Enhanced key separation.
Identity Protection Limited. Improved with protection against active attacks. Further improved with stronger encryption. Strong protection (SUCI)
Mutual Authentication3 Yes Yes Yes Yes
1) PFS is a cryptographic property that protects past sessions against future compromises of the underlying secret keys in the SIM.
2) The Enea Aptilo SMP IMSI encryption is a non-standard extension supported by both iPhone and Android, which means that identifiers will not be communicated in cleartext for EAP-SIM/AKA/AKA′. This provides a similar protection as 5G SUCI for EAP-AKA/AKA’.
3) Both the device and cellular network are verified in the process. It is not possible to present a “fake” mobile core.

In Conclusion

The most common EAP method for Wi-Fi offloading today is EAP-AKA, closely followed by EAP-AKA′. For obvious reasons, EAP-SIM is mostly used in legacy deployments, and it will take time before we see widespread adoption of 5G-AKA.

USE CASE ENEA APTILO SMP

SIM Authentication for Wi-Fi as Secure as Cellular

One of the main advantages of using SIM/eSIM-based authentication (EAP-SIM, EAP-AKA, EAP-AKA’, or 5G-AKA) is that both the authentication process and the data exchanged are secured to the same standards as the cellular network.

In this section, we will explore how the integrated Enea 3GPP AAA within the Enea Aptilo Service Management Platform (SMP), available as both software and a cloud-based service on AWS, delivers significant value for your mobile data offloading strategy.

For more technical details, please refer to the “How does it work?” tab.

  • EAP-SIM/AKA/AKA’/5G-AKA for Mobile Devices

    Delivered as a module on Enea Aptilo Service Management Platform (SMP), the Aptilo SMP SIM Authentication server integrates with the mobile core to obtain a seamless and secure user experience when authenticating the mobile device. As Enea Aptilo SMP (software) or SMP-S (service on AWS) is the core platform, you can get seamless Wi-Fi Offload, Carrier Wi-Fi, and B2B Guest Wi-Fi support from the same scalable platform.

    We can also provide the 3GPP AAA functionality for Wi-Fi Calling, even though we recommend the Enea Access Manager if this is all you want to do.

     

    Enea WiFi SMP SIM authentication with optional OSS BSS integration OL

    Using Existing Mobile Infrastructure

    A mobile operator (MNO/MVNO) can leverage the existing infrastructure for HLR/HSS/AUSF by adding a dedicated EAP-SIM/AKA/AKA’/5G-AKA authentication function.

    The Enea Aptilo SMP SIM Authentication server provides a means for authentication with the subscriber credentials in the SIM card /eSIM. It provides SIM/USIM-based authentication for Wi-Fi users based on the information retrieved from the existing HSS over the Diameter Wx interface (supporting 3GPP Release 7 and onwards). It can do the same with data from the HLR over the SS7/MAP D’/Gr’ interface (supporting 3GPP Release 6 and onwards).

    It can also interact with existing core network systems such as PCRF/PCF and DPI and OSS/BSS systems such as CRM to build advanced policies for the session. One example is first to authenticate the user seamlessly. Then engage them with a portal experience or send an SMS/e-mail if policies for the current location and user type dictate.

    Using our vendor-agnostic solution, you can use the existing mobile infrastructure independent of the HLR/HSS vendor and regardless of system generation.

    Scalability and Availability

    When automatically and actively offloading cellular users, mobile operators need to handle Wi-Fi as a service that is as critical as mobile broadband.

    This calls for an exceptionally scalable architecture with high availability. Our solution caters to this as we have built it on our SMP ALE architecture which takes the scalability and availability issue out of the equation with linear scalability and high availability, including geographic redundancy.

    It supports SNMP-based network management, meaning service providers can integrate this node into the overall NOC operations.

    Flexible Connectivity to HSS/HLR in the Mobile Core

    The Enea Aptilo SMP SIM Authentication server can easily connect to existing SS7 networks and can be delivered with an optional SS7 PCI-Express board. Additionally, to facilitate connection with next-generation IP networks, it can handle SS7 over IP using the built-in support for SIGTRAN. The physical link for the IP-based SIGTRAN protocol and Diameter Wx is the native high-capacity IP network adapter in the server hardware. Many SS7 and SIGTRAN protocols are supported to facilitate smooth integration with the mobile core. Different national variants (ANSI, ITU, Chinese, and Japanese) and hybrid variants are also supported. Authentication for both USIM- and SIM-based devices simultaneously provides a seamless migration path from older to newer devices.

    Enea Aptilo SMP SIM authentication multi-HLR/HSS/AUSF environment

    With a dedicated and purpose-built function for SIM-based authentication, a service provider gets the most flexibility in terms of network topology. In a multi-HLR and -HSS environment, we provide a central aggregation point for all Wi-Fi-based SIM authentication requests. We can perform authentications to multiple HLR and HSS nodes from different vendors. As discussed under the real-world solution tab, we could also potentially do SIM authentication for 5G standalone (5G), even if the 3GPP AAA is no longer part of the specifications for 5G SA. Thanks to the central aggregation point based on Enea Aptilo SMP multi-vendor support, it is possible to connect various other Wi-Fi systems that perform RADIUS signaling for the individual Wi-Fi networks.

    It is also possible to deploy co-located with each HLR/HSS and configure a connection to the Wi-Fi AAA from each authentication node.

  • Below, you will find how SIM authentication works for all non-3GPP access (Wi-Fi) scenarios specified by 3GPP. Please note that most of real-word deployments do not backhaul traffic to the mobile core. However, the SIM authentication process is identitical to the one for trusted access even if the traffic is handled by the non-3GPP Wi-Fi gateway.

    Seamless Access with SIM Based Authentication

    A key component of Wi-Fi offloading is SIM-based authentication, which provides a seamless, secure Wi-Fi experience comparable to cellular networks. This section will examine the mechanics of SIM authentication from a standards perspective. The 3GPP AAA server plays a central role in SIM authentication for 3G, 4G, and 5G networks using the 5G non-standalone architecture (5G NSA), which relies on the existing Evolved Packet Core (EPC) from 4G. However, as we will discuss later, real-world implementations often require capabilities beyond the standard 3GPP AAA function.

    The 5G standalone architecture (5G SA) introduced some changes to how SIM-based authentication works for Wi-Fi access (untrusted and trusted non-3GPP Access) compared to previous generations. In 5G SA, no 3GPP AAA server is specified. Instead, the authentication process for Wi-Fi access using SIM credentials is more tightly integrated with the 5G core network and distributed across multiple core network components. Looking ahead, the 3GPP AAA may evolve into a comprehensive bridging function, providing unified management for Wi-Fi access across all generations of cellular networks.

    SIM Authentication for Wi-Fi Access in 3G, 4G and 5G NSA

    The 3GPP AAA server, exemplified here by the Enea Aptilo SMP, plays a crucial role in SIM authentication for 3G, 4G, and 5G NSA networks. It securely manages the authentication process by integrating with the mobile core to verify the device’s credentials.

    Free Wi-Fi at restaurant SIM Authentication for Untrusted Wi-Fi Access in 3G, 4G and 5G NSA Networks

    Untrusted non-3GPP Access is used for Wi-Fi networks that the mobile operator does not trust. This is why this is the access method of choice for Wi-Fi Calling, which must be available wherever there is a Wi-Fi network. Note that the 5G non-standalone (5G NSA) networks use the same mobile core (EPC) as 4G.

    The user device is already assumed to be onboarded to the Wi-Fi network, for instance in a home, office or public hotspots. So, SIM authentication has nothing to do with security or login to the Wi-Fi network. Instead, SIM authentication is used to authenticate and authorize the user device to access the mobile core through an IPsec tunnel. The keys for setting up the IPsec tunnel are derived from the SIM authentication process.

    EAP SIM-AKA in 3G/4G/5G NSA untrusted 3GPP access (Wi-Fi)

    1. The device initiates an Internet Key Exchange version 2 (IKEv2) connection to the evolved Packet Data Gateway (ePDG) in 4G/5G NSA or Tunnel Termination Gateway (TTG) in 3G, located in the mobile core. This creates an initial, unauthenticated tunnel.
    2. The device sends an IKE_AUTH request containing its identity through this initial tunnel. The ePDG/TTG forwards this request to the Enea Aptilo SMP (SMP) acting as a 3GPP AAA server to initiate the EAP-AKA authentication process. The SMP communicates with the Home Subscriber Server (HSS) or Home Location Register (HLR) to retrieve the user’s authentication vector. Based on the authentication vector, the SMP generates an EAP challenge (EAP-SIM/AKA/AKA’). This challenge is sent back through the ePDG/TTG to the device. The device processes the challenge using its SIM credentials and sends the response back to the SMP through the ePDG/TTG. The SMP verifies the device’s response and if successful, the SMP generates keying material for the IPsec tunnel and sends it to the ePDG/TTG. The SMP also sends an EAP Success message to the ePDG/TTG, which is forwarded to the device. The device independently derives keys for IPsec tunnel establishment based on the shared secret and parameters received in the EAP authentication process.
    3. The ePDG/TTG and device complete the IKEv2 exchange, utilizing the generated keys to establish a fully authenticated and encrypted IPsec tunnel. Optionally, additional IPsec Security Associations (SAs) may be established for different traffic types or QoS levels. The ePDG/TTG then establishes a GTP connection to the Packet Gateway (P-GW/GGSN) to provide the device with access to the mobile network services and the Internet.
    Trusted secure Wi-Fi. SIM Authentication for Trusted Wi-Fi Access in 3G, 4G and 5G NSA Networks

    In Wi-Fi networks, the 3GPP AAA serves a dual purpose for trusted non-3GPP access.

    • It authenticates users through SIM-based authentication for Wi-Fi network access.
    • It enables WPA2/WPA3 encryption of the Wi-Fi network upon successful authentication. This encryption ensures secure, over-the-air communication within the Wi-Fi network.

    The user gets internet access through the local gateway, as shown in the picture below (the most common scenario). The traffic can also be backhauled to the mobile core using the 3GPP-specified trusted WAG/TWAG gateway functionality with an optional local traffic breakout.

    EAP SIM-AKA in 3G/4G/5G NS trusted non-3GPPP access (Wi-Fi)

    1. During initialization, only EAP over LAN (EAPOL) 802.1x traffic is permitted between the device and the Wi-Fi access point (AP). All other traffic, such as DHCP or HTTP, is blocked. Initially, the Wi-Fi AP sends an EAP identity request to the device (EAP-SIM/AKA/AKA’). From this point, a secure end-to-end communication channel is established between the device and the Enea Aptilo Service Management Platform (SMP), which acts as a 3GPP AAA server for SIM authentication. The Wi-Fi AP’s role is to forward EAP messages over EAPOL to the AAA by encapsulating them in RADIUS and vice versa.
    2. In this multi-round trip EAP exchange, the device sends its identity to the SMP. The SMP contacts the HSS/HLR via the SS7/MAP or Diameter D’/Gr’ interface to retrieve the 3GPP authentication vectors needed to authenticate this identity. The SMP challenges the device for authentication based on these vectors. Note that it is not only the SMP that authenticates the device. The device also authenticates the network, i.e., the SMP and its connection to the mobile core.
    3. Upon mutual successful authentication, the Enea Aptilo SMP sends the generated encryption keys to the access point over RADIUS. The encryption keys are used to secure the Wi-Fi radio network through WPA2-Enterprise or WPA3-Enterprise encryption. The client must generate the same encryption keys to gain network access and correctly validate the authentication vectors through the SIM card. The derived encryption keys are unique to the connection, ensuring the device has its own encrypted and secure Wi-Fi connection.

    SIM Authentication for Wi-Fi Access in 5G SA

    Today (November 2024), relatively few 5G networks (50-60 networks) are utilizing the 5G standalone (5G SA) architecture, but this architecture will grow in importance over time. The authentication process for non-3GPP access, such as Wi-Fi, is more unified with the cellular authentication process, which introduces new technical challenges. One of these is how to be able to use Non-Access Stratum (NAS) signaling over Wi-Fi. The EAP-5G protocol has been introduced to encapsulate NAS messages to go over Wi-Fi through an IKV2 connection. So, EAP-5G is not an authentication protocol, which can be a bit confusing at first look.

    SIM Authentication for untrusted Wi-Fi Access in 5G SA Networks

    The principles are the same as for untrusted Wi-Fi access towards the Evolved Packet Core (4G/5G NSA). The user is assumed to be already onboarded to the Wi-Fi network, and security is enforced by having an IPsec tunnel between the device and the mobile core.

    EAP-SIM in 5G standalone architecture for untrusted 3GPP access (Wi-Fi)

    1. The device initiates an Internet Key Exchange version 2 (IKEv2) connection to the selected Non-3GPP Interworking Function (N3IWF) located in the mobile core. This creates an initial unauthenticated tunnel.
    2. The device sends a NAS Registration Request message encapsulated in EAP-5G to the N3IWF over this initial tunnel. The N3IWF extracts and forwards the NAS message to the Access and Mobility Management Function (AMF). The NAS signaling between the device and AMF uses the N1 interface, similar to cellular access. The AMF initiates the authentication procedure by sending an authentication request to the Authentication Server Function (AUSF). The AUSF communicates with the Unified Data Management (UDM) to retrieve authentication data and the subscriber’s profile. The UDM, together with the Authentication credential Repository and Processing Function (ARPF), generates an authentication vector. The AUSF receives the authentication vector and initiates the EAP authentication procedure (EAP-AKA’ or 5G-AKA). The authentication challenge is returned to the device through the AMF and N3IWF. The device processes the challenge using its SIM credentials and sends the response back to the AUSF through the N3IWF and AMF. The AUSF verifies the device’s response. If successful, the AUSF generates keying material for the IPsec tunnel establishment and sends it to the AMF’s security anchor function. The AMF derives further keys for NAS security and N3IWF communication. The AMF initiates the NAS Security Mode Command procedure with the device to establish NAS security. The AUSF sends an EAP-Success message to the AMF, which in turn sends the EAP-Success message to the device through the N3IWF, utilizing the NAS security mode. The AMF also sends keying material to the N3IWF for IPsec tunnel establishment. The device independently derives keys for IPsec tunnel establishment based on the shared secret and parameters received in the EAP authentication process.
    3. The N3IWF and device complete the IKEv2 exchange, utilizing the generated keys to establish a fully authenticated and encrypted IPsec tunnel. Optionally, additional IPsec Security Associations (SAs) may be established for different traffic types or QoS levels. The N3IWF then establishes a GTP tunnel to the User Plane Function (UPF) packet gateway to provide the device with access to the mobile network services and the Internet.

    SIM Authentication for Trusted Wi-Fi Access in 5G SA Networks

    The authentication process is very similar to the process for untrusted Wi-Fi access, with some important exceptions:

    • The device is authenticated for access to the Wi-Fi network, while with untrusted Wi-Fi access, the device is assumed to be already onboarded to the Wi-Fi network.
    • The initial unauthorized IKEv2 connection used for untrusted Wi-Fi access is not necessary as the underlying link layer can transfer NAS messages encapsulated in EAP-5G.
    • The IPsec tunnel is NULL encrypted to avoid duplicated encryption with the encrypted (WPA2/WPA3) Wi-Fi network connection created in the EAP authentication process.
    • The N3IWF is replaced by the Trusted Non-3GPP Gateway Function (TNGF) or the Trusted WLAN Interworking Function (TWIF) used for legacy devices that do not support 5G NAS signaling over trusted Wi-Fi access. Note that these are all functions, so all three functions could be incorporated in the same gateway.

    EAP-AKA in 5G-standalone architectures for trusted 3GPP access (Wi-Fi)

    1. The device discovers a trusted Wi-Fi network (trusted non-3GPP) and initiates an EAP-based authentication procedure towards the selected public or private cellular network (PLMN/SNPN) by sending a NAS Registration Request message encapsulated in EAP-5G to the trusted Wi-Fi AP (TNAP), which forwards it to the TNGF/TWIF gateway function. The TNGF/TWIF extracts and forwards the NAS message to the Access and Mobility Management Function (AMF). The NAS signaling between the device and AMF uses the N1 interface, similar to cellular access. The AMF initiates the authentication procedure by sending an authentication request to the Authentication Server Function (AUSF). The AUSF communicates with the Unified Data Management (UDM) to retrieve authentication data and the subscriber’s profile. The UDM, with the often-co-located Authentication credential Repository and Processing Function (ARPF), generates an authentication vector. The AUSF receives the authentication vector and initiates the EAP authentication procedure (EAP-AKA’ or 5G-AKA). The authentication challenge is sent back to the device through the AMF and TNGF/TWIF. The device processes the challenge using its SIM credentials and sends the response back to the AUSF through the TNGF/TWIF and AMF. The AUSF verifies the device’s response. If successful, the AUSF generates keying material for the NULL encryption IPsec tunnel establishment and sends it to the AMF’s security anchor function. The AMF derives further keys for NAS security and TNGF/TWIF communication. The AMF initiates the NAS Security Mode Command procedure with the device to establish NAS security. The AUSF sends an EAP-Success message to the AMF, which in turn sends the EAP-Success message to the device through the TNGF/TWIF, utilizing the NAS security mode. The AMF also sends keying material to the TNGF/TWIF for the (WPA2/WPA3) encryption of the Wi-Fi network connection and the IPsec tunnel establishment. The device independently derives keys for IPsec tunnel establishment and secure Wi-Fi connection based on the shared secret and parameters received in the EAP authentication process.
    2. Upon mutual successful authentication, the TNGF/TWIF sends the generated encryption keys to the access point over RADIUS. The encryption keys are used to secure the Wi-Fi radio network through WPA2-Enterprise or WPA3-Enterprise encryption. The device must generate the same encryption keys to gain network access and correctly validate the authentication vectors through the SIM card. The derived encryption keys are unique to the connection, ensuring the device has its own encrypted and secure Wi-Fi connection.
    3. The TNGF/TWIF and the device use the generated keys to establish the NULL-encrypted IPsec tunnel using IKEv2 signaling. Optionally, additional IPsec Security Associations (SAs) may be established for different traffic types or QoS levels. The TNGF/TWIF then establishes a GTP tunnel to the User Plane Function (UPF) packet gateway to provide the device with access to the mobile network services and the Internet.

  • Bridging the 3GPP Standard with Real-World Solutions

    While the outlined flows above reflect 3GPP standards for SIM authentication, practical network implementations often favor pragmatic, hybrid approaches due to existing network design, equipment and investments. In real-world deployments, the RADIUS protocol—widely used in Wi-Fi and various gateways—will likely continue to play a significant role alongside emerging 5G standards and protocols.

    Historically, many 3GPP-specified interworking gateway functions for Wi-Fi (non-3GPP Access) have not seen widespread adoption for Wi-Fi offloading. For example, in 4G with the Evolved Packet Core (EPC), the tunnel-terminating ePDG gateway has primarily been used for Wi-Fi Calling rather than Wi-Fi offloading.

    Wi-Fi Offloading

    Unified SIM-authentication for 3G, 4G,5G NSA and 5G SAFor Wi-Fi offloading in trusted Wi-Fi network environments, there has been limited demand for the WAG/TWAG to backhaul traffic to the EPC mobile core. In fact, the vast majority (around 90%) of Enea’s Wi-Fi offloading customer deployments opt to route traffic directly to the internet via a non-3GPP gateway, bypassing the mobile core. We foresee a similar trend in 5G SA, with a strong preference for local traffic breakout. Backhauling traffic through the mobile core only offloads the radio network (RAN), while local breakout delivers a more efficient solution by directly handling traffic at the edge.

    In this context, the 3GPP AAA is expected to evolve and take the role of SIM-based authentication (control plane only) also in 5G SA, effectively offering a unified SIM authentication function across all generations of cellular networks. This evolution would give mobile operators a streamlined and pragmatic architecture, capable of handling SIM authentication seamlessly across both 4G and 5G core networks.

    Wi-Fi Calling

    For Wi-Fi Calling utilizing untrusted Wi-Fi access in 5G SA, the N3IWF function will still be required. One potential scenario is the adaptation of the 3GPP AAA function as a “bridging function” within the authentication flow for Wi-Fi Calling. Mobile Network Operators (MNOs) often prefer leveraging established, proven technologies over quickly adopting new standards when practical alternatives exist. It’s important to note that the N3IWF is only a reference in the 3GPP standard and not a specific gateway product. An adaptive authentication server (3GPP AAA), like Enea’s Aptilo SMP, could potentially evolve to integrate with the 5G SA core for control plane authentication while the existing ePDG gateways manage the N3IWF roles within the traffic plane. The same scenario could also happen for trusted access, with the existing WAG/TWAG gateways taking over the TNGF/TWIF functions in the traffic plane. These scenarios would require cooperation between the 3GPP AAA and gateway vendors.