Key skills: 5G-AKA, SUPI/SUCI, TLS, IPsec, zero trust

5G Authentication and Identity Protection

The 5G-AKA (Authentication and Key Agreement) protocol provides mutual authentication between UE and network through AUSF and UDM. SUPI (Subscription Permanent Identifier) replaces IMSI and is protected by SUCI (Subscription Concealed Identifier) using ECIES (Elliptic Curve Integrated Encryption Scheme) to prevent IMSI catching attacks. Security specialists must understand the key hierarchy — KAUSF, KSEAF, KAMF, KNASint, KNASenc, KgNB — and how keys are derived at each authentication step. Home network control via AUSF ensures roaming security.