Key Hierarchy
The layered cryptographic key structure in 5G derived from the master key K, producing intermediate keys (KAUSF, KSEAF, KAMF, KgNB) for authentication, NAS, and AS security.
5G security isn't built on one key doing everything — it's a tree. Everything descends from K, the long-term secret shared only between the USIM and the home network. From K, AKA derives an anchor key (KAUSF at the home network, then KSEAF as the security anchor), and from there a chain of keys for each layer: KAMF for the AMF, then separate NAS-layer keys, and KgNB plus the AS keys used to protect the radio.
The reason for the layering is damage control and clean handovers. Each key is derived from the one above using one-way functions, so compromising a lower key — say an AS key at one gNB — doesn't expose the keys above it. When you hand over between gNBs, the source derives a fresh KgNB for the target (key chaining) so the new cell never sees the old cell's key. It's a lot of acronyms, but the shape is simple: one root, fanning out to per-purpose keys that can each be rotated or contained.
Related terms
Want to truly understand Key Hierarchy? Learn it in context — free for 7 days.
Key Hierarchy is taught inside our 5G Security course with diagrams, labs and a TelcoMentor AI coach. Start a free 7-day Pro trial — no credit card.
- No credit card
- Full Pro access
- 21 verifiable certs
- TELCOMA since 2009
Get weekly 5G/LTE engineering deep-dives
One technical breakdown every Tuesday — plus first access to new tools and lessons. No spam, no marketing, just engineering. Unsubscribe in one click.