This chapter describes how users are identified and authenticated for network access in EPS. Section 7.1 introduces the means to identify subscribers and terminals, and the mechanisms to protect the related identities. Section 7.1.1 then provides a detailed presentation of EPS Authentication and Key Agreement (AKA), the protocol used in EPS to authenticate subscribers and agree a local master key. Further keys are then derived from this local master key to protect signalling and user traffic over various interfaces between the user equipment (UE) and the network. The complete EPS key hierarchy resulting from this derivation process is described in Section 7.3. In addition to keys, other security-related parameters need to be shared between two entities running a security protocol between them. These parameters, together with the keys, form a security context, and the various security contexts used in EPS are described in Section 7.4.
We first describe the means to identify subscribers and terminals in EPS and explain the uses of the corresponding identities. We then proceed to describe the identity confidentiality features, which help to protect the user's privacy. These identities are specified in [TS23.003].