This clause describes the principles for the handling of 5G NAS security contexts in the UE and in the AMF, the procedures used for the security protection of NAS messages between the UE and the AMF, and the procedures used for the protection of NAS IEs between the UE and the UDM. Security protection involves integrity protection and ciphering of the 5GMM messages. 5GSM messages are security protected indirectly by being piggybacked by the security protected 5GMM messages (i.e. UL NAS TRANSPORT message and the DL NAS TRANSPORT message).
The signalling procedures for the control of NAS security are part of the 5GMM protocol and are described in detail in clause 5.
The security parameters for authentication, integrity protection and ciphering are tied together in a 5G NAS security context and identified by a key set identifier (ngKSI). The relationship between the security parameters is defined in TS 33.501.
Before security can be activated, the AMF and the UE need to establish a 5G NAS security context. Usually, the 5G NAS security context is created as the result of a primary authentication and key agreement procedure between the AMF and the UE. A new 5G NAS security context may also be created during an N1 mode to N1 mode handover. Alternatively, during inter-system change from S1 mode to N1 mode, the AMF not supporting interworking without N26 and the UE operating in single-registration mode may derive a mapped 5G NAS security context from an EPS security context that has been established while the UE was in S1 mode.
The 5G NAS security context is taken into use by the UE and the AMF, when the AMF initiates a security mode control procedure, during an N1 mode to N1 mode handover, or during the inter-system change procedure from S1 mode to N1 mode. The 5G NAS security context which has been taken into use by the network most recently is called current 5G NAS security context. This current 5G NAS security context can be of type native or mapped, i.e. originating from a native 5G NAS security context or mapped 5G NAS security context.
The key set identifier ngKSI is assigned by the AMF either during the primary authentication and key agreement procedure or, for the mapped 5G NAS security context, during the inter-system change. The ngKSI consists of a value and a type of security context parameter indicating whether a 5G NAS security context is a native 5G NAS security context or a mapped 5G NAS security context. When the 5G NAS security context is a native 5G NAS security context, the ngKSI has the value of KSIAMF, and when the current 5G NAS security context is of type mapped, the ngKSI has the value of KSIASME.
The 5G NAS security context which is indicated by an ngKSI can be taken into use to establish the secure exchange of NAS messages when a new N1 NAS signalling connection is established without executing a new primary authentication and key agreement procedure (see subclause 5.4.1) or when the AMF initiates a security mode control procedure. For this purpose, the initial NAS messages (i.e. REGISTRATION REQUEST, DEREGISTRATION REQUEST, SERVICE REQUEST and CONTROL PLANE SERVICE REQUEST) and the SECURITY MODE COMMAND message contain an ngKSI in the ngKSI IE indicating the current 5G NAS security context used to integrity protect the NAS message.
In the present document, when the UE is required to delete an ngKSI, the UE shall set the ngKSI to the value "no key is available" and consider also the associated keys KAMF or K'AMF, 5G NAS ciphering key and 5G NAS integrity key invalid (i.e. the 5G NAS security context associated with the ngKSI as no longer valid). In the initial registration procedure, when the key KAUSF, is invalid, the UE shall delete the ngKSI.
As described in subclause 4.8 in order to interwork with E-UTRAN connected to EPC, the UE supporting both S1 mode and N1 mode can operate in either single-registration mode or dual-registration mode. A UE operating in dual-registration mode shall independently maintain and use both EPS security context (see TS 24.301) and 5G NAS security context. When the UE operating in dual-registration mode performs an EPS attach procedure, it shall take into use an EPS security context and follow the handling of this security context as specified in TS 24.301. However, when the UE operating in dual-registration mode performs an initial registration procedure, it shall take into use a 5G NAS security context and follow the handling of this security context as described in the present specification.
The UE and the AMF need to be able to maintain two 5G NAS security contexts simultaneously, i.e. a current 5G NAS security context and a non-current 5G NAS security context, since:
after a 5G re-authentication, the UE and the AMF can have both a current 5G NAS security context and a non-current 5G NAS security context which has not yet been taken into use (i.e. a partial native 5G NAS security context); and
after an inter-system change from S1 mode to N1 mode, the UE and the AMF can have both a mapped 5G NAS security context, which is the current 5G NAS security context, and a non-current native 5G NAS security context that was created during a previous access in N1 mode.
The number of 5G NAS security contexts that need to be maintained simultaneously by the UE and the AMF is limited by the following requirements:
after a successful 5G (re-)authentication, which creates a new partial native 5G NAS security context, the AMF and the UE shall delete the non-current 5G NAS security context, if any;
when a partial native 5G NAS security context is taken into use through a security mode control procedure, the AMF shall delete the previously current 5G NAS security context. If the UE does not support multiple records of NAS security context storage for multiple registration (see TS 31.102), the UE shall delete the previously current 5G NAS security context. If the UE supports multiple records of NAS security context storage for multiple registration, the UE shall:
1)
replace the previously current 5G NAS security context stored in the first 5G security context of that access (see TS 31.102) with the new 5G security context (taken into use through a security mode control procedure), when the UE activates the new 5G security context for the same PLMN and access;
1a)
replace the previously current 5G NAS security context stored in the first 5G security context of that access (see TS 31.102) with the new 5G security context (taken into use through a security mode control procedure), when the UE activates the new 5G security context for a different PLMN over that access but the previously current 5G NAS security context is not associated with the 5G-GUTI of the other access; or
2)
store the previously current 5G NAS security context in the second 5G security context of that access (see TS 31.102) and store the new 5G security context (taken into use through a security mode control procedure) in the first 5G security context, when the UE activates the new 5G security context for a different PLMN over that access but the previously current 5G NAS security context is associated with the 5G-GUTI of the other access;
when the AMF and the UE create a 5G NAS security context using "null integrity protection algorithm" and "null ciphering algorithm" during an initial registration procedure for emergency services, or a registration procedure for mobility and periodic registration update for a UE that has an emergency PDU session (see subclause 5.4.2.2), the AMF and the UE shall delete the previous current 5G NAS security context. The UE shall not update the USIM and non-volatile ME memory with the current 5G NAS security context and shall delete the current 5G NAS security context when the UE is deregistered from emergency services (e.g. before registering for normal service);
when a new mapped 5G NAS security context or 5G NAS security context created using "null integrity protection algorithm" and "null ciphering algorithm" is taken into use during the inter-system change from S1 mode to N1 mode, the AMF and the UE shall not delete the previously current native 5G NAS security context, if any. Instead, the previously current native 5G NAS security context shall become a non-current native 5G NAS security context, and the AMF and the UE shall delete any partial native 5G NAS security context;
If no previously current native 5G NAS security context exists, the AMF and the UE shall not delete the partial native 5G NAS security context, if any;
when the AMF and the UE derive a new mapped 5G NAS security context during inter-system change from S1 mode to N1 mode, the AMF and the UE shall delete any existing current mapped 5G NAS security context;
when a non-current full native 5G NAS security context is taken into use by a security mode control procedure, then the AMF and the UE shall delete the previously current mapped 5G NAS security context;
when the UE or the AMF moves from 5GMM-REGISTERED to 5GMM-DEREGISTERED state, if the current 5G NAS security context is a mapped 5G NAS security context and a non-current full native 5G NAS security context exists, then the non-current 5G NAS security context shall become the current 5G NAS security context. Furthermore, the UE and the AMF shall delete any mapped 5G NAS security context or partial native 5G NAS security context.
when the UE operating in single-registration mode in a network supporting N26 interface performs an inter-system change from N1 mode to S1 mode:
if the UE has a mapped 5G NAS security context and the inter-system change is performed in:
5GMM-IDLE mode, the UE shall delete the mapped 5G NAS security context after the successful completion of the tracking area update procedure or attach procedure (see TS 24.301); or
5GMM-CONNECTED mode, the UE shall delete the mapped 5G NAS security context after the completion of the inter-system change.
After deletion of the mapped 5G NAS security context, if the UE has a non-current full native 5G NAS security context, then the non-current full native 5G NAS security context shall become the current full native 5G NAS security context; and
when the UE operating in single-registration mode in a network supporting N26 interface performs an inter-system change from S1 mode to N1 mode in 5GMM-IDLE mode, if the UE has a non-current full native 5G NAS security context, then the UE shall make the non-current full native 5G NAS security context as the current native 5G NAS security context. The UE shall delete the mapped 5G NAS security context, if any.
If the UE is capable of registration over a single access only, the UE shall mark the 5G NAS security context on the USIM or in the non-volatile memory as invalid when the UE initiates an initial registration procedure as described in subclause 5.5.1.2 or when the UE leaves state 5GMM-DEREGISTERED for any other state except 5GMM-NULL.
If the UE is capable of registration over both 3GPP access and non-3GPP access and was last registered on the same PLMN over both 3GPP access and the non-3GPP access, the UE in the state 5GMM-DEREGISTERED over both 3GPP access and non-3GPP access shall mark the 5G NAS security contexts in record 1 of the 3GPP access and the non-3GPP access on the USIM or in the non-volatile memory as invalid when the UE initiates an initial registration procedure over either 3GPP access or non-3GPP access as described in subclause 5.5.1.2 or when the UE leaves state 5GMM-DEREGISTERED for any other state except 5GMM-NULL over either 3GPP access or non-3GPP access.
If the UE is capable of registration over a single access only, the UE shall store the current native 5G NAS security context on the USIM or in the non-volatile memory and mark it as valid only when the UE enters state 5GMM-DEREGISTERED from any other state except 5GMM-NULL or when the UE aborts the initial registration procedure without having left 5GMM-DEREGISTERED.
If the UE is capable of registration over both 3GPP access and non-3GPP access and is registered on the same PLMN over both 3GPP access and the non-3GPP access, the UE shall store the current native 5G NAS security contexts of the 3GPP access and the non-3GPP access as specified in Annex C and mark them as valid only when the UE enters state 5GMM-DEREGISTERED from any other state except 5GMM-NULL over both the 3GPP access and non-3GPP access or only when the UE aborts the initial registration procedure without having left 5GMM-DEREGISTERED over both the 3GPP access and non-3GPP access.
In order for the UE operating in single-registration mode in a network supporting N26 interface to derive a mapped 5G NAS security context for an inter-system change from S1 mode to N1 mode in 5GMM-CONNECTED mode, the AMF shall construct a mapped 5G NAS security context from the EPS security context received from the source MME as indicated in TS 33.501. The AMF shall select the 5G NAS security algorithms and derive the 5G NAS keys (i.e. KNASenc and KNASint). The AMF shall define an ngKSI for the newly derived K'AMF key such that the value field is taken from the eKSI of the KASME key and the type field is set to indicate a mapped security context and associate this ngKSI with the newly created mapped 5G NAS security context. The AMF shall then include the message authentication code, selected NAS algorithms, NCC and generated ngKSI in the S1 mode to N1 mode NAS transparent container IE (see subclause 9.11.2.9).
When the UE operating in single-registration mode in a network supporting N26 interface receives the command to perform inter-system change to N1 mode in 5GMM-CONNECTED mode, the UE shall derive a mapped K'AMF, as indicated in TS 33.501, using the KASME from the EPS security context. Furthermore, the UE shall also derive the 5G NAS keys from the mapped K'AMF using the selected NAS algorithm identifiers included in the S1 mode to N1 mode NAS transparent container IE and associate this mapped 5G NAS security context with the ngKSI value received. The UE shall then verify the received NAS MAC. In case the received NAS MAC is not verified successfully (see subclause 4.4.3.3) the UE shall discard the content of the received S1 mode to N1 mode NAS transparent container IE and inform the lower layers that the received S1 mode to N1 mode NAS transparent container is invalid.
When the UE operating in single-registration mode in a network supporting N26 interface has a PDN connection for emergency bearer services and has no current EPS security context, the AMF shall set 5G-IA0 and 5G-EA0 as the selected 5G NAS security algorithms in the S1 mode to N1 mode NAS transparent container IE. The AMF shall create a locally generated K'AMF. The AMF shall set the ngKSI value of the associated security context to "000" and the type of security context flag to "mapped security context" in the S1 mode to N1 mode NAS transparent container IE.
When the UE operating in single-registration mode in a network supporting N26 interface receives the command to perform inter-system change to N1 mode in 5GMM-CONNECTED mode (see TS 38.331) and has a PDN connection for emergency bearer services, if 5G-IA0 and 5G-EA0 as the selected 5G NAS security algorithms are included in the S1 mode to N1 mode NAS transparent container IE, the UE shall create a locally generated K'AMF. Furthermore, the UE shall set the ngKSI value of the associated security context to the KSI value received.
After the new mapped 5G NAS security context is taken into use for the 3GPP access following a successful inter system change from S1 mode to N1 mode in 5GMM-CONNECTED mode and the UE is registered with the same PLMN over the 3GPP access and non-3GPP access:
if a native 5G NAS security context is used on the non-3GPP access and:
the UE is in 5GMM-IDLE mode over non-3GPP access, then the AMF and the UE shall activate and take into use the new mapped 5G NAS security context on the 3GPP access for the non-3GPP access as described in TS 33.501 after the AMF sends or the UE receives the REGISTRATION ACCEPT message respectively. The UE and AMF shall keep the native 5G NAS security context which was used on the non-3GPP access and make it a non-current native 5G NAS security context. The non-current native 5G NAS security context may be re-activated later using the security mode control procedure; or
the UE is in 5GMM-CONNECTED mode over non-3GPP access, in order to activate the native 5G NAS security context over the 3GPP access that is active on the non-3GPP access the AMF shall send the SECURITY MODE COMMAND message over the 3GPP access as described in TS 33.501. The SECURITY MODE COMMAND message shall include the same ngKSI to identify the native 5G NAS security context that is used on the non-3GPP access; or
if a mapped 5G NAS security context is used on the non-3GPP access and:
the UE is in 5GMM-IDLE mode over non-3GPP access, the AMF and the UE shall activate and take into use the new mapped 5G NAS security context active on the 3GPP access for the non-3GPP access as described in TS 33.501 after the AMF sends or the UE receives the REGISTRATION ACCEPT message respectively; or
the UE is in 5GMM-CONNECTED mode over non-3GPP access, in order to activate the same mapped 5G NAS security context over one access that is used on the other access the AMF shall send the SECURITY MODE COMMAND message over one-access as described in TS 33.501. The SECURITY MODE COMMAND message shall include the same ngKSI to identify the mapped 5G NAS security context that is used over the other access.
If the inter-system change from S1 mode to N1 mode in 5GMM-CONNECTED mode is not completed successfully, the AMF and the UE operating in single-registration mode in a network supporting N26 interface shall delete the new mapped 5G NAS security context.
During an N1 mode to N1 mode handover, the target AMF may derive a new 5G NAS security context for which the target AMF creates a new 5G NAS security context as indicated in TS 33.501.
When a new 5G NAS security context is derived using the same KAMF, the target AMF includes the 8 least significant bits of the downlink NAS COUNT in the Intra N1 mode NAS transparent container IE, and indicates that a new KAMF shall not be derived (see subclause 9.11.2.6). The AMF shall increment the downlink NAS COUNT by one after creating the Intra N1 mode NAS transparent container IE.
When a new 5G NAS security context is created from a new KAMF, the target AMF includes the 8 least significant bits of the downlink NAS COUNT in the Intra N1 mode NAS transparent container IE and indicates that a new KAMF shall be derived (see subclause 9.11.2.6). The AMF shall then set both the uplink and downlink NAS COUNT counters of this 5G NAS security context to zero. The AMF shall increment the downlink NAS COUNT by one after creating the Intra N1 mode NAS transparent container IE.
The target AMF also includes the ngKSI with the same value as the ngKSI currently being used with the UE, the message authentication code, and the selected NAS algorithms in the Intra N1 mode NAS transparent container IE.
When the UE receives a command to perform handover to NG-RAN including an Intra N1 mode NAS transparent container IE (see subclause 9.11.2.6), the UE derives a new 5G NAS security context as described in TS 33.501. When the Intra N1 mode NAS transparent container IE indicates that a new KAMF needs to be derived, the UE shall set both the downlink NAS COUNT and uplink NAS COUNT to zero after creating the new 5G NAS security context.
If the received Intra N1 mode NAS transparent container IE does not have a valid NAS COUNT (see subclause 4.4.3.2) or the received NAS MAC is not verified successfully (see subclause 4.4.3.3) the UE shall discard the content of the received Intra N1 mode NAS transparent container IE, continue to use the current 5G NAS security context, and inform the lower layers that the received Intra N1 mode NAS transparent container is invalid.
After the new 5G NAS security context is taken into use for 3GPP access following a successful N1 mode to N1 mode handover and the UE is registered with the same PLMN over the 3GPP access and non-3GPP access:
the UE is in 5GMM-IDLE mode over non-3GPP access, the AMF and the UE shall activate and take into use the new 5G NAS security context over the non-3GPP access as described in TS 33.501 after the AMF sends or the UE receives the REGISTRATION ACCEPT message respectively. If the new 5G NAS security context is created from a new KAMF, the AMF and the UE shall set the downlink NAS COUNT and uplink NAS COUNT to zero also for the non-3GPP access, otherwise the downlink NAS COUNT and uplink NAS COUNT for the non-3GPP access are not changed; or
the UE is in 5GMM-CONNECTED mode over non-3GPP access, in order to activate the new 5G NAS security context over the non-3GPP access that has been activated for the 3GPP access the AMF shall send the SECURITY MODE COMMAND message over the non-3GPP access as described in TS 33.501. The SECURITY MODE COMMAND message shall include the same ngKSI to identify the new 5G NAS security context that was activated over the 3GPP access and shall include the horizontal derivation parameter indicating "KAMF derivation is not required". Otherwise, if the new 5G NAS security context is created from a new KAMF, the AMF and the UE shall set the downlink NAS COUNT and uplink NAS COUNT to zero for the non-3GPP access.
In order for the UE operating in single-registration mode in a network supporting N26 interface to derive a mapped EPS security context for an inter-system change from N1 mode to S1 mode in 5GMM-CONNECTED mode, the AMF shall prepare a mapped EPS security context for the target MME as indicated in TS 33.501.
The AMF shall derive a K'ASME using the KAMF key and the downlink NAS COUNT of the current 5G NAS security context, include the corresponding NAS sequence number in the N1 mode to S1 mode NAS transparent container IE (see subclause 9.11.2.7) and then increments its stored downlink NAS COUNT value by one.
The AMF shall select the NAS algorithms identifiers to be used in the target MME after the inter-system change from N1 mode to S1 mode in 5GMM-CONNECTED mode, for encryption and integrity protection. The uplink and downlink NAS COUNT associated with the newly derived K'ASME key are set to the uplink and downlink NAS COUNT value of the current 5G NAS security context, respectively. The eKSI for the newly derived K'ASME key shall be defined such as the value field is taken from the ngKSI and the type field is set to indicate a mapped security context.
When the UE operating in single-registration mode in a network supporting N26 interface receives a command to perform inter-system change from N1 mode to S1 mode in 5GMM-CONNECTED mode, the UE shall derive the mapped EPS security context, i.e. derive K'ASME from KAMF using a downlink NAS COUNT based on the NAS sequence number received in the N1 mode to S1 mode NAS transparent container IE (see subclause 9.11.2.7) as described in TS 33.501. The UE shall set the uplink and downlink NAS COUNT values associated with the newly derived K'ASME key to the uplink and downlink NAS COUNT values of the current 5G NAS security context respectively. The eKSI for the newly derived K'ASME key is defined such that the value field is taken from the ngKSI and the type field is set to indicate a mapped security context. The UE shall also derive the NAS keys as specified in TS 33.401 using the EPS NAS security algorithms identifiers that are stored in the UE's 5G NAS security context.
If the received N1 mode to S1 mode NAS transparent container IE does not have a valid NAS COUNT (see subclause 4.4.3.2) the UE shall discard the content of the received N1 mode to S1 mode NAS transparent container IE and inform the lower layers that the received N1 mode to S1 mode NAS transparent container is invalid.
If the inter-system change from N1 mode to S1 mode in 5GMM-CONNECTED mode is not completed successfully, the AMF and the UE shall delete the new mapped EPS security context.
Secure exchange of NAS messages via a NAS signalling connection is usually established by the AMF during the registration procedure by initiating a security mode control procedure. After successful completion of the security mode control procedure, all NAS messages exchanged between the UE and the AMF are sent integrity protected using the current 5G security algorithms, and except for the messages specified in subclause 4.4.5, all NAS messages exchanged between the UE and the AMF are sent ciphered using the current 5G security algorithms.
During inter-system change from S1 mode to N1 mode in 5GMM-CONNECTED mode, secure exchange of NAS messages is established between the AMF and the UE by:
the transmission of NAS security related parameters encapsulated in the AS signalling from the AMF to the UE triggering the inter-system change in 5GMM-CONNECTED mode (see TS 33.501). The UE uses these parameters to generate the mapped 5G NAS security context (see subclause 8.6.2 of TS 33.501); and
after the inter-system change in 5GMM-CONNECTED mode, the transmission of a REGISTRATION REQUEST message from the UE to the AMF. The UE shall send this message integrity protected using the mapped 5G NAS security context and further protect this message as specified in subclause 4.4.6 and subclause 5.5.1.3.2. After the AMF receives the REGISTRATION REQUEST message:
if the AMF decides to take the native 5G NAS security context into use, the security mode control procedure is performed. From this time onward, all NAS messages exchanged between the UE and the AMF are sent integrity protected using the native 5G NAS security context, and except for the messages specified in subclause 4.4.5, all NAS messages exchanged between the UE and the AMF are sent ciphered using the native 5G NAS security context; or
if the AMF decides to take the mapped 5G NAS security context into use, from this time onward, all NAS messages exchanged between the UE and the AMF are sent integrity protected using the mapped 5G NAS security context, and except for the messages specified in subclause 4.4.5, all NAS messages exchanged between the UE and the AMF are sent ciphered using the mapped 5G NAS security context.
During inter-system change from S1 mode to N1 mode in 5GMM-IDLE mode, if the UE is operating in single-registration mode and:
if the UE has a valid native 5G NAS security context, the UE shall transmit a REGISTRATION REQUEST message integrity protected with the native 5G NAS security context. The UE shall include the ngKSI indicating the native 5G NAS security context value in the REGISTRATION REQUEST message.
After receiving the REGISTRATION REQUEST message including the ngKSI indicating a native 5G NAS security context value, the AMF shall check whether the ngKSI included in the REGISTRATION REQUEST message belongs to a 5G NAS security context available in the AMF, and shall verify the MAC of the REGISTRATION REQUEST message. If the verification is successful, the AMF deletes the EPS security context received from the source MME if any, and the AMF re-establishes the secure exchange of NAS messages by either:
replying with a REGISTRATION ACCEPT message that is integrity protected and ciphered using the native 5G NAS security context. From this time onward, all NAS messages exchanged between the UE and the AMF are sent integrity protected and except for the messages specified in subclause 4.4.5, all NAS messages exchanged between the UE and the AMF are sent ciphered; or
initiating a security mode control procedure. This can be used by the AMF to take a non-current 5G NAS security context into use or to modify the current 5G NAS security context by selecting new NAS security algorithms.
if the UE has no valid native 5G NAS security context, the UE shall send the REGISTRATION REQUEST message without integrity protection and encryption.
After receiving the REGISTRATION REQUEST message without integrity protection and encryption:
if N26 interface is supported:
if an EPS security context received from the source MME does not include the NAS security algorithms set to EIA0 and EEA0, the AMF shall either create a fresh mapped 5G NAS security context (see subclause 8.6.2 of TS 33.501) or trigger a primary authentication and key agreement procedure to create a fresh native 5G NAS security context; or
if an EPS security context received from the source MME includes the NAS security algorithms set to EIA0 and EEA0, the AMF shall trigger a primary authentication and key agreement procedure to create a fresh native 5G NAS security context; or
if N26 interface is not supported, the AMF shall trigger a primary authentication and key agreement procedure.
The newly created 5G NAS security context is taken into use by initiating a security mode control procedure and this context becomes the current 5G NAS security context in both the UE and the AMF. This re-establishes the secure exchange of NAS messages.
During an N1 mode to N1 mode handover, secure exchange of NAS messages is established between the AMF and the UE by:
the transmission of NAS security related parameters encapsulated in the AS signalling from the target AMF to the UE triggering the N1 mode to N1 mode handover (see TS 33.501). The UE uses these parameters to create a new 5G NAS security context.
The secure exchange of NAS messages shall be continued after N1 mode to N1 mode handover. It is terminated after inter-system change from N1 mode to S1 mode in 5GMM-CONNECTED mode or when the NAS signalling connection is released.
When a UE in 5GMM-IDLE mode establishes a new NAS signalling connection and has a valid current 5G NAS security context, the UE shall transmit the initial NAS message integrity protected with the current 5G NAS security context and further protect this message as specified in subclause 4.4.6. The UE shall include the ngKSI indicating the current 5G NAS security context value in the initial NAS message. The AMF shall check whether the ngKSI included in the initial NAS message belongs to a 5G NAS security context available in the AMF, and shall verify the MAC of the NAS message. If the verification is successful, the AMF may re-establish the secure exchange of NAS messages:
by replying with a NAS message that is integrity protected and ciphered using the current 5G NAS security context. From this time onward, all NAS messages exchanged between the UE and the AMF are sent integrity protected and except for the messages specified in subclause 4.4.5, all NAS messages exchanged between the UE and the AMF are sent ciphered; or
by initiating a security mode control procedure. This can be used by the AMF to take a non-current 5G NAS security context into use or to modify the current 5G NAS security context by selecting new NAS security algorithms.
When a UE attempts multiple registrations in the same or different serving network, both the AMF and the UE shall follow the behavior specified in subclause 6.3.2 of TS 33.501. The UE may support multiple records of NAS security context storage for multiple registration (see TS 31.102). If the UE supports multiple records of NAS security context storage for multiple registration, the UE can select the appropriate one among the stored 5G security contexts to protect the initial NAS message (see TS 33.501).
When the AMF initiates a re-authentication to create a new 5G NAS security context, the messages exchanged during the authentication procedure are integrity protected and ciphered using the current 5G NAS security context, if any.
Both UE and AMF shall continue to use the current 5G NAS security context, until the AMF initiates a security mode control procedure. The SECURITY MODE COMMAND message sent by the AMF includes the ngKSI of the new 5G NAS security context to be used. The AMF shall send the SECURITY MODE COMMAND message integrity protected with the new 5G NAS security context, but unciphered. When the UE responds with a SECURITY MODE COMPLETE message, it shall send the message integrity protected and ciphered with the new 5G NAS security context.
The AMF can also modify the current 5G NAS security context or take the non-current native 5G NAS security context, if any, into use, by sending a SECURITY MODE COMMAND message including the ngKSI of the 5G NAS security context to be modified and including a new set of selected NAS security algorithms. In this case the AMF shall send the SECURITY MODE COMMAND message integrity protected with the modified 5G NAS security context, but unciphered. When the UE replies with a SECURITY MODE COMPLETE message, it shall send the message integrity protected and ciphered with the modified 5G NAS security context.