Sign in Subscribe

5G NR Registration Procedure: NAS Message Exchange and Identity Handling Explained

Last updated on 
5G NR Registration Procedure: NAS Message Exchange and Identity Handling Explained
5G NR Registration Procedure: NAS Message Exchange and Identity Handling Explained
5G & 6G Prime Membership Telecom

Understanding the 5G NR Registration Process: NAS Message Exchange and Identity Management

In the 5G Standalone (SA) setup, one of the key steps after establishing radio connectivity is Network Access Registration. This part of the process makes sure that the User Equipment (UE) is authenticated, securely identified, and registered correctly with the 5G Core (5GC) via the gNB.

The diagram uploaded shows the signaling interactions between the UE and gNB during this phase, emphasizing the NAS (Non-Access Stratum) message exchanges, RRC Setup Completion, and identity management procedures like SUCI derivation.

This article breaks down each step shown in the image, explaining the technical details and the importance of each message.

Overview: What Happens After RRC Setup

Once the UE finishes the RRC Connection Setup (which we covered in the previous access procedure), it moves from being idle to having an active signaling connection with the gNB.

At this point, the UE is set to:

Set up radio bearers for data and signaling,

Send its NAS Registration Request, and

Manage identity verification for secure access to the 5G Core Network.

These steps are crucial for synchronizing the network and ensuring user authentication before setting up a session.

A Step-by-Step Look at the NAS Registration Phase

The diagram outlines five major steps (15–21) that detail how the UE interacts with the gNB during registration. Let’s break down each step, covering its purpose and the technical details behind it.

Step 15: Perform the Radio Bearer Configuration Procedure

Message/Event: Perform Radio Bearer Configuration

Entity: UE

Purpose: Before sending any NAS messages, the UE needs to set up Radio Bearers—which are logical channels defining how data and signaling move between the UE and gNB.

Radio Bearer Configuration is key because it makes sure:

The Signaling Radio Bearer (SRB1) is set up for carrying RRC and NAS messages.

The Quality of Service (QoS) parameters match up for efficient signaling.

Resources from the gNB are used properly for the upcoming NAS message exchange.

This step is vital since it connects the RRC layer (control plane) with the NAS layer (core network communication).

Step 16: PDCCH DCI Format 0_0 [C-RNTI]

Message: PDCCH DCI Format 0_0 [C-RNTI]

Direction: gNB → UE

Purpose: The Physical Downlink Control Channel (PDCCH) sends a Downlink Control Information (DCI) message using the C-RNTI (Cell Radio Network Temporary Identifier) that was assigned earlier.

This DCI gives information about:

Resource assignments in both frequency and time domains,

Modulation and Coding Scheme (MCS) for uplink transmission, and

Details for scheduling the next transmission.

By employing C-RNTI, the network makes sure the message goes directly to the UE that's already established a temporary connection.

Step 17: Prepare the Registration Request NAS Message

Message/Event: Prepare NAS Registration Request

Entity: UE

Purpose: The UE gets ready to send a NAS Registration Request, the first NAS-layer message sent after RRC setup completion.

This message includes several important elements:

Registration type: Initial registration, periodic update, or mobility registration.

5G-GUTI (Globally Unique Temporary Identifier): A temporary identity to protect privacy instead of using IMSI.

Last TAI (Tracking Area Identity): Shows where the UE was last registered.

Requested NSSAI (Network Slice Selection Assistance Information): Helps the network allocate the right network slices.

UE Capability: Indicates the features supported like dual connectivity, encryption algorithms, and NR bands.

List of PDU Sessions: Requests to set up data sessions for services like internet access, IMS, or enterprise VPN.

This NAS message is essentially the UE’s formal request to connect and register with the 5G Core network.

Step 18: RRC Setup Complete [Dedicated NAS Message: Registration Request]

Message: RRC Setup Complete [dedicated NAS-Message: Registration Request]

Direction: UE → gNB

After the NAS message is ready, the UE sends it embedded within the RRC Setup Complete message to the gNB.

RRC Setup Complete indicates that:

The RRC setup process is done successfully.

The UE is ready to move forward with NAS signaling.

The gNB will forward the embedded NAS Registration Request to the Access and Mobility Management Function (AMF) in the 5G Core.

This marks the transition point between the access layer and the core layer signaling.

Step 19: NAS Identity Request

Message: NAS Identity Request

Direction: AMF (via gNB) → UE

Purpose: The AMF sends an Identity Request message when it needs to confirm the UE’s identity.

This message includes:

Security header type

Identity request message identity

Requested identity type — such as SUCI, GUTI, or IMEI

If the UE’s identity is unknown (like during an initial registration), the network will ask for the SUCI (Subscription Concealed Identifier) for secure identification.

Step 20: Derive SUCI from the Home PLMN Public Key

Event: Derive SUCI from the Home PLMN Public Key

Entity: UE

Purpose: To keep the user’s permanent identity (SUPI — Subscription Permanent Identifier) safe, 5G uses a privacy-preserving mechanism involving SUCI.

SUCI (Subscription Concealed Identifier) is created by:

Encrypting the SUPI with the public key of the Home PLMN.

Adding a scheme identifier and Home Network ID.

This method ensures that even if someone intercepts it, the UE’s permanent identity stays secure and unreadable. The home network can later decrypt it with its private key.

This approach replaces the exposure of IMSI (which was common in LTE), making 5G much more secure against identity tracking and interception.

Step 21: NAS Identity Response

Message: NAS Identity Response

Direction: UE → AMF (via gNB)

Purpose: The UE sends the derived SUCI back to the network in a NAS Identity Response message.

This message encompasses:

Security header type

Message identity

Mobile identity (SUCI)

At this point, the network has a securely encrypted version of the UE’s identity, enabling it to authenticate and move to the next phase — the Security Mode Command (SMC).

Security and Identity Protection in 5G

The move from IMSI-based identification (previously used in LTE) to SUCI encryption represents a significant upgrade in privacy for 5G NR.

Benefits of SUCI over IMSI:

Stops IMSI catching attacks through fake base stations.

Boosts user privacy by concealing permanent identifiers.

Utilizes asymmetric encryption with home network public keys.

Guarantees that only the home PLMN can decrypt and verify the subscriber.

By deriving SUCI locally on the UE before sending it out, 5G provides end-to-end protection for user identity information.

NAS Registration and RRC Coordination

The RRC (Radio Resource Control) and NAS (Non-Access Stratum) layers work closely together during registration:

RRC focuses on radio-level signaling between the UE and gNB.

NAS handles core network-level signaling between the UE and AMF.

This layered structure allows 5G networks to stay modular, with RRC ensuring reliable transport while NAS secures identity and manages mobility.

Conclusion

The NAS Registration and Identity Exchange process is fundamental to delivering 5G’s promise of security, privacy, and reliability.

Through carefully structured message exchanges — from RRCSetupComplete to NAS Identity Response — the network makes sure that every UE entering the system is authenticated, synchronized, and protected against identity leaks.

By taking advantage of innovations like SUCI encryption and dedicated NAS message encapsulation, 5G Standalone networks set a new benchmark in secure, privacy-conscious communication for our increasingly connected world.