Sign in Subscribe

Understanding UDM Interactions in 5G Standalone Registration: Authentication and Subscription Data Flow

Last updated on 
Understanding UDM Interactions in 5G Standalone Registration: Authentication and Subscription Data Flow
Understanding UDM Interactions in 5G Standalone Registration: Authentication and Subscription Data Flow
5G & 6G Prime Membership Telecom

Understanding UDM Interactions in 5G Standalone Registration

In the 5G Core (5GC) architecture, Unified Data Management (UDM) is crucial for handling subscriber data, authentication processes, and user registration. Think of it like the main database for subscriber identities, supplying essential information to other 5G Core Network Functions (NFs) such as AMF (Access and Mobility Management Function), SMF (Session Management Function), and AUSF (Authentication Server Function).

The image shared outlines a detailed signaling flow showcasing UDM interactions during 5G Standalone (SA) access registration, with a focus on aspects like authentication, security, and subscription data management.

Overview of UDM’s Role in 5G Core (5GC)

The UDM acts as a key component in the control plane of 5GC, taking charge of the following:

Subscriber Identity Management – It keeps permanent identifiers (SUPI) safe and generates SUCI (Subscription Concealed Identifier).

Authentication Management – Pairs with AUSF to create authentication vectors (AVs).

Storage of Subscription and Policy Data – Supplies user data to AMF, SMF, and PCF.

Management of UE Context – Takes care of registering, de-registering, and updating access types for subscribers.

During standalone access registration, the UDM connects with both AUSF for authentication and AMF to set up the registration context.

Sequence Overview: 5G Standalone Access Registration

The diagram illustrates the 5GC signaling between New AMF, Old AMF, AUSF, and UDM. It's broken down into two main phases:

NAS Authentication and Security Setup

UDM Registration and Subscription Data Retrieval

Each phase makes sure that the UE is authenticated securely while the serving AMF collects all essential subscriber information for managing sessions and mobility.

NAS Authentication and Security

Authentication is a vital security step that ensures only genuine users get access to the 5G network. Let's go through each signaling step as displayed in the diagram.

Step 1: Nu dm _UE Authenticate _Get Request

Interface: Nudm (between AUSF and UDM)

Initiator: AUSF

Purpose: AUSF requests authentication vectors for a user.

Parameter: * SUCI (Subscription Concealed Identifier): This identifier hides the permanent SUPI (Subscriber Permanent Identifier) to keep user information private.

Explanation:

When a UE tries to register with the 5G network, it sends a NAS registration request that includes its SUCI. The AUSF then sends a Nu dm _UE Authenticate _Get Request to the UDM to ask for authentication vectors associated with that SUCI.

This approach ensures that the user's permanent identifier stays hidden and isn't exposed in plain text over the air.

Step 2: Authentication Vector Generation (UDM Internal Action)

Location: UDM

Purpose: Create authentication vectors using subscriber data.

Details: * The UDM pulls the subscriber's key and algorithm info. * It then creates an Authentication Vector (AV) that contains: * RAND (Random challenge) * AUTN (Authentication token) * XRES* (Expected response) * K _AUSF (Derived key for AUSF)

Explanation:

The UDM serves as the Authentication Data Repository, generating security credentials grounded in stored subscriber keys. It relies on encryption methods outlined in the 3GPP 33.501 specs.

Step 3: Nu dm _UE Authenticate _Get Response

Interface: Nu dm (UDM → AUSF)

Purpose: Relay the created authentication data to AUSF.

Content: * Authentication method (like 5G-AKA or EAP-AKA’) * Authentication vectors (RAND, AUTN, XRES*, K _AUSF)

Explanation:

The UDM sends back the authentication method and credentials to the AUSF. From there, AUSF will formulate the final challenge for the UE. After successful UE authentication, AUSF confirms the user's validity and shares derived session keys with AMF.

Registering with UDM and Obtaining Subscription Data

Once authentication is successful, the new AMF needs to register the UE with the UDM and get subscription data. This allows the AMF to handle mobility, policy enforcement, and service continuity.

Step 4: Nu dm _UE Context Management _Registration Request

Interface: Nu dm (AMF → UDM)

Purpose: Register the UE context in the UDM.

Request Details: * AMF 3GPP Access Registration Data, which includes: * AMF Instance ID * Supported features * PDU Session context (PEI, SUPI, GPSI) * Deregistration callback URI

Explanation:

After the UE is authenticated, the AMF sends a registration request to the UDM. This informs the UDM about which AMF instance is currently serving the subscriber. It also contains information on AMF capabilities, access type (3GPP or non-3GPP), and UE identifiers.

This step helps AMF-UDM synchronization, making sure that mobility management and service delivery are executed properly.

Step 5: Nu dm _UE Context Management _Registration Response

Interface: Nu dm (UDM → AMF)

Purpose: Confirm that the UE has been successfully registered with the UDM.

Response Code: 204 No Content

Explanation:

The UDM confirms that the UE registration data has been updated in its database without issues. The “204 No Content” response means processing was successful, with no additional data needed.

At this stage, the AMF can access subscription data and policy rules from the UDM and PCF, finalizing the UE’s registration process.

Summary of the Message Flow

Step | Message Name | Direction | Purpose

1 | Nu dm _UE Authenticate _Get Request | AUSF → UDM | Request authentication vectors

2 | Authentication Vector Generation | Internal (UDM) | Generate security credentials

3 | Nu dm _UE Authenticate _Get Response | UDM → AUSF | Provide authentication data

4 | Nu dm _UE Context Management _Registration Request | AMF → UDM | Register UE context

5 | Nu dm _UE Context Management _Registration Response | UDM → AMF | Confirm successful registration

Interfaces and Functions Involved

Interface | Between | Purpose

Nu dm | AMF / AUSF ↔ UDM | Used for authentication, registration, and subscription data exchange

Nau sf | AMF ↔ AUSF | Manages UE authentication and key derivation

NAS (Non-Access Stratum) | UE ↔ AMF | UE signaling for registration and security setup

Together, these interfaces facilitate secure registration, authentication, and mobility management in a 5G standalone network.

Key Concepts Explained

a) SUCI (Subscription Concealed Identifier):

Hides the subscriber’s permanent identity (SUPI).

Created using the Home Network Public Key.

Ensures user privacy, even when roaming.

b) Authentication Vectors (AV):

Used by AUSF and UDM to verify the UE’s authenticity.

Include cryptographic components such as RAND, AUTN, and XRES*.

c) UE Context Registration:

The UDM stores AMF registration details for every UE.

This helps maintain seamless mobility as the UE transitions between AMF instances.

Importance of UDM in 5G Standalone Registration

The UDM is the core of subscriber management in the 5G Core network. Its roles include:

Ensuring secure user authentication.

Managing session continuity across AMFs.

Offering subscription and service data to other NFs.

Supporting network slicing, QoS enforcement, and policy-based service differentiation through its connection with the PCF.

Without UDM, the 5G Core would lack a centralized, secure, and efficient way to manage user data.

Technical Insights: Security and Privacy Mechanisms

The SUCI/SUPI framework guarantees that no permanent identifiers are transmitted openly.

The 5G-AKA protocol employs new keys for each session, enhancing defense against replay attacks.

Key derivation hierarchy ensures distinct encryption realms (NAS, AS, UP).

204 response codes reflect efficient, stateless RESTful interactions between AMF and UDM over the Service-Based Architecture (SBA).

These principles make 5G’s authentication and registration processes secure, scalable, and cloud-friendly.

Conclusion

The UDM interactions during 5G standalone access registration are crucial for delivering a secure and smooth user experience. By coordinating with AUSF and AMF, the UDM:

Authenticates users securely using concealed identifiers (SUCI),

Produces and transmits authentication vectors,

Registers user context for ongoing service and mobility management.

Understanding these message exchanges — from Nu dm _UE Authenticate _Get to Nu dm _UE Context Management _Registration — can provide telecom professionals with valuable insights into how subscriber authentication, context management, and data synchronization drive the intelligent operations of the 5G Core.