Skip to content

Subscriber Security

Info

To report a security vulnerability, please file a Private Security Report.

Ella Core implements 5G-AKA (5G) and EPS-AKA (4G) (Authentication and Key Agreement) for secure, mutual authentication between the subscriber's device and the network.

The subscriber's Universal Subscriber Identity Module (USIM) stores the identity and credentials required for authentication:

  • IMSI (International Mobile Subscriber Identity): A globally unique identifier for the subscriber.
  • Key (Subscriber's Secret Key): A 128-bit cryptographic key shared between the USIM and the network.
  • OPc (Operator Code): A value derived from the operator key (OP) and the subscriber's secret key (K) using the Milenage algorithm.
  • SQN (Sequence Number): A counter maintained by both the USIM and the network to prevent replay attacks.

Subscriber Privacy (SUCI) - 5G Only

Ella Core supports SUCI (Subscription Concealed Identifier) to protect subscriber identity over the air. The IMSI is encrypted by the subscriber's device before transmission using ECIES (Elliptic Curve Integrated Encryption Scheme). The network decrypts the SUCI to recover the SUPI. This prevents IMSI-catching attacks.

Two protection profiles are supported:

Profile Curve SUCI Scheme ID
Profile A Curve25519 (X25519) 1
Profile B NIST P-256 (secp256r1) 2

Home network keys can be managed through the Operator API or the Operator page in the UI.

NAS Security

After authentication, the network and the subscriber's device negotiate ciphering and integrity algorithms. Once established, these algorithms protect all NAS signaling for the lifetime of the connection.

Administrators configure a single, RAT-neutral set of ciphering and integrity algorithms — NULL, SNOW 3G, and AES — and their priority order through the Operator API or the Operator page in the UI. Ella Core applies them under the appropriate 3GPP names per radio technology:

Algorithm 5G 4G
NULL NEA0 / NIA0 EEA0 / EIA0
SNOW 3G NEA1 / NIA1 EEA1 / EIA1
AES NEA2 / NIA2 EEA2 / EIA2

Warning

Null algorithms (NEA0/NIA0 on 5G, EEA0/EIA0 on 4G) provide no security protection. Only enable them for testing or device compatibility.

Managing Subscriber Credentials

Users can update the Operator Key (OP) via the Operator API or the UI.

When creating a new subscriber via the Subscribers API or the UI, Ella Core automatically computes the OPc using the provided Key and the current OP value.

The UI provides a user-friendly interface for automatically generating IMSIs, Keys, and SQNs for new subscribers.