Interworking Security Between 5G and EPC
May 4, 2025

Interworking security between 5G and EPC involves managing security contexts during mobility between the two systems. ​ This ensures that the UE can maintain secure connections regardless of the access technology used.

  • The UE can operate in Single or Dual Registration mode, maintaining separate security contexts for each system. ​
  • During mobility from EPS to 5GS, the UE includes its 5G security capability in the Registration Request. ​
  • The AMF retrieves the UE context from the MME and verifies the integrity of the Registration Request. ​
  • If verification fails, the AMF may derive a mapped 5G security context or initiate a new authentication procedure. ​

Dual Registration Mode

  • Used when N26 interface is NOT available.
  • The UE registers separately with both 5GC and EPC.
  • There is no coordination between AMF and MME.
  • Mobility is handled by reselection, not seamless handover.
  • Ongoing sessions (e.g. voice or data) may be interrupted during fallback.

Disadvantages:

  • Higher signalling.
  • Session interruption when switching between 5G and 4G.
  • UE complexity increases (manages two registrations).

Single Registration Mode

  • Used when the N26 interface is available between the 5G Core (5GC) and EPC (MME).
  • The UE is registered only with 5GC.
  • Mobility (handover) between 5G and 4G is seamless, with session continuity.
  • The AMF and MME communicate via N26 to manage mobility and context transfer.
  • Ideal for tight interworking.

Advantages:

  • Lower signaling overhead.
  • Maintains ongoing sessions across 5G and 4G (e.g., VoLTE, data).
  • Simplified UE management (one registration).

Handover Procedures Between 5GS and EPS ​Over N26

The procedures for handover between the 5G System (5GS) and the Evolved Packet System (EPS) focus on security aspects.

The steps involved in both handovers, including the derivation of security contexts and keys, are below:

  • Handover from 5GS to EPS involves the gNB sending a Handover Required message to the AMF, which prepares a UE context with a mapped EPS security context. ​
  • The source AMF derives keys and security parameters, transferring the UE security context to the target MME.
  • The target MME derives EPS NAS keys and sends a Handover Request to the target LTE eNB, which computes the KeNB for the UE. ​
  • The UE estimates the downlink NAS COUNT and derives the mapped EPS security context upon receiving the Handover Command. ​
  • Handover from EPS to 5GS starts with the source eNB sending a Handover Required message to the source MME, which forwards the EPS security context to the target AMF. ​
  • The target AMF constructs a mapped 5G security context and derives the key for the handover process. ​
Handover from 5GS to EPC over N26

Idle Mode Mobility from 5GS to EPS Over N26

The procedure for idle mode mobility from 5GS to EPS emphasises security context mapping. It highlights the steps the UE and MME took to ensure secure transitions. ​

  • The UE initiates a TAU Request to the MME with a mapped EPS GUTI and its EPS security capabilities. ​
  • The MME obtains the AMF address from the mapped EPS GUTI and forwards the TAU Request to the AMF. ​
  • The AMF verifies the TAU Request and derives a mapped EPS NAS security context. ​
  • The UE derives the mapped EPS NAS security context and activates it to process the TAU Accept message. ​
Idle mode mobility from 5G to 4G

The N26 interface is a logical interface in 5G architecture that connects the 5G Core (5GC) and the 4G EPC to support mobility between 5G (Standalone) and 4G (EPC-based) networks. It supports interworking between 5GC and EPC, so a UE can hand over between 5G and 4G while keeping ongoing sessions active.

Support & Share